Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/958a59-f80d-4d58-9d43-f26bff8b4994/1/rDEmrMM95SkqxkB8l_GRLopLAJU.roa
File:                     rDEmrMM95SkqxkB8l_GRLopLAJU.roa (raw, json)
Hash identifier:          ED7EnqJpzioTMb1iFori/SMlNofClBdI83/52l8DPvw=
Subject key identifier:   AC:31:26:AC:C3:3D:E5:29:2A:C6:40:7C:97:F1:91:2E:8A:4B:00:95
Certificate issuer:       /CN=240fd0d33886d839c5cc90103a186e13a348ad50
Certificate serial:       0199118096CB01F6CBD8E001CBB1BDBD84A0
Authority key identifier: 24:0F:D0:D3:38:86:D8:39:C5:CC:90:10:3A:18:6E:13:A3:48:AD:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JA_Q0ziG2DnFzJAQOhhuE6NIrVA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/958a59-f80d-4d58-9d43-f26bff8b4994/1/rDEmrMM95SkqxkB8l_GRLopLAJU.roa
Signing time:             Wed 03 Sep 2025 21:34:23 +0000
ROA not before:           Wed 03 Sep 2025 21:34:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51918
IP address blocks:        195.10.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/958a59-f80d-4d58-9d43-f26bff8b4994/1/JA_Q0ziG2DnFzJAQOhhuE6NIrVA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/958a59-f80d-4d58-9d43-f26bff8b4994/1/JA_Q0ziG2DnFzJAQOhhuE6NIrVA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JA_Q0ziG2DnFzJAQOhhuE6NIrVA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 00:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:11:80:96:cb:01:f6:cb:d8:e0:01:cb:b1:bd:bd:84:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=240fd0d33886d839c5cc90103a186e13a348ad50
        Validity
            Not Before: Sep  3 21:34:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac3126acc33de5292ac6407c97f1912e8a4b0095
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b1:3c:48:ab:ac:31:40:1b:57:f6:e7:07:f0:
                    cb:bb:a9:02:8e:4c:af:8f:0a:a8:71:19:11:29:a2:
                    5a:8f:e6:d0:42:b7:e1:ac:95:c3:6b:06:40:49:fe:
                    5f:6a:76:ae:1a:b8:79:ec:a7:1a:91:22:c1:7b:4d:
                    63:34:44:b8:e7:b3:0c:66:50:d5:46:aa:d0:31:1f:
                    31:b0:f2:c3:64:2c:c7:95:9d:06:a2:e5:43:d7:8a:
                    2d:d9:df:0b:ae:b0:80:a3:4e:da:39:9e:c9:e1:69:
                    3e:bb:00:30:12:19:7a:78:00:a9:81:a9:dc:b9:04:
                    86:7a:81:04:96:2e:77:96:16:bf:de:ef:f2:25:f6:
                    4c:e6:2b:e4:aa:73:35:0e:74:98:5d:da:ef:3b:58:
                    73:9d:d1:59:52:a1:ee:c1:50:66:14:42:1c:d0:3b:
                    63:c3:65:45:13:34:43:d6:54:86:6d:b1:11:65:12:
                    20:4b:44:12:3e:14:77:e1:d8:81:63:d8:33:2b:46:
                    c9:56:9e:18:e4:4d:54:38:3b:96:44:b4:86:d5:97:
                    0c:f6:21:9e:ab:db:d9:4c:c0:84:39:62:35:ed:c2:
                    7a:3b:b9:3a:97:27:23:0d:14:04:b8:79:e3:e0:85:
                    c6:af:b3:14:b8:bf:b4:4e:66:17:b3:bd:33:fe:e7:
                    49:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:31:26:AC:C3:3D:E5:29:2A:C6:40:7C:97:F1:91:2E:8A:4B:00:95
            X509v3 Authority Key Identifier:
                keyid:24:0F:D0:D3:38:86:D8:39:C5:CC:90:10:3A:18:6E:13:A3:48:AD:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JA_Q0ziG2DnFzJAQOhhuE6NIrVA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/958a59-f80d-4d58-9d43-f26bff8b4994/1/rDEmrMM95SkqxkB8l_GRLopLAJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/958a59-f80d-4d58-9d43-f26bff8b4994/1/JA_Q0ziG2DnFzJAQOhhuE6NIrVA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.10.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:22:5e:45:0a:a6:f6:b8:49:b5:b6:9a:30:aa:56:06:b1:b2:
         01:9b:ad:49:41:db:71:ae:61:5d:b5:9e:34:8f:d0:8b:16:13:
         d9:89:f3:26:06:09:86:88:3e:06:bd:59:04:00:fa:33:79:d9:
         2e:a7:8e:db:ff:3a:f3:c1:22:3b:d4:72:f6:a4:55:0f:dc:1c:
         55:5f:eb:4d:0e:84:2b:fb:6e:bd:15:e3:38:3a:bb:c7:cf:86:
         3f:e7:bb:32:26:c8:0c:02:b8:7f:3e:27:9b:b3:70:2a:b0:77:
         b5:c3:22:a6:f5:a3:db:25:b8:3b:51:8b:6c:16:c9:07:7a:ff:
         7e:83:e0:40:d8:71:11:cc:fc:2a:fc:5c:2b:34:d3:57:f6:8a:
         46:89:13:6a:f1:71:fc:55:72:71:6e:c9:65:a6:00:e7:36:b6:
         8d:31:8d:f1:1e:38:76:0e:c0:38:c5:3a:24:a2:8d:30:41:36:
         53:46:88:18:77:1b:49:9e:16:44:8a:42:db:f8:fa:51:30:a7:
         e1:3d:52:33:3d:ae:b2:6a:a9:27:b0:68:84:56:b3:2e:9e:ef:
         24:c6:58:c4:bf:1a:3c:00:bf:7e:6d:2a:32:4b:85:1b:1a:a4:
         a0:20:3a:45:62:21:38:46:45:32:72:d4:76:dd:50:a6:4e:c2:
         71:31:53:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkRgJbLAfbL2OABy7G9vYSgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MGZkMGQzMzg4NmQ4MzljNWNjOTAxMDNhMTg2ZTEzYTM0
OGFkNTAwHhcNMjUwOTAzMjEzNDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzMxMjZhY2MzM2RlNTI5MmFjNjQwN2M5N2YxOTEyZThhNGIwMDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrE8SKusMUAbV/bnB/DLu6kCjkyv
jwqocRkRKaJaj+bQQrfhrJXDawZASf5fanauGrh57KcakSLBe01jNES457MMZlDV
RqrQMR8xsPLDZCzHlZ0GouVD14ot2d8LrrCAo07aOZ7J4Wk+uwAwEhl6eACpganc
uQSGeoEEli53lha/3u/yJfZM5ivkqnM1DnSYXdrvO1hzndFZUqHuwVBmFEIc0Dtj
w2VFEzRD1lSGbbERZRIgS0QSPhR34diBY9gzK0bJVp4Y5E1UODuWRLSG1ZcM9iGe
q9vZTMCEOWI17cJ6O7k6lycjDRQEuHnj4IXGr7MUuL+0TmYXs70z/udJNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKwxJqzDPeUpKsZAfJfxkS6KSwCVMB8GA1UdIwQY
MBaAFCQP0NM4htg5xcyQEDoYbhOjSK1QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkFfUTB6aUcyRG5GekpBUU9oaHVFNk5JclZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy85NThhNTktZjgwZC00ZDU4LTlkNDMt
ZjI2YmZmOGI0OTk0LzEvckRFbXJNTTk1U2txeGtCOGxfR1JMb3BMQUpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy85NThhNTktZjgwZC00ZDU4LTlkNDMtZjI2YmZmOGI0OTk0
LzEvSkFfUTB6aUcyRG5GekpBUU9oaHVFNk5JclZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwrvMA0G
CSqGSIb3DQEBCwUAA4IBAQA0Il5FCqb2uEm1tpowqlYGsbIBm61JQdtxrmFdtZ40
j9CLFhPZifMmBgmGiD4GvVkEAPozedkup47b/zrzwSI71HL2pFUP3BxVX+tNDoQr
+269FeM4OrvHz4Y/57syJsgMArh/Piebs3AqsHe1wyKm9aPbJbg7UYtsFskHev9+
g+BA2HERzPwq/FwrNNNX9opGiRNq8XH8VXJxbsllpgDnNraNMY3xHjh2DsA4xTok
oo0wQTZTRogYdxtJnhZEikLb+PpRMKfhPVIzPa6yaqknsGiEVrMunu8kxljEvxo8
AL9+bSoyS4UbGqSgIDpFYiE4RkUyctR23VCmTsJxMVOs
-----END CERTIFICATE-----