Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/7dc313-42bc-4677-8e91-11a9e9922537/1/gULVBnS6_qNHU7cQ0dkYMIuUayU.roa
File:                     gULVBnS6_qNHU7cQ0dkYMIuUayU.roa (raw, json)
Hash identifier:          g1yDTdtovs95F32kLsCVnbkwBNkiMceKZcm5mTyCkJA=
Subject key identifier:   81:42:D5:06:74:BA:FE:A3:47:53:B7:10:D1:D9:18:30:8B:94:6B:25
Certificate issuer:       /CN=e964776cec62ef13a82a2165e6f8d47890d7734d
Certificate serial:       0194258E6571E6042BA5AEF2BD8DA935D026
Authority key identifier: E9:64:77:6C:EC:62:EF:13:A8:2A:21:65:E6:F8:D4:78:90:D7:73:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6WR3bOxi7xOoKiFl5vjUeJDXc00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/7dc313-42bc-4677-8e91-11a9e9922537/1/gULVBnS6_qNHU7cQ0dkYMIuUayU.roa
Signing time:             Thu 02 Jan 2025 05:47:56 +0000
ROA not before:           Thu 02 Jan 2025 05:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209242
IP address blocks:        195.26.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/7dc313-42bc-4677-8e91-11a9e9922537/1/6WR3bOxi7xOoKiFl5vjUeJDXc00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/7dc313-42bc-4677-8e91-11a9e9922537/1/6WR3bOxi7xOoKiFl5vjUeJDXc00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6WR3bOxi7xOoKiFl5vjUeJDXc00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:65:71:e6:04:2b:a5:ae:f2:bd:8d:a9:35:d0:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e964776cec62ef13a82a2165e6f8d47890d7734d
        Validity
            Not Before: Jan  2 05:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8142d50674bafea34753b710d1d918308b946b25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:fe:9d:4c:c2:c6:2f:e6:07:da:79:c5:f0:5e:
                    eb:0a:30:11:e2:9b:d7:7d:b5:b0:ca:c9:c6:ac:68:
                    7e:6c:fe:4d:72:9a:f3:ce:8c:49:6b:bb:b6:59:5d:
                    71:46:d1:f9:22:5f:09:45:c5:99:57:f1:aa:94:bb:
                    7c:f7:7c:0e:61:fd:6d:08:36:b8:5d:48:74:5e:00:
                    4b:a3:40:f4:bc:4e:b2:f3:30:9a:7f:cb:e2:3b:36:
                    52:90:d3:f6:18:60:7b:f2:bf:cb:b3:a0:d7:9d:d1:
                    c4:7d:46:26:4b:6c:77:cb:9e:a3:9a:51:9f:eb:57:
                    eb:14:fa:a5:e6:8d:1a:f3:43:a2:72:7e:fb:f1:61:
                    fd:19:dd:fc:bd:87:66:79:77:81:f8:3d:65:9e:72:
                    88:42:4c:87:6f:f8:fb:4d:8b:70:a1:61:28:bb:aa:
                    30:3e:5f:89:00:48:7c:ae:af:3c:ce:85:ff:71:3f:
                    e3:4b:f9:10:18:ef:20:d3:d4:24:2d:74:ee:03:fa:
                    0c:1f:8d:86:8a:95:6c:01:5c:e2:6e:5e:b9:ab:6c:
                    6e:42:c8:da:db:43:3c:03:00:72:fc:db:f9:a9:d2:
                    fe:23:9b:c7:74:fc:38:d4:7b:3b:02:7b:f5:8b:59:
                    1f:97:49:e9:9b:75:cc:40:a3:ad:e8:9b:2d:93:09:
                    b1:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:42:D5:06:74:BA:FE:A3:47:53:B7:10:D1:D9:18:30:8B:94:6B:25
            X509v3 Authority Key Identifier:
