Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/01a285-fc81-4b06-80b2-00c913cb0557/1/UQFRRC8sXbk0r4Q6fEr2IYKv7N4.roa
File:                     UQFRRC8sXbk0r4Q6fEr2IYKv7N4.roa (raw, json)
Hash identifier:          7PfHdaN/WSlX46HPIjWpG4hQQPCzHjIU2IYqvwhWpeo=
Subject key identifier:   51:01:51:44:2F:2C:5D:B9:34:AF:84:3A:7C:4A:F6:21:82:AF:EC:DE
Certificate issuer:       /CN=458b6759c1a0cf5ad82da5c393bcd0fff7c7e2f0
Certificate serial:       01941FFA7F8A5865967B7B53DEBCA191AAB4
Authority key identifier: 45:8B:67:59:C1:A0:CF:5A:D8:2D:A5:C3:93:BC:D0:FF:F7:C7:E2:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RYtnWcGgz1rYLaXDk7zQ__fH4vA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/01a285-fc81-4b06-80b2-00c913cb0557/1/UQFRRC8sXbk0r4Q6fEr2IYKv7N4.roa
Signing time:             Wed 01 Jan 2025 03:48:17 +0000
ROA not before:           Wed 01 Jan 2025 03:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42698
IP address blocks:        195.248.252.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/01a285-fc81-4b06-80b2-00c913cb0557/1/RYtnWcGgz1rYLaXDk7zQ__fH4vA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/01a285-fc81-4b06-80b2-00c913cb0557/1/RYtnWcGgz1rYLaXDk7zQ__fH4vA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RYtnWcGgz1rYLaXDk7zQ__fH4vA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:7f:8a:58:65:96:7b:7b:53:de:bc:a1:91:aa:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=458b6759c1a0cf5ad82da5c393bcd0fff7c7e2f0
        Validity
            Not Before: Jan  1 03:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=510151442f2c5db934af843a7c4af62182afecde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f7:18:27:5b:dd:17:08:17:a9:e1:e8:a0:93:
                    ac:89:01:c9:9a:62:44:23:c5:0e:7b:8b:56:ea:96:
                    f6:c1:31:0a:2e:90:2e:e9:3f:d2:b3:9f:ad:0b:23:
                    ac:93:c4:6e:bd:41:f3:eb:b7:7d:ca:15:b2:67:4c:
                    93:e5:b4:3e:ab:72:7f:bd:57:41:5c:21:e7:4a:d2:
                    1c:92:cb:d5:e4:22:94:90:46:46:85:4f:f5:7c:0e:
                    14:b4:bc:79:a2:04:e1:e0:82:5b:c4:48:ef:dd:b7:
                    af:3f:e6:76:d9:2c:86:e6:42:03:2d:02:d5:28:33:
                    af:38:1f:af:cd:71:39:9d:ed:42:95:ce:5f:d5:25:
                    83:17:ac:e2:f0:b3:b4:c9:82:05:cf:36:9e:2f:36:
                    7b:f9:53:5e:d3:2b:1f:09:bf:38:54:5b:6e:99:68:
                    d9:b3:25:2c:5c:07:42:04:52:4c:55:f3:cf:14:63:
                    f5:f3:14:6e:05:cc:3e:20:21:99:39:8f:55:82:28:
                    6c:b7:4c:26:ad:7e:1f:79:98:e8:9b:64:10:8c:64:
                    d1:1c:a5:c7:ce:71:62:da:79:c9:32:47:33:42:d6:
                    7c:ab:fe:39:d2:4c:a9:aa:44:dc:d5:f1:50:25:f8:
                    95:a5:7c:cc:3c:ad:37:a1:6e:8d:63:51:22:8d:f8:
                    e1:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:01:51:44:2F:2C:5D:B9:34:AF:84:3A:7C:4A:F6:21:82:AF:EC:DE
            X509v3 Authority Key Identifier:
                keyid:45:8B:67:59:C1:A0:CF:5A:D8:2D:A5:C3:93:BC:D0:FF:F7:C7:E2:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RYtnWcGgz1rYLaXDk7zQ__fH4vA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/01a285-fc81-4b06-80b2-00c913cb0557/1/UQFRRC8sXbk0r4Q6fEr2IYKv7N4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/01a285-fc81-4b06-80b2-00c913cb0557/1/RYtnWcGgz1rYLaXDk7zQ__fH4vA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.248.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         80:66:b1:30:99:e1:78:5e:ce:a3:67:79:07:bc:85:7c:80:39:
         4e:9c:77:87:c9:57:2a:b8:16:93:7f:43:18:0a:0c:91:51:00:
         51:54:34:61:e6:8f:70:45:fc:d4:55:66:43:f4:06:69:d6:a1:
         1d:60:e9:18:90:83:ba:3b:2a:2d:3e:26:08:67:67:ba:90:96:
         2a:4b:c6:14:2c:15:aa:02:5d:1c:d8:7d:41:9e:81:c9:2d:06:
         21:23:c6:14:db:dc:70:77:1e:74:c2:a2:ce:85:3c:0e:94:58:
         2b:f2:d9:4c:53:d7:c9:e8:e7:74:29:63:4b:b4:aa:86:32:32:
         d1:0e:fd:0d:fc:d2:39:2e:52:dc:f8:63:8b:1a:97:28:90:9a:
         a5:ae:29:48:8c:de:5a:0b:b4:70:ed:34:7d:a9:0a:b2:23:63:
         05:6e:69:d2:77:37:fa:91:44:20:cd:64:94:6a:5c:ba:0b:ab:
         7a:b9:ba:a6:1b:56:a9:72:4e:f6:1b:a2:02:31:80:d8:08:50:
         cd:d2:77:80:97:eb:78:7c:e4:e0:6d:76:38:c7:d9:d1:0e:29:
         e2:53:60:4b:c5:c9:b6:59:ed:3b:68:16:56:34:af:a2:16:56:
         e6:ef:3e:58:ce:84:5d:2f:b7:55:a1:aa:5b:4a:03:d7:9c:63:
         4f:13:95:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+n+KWGWWe3tT3ryhkaq0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OGI2NzU5YzFhMGNmNWFkODJkYTVjMzkzYmNkMGZmZjdj
N2UyZjAwHhcNMjUwMTAxMDM0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTAxNTE0NDJmMmM1ZGI5MzRhZjg0M2E3YzRhZjYyMTgyYWZlY2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPcYJ1vdFwgXqeHooJOsiQHJmmJE
I8UOe4tW6pb2wTEKLpAu6T/Ss5+tCyOsk8RuvUHz67d9yhWyZ0yT5bQ+q3J/vVdB
XCHnStIcksvV5CKUkEZGhU/1fA4UtLx5ogTh4IJbxEjv3bevP+Z22SyG5kIDLQLV
KDOvOB+vzXE5ne1Clc5f1SWDF6zi8LO0yYIFzzaeLzZ7+VNe0ysfCb84VFtumWjZ
syUsXAdCBFJMVfPPFGP18xRuBcw+ICGZOY9Vgihst0wmrX4feZjom2QQjGTRHKXH
znFi2nnJMkczQtZ8q/450kypqkTc1fFQJfiVpXzMPK03oW6NY1EijfjhlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFEBUUQvLF25NK+EOnxK9iGCr+zeMB8GA1UdIwQY
MBaAFEWLZ1nBoM9a2C2lw5O80P/3x+LwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUll0bldjR2d6MXJZTGFYRGs3elFfX2ZINHZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy8wMWEyODUtZmM4MS00YjA2LTgwYjIt
MDBjOTEzY2IwNTU3LzEvVVFGUlJDOHNYYmswcjRRNmZFcjJJWUt2N040LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy8wMWEyODUtZmM4MS00YjA2LTgwYjItMDBjOTEzY2IwNTU3
LzEvUll0bldjR2d6MXJZTGFYRGs3elFfX2ZINHZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/j8MA0G
CSqGSIb3DQEBCwUAA4IBAQCAZrEwmeF4Xs6jZ3kHvIV8gDlOnHeHyVcquBaTf0MY
CgyRUQBRVDRh5o9wRfzUVWZD9AZp1qEdYOkYkIO6OyotPiYIZ2e6kJYqS8YULBWq
Al0c2H1BnoHJLQYhI8YU29xwdx50wqLOhTwOlFgr8tlMU9fJ6Od0KWNLtKqGMjLR
Dv0N/NI5LlLc+GOLGpcokJqlrilIjN5aC7Rw7TR9qQqyI2MFbmnSdzf6kUQgzWSU
aly6C6t6ubqmG1apck72G6ICMYDYCFDN0neAl+t4fOTgbXY4x9nRDiniU2BLxcm2
We07aBZWNK+iFlbm7z5YzoRdL7dVoapbSgPXnGNPE5XX
-----END CERTIFICATE-----