Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/24f509-ec2c-486d-9b01-09d8e493c1f9/1/XcVo6Gcf-l3iWhZzeOaaEzufuDw.roa
File:                     XcVo6Gcf-l3iWhZzeOaaEzufuDw.roa (raw, json)
Hash identifier:          Q8U31mISF8PJJ4X9+WRd+NF2mJCwrseuFFyVkfpjEQE=
Subject key identifier:   5D:C5:68:E8:67:1F:FA:5D:E2:5A:16:73:78:E6:9A:13:3B:9F:B8:3C
Certificate issuer:       /CN=52f941173564a09b7cf8efdd9875614262a7dd61
Certificate serial:       019426D972CB03D14CE92CD4FFED57A8665D
Authority key identifier: 52:F9:41:17:35:64:A0:9B:7C:F8:EF:DD:98:75:61:42:62:A7:DD:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UvlBFzVkoJt8-O_dmHVhQmKn3WE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/24f509-ec2c-486d-9b01-09d8e493c1f9/1/XcVo6Gcf-l3iWhZzeOaaEzufuDw.roa
Signing time:             Thu 02 Jan 2025 11:49:32 +0000
ROA not before:           Thu 02 Jan 2025 11:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200987
IP address blocks:        195.189.148.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/24f509-ec2c-486d-9b01-09d8e493c1f9/1/UvlBFzVkoJt8-O_dmHVhQmKn3WE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/24f509-ec2c-486d-9b01-09d8e493c1f9/1/UvlBFzVkoJt8-O_dmHVhQmKn3WE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UvlBFzVkoJt8-O_dmHVhQmKn3WE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:72:cb:03:d1:4c:e9:2c:d4:ff:ed:57:a8:66:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52f941173564a09b7cf8efdd9875614262a7dd61
        Validity
            Not Before: Jan  2 11:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5dc568e8671ffa5de25a167378e69a133b9fb83c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:b9:94:67:1d:bc:e8:8c:32:2a:c0:b5:20:34:
                    70:bf:ce:89:b6:f3:49:5f:6d:99:2d:26:81:b1:13:
                    b1:bb:e1:8c:e8:24:f3:d7:da:3b:3b:09:06:fb:76:
                    7e:c9:56:16:52:ea:9f:c2:64:ca:f5:ad:3b:e0:c8:
                    ce:9a:9e:c0:e3:6e:72:e0:ff:3e:05:93:5f:4e:35:
                    e7:97:f1:d8:32:77:08:4e:7e:e8:01:52:21:0b:3f:
                    f4:08:2e:6a:5f:7d:0f:80:d3:c4:d5:9a:35:40:3d:
                    89:e0:0a:95:0f:a0:b1:ed:ef:23:7f:bd:37:b1:2e:
                    74:e6:eb:bc:09:04:02:3d:f5:37:d7:b2:67:e5:e3:
                    4f:9b:ee:7b:3e:c5:c6:ae:d6:b6:ea:81:1c:5e:7a:
                    24:84:59:db:86:35:5d:dc:5d:22:46:af:c3:a2:96:
                    23:b3:38:e5:61:88:54:50:93:91:c7:b6:80:b2:fe:
                    26:f0:41:7e:d2:5e:b5:ee:96:27:ba:a2:8e:c5:23:
                    24:36:4d:76:bb:eb:d3:cd:39:2f:95:af:60:8d:92:
                    1f:49:fa:c2:11:f8:10:31:e3:a4:52:82:e9:bd:11:
                    d5:9b:b5:75:2c:fe:5e:2b:5a:6f:85:0d:e2:1a:d9:
                    be:d2:89:c7:68:9a:27:59:b9:3d:64:91:85:6b:f8:
                    ce:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:C5:68:E8:67:1F:FA:5D:E2:5A:16:73:78:E6:9A:13:3B:9F:B8:3C
            X509v3 Authority Key Identifier:
                keyid:52:F9:41:17:35:64:A0:9B:7C:F8:EF:DD:98:75:61:42:62:A7:DD:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UvlBFzVkoJt8-O_dmHVhQmKn3WE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/24f509-ec2c-486d-9b01-09d8e493c1f9/1/XcVo6Gcf-l3iWhZzeOaaEzufuDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/24f509-ec2c-486d-9b01-09d8e493c1f9/1/UvlBFzVkoJt8-O_dmHVhQmKn3WE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.189.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         97:d2:01:44:0c:2b:3d:51:78:ec:10:69:d3:a1:b3:18:18:35:
         ce:36:21:7a:9f:7c:b9:bf:4c:70:d9:0c:d4:f6:6d:0b:b3:3e:
         48:e7:96:6a:04:c1:1e:4d:eb:d3:d4:fb:f2:8e:aa:a8:17:53:
         6e:c7:86:6c:2f:53:2f:ff:fe:02:3e:b5:04:2c:1e:82:ba:23:
         7e:38:91:fa:50:f1:d9:bd:fc:d8:fe:d3:75:34:bd:98:59:74:
         13:3a:e6:b7:19:88:8e:02:78:54:5b:72:a8:bf:f9:24:2c:0a:
         2d:5d:5e:82:20:eb:2a:16:70:0a:22:d9:13:86:0d:0a:12:e8:
         0c:0d:5e:db:5c:ea:4f:97:69:7f:f2:49:f9:17:0c:54:2d:23:
         f8:aa:dd:57:8d:a0:e8:61:77:ca:26:93:5f:e0:18:00:6e:ee:
         20:e6:fc:f3:66:d5:f6:79:dc:dd:5d:89:ba:92:b5:dd:8c:8b:
         d1:cf:9b:0f:fd:a1:26:1e:be:2b:aa:28:19:77:4f:88:59:48:
         c3:a9:16:82:9e:53:02:52:fa:df:f7:f2:18:ce:2e:7c:e3:9b:
         a3:58:16:5b:71:bd:87:bf:61:7e:c2:fe:96:e1:25:b3:18:24:
         51:37:d9:11:d2:f1:0e:97:19:2b:b9:ab:9a:7e:ba:ba:c0:d1:
         fd:1f:94:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2XLLA9FM6SzU/+1XqGZdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZjk0MTE3MzU2NGEwOWI3Y2Y4ZWZkZDk4NzU2MTQyNjJh
N2RkNjEwHhcNMjUwMTAyMTE0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGM1NjhlODY3MWZmYTVkZTI1YTE2NzM3OGU2OWExMzNiOWZiODNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLmUZx286IwyKsC1IDRwv86JtvNJ
X22ZLSaBsROxu+GM6CTz19o7OwkG+3Z+yVYWUuqfwmTK9a074MjOmp7A425y4P8+
BZNfTjXnl/HYMncITn7oAVIhCz/0CC5qX30PgNPE1Zo1QD2J4AqVD6Cx7e8jf703
sS505uu8CQQCPfU317Jn5eNPm+57PsXGrta26oEcXnokhFnbhjVd3F0iRq/DopYj
szjlYYhUUJORx7aAsv4m8EF+0l617pYnuqKOxSMkNk12u+vTzTkvla9gjZIfSfrC
EfgQMeOkUoLpvRHVm7V1LP5eK1pvhQ3iGtm+0onHaJonWbk9ZJGFa/jOkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF3FaOhnH/pd4loWc3jmmhM7n7g8MB8GA1UdIwQY
MBaAFFL5QRc1ZKCbfPjv3Zh1YUJip91hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXZsQkZ6VmtvSnQ4LU9fZG1IVmhRbUtuM1dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8yNGY1MDktZWMyYy00ODZkLTliMDEt
MDlkOGU0OTNjMWY5LzEvWGNWbzZHY2YtbDNpV2haemVPYWFFenVmdUR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8yNGY1MDktZWMyYy00ODZkLTliMDEtMDlkOGