Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/hysK0HS4yMpxAiu_amCNQZnsMEk.roa
File:                     hysK0HS4yMpxAiu_amCNQZnsMEk.roa (raw, json)
Hash identifier:          h9bkQ2M0Hp/TMn65+jd+66CUZ78mTaddUxEZ1BNe0q4=
Subject key identifier:   87:2B:0A:D0:74:B8:C8:CA:71:02:2B:BF:6A:60:8D:41:99:EC:30:49
Certificate issuer:       /CN=115dbc00433e29f2adeb038fea2fbd7048fb632f
Certificate serial:       0194214469407131FE6F4BCAF050ACC46778
Authority key identifier: 11:5D:BC:00:43:3E:29:F2:AD:EB:03:8F:EA:2F:BD:70:48:FB:63:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EV28AEM-KfKt6wOP6i-9cEj7Yy8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/hysK0HS4yMpxAiu_amCNQZnsMEk.roa
Signing time:             Wed 01 Jan 2025 09:48:39 +0000
ROA not before:           Wed 01 Jan 2025 09:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39419
IP address blocks:        195.141.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/EV28AEM-KfKt6wOP6i-9cEj7Yy8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/EV28AEM-KfKt6wOP6i-9cEj7Yy8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EV28AEM-KfKt6wOP6i-9cEj7Yy8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:69:40:71:31:fe:6f:4b:ca:f0:50:ac:c4:67:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=115dbc00433e29f2adeb038fea2fbd7048fb632f
        Validity
            Not Before: Jan  1 09:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=872b0ad074b8c8ca71022bbf6a608d4199ec3049
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:00:49:df:4e:a3:18:42:be:bb:4c:19:c6:b6:
                    b9:c9:e8:69:fd:0d:f8:07:a8:fe:59:fb:d4:59:e4:
                    61:db:c3:db:8d:b4:56:fb:0d:21:e2:d2:10:78:d6:
                    6a:f4:46:39:e7:58:a7:bb:95:6e:2a:67:48:84:62:
                    5c:d6:90:a2:43:70:ce:72:d1:f8:00:47:8b:0f:60:
                    e2:7b:6e:14:99:40:d1:c9:9b:d4:37:90:2c:a3:c1:
                    9c:a0:0c:be:c6:80:70:92:93:5d:b2:14:a4:1b:2b:
                    fd:83:9b:48:53:1a:04:94:37:b4:c8:bd:58:a9:37:
                    d4:44:04:e0:64:63:a3:ce:1d:a3:3e:a9:f3:9c:89:
                    c8:87:d7:e4:08:24:ca:22:ca:7b:30:f3:af:ce:57:
                    7a:8d:3d:5f:2c:2e:17:54:fe:b3:47:96:8b:cb:b8:
                    49:b6:6e:24:15:b7:c2:28:42:d6:27:42:85:e3:c6:
                    37:ec:36:d9:a5:00:67:98:3b:fd:7b:d3:d0:13:4f:
                    3e:2b:4d:34:f6:e4:b6:59:c7:4a:f1:e9:2a:11:dd:
                    3f:bc:bc:29:a5:d2:1f:24:3c:b7:d8:1e:93:08:2b:
                    97:64:81:89:09:21:d6:54:3c:82:ac:e0:8e:aa:b6:
                    2c:75:9b:37:4e:7e:0b:0e:30:d8:e8:07:14:ba:08:
                    eb:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:2B:0A:D0:74:B8:C8:CA:71:02:2B:BF:6A:60:8D:41:99:EC:30:49
            X509v3 Authority Key Identifier:
