Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/068c4a-76c0-4fbe-a9ee-0df73c2f6a9f/1/VuAYChzgVwA9U2Q6Uxu9DF2BLPk.roa
File:                     VuAYChzgVwA9U2Q6Uxu9DF2BLPk.roa (raw, json)
Hash identifier:          2ErjMaikK9MO12otuKOE97QoF/tRVc9Xenat/2fnwAc=
Subject key identifier:   56:E0:18:0A:1C:E0:57:00:3D:53:64:3A:53:1B:BD:0C:5D:81:2C:F9
Certificate issuer:       /CN=a15df6cd829d95f63d931d5dcf91cc8ba50f90b0
Certificate serial:       0194228DB036C159F620B7B8BDE1925652CF
Authority key identifier: A1:5D:F6:CD:82:9D:95:F6:3D:93:1D:5D:CF:91:CC:8B:A5:0F:90:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oV32zYKdlfY9kx1dz5HMi6UPkLA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/068c4a-76c0-4fbe-a9ee-0df73c2f6a9f/1/VuAYChzgVwA9U2Q6Uxu9DF2BLPk.roa
Signing time:             Wed 01 Jan 2025 15:48:18 +0000
ROA not before:           Wed 01 Jan 2025 15:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24940
IP address blocks:        195.248.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/068c4a-76c0-4fbe-a9ee-0df73c2f6a9f/1/oV32zYKdlfY9kx1dz5HMi6UPkLA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/068c4a-76c0-4fbe-a9ee-0df73c2f6a9f/1/oV32zYKdlfY9kx1dz5HMi6UPkLA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oV32zYKdlfY9kx1dz5HMi6UPkLA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:b0:36:c1:59:f6:20:b7:b8:bd:e1:92:56:52:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a15df6cd829d95f63d931d5dcf91cc8ba50f90b0
        Validity
            Not Before: Jan  1 15:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=56e0180a1ce057003d53643a531bbd0c5d812cf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e6:60:f1:7f:11:bd:67:b9:02:08:94:dc:69:
                    98:53:92:e9:eb:82:e5:85:a4:5f:10:bc:4e:33:0d:
                    c0:62:6b:da:18:d2:10:5e:eb:b6:cb:ef:37:c1:70:
                    0d:60:c9:e3:96:9d:c0:a6:db:fc:56:57:95:58:26:
                    30:5e:85:4d:62:2e:97:6e:1d:97:2b:3b:30:4a:9e:
                    86:fe:d6:2d:ff:27:77:20:6e:d4:2b:2d:b1:51:7b:
                    a2:46:9d:6b:8a:56:8c:4e:3f:dc:e1:53:e8:f4:74:
                    0f:d5:3f:db:ec:56:ab:24:de:be:c1:81:39:5f:56:
                    cf:1d:0f:89:a7:30:6d:67:15:2f:9e:99:92:19:45:
                    ea:23:d2:29:8e:23:e4:e2:e7:b5:64:f6:4a:a5:72:
                    fa:96:fa:ed:70:cb:9c:94:e1:7f:66:60:d4:96:fb:
                    71:b6:5e:b3:da:ab:43:40:64:bf:04:c6:05:f9:6e:
                    c2:6f:e6:14:15:ea:23:50:63:60:48:68:e5:85:0f:
                    1e:d2:c6:7d:b1:d2:ad:27:a4:51:de:14:f7:31:c4:
                    a7:de:2e:2a:fa:6c:6f:8e:ce:97:57:05:4a:8f:6c:
                    90:69:ad:88:d2:50:0c:e9:36:2e:16:12:c0:3e:c4:
                    25:2c:35:9f:0b:bc:b9:c0:a2:8a:27:07:9f:c9:92:
                    0a:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:E0:18:0A:1C:E0:57:00:3D:53:64:3A:53:1B:BD:0C:5D:81:2C:F9
            X509v3 Authority Key Identifier:
                keyid:A1:5D:F6:CD:82:9D:95:F6:3D:93:1D:5D:CF:91:CC:8B:A5:0F:90:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oV32zYKdlfY9kx1dz5HMi6UPkLA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/068c4a-76c0-4fbe-a9ee-0df73c2f6a9f/1/VuAYChzgVwA9U2Q6Uxu9DF2BLPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/068c4a-76c0-4fbe-a9ee-0df73c2f6a9f/1/oV32zYKdlfY9kx1dz5HMi6UPkLA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.248.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:f6:f7:44:64:ed:06:72:de:14:2f:34:a3:53:89:a1:b3:71:
         e2:27:a2:be:d6:84:b0:7a:d4:6f:d1:40:d0:41:2c:7e:8a:44:
         0f:12:e5:09:df:63:4c:d7:38:d2:45:95:87:27:e4:8a:e0:12:
         6b:7e:44:e8:c2:58:cd:dd:74:b8:a3:b3:bb:5c:30:b7:bb:89:
         ce:52:bd:5d:fb:4a:7b:91:7e:b5:af:bc:c9:a8:e6:87:86:fb:
         6f:0c:7a:da:f7:c8:66:23:59:c9:55:be:85:6e:c0:42:e6:21:
         18:a6:4c:bd:2f:72:6c:7e:3b:6c:11:d8:18:4e:c5:b8:61:82:
         35:31:dd:3e:c8:b8:0b:d5:9a:0b:ac:e4:af:64:de:8b:d7:75:
         ef:81:4c:39:66:d9:34:9f:48:89:cf:99:1c:e1:a8:85:bf:12:
         91:77:9f:73:eb:59:20:60:74:09:b1:39:b0:9d:36:8f:64:82:
         ab:c4:d7:26:61:1d:48:de:20:34:88:54:67:ac:ee:42:ba:27:
         32:ec:44:fa:9f:dd:58:4f:0c:9b:67:98:f3:7c:ce:2e:1e:df:
         fc:13:d8:e7:4a:db:30:91:a1:f1:4c:b1:df:8f:0a:75:d4:19:
         0b:fe:14:23:d3:e9:b4:13:a3:20:b4:15:ca:5f:c7:59:9a:50:
         84:54:43:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijbA2wVn2ILe4veGSVlLPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNWRmNmNkODI5ZDk1ZjYzZDkzMWQ1ZGNmOTFjYzhiYTUw
ZjkwYjAwHhcNMjUwMTAxMTU0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmUwMTgwYTFjZTA1NzAwM2Q1MzY0M2E1MzFiYmQwYzVkODEyY2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOZg8X8RvWe5AgiU3GmYU5Lp64Ll
haRfELxOMw3AYmvaGNIQXuu2y+83wXANYMnjlp3Aptv8VleVWCYwXoVNYi6Xbh2X
KzswSp6G/tYt/yd3IG7UKy2xUXuiRp1rilaMTj/c4VPo9HQP1T/b7FarJN6+wYE5
X1bPHQ+JpzBtZxUvnpmSGUXqI9IpjiPk4ue1ZPZKpXL6lvrtcMuclOF/ZmDUlvtx
tl6z2qtDQGS/BMYF+W7Cb+YUFeojUGNgSGjlhQ8e0sZ9sdKtJ6RR3hT3McSn3i4q
+mxvjs6XVwVKj2yQaa2I0lAM6TYuFhLAPsQlLDWfC7y5wKKKJwefyZIKAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFbgGAoc4FcAPVNkOlMbvQxdgSz5MB8GA1UdIwQY
MBaAFKFd9s2CnZX2PZMdXc+RzIulD5CwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1YzMnpZS2RsZlk5a3gxZHo1SE1pNlVQa0xBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8wNjhjNGEtNzZjMC00ZmJlLWE5ZWUt
MGRmNzNjMmY2YTlmLzEvVnVBWUNoemdWd0E5VTJRNlV4dTlERjJCTFBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8wNjhjNGEtNzZjMC00ZmJlLWE5ZWUtMGRmNzNjMmY2YTlm
LzEvb1YzMnpZS2RsZlk5a3gxZHo1SE1pNlVQa0xBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/jgMA0G
CSqGSIb3DQEBCwUAA4IBAQB99vdEZO0Gct4ULzSjU4mhs3HiJ6K+1oSwetRv0UDQ
QSx+ikQPEuUJ32NM1zjSRZWHJ+SK4BJrfkTowljN3XS4o7O7XDC3u4nOUr1d+0p7
kX61r7zJqOaHhvtvDHra98hmI1nJVb6FbsBC5iEYpky9L3JsfjtsEdgYTsW4YYI1
Md0+yLgL1ZoLrOSvZN6L13XvgUw5Ztk0n0iJz5kc4aiFvxKRd59z61kgYHQJsTmw
nTaPZIKrxNcmYR1I3iA0iFRnrO5Cuicy7ET6n91YTwybZ5jzfM4uHt/8E9jnStsw
kaHxTLHfjwp11BkL/hQj0+m0E6MgtBXKX8dZmlCEVEMG
-----END CERTIFICATE-----