Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/YzEEBZ2nFhr-nr4dIXveLwqw--4.roa
File:                     YzEEBZ2nFhr-nr4dIXveLwqw--4.roa (raw, json)
Hash identifier:          P4qnMKVAj6zCbFR4UGpNbSSaPMVJcYZbk7718Vgb2co=
Subject key identifier:   63:31:04:05:9D:A7:16:1A:FE:9E:BE:1D:21:7B:DE:2F:0A:B0:FB:EE
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       0194228D9EDB7AD4853043E358CE20E78DD1
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/YzEEBZ2nFhr-nr4dIXveLwqw--4.roa
Signing time:             Wed 01 Jan 2025 15:48:13 +0000
ROA not before:           Wed 01 Jan 2025 15:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207747
IP address blocks:        195.143.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:9e:db:7a:d4:85:30:43:e3:58:ce:20:e7:8d:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  1 15:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=633104059da7161afe9ebe1d217bde2f0ab0fbee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:09:d0:cf:4d:10:a2:ff:61:a1:59:4f:18:1c:
                    c7:0e:bb:85:d8:27:77:76:bf:b4:49:34:ec:9f:ff:
                    2e:c0:bb:92:de:4c:66:a8:9a:98:c6:7f:58:70:14:
                    4c:b7:87:a1:26:02:79:0e:0a:39:e1:b4:45:bd:48:
                    56:03:86:6d:9e:a6:70:13:4b:4d:14:74:05:59:db:
                    8f:9f:74:5a:51:2b:33:35:ad:a1:8c:92:4d:2f:43:
                    c8:c0:5a:57:e3:b3:26:26:7c:b0:8d:fa:b6:c9:71:
                    58:4a:14:29:d3:9b:61:f8:bc:dc:d0:45:2a:16:e3:
                    19:c2:a0:88:eb:f8:89:f9:b6:3f:1a:bd:c3:b5:93:
                    71:f3:01:60:1c:32:ee:ba:36:a2:81:c4:cb:f4:59:
                    92:6f:91:1e:8a:5b:b9:18:c4:43:53:bc:67:43:5b:
                    34:db:3e:6c:68:42:43:9e:7c:13:d1:e8:98:de:41:
                    fa:86:93:ca:ad:0a:71:28:a5:7a:9a:21:64:75:fc:
                    47:55:fc:3b:1a:f0:b1:b5:d1:b4:d1:51:55:89:a7:
                    92:78:c7:a1:ba:6c:03:5c:c3:48:25:ed:9a:a5:63:
                    70:f2:9b:c3:31:aa:b0:06:8e:93:9f:fa:44:ac:6b:
                    23:8e:d4:1f:e6:9f:8f:60:46:07:e3:9f:6b:3c:2a:
                    d1:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:31:04:05:9D:A7:16:1A:FE:9E:BE:1D:21:7B:DE:2F:0A:B0:FB:EE
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/YzEEBZ2nFhr-nr4dIXveLwqw--4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.143.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:22:54:5b:ff:8b:55:fb:0c:34:8e:07:b5:f9:23:5d:20:e9:
         36:2b:d2:da:6b:e2:59:2b:fb:e5:65:ae:29:c6:2f:a3:12:35:
         e0:6f:86:e2:4f:47:ba:07:29:27:e2:cf:bf:e0:2f:8b:41:0b:
         f1:a4:5f:ed:d7:43:ea:16:0a:7f:ae:bb:dd:10:e6:a8:8c:e1:
         a2:15:33:44:1a:9b:e4:55:e4:e7:12:5e:a0:b4:47:bb:04:50:
         4b:6e:e3:7f:d5:c4:5d:ca:b1:64:f7:dc:69:9b:4c:dd:5f:8a:
         f6:b5:92:f1:72:f7:91:ee:cd:44:a7:ff:bb:04:cd:cf:1d:4b:
         27:f5:1f:c5:9a:a5:dc:31:bd:0a:88:c0:4b:b4:c8:ac:46:7d:
         03:c6:43:9a:17:c5:bd:d2:96:4f:7c:0c:8f:02:5f:74:ec:b9:
         e4:81:68:40:69:34:e4:34:2e:0d:08:82:b3:0e:0e:95:9c:ae:
         26:ff:b2:2b:70:ab:41:ac:06:4a:d7:ec:ca:9e:cf:86:c8:0f:
         6a:41:39:ba:12:31:a5:11:17:b3:47:c1:7b:15:04:4d:81:d5:
         0f:75:8d:c0:39:06:aa:7e:88:cc:5a:5f:8d:c1:ec:e4:e9:07:
         c4:a3:4c:da:17:55:6a:c1:da:93:0b:0f:2b:92:d3:63:15:7e:
         ce:e2:4b:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijZ7betSFMEPjWM4g543RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwMTAxMTU0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzMxMDQwNTlkYTcxNjFhZmU5ZWJlMWQyMTdiZGUyZjBhYjBmYmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwnQz00Qov9hoVlPGBzHDruF2Cd3
dr+0STTsn/8uwLuS3kxmqJqYxn9YcBRMt4ehJgJ5Dgo54bRFvUhWA4ZtnqZwE0tN
FHQFWduPn3RaUSszNa2hjJJNL0PIwFpX47MmJnywjfq2yXFYShQp05th+Lzc0EUq
FuMZwqCI6/iJ+bY/Gr3DtZNx8wFgHDLuujaigcTL9FmSb5Eeilu5GMRDU7xnQ1s0
2z5saEJDnnwT0eiY3kH6hpPKrQpxKKV6miFkdfxHVfw7GvCxtdG00VFViaeSeMeh
umwDXMNIJe2apWNw8pvDMaqwBo6Tn/pErGsjjtQf5p+PYEYH459rPCrRVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGMxBAWdpxYa/p6+HSF73i8KsPvuMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvWXpFRUJaMm5GaHItbnI0ZElYdmVMd3F3LS00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw499MA0G
CSqGSIb3DQEBCwUAA4IBAQC0IlRb/4tV+ww0jge1+SNdIOk2K9Laa+JZK/vlZa4p
xi+jEjXgb4biT0e6Bykn4s+/4C+LQQvxpF/t10PqFgp/rrvdEOaojOGiFTNEGpvk
VeTnEl6gtEe7BFBLbuN/1cRdyrFk99xpm0zdX4r2tZLxcveR7s1Ep/+7BM3PHUsn
9R/FmqXcMb0KiMBLtMisRn0DxkOaF8W90pZPfAyPAl907LnkgWhAaTTkNC4NCIKz
Dg6VnK4m/7IrcKtBrAZK1+zKns+GyA9qQTm6EjGlERezR8F7FQRNgdUPdY3AOQaq
fojMWl+Nwezk6QfEo0zaF1VqwdqTCw8rktNjFX7O4kv6
-----END CERTIFICATE-----