                keyid:11:5D:BC:00:43:3E:29:F2:AD:EB:03:8F:EA:2F:BD:70:48:FB:63:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EV28AEM-KfKt6wOP6i-9cEj7Yy8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/hysK0HS4yMpxAiu_amCNQZnsMEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/65a71d-0236-44d5-8ce9-229b4ae742de/1/EV28AEM-KfKt6wOP6i-9cEj7Yy8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.141.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:7a:34:2a:8e:b7:a8:62:b0:32:63:90:9c:70:2a:bf:78:0c:
         60:c1:2e:39:aa:42:87:a9:ed:b8:93:a8:53:8d:f4:e4:80:2d:
         28:c8:07:b8:4c:e4:ce:22:5c:7e:81:22:b8:d0:99:68:f8:ce:
         f9:25:c6:0d:28:1a:64:36:6c:3c:f8:b3:25:73:a1:49:7e:57:
         b8:ee:3f:b7:62:fe:4e:00:86:94:09:71:ca:23:eb:5f:5a:eb:
         65:a6:f8:5f:67:50:b6:59:a3:2f:d1:12:63:c6:26:16:fb:f3:
         68:52:2f:b3:5b:32:9c:5d:0f:ec:ea:b1:df:4e:fc:26:b0:05:
         35:f8:c3:3b:40:86:19:11:c7:c5:07:3a:ba:3a:b0:b7:3d:3f:
         fc:d5:ac:82:13:cb:2f:bd:24:c2:cb:2d:86:1b:91:48:3e:a0:
         a8:eb:86:4a:b2:b4:e1:8f:f4:af:53:b0:5f:99:09:23:77:23:
         e2:be:62:b4:97:c8:b3:fb:99:f8:b1:e5:1e:db:b5:c7:07:63:
         71:06:b5:17:48:24:1d:d4:02:ce:84:1e:3a:59:e8:ec:50:6f:
         b3:4a:ac:d6:1c:57:d6:14:24:00:e7:93:06:6c:f9:a0:d5:ca:
         ed:49:06:9b:05:40:ec:ed:39:08:01:3b:fc:70:ff:21:f5:23:
         52:1a:26:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRGlAcTH+b0vK8FCsxGd4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExNWRiYzAwNDMzZTI5ZjJhZGViMDM4ZmVhMmZiZDcwNDhm
YjYzMmYwHhcNMjUwMTAxMDk0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzJiMGFkMDc0YjhjOGNhNzEwMjJiYmY2YTYwOGQ0MTk5ZWMzMDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApABJ306jGEK+u0wZxra5yehp/Q34
B6j+WfvUWeRh28PbjbRW+w0h4tIQeNZq9EY551inu5VuKmdIhGJc1pCiQ3DOctH4
AEeLD2Die24UmUDRyZvUN5Aso8GcoAy+xoBwkpNdshSkGyv9g5tIUxoElDe0yL1Y
qTfURATgZGOjzh2jPqnznInIh9fkCCTKIsp7MPOvzld6jT1fLC4XVP6zR5aLy7hJ
tm4kFbfCKELWJ0KF48Y37DbZpQBnmDv9e9PQE08+K0009uS2WcdK8ekqEd0/vLwp
pdIfJDy32B6TCCuXZIGJCSHWVDyCrOCOqrYsdZs3Tn4LDjDY6AcUugjrXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcrCtB0uMjKcQIrv2pgjUGZ7DBJMB8GA1UdIwQY
MBaAFBFdvABDPinyresDj+ovvXBI+2MvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVYyOEFFTS1LZkt0NndPUDZpLTljRWo3WXk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC82NWE3MWQtMDIzNi00NGQ1LThjZTkt
MjI5YjRhZTc0MmRlLzEvaHlzSzBIUzR5TXB4QWl1X2FtQ05RWm5zTUVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC82NWE3MWQtMDIzNi00NGQ1LThjZTktMjI5YjRhZTc0MmRl
LzEvRVYyOEFFTS1LZkt0NndPUDZpLTljRWo3WXk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw435MA0G
CSqGSIb3DQEBCwUAA4IBAQBhejQqjreoYrAyY5CccCq/eAxgwS45qkKHqe24k6hT
jfTkgC0oyAe4TOTOIlx+gSK40Jlo+M75JcYNKBpkNmw8+LMlc6FJfle47j+3Yv5O
AIaUCXHKI+tfWutlpvhfZ1C2WaMv0RJjxiYW+/NoUi+zWzKcXQ/s6rHfTvwmsAU1
+MM7QIYZEcfFBzq6OrC3PT/81ayCE8svvSTCyy2GG5FIPqCo64ZKsrThj/SvU7Bf
mQkjdyPivmK0l8iz+5n4seUe27XHB2NxBrUXSCQd1ALOhB46WejsUG+zSqzWHFfW
FCQA55MGbPmg1crtSQabBUDs7TkIATv8cP8h9SNSGiZ1
-----END CERTIFICATE-----