                keyid:E9:64:77:6C:EC:62:EF:13:A8:2A:21:65:E6:F8:D4:78:90:D7:73:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6WR3bOxi7xOoKiFl5vjUeJDXc00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/7dc313-42bc-4677-8e91-11a9e9922537/1/gULVBnS6_qNHU7cQ0dkYMIuUayU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/7dc313-42bc-4677-8e91-11a9e9922537/1/6WR3bOxi7xOoKiFl5vjUeJDXc00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.26.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:b4:1d:dd:1f:02:a9:e9:44:e5:3b:2d:4d:92:73:b5:28:f6:
         12:de:1c:6e:0e:81:de:e1:ee:83:3e:11:bb:af:11:94:d4:15:
         12:04:ba:ef:9e:59:ad:af:a9:50:eb:35:ef:26:e5:11:c2:aa:
         bd:7d:2f:3d:14:94:a5:30:89:7d:dd:5b:10:e9:61:1c:d3:bb:
         e2:9b:43:f1:20:85:46:94:93:41:ef:0e:f5:ba:5e:dc:ac:50:
         5f:97:bf:e6:a2:ec:a4:e1:9b:41:e4:37:c0:6f:64:91:9c:35:
         1d:1a:f8:5b:0a:c4:1b:8f:f8:db:e9:15:0d:7e:21:97:11:0e:
         57:81:3b:2f:d4:78:e1:7b:ad:1b:7e:d7:03:75:dd:de:0c:ff:
         b8:34:f9:b6:df:4f:ea:fb:6c:32:0a:da:28:a2:97:d5:44:ba:
         85:39:b6:8d:28:d2:71:3b:e6:1a:70:39:91:00:c6:43:e5:89:
         11:33:54:3c:f0:65:61:52:16:85:2e:ed:cd:99:66:7e:ce:14:
         81:84:94:14:4d:c0:14:3d:d7:fa:4f:a4:f6:ab:67:68:18:ef:
         1d:20:3e:56:00:1b:7e:cf:53:a1:6b:2e:ff:e1:1f:c3:b5:48:
         d0:77:40:9e:63:b9:83:bf:ea:27:67:12:e4:46:6d:8d:da:ca:
         c9:d1:bd:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljmVx5gQrpa7yvY2pNdAmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NjQ3NzZjZWM2MmVmMTNhODJhMjE2NWU2ZjhkNDc4OTBk
NzczNGQwHhcNMjUwMTAyMDU0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTQyZDUwNjc0YmFmZWEzNDc1M2I3MTBkMWQ5MTgzMDhiOTQ2YjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/6dTMLGL+YH2nnF8F7rCjAR4pvX
fbWwysnGrGh+bP5NcprzzoxJa7u2WV1xRtH5Il8JRcWZV/GqlLt893wOYf1tCDa4
XUh0XgBLo0D0vE6y8zCaf8viOzZSkNP2GGB78r/Ls6DXndHEfUYmS2x3y56jmlGf
61frFPql5o0a80Oicn778WH9Gd38vYdmeXeB+D1lnnKIQkyHb/j7TYtwoWEou6ow
Pl+JAEh8rq88zoX/cT/jS/kQGO8g09QkLXTuA/oMH42GipVsAVzibl65q2xuQsja
20M8AwBy/Nv5qdL+I5vHdPw41Hs7Anv1i1kfl0npm3XMQKOt6JstkwmxSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIFC1QZ0uv6jR1O3ENHZGDCLlGslMB8GA1UdIwQY
MBaAFOlkd2zsYu8TqCohZeb41HiQ13NNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNldSM2JPeGk3eE9vS2lGbDV2alVlSkRYYzAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy83ZGMzMTMtNDJiYy00Njc3LThlOTEt
MTFhOWU5OTIyNTM3LzEvZ1VMVkJuUzZfcU5IVTdjUTBka1lNSXVVYXlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy83ZGMzMTMtNDJiYy00Njc3LThlOTEtMTFhOWU5OTIyNTM3
LzEvNldSM2JPeGk3eE9vS2lGbDV2alVlSkRYYzAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxrlMA0G
CSqGSIb3DQEBCwUAA4IBAQBOtB3dHwKp6UTlOy1NknO1KPYS3hxuDoHe4e6DPhG7
rxGU1BUSBLrvnlmtr6lQ6zXvJuURwqq9fS89FJSlMIl93VsQ6WEc07vim0PxIIVG
lJNB7w71ul7crFBfl7/mouyk4ZtB5DfAb2SRnDUdGvhbCsQbj/jb6RUNfiGXEQ5X
gTsv1Hjhe60bftcDdd3eDP+4NPm230/q+2wyCtooopfVRLqFObaNKNJxO+YacDmR
AMZD5YkRM1Q88GVhUhaFLu3NmWZ+zhSBhJQUTcAUPdf6T6T2q2doGO8dID5WABt+
z1Ohay7/4R/DtUjQd0CeY7mDv+onZxLkRm2N2srJ0b1a
-----END CERTIFICATE-----