Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/souczleczCVqkrNxvd8oHNGu1dk.roa
File:                     souczleczCVqkrNxvd8oHNGu1dk.roa (raw, json)
Hash identifier:          uFnTCMEPObmzGHx+vjFGq3/l08AP+JTBUd8TO7+wvtw=
Subject key identifier:   B2:8B:9C:CE:57:9C:CC:25:6A:92:B3:71:BD:DF:28:1C:D1:AE:D5:D9
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       0194244515C13294DA30B2B1F181CBAC27FF
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/souczleczCVqkrNxvd8oHNGu1dk.roa
Signing time:             Wed 01 Jan 2025 23:48:14 +0000
ROA not before:           Wed 01 Jan 2025 23:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43149
IP address blocks:        195.64.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 08:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:15:c1:32:94:da:30:b2:b1:f1:81:cb:ac:27:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jan  1 23:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b28b9cce579ccc256a92b371bddf281cd1aed5d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:cb:63:36:2b:cf:2a:6c:30:ba:4e:7e:dd:a5:
                    81:23:e3:ff:88:4f:5d:83:27:1a:7d:ce:ca:f6:2c:
                    0c:e3:e6:d1:95:96:e2:ab:ac:04:45:be:da:73:f8:
                    fb:47:87:00:ed:24:f7:ef:5f:96:47:61:ed:ee:ea:
                    d6:ad:b5:5f:e6:7e:a5:9c:48:9c:37:bb:83:21:da:
                    60:1f:c6:a0:8c:2b:62:03:13:17:91:56:99:67:01:
                    de:91:25:6b:70:ca:49:94:5f:60:5c:26:db:7b:28:
                    67:8f:63:61:07:ea:33:46:56:06:58:56:f9:5f:79:
                    8e:af:2b:62:84:e9:14:9a:ad:0a:24:20:2c:8e:db:
                    0d:46:35:6f:f9:5f:3c:73:dd:24:27:1c:16:fd:95:
                    86:6b:e2:5c:f3:9d:71:86:6f:3d:1f:be:72:2d:f6:
                    da:ec:8d:9b:70:97:5e:cd:22:0b:18:7e:7d:60:0a:
                    a2:17:b6:6b:d0:c7:7d:57:58:28:d8:d4:a4:fb:da:
                    cc:e2:f5:68:b0:ef:da:e4:3d:67:99:d2:04:a1:e3:
                    5a:22:33:23:a1:15:0a:09:99:10:a0:54:10:8c:74:
                    7a:0b:82:1e:5a:0b:be:77:41:34:86:89:ee:15:dd:
                    80:4a:a9:18:2c:4f:66:92:35:fd:81:6a:89:3f:8d:
                    50:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:8B:9C:CE:57:9C:CC:25:6A:92:B3:71:BD:DF:28:1C:D1:AE:D5:D9
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/souczleczCVqkrNxvd8oHNGu1dk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:b3:cc:09:80:ea:88:c6:d1:65:17:5a:96:db:6d:8e:01:4f:
         b2:ba:1e:28:15:3a:22:0f:90:1d:59:db:72:d1:b3:18:26:71:
         b4:3e:20:00:49:8d:e5:36:e2:3f:64:4b:ec:ab:7d:84:be:5e:
         20:61:1d:a5:2c:a3:30:ac:c4:3b:93:26:03:48:a8:48:cf:c9:
         97:0c:86:ed:81:46:56:c6:9b:a7:fa:82:5c:18:ff:9b:b2:aa:
         89:5d:4c:b6:ae:68:13:ed:e7:45:b4:b4:54:44:73:f9:c9:87:
         6c:40:c9:20:16:d0:47:bd:f8:59:11:60:82:50:20:e1:b5:1e:
         44:01:10:61:43:68:f0:83:0b:7f:d6:63:f1:74:65:da:84:9d:
         ac:48:1b:4a:55:e8:bf:26:ce:b8:70:7e:50:83:02:6b:19:1e:
         9e:70:2e:ca:ae:5e:62:b6:91:28:98:cf:d8:20:39:31:3f:8a:
         6c:fc:82:11:dc:bd:68:0c:8c:64:90:14:66:24:20:5c:ea:aa:
         25:32:3c:99:6a:1c:6c:8d:6e:12:c6:35:30:c4:19:f8:57:85:
         4e:38:30:b7:56:8f:7d:2d:73:1d:7f:af:31:ed:78:b5:cc:61:
         e7:fa:ff:1e:d7:d7:4d:18:ad:04:03:76:bc:60:c2:f6:a7:41:
         c1:3c:04:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRRXBMpTaMLKx8YHLrCf/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjUwMTAxMjM0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjhiOWNjZTU3OWNjYzI1NmE5MmIzNzFiZGRmMjgxY2QxYWVkNWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8tjNivPKmwwuk5+3aWBI+P/iE9d
gycafc7K9iwM4+bRlZbiq6wERb7ac/j7R4cA7ST371+WR2Ht7urWrbVf5n6lnEic
N7uDIdpgH8agjCtiAxMXkVaZZwHekSVrcMpJlF9gXCbbeyhnj2NhB+ozRlYGWFb5
X3mOrytihOkUmq0KJCAsjtsNRjVv+V88c90kJxwW/ZWGa+Jc851xhm89H75yLfba
7I2bcJdezSILGH59YAqiF7Zr0Md9V1go2NSk+9rM4vVosO/a5D1nmdIEoeNaIjMj
oRUKCZkQoFQQjHR6C4IeWgu+d0E0honuFd2ASqkYLE9mkjX9gWqJP41QQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLKLnM5XnMwlapKzcb3fKBzRrtXZMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvc291Y3psZWN6Q1Zxa3JOeHZkOG9ITkd1MWRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0BpMA0G
CSqGSIb3DQEBCwUAA4IBAQB4s8wJgOqIxtFlF1qW222OAU+yuh4oFToiD5AdWdty
0bMYJnG0PiAASY3lNuI/ZEvsq32Evl4gYR2lLKMwrMQ7kyYDSKhIz8mXDIbtgUZW
xpun+oJcGP+bsqqJXUy2rmgT7edFtLRURHP5yYdsQMkgFtBHvfhZEWCCUCDhtR5E
ARBhQ2jwgwt/1mPxdGXahJ2sSBtKVei/Js64cH5QgwJrGR6ecC7Krl5itpEomM/Y
IDkxP4ps/IIR3L1oDIxkkBRmJCBc6qolMjyZahxsjW4SxjUwxBn4V4VOODC3Vo99
LXMdf68x7Xi1zGHn+v8e19dNGK0EA3a8YML2p0HBPAQE
-----END CERTIFICATE-----