Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/e20938-433c-4a26-8745-9d747d9a250a/1/9UcomILdtAe6cNct4YOh4DKdhek.roa
File:                     9UcomILdtAe6cNct4YOh4DKdhek.roa (raw, json)
Hash identifier:          5S+dEogRJfe8M30SkPrXb8z3+L8Fg1f4Nn7krQuU6Oo=
Subject key identifier:   F5:47:28:98:82:DD:B4:07:BA:70:D7:2D:E1:83:A1:E0:32:9D:85:E9
Certificate issuer:       /CN=be448c67a3ab0ea375fba848c9fe8c8eb1e84d6f
Certificate serial:       01942747BC97B8E7F6A1DAD1870034D97285
Authority key identifier: BE:44:8C:67:A3:AB:0E:A3:75:FB:A8:48:C9:FE:8C:8E:B1:E8:4D:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vkSMZ6OrDqN1-6hIyf6MjrHoTW8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/e20938-433c-4a26-8745-9d747d9a250a/1/9UcomILdtAe6cNct4YOh4DKdhek.roa
Signing time:             Thu 02 Jan 2025 13:50:00 +0000
ROA not before:           Thu 02 Jan 2025 13:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48352
IP address blocks:        195.16.75.0/24 maxlen: 24
                          2a11:c600::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/e20938-433c-4a26-8745-9d747d9a250a/1/vkSMZ6OrDqN1-6hIyf6MjrHoTW8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/e20938-433c-4a26-8745-9d747d9a250a/1/vkSMZ6OrDqN1-6hIyf6MjrHoTW8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vkSMZ6OrDqN1-6hIyf6MjrHoTW8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 22:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:bc:97:b8:e7:f6:a1:da:d1:87:00:34:d9:72:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be448c67a3ab0ea375fba848c9fe8c8eb1e84d6f
        Validity
            Not Before: Jan  2 13:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f547289882ddb407ba70d72de183a1e0329d85e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:4a:e1:4a:8e:35:c5:96:1e:4b:ed:f7:af:0f:
                    84:f5:25:c0:fb:8c:0f:4c:e0:1d:e7:d1:c4:d3:72:
                    e7:ec:6d:77:70:51:ec:10:67:a9:37:c4:d6:01:3c:
                    c5:db:3f:43:68:ff:fa:03:6a:ac:0c:26:af:cb:d8:
                    7d:e4:cc:ca:22:3f:9d:0a:21:6e:57:c1:c6:f6:9e:
                    86:ab:05:61:50:6c:41:48:b8:5f:f0:62:db:5b:ef:
                    b4:9c:2a:5a:5a:3a:22:62:fd:e0:4e:f8:80:dc:0d:
                    a6:33:7b:45:e4:68:1a:bf:df:a5:c7:7e:3b:9e:da:
                    e7:23:8b:0d:b4:f4:af:42:b8:6e:0e:fc:02:5c:4b:
                    6d:98:9a:00:36:6a:f6:5d:1d:64:21:b8:86:96:f2:
                    15:57:fe:c1:06:0e:ff:69:d6:0d:b5:36:b7:92:61:
                    8f:37:80:29:0b:74:95:c0:8f:46:d4:4f:e0:a0:2b:
                    cd:ff:f1:a0:7f:e0:cd:57:60:33:b2:6b:09:75:dc:
                    0f:ac:8a:5a:34:78:b7:75:5a:da:28:8b:1f:4e:ad:
                    47:d7:b2:e3:ed:01:fd:8c:dd:0a:6d:8c:59:17:de:
                    f9:10:73:45:fa:f3:2b:c1:d9:c6:2e:91:8a:c2:1c:
                    67:2e:47:7f:92:d3:c8:19:03:b6:4c:a2:64:60:2c:
                    cb:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:47:28:98:82:DD:B4:07:BA:70:D7:2D:E1:83:A1:E0:32:9D:85:E9
            X509v3 Authority Key Identifier:
                keyid:BE:44:8C:67:A3:AB:0E:A3:75:FB:A8:48:C9:FE:8C:8E:B1:E8:4D:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vkSMZ6OrDqN1-6hIyf6MjrHoTW8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/e20938-433c-4a26-8745-9d747d9a250a/1/9UcomILdtAe6cNct4YOh4DKdhek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/e20938-433c-4a26-8745-9d747d9a250a/1/vkSMZ6OrDqN1-6hIyf6MjrHoTW8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.16.75.0/24
                IPv6:
                  2a11:c600::/29

    Signature Algorithm: sha256WithRSAEncryption
         c8:94:85:5e:c8:8b:aa:f0:8d:9a:8f:00:38:c8:97:5f:83:89:
         a1:56:60:24:04:6a:02:55:f0:3d:4a:de:d0:31:52:ec:c2:d3:
         52:40:b8:41:00:16:1e:10:c9:01:5b:43:35:41:67:f2:5e:5f:
         be:c9:21:2b:6e:fd:fd:ea:cd:ac:7c:4b:f2:a6:5f:75:24:cb:
         e7:3a:8b:65:e3:30:8f:53:a0:20:9f:dd:56:83:ef:36:18:f3:
         06:5d:ff:06:34:ff:e9:11:06:05:72:7c:97:b3:91:bc:71:3f:
         66:8a:27:b6:ad:6e:eb:31:cc:3e:18:78:2e:68:7c:3c:17:1c:
         d8:bf:43:ec:60:61:0b:f5:95:cb:26:9b:d4:e6:4a:2c:92:a8:
         48:18:bd:c0:65:b6:21:47:b6:e9:15:75:a1:dd:5e:85:1e:b0:
         f2:fb:9a:31:9f:ac:56:d8:06:ea:3b:b5:66:9c:28:70:9d:c3:
         8b:95:42:d2:a4:39:6c:4e:5a:f7:bd:49:8d:5f:22:97:b2:ed:
         64:22:db:d0:66:52:12:29:41:74:76:d8:09:73:88:75:b1:f6:
         e2:07:df:7b:6f:ed:6a:d1:c5:16:d4:75:22:e7:2e:b9:23:42:
         26:a7:50:41:42:dc:f8:d5:f4:0f:9d:6e:f0:0f:4d:94:78:03:
         25:5c:7d:73
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQnR7yXuOf2odrRhwA02XKFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNDQ4YzY3YTNhYjBlYTM3NWZiYTg0OGM5ZmU4YzhlYjFl
ODRkNmYwHhcNMjUwMTAyMTM1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTQ3Mjg5ODgyZGRiNDA3YmE3MGQ3MmRlMTgzYTFlMDMyOWQ4NWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUrhSo41xZYeS+33rw+E9SXA+4wP
TOAd59HE03Ln7G13cFHsEGepN8TWATzF2z9DaP/6A2qsDCavy9h95MzKIj+dCiFu
V8HG9p6GqwVhUGxBSLhf8GLbW++0nCpaWjoiYv3gTviA3A2mM3tF5Ggav9+lx347
ntrnI4sNtPSvQrhuDvwCXEttmJoANmr2XR1kIbiGlvIVV/7BBg7/adYNtTa3kmGP
N4ApC3SVwI9G1E/goCvN//Ggf+DNV2AzsmsJddwPrIpaNHi3dVraKIsfTq1H17Lj
7QH9jN0KbYxZF975EHNF+vMrwdnGLpGKwhxnLkd/ktPIGQO2TKJkYCzLUQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPVHKJiC3bQHunDXLeGDoeAynYXpMB8GA1UdIwQY
MBaAFL5EjGejqw6jdfuoSMn+jI6x6E1vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmtTTVo2T3JEcU4xLTZoSXlmNk1qckhvVFc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9lMjA5MzgtNDMzYy00YTI2LTg3NDUt
OWQ3NDdkOWEyNTBhLzEvOVVjb21JTGR0QWU2Y05jdDRZT2g0REtkaGVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9lMjA5MzgtNDMzYy00YTI2LTg3NDUtOWQ3NDdkOWEyNTBh
LzEvdmtTTVo2T3JEcU4xLTZoSXlmNk1qckhvVFc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwxBLMA0E
AgACMAcDBQMqEcYAMA0GCSqGSIb3DQEBCwUAA4IBAQDIlIVeyIuq8I2ajwA4yJdf
g4mhVmAkBGoCVfA9St7QMVLswtNSQLhBABYeEMkBW0M1QWfyXl++ySErbv396s2s
fEvypl91JMvnOotl4zCPU6Agn91Wg+82GPMGXf8GNP/pEQYFcnyXs5G8cT9miie2
rW7rMcw+GHguaHw8FxzYv0PsYGEL9ZXLJpvU5koskqhIGL3AZbYhR7bpFXWh3V6F
HrDy+5oxn6xW2AbqO7VmnChwncOLlULSpDlsTlr3vUmNXyKXsu1kItvQZlISKUF0
dtgJc4h1sfbiB997b+1q0cUW1HUi5y65I0Imp1BBQtz41fQPnW7wD02UeAMlXH1z
-----END CERTIFICATE-----