Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/UtIToTT3ux8XXdreVVh-fgtF4EM.roa
File:                     UtIToTT3ux8XXdreVVh-fgtF4EM.roa (raw, json)
Hash identifier:          Zfj+rc5eqdy5LLDisheb00XcoM/0Aa2BkpeAquuq3GI=
Subject key identifier:   52:D2:13:A1:34:F7:BB:1F:17:5D:DA:DE:55:58:7E:7E:0B:45:E0:43
Certificate issuer:       /CN=5a376c8008d6abd962341563dd2a4dccaf153cba
Certificate serial:       019424454C4B01A657A5C5C68A8616793748
Authority key identifier: 5A:37:6C:80:08:D6:AB:D9:62:34:15:63:DD:2A:4D:CC:AF:15:3C:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/UtIToTT3ux8XXdreVVh-fgtF4EM.roa
Signing time:             Wed 01 Jan 2025 23:48:28 +0000
ROA not before:           Wed 01 Jan 2025 23:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40676
IP address blocks:        193.25.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 12:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:4c:4b:01:a6:57:a5:c5:c6:8a:86:16:79:37:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a376c8008d6abd962341563dd2a4dccaf153cba
        Validity
            Not Before: Jan  1 23:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=52d213a134f7bb1f175ddade55587e7e0b45e043
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:4e:cb:2f:14:47:de:4b:92:56:82:2b:38:16:
                    21:c4:d0:09:63:61:4b:46:33:69:79:f6:7f:57:5b:
                    3b:eb:d9:4c:1f:2a:0d:be:89:6a:a1:b8:bf:52:2d:
                    12:4f:11:ad:1d:3b:78:26:7b:bc:e6:9a:99:ee:87:
                    c4:b9:b5:13:09:0e:3f:af:e6:59:b2:b0:05:35:04:
                    d7:2e:b1:29:e8:b0:69:35:8b:75:3e:a5:9c:b0:b8:
                    ea:d0:1d:a0:a5:94:cc:81:cc:2a:b5:7e:e5:22:ff:
                    66:0b:9b:1d:e5:f7:a3:86:45:b6:29:6c:92:59:2a:
                    8a:21:a7:52:f0:66:12:72:0c:cf:7b:34:19:e3:70:
                    80:b5:9b:fc:57:2a:e1:7e:00:3b:2b:ae:04:9f:ba:
                    a7:96:94:e1:c8:eb:ec:e5:98:a0:f8:e3:6a:56:71:
                    f6:2b:af:fd:3d:fa:0f:0d:40:41:6e:4a:b2:49:09:
                    60:be:a4:13:c2:c4:f6:85:ee:b6:59:d4:74:94:3a:
                    63:0c:c7:95:45:87:76:c1:2a:94:7f:d3:c3:34:8a:
                    3f:f6:0d:94:21:c8:92:82:d3:30:af:f1:cd:6b:31:
                    3e:db:02:d6:0e:0a:2e:4e:6b:5f:9f:1b:c3:75:c0:
                    ef:f5:eb:14:2a:63:d4:c2:79:d9:ae:20:6f:a3:81:
                    62:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:D2:13:A1:34:F7:BB:1F:17:5D:DA:DE:55:58:7E:7E:0B:45:E0:43
            X509v3 Authority Key Identifier:
                keyid:5A:37:6C:80:08:D6:AB:D9:62:34:15:63:DD:2A:4D:CC:AF:15:3C:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WjdsgAjWq9liNBVj3SpNzK8VPLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/UtIToTT3ux8XXdreVVh-fgtF4EM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/caa743-1c13-4a25-9f6a-65be5503165d/1/WjdsgAjWq9liNBVj3SpNzK8VPLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e4:a8:3c:39:d8:35:99:03:6b:29:64:5d:5f:f3:cd:91:f0:50:
         df:de:b0:48:9a:b0:0c:88:94:4b:79:5d:10:0b:00:bf:1c:95:
         78:83:94:8f:66:d5:19:68:72:58:c4:f8:aa:74:23:d0:49:5e:
         14:3c:c9:65:66:ef:1d:7f:8a:4f:7d:99:1f:48:1a:31:31:58:
         b4:d6:96:aa:b2:e6:6c:aa:e0:95:14:2e:83:f5:7a:ed:41:6f:
         0f:2d:3f:46:ac:9d:32:12:52:dd:15:5a:70:d8:87:47:63:61:
         a3:1f:fe:46:8b:b2:3e:ce:7b:48:0d:5f:07:bc:4a:b4:4a:5d:
         d0:ec:34:97:be:a9:2c:5b:5c:17:ce:92:36:96:e7:67:c9:01:
         d6:b3:f0:62:8f:9f:f4:d2:3a:c3:e8:3e:0e:84:53:07:d6:bc:
         be:d0:e5:b6:b6:3e:c8:a6:bc:35:69:5e:d5:2f:c5:44:1b:69:
         5c:b3:0b:61:e1:98:85:e7:a4:20:42:e6:c5:6d:37:8e:aa:6a:
         bd:b6:ed:be:6f:8f:1f:ea:0e:4f:a9:0d:97:f0:a9:d6:b4:bf:
         b4:8b:e7:9c:87:c0:cf:9e:b8:37:b9:dd:13:64:f1:66:2b:66:
         1d:09:4a:1f:0f:f2:84:34:f6:e0:0e:4b:36:c1:75:e0:6f:c6:
         8b:0c:55:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRUxLAaZXpcXGioYWeTdIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMzc2YzgwMDhkNmFiZDk2MjM0MTU2M2RkMmE0ZGNjYWYx
NTNjYmEwHhcNMjUwMTAxMjM0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmQyMTNhMTM0ZjdiYjFmMTc1ZGRhZGU1NTU4N2U3ZTBiNDVlMDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxE7LLxRH3kuSVoIrOBYhxNAJY2FL
RjNpefZ/V1s769lMHyoNvolqobi/Ui0STxGtHTt4Jnu85pqZ7ofEubUTCQ4/r+ZZ
srAFNQTXLrEp6LBpNYt1PqWcsLjq0B2gpZTMgcwqtX7lIv9mC5sd5fejhkW2KWyS
WSqKIadS8GYScgzPezQZ43CAtZv8VyrhfgA7K64En7qnlpThyOvs5Zig+ONqVnH2
K6/9PfoPDUBBbkqySQlgvqQTwsT2he62WdR0lDpjDMeVRYd2wSqUf9PDNIo/9g2U
IciSgtMwr/HNazE+2wLWDgouTmtfnxvDdcDv9esUKmPUwnnZriBvo4FiwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFLSE6E097sfF13a3lVYfn4LReBDMB8GA1UdIwQY
MBaAFFo3bIAI1qvZYjQVY90qTcyvFTy6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2pkc2dBaldxOWxpTkJWajNTcE56SzhWUExvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9jYWE3NDMtMWMxMy00YTI1LTlmNmEt
NjViZTU1MDMxNjVkLzEvVXRJVG9UVDN1eDhYWGRyZVZWaC1mZ3RGNEVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9jYWE3NDMtMWMxMy00YTI1LTlmNmEtNjViZTU1MDMxNjVk
LzEvV2pkc2dBaldxOWxpTkJWajNTcE56SzhWUExvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRnJMA0G
CSqGSIb3DQEBCwUAA4IBAQDkqDw52DWZA2spZF1f882R8FDf3rBImrAMiJRLeV0Q
CwC/HJV4g5SPZtUZaHJYxPiqdCPQSV4UPMllZu8df4pPfZkfSBoxMVi01paqsuZs
quCVFC6D9XrtQW8PLT9GrJ0yElLdFVpw2IdHY2GjH/5Gi7I+zntIDV8HvEq0Sl3Q
7DSXvqksW1wXzpI2ludnyQHWs/Bij5/00jrD6D4OhFMH1ry+0OW2tj7Iprw1aV7V
L8VEG2lcswth4ZiF56QgQubFbTeOqmq9tu2+b48f6g5PqQ2X8KnWtL+0i+ech8DP
nrg3ud0TZPFmK2YdCUofD/KENPbgDks2wXXgb8aLDFXh
-----END CERTIFICATE-----