Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/jEFUKY2bhw_vuBM1OshauBn8mvg.roa
File:                     jEFUKY2bhw_vuBM1OshauBn8mvg.roa (raw, json)
Hash identifier:          ZeWPCxGU+ldLXwfBechPAx21XNMieJ0auUVK9LjYs/8=
Subject key identifier:   8C:41:54:29:8D:9B:87:0F:EF:B8:13:35:3A:C8:5A:B8:19:FC:9A:F8
Certificate issuer:       /CN=4c54ecce6cbc9c54929eaa4b22b337b0fd9b36bf
Certificate serial:       01941F8C83047188AC18F6A79C34ECF460C1
Authority key identifier: 4C:54:EC:CE:6C:BC:9C:54:92:9E:AA:4B:22:B3:37:B0:FD:9B:36:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TFTszmy8nFSSnqpLIrM3sP2bNr8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/jEFUKY2bhw_vuBM1OshauBn8mvg.roa
Signing time:             Wed 01 Jan 2025 01:48:09 +0000
ROA not before:           Wed 01 Jan 2025 01:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        195.82.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/TFTszmy8nFSSnqpLIrM3sP2bNr8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/TFTszmy8nFSSnqpLIrM3sP2bNr8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TFTszmy8nFSSnqpLIrM3sP2bNr8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:83:04:71:88:ac:18:f6:a7:9c:34:ec:f4:60:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c54ecce6cbc9c54929eaa4b22b337b0fd9b36bf
        Validity
            Not Before: Jan  1 01:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8c4154298d9b870fefb813353ac85ab819fc9af8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:97:6a:f9:b0:d2:e1:69:e2:dd:ca:93:ef:54:
                    13:c8:84:b7:82:78:61:33:33:7c:ad:61:5e:8d:14:
                    f8:40:1c:76:d0:3c:03:05:68:e0:84:26:fe:c0:f8:
                    40:b3:6c:e5:df:4e:20:55:95:59:ca:f2:55:f2:d0:
                    38:54:68:cf:c2:02:b5:6d:a7:24:19:7a:fc:14:68:
                    d3:71:c2:45:45:03:cd:35:de:5a:4b:fb:b5:90:72:
                    66:74:45:55:6a:dd:b7:0a:f3:4c:63:4d:de:30:1e:
                    99:ee:d2:a9:f0:9a:35:c6:7e:5c:0c:be:37:ef:01:
                    29:ed:3c:1e:18:62:69:7e:91:0e:2c:69:27:26:32:
                    61:4b:75:d3:fb:e6:05:ba:ac:da:75:9b:ec:ec:04:
                    db:10:a1:5c:ac:d6:2d:00:01:a8:ec:0a:9d:ed:5c:
                    ba:70:a1:9c:ae:d4:9b:c9:13:5c:c5:6f:d9:54:94:
                    93:40:7c:b8:73:e3:b1:e4:54:ef:76:69:4b:a1:e8:
                    7c:c6:ea:b2:71:a0:60:03:ff:16:91:35:07:e6:e6:
                    71:80:35:d1:45:e8:50:a1:00:9d:ea:bb:5e:7e:43:
                    c9:2f:65:48:cd:29:56:1e:78:ab:e4:9e:a7:eb:33:
                    f2:ef:61:54:18:59:d8:07:bb:54:c5:4e:5b:93:81:
                    db:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:41:54:29:8D:9B:87:0F:EF:B8:13:35:3A:C8:5A:B8:19:FC:9A:F8
            X509v3 Authority Key Identifier:
                keyid:4C:54:EC:CE:6C:BC:9C:54:92:9E:AA:4B:22:B3:37:B0:FD:9B:36:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TFTszmy8nFSSnqpLIrM3sP2bNr8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/jEFUKY2bhw_vuBM1OshauBn8mvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/02c5ec-7c6f-4ae2-9897-3059c89b72ea/1/TFTszmy8nFSSnqpLIrM3sP2bNr8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.82.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:3e:eb:b6:0e:ef:e4:e8:62:7e:36:f6:cb:8d:e9:a7:57:b6:
         81:5e:ca:41:c8:65:b8:78:0b:b7:92:2a:49:fd:fb:2a:ac:ec:
         ac:42:67:ee:17:56:60:78:b8:a9:3f:63:28:fe:c0:0f:b1:80:
         3d:a7:1e:1f:1f:dc:b1:4f:8d:9d:19:b2:57:d8:2d:85:39:ef:
         4c:a1:ae:c8:73:c9:97:4f:b4:78:24:8f:74:ea:16:07:90:86:
         ad:0c:32:5f:69:00:cb:c0:e0:c9:0d:69:df:4a:05:e7:fe:1a:
         a7:27:53:52:95:6d:aa:df:35:98:b2:54:42:12:87:4e:4f:65:
         05:71:88:f3:66:3d:fa:46:85:47:c1:5a:7c:c5:fc:9a:8e:6c:
         28:de:74:c8:5f:df:63:61:3f:0b:73:15:a9:4d:72:2c:72:04:
         51:a2:1f:a1:43:1f:73:c3:31:a6:37:b9:3a:3c:63:0c:c3:7b:
         04:49:3e:32:79:6e:02:22:0f:aa:8c:3c:28:15:ec:6c:89:5c:
         d8:14:30:03:78:b6:1a:5d:ca:25:ff:d5:2f:bd:3f:fa:a7:4c:
         76:48:5a:95:56:dd:e1:db:59:96:e7:5b:f7:b7:c5:2c:2c:b9:
         c7:8a:a8:9a:b3:ae:c7:26:9e:f4:66:f0:ac:cb:80:5c:e8:c1:
         12:ab:76:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjIMEcYisGPannDTs9GDBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNTRlY2NlNmNiYzljNTQ5MjllYWE0YjIyYjMzN2IwZmQ5
YjM2YmYwHhcNMjUwMTAxMDE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzQxNTQyOThkOWI4NzBmZWZiODEzMzUzYWM4NWFiODE5ZmM5YWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJdq+bDS4Wni3cqT71QTyIS3gnhh
MzN8rWFejRT4QBx20DwDBWjghCb+wPhAs2zl304gVZVZyvJV8tA4VGjPwgK1back
GXr8FGjTccJFRQPNNd5aS/u1kHJmdEVVat23CvNMY03eMB6Z7tKp8Jo1xn5cDL43
7wEp7TweGGJpfpEOLGknJjJhS3XT++YFuqzadZvs7ATbEKFcrNYtAAGo7Aqd7Vy6
cKGcrtSbyRNcxW/ZVJSTQHy4c+Ox5FTvdmlLoeh8xuqycaBgA/8WkTUH5uZxgDXR
RehQoQCd6rtefkPJL2VIzSlWHnir5J6n6zPy72FUGFnYB7tUxU5bk4HbHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIxBVCmNm4cP77gTNTrIWrgZ/Jr4MB8GA1UdIwQY
MBaAFExU7M5svJxUkp6qSyKzN7D9mza/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEZUc3pteThuRlNTbnFwTElyTTNzUDJiTnI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8wMmM1ZWMtN2M2Zi00YWUyLTk4OTct
MzA1OWM4OWI3MmVhLzEvakVGVUtZMmJod192dUJNMU9zaGF1Qm44bXZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8wMmM1ZWMtN2M2Zi00YWUyLTk4OTctMzA1OWM4OWI3MmVh
LzEvVEZUc3pteThuRlNTbnFwTElyTTNzUDJiTnI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1JhMA0G
CSqGSIb3DQEBCwUAA4IBAQCSPuu2Du/k6GJ+NvbLjemnV7aBXspByGW4eAu3kipJ
/fsqrOysQmfuF1ZgeLipP2Mo/sAPsYA9px4fH9yxT42dGbJX2C2FOe9Moa7Ic8mX
T7R4JI906hYHkIatDDJfaQDLwODJDWnfSgXn/hqnJ1NSlW2q3zWYslRCEodOT2UF
cYjzZj36RoVHwVp8xfyajmwo3nTIX99jYT8LcxWpTXIscgRRoh+hQx9zwzGmN7k6
PGMMw3sEST4yeW4CIg+qjDwoFexsiVzYFDADeLYaXcol/9UvvT/6p0x2SFqVVt3h
21mW51v3t8UsLLnHiqias67HJp70ZvCsy4Bc6MESq3Zb
-----END CERTIFICATE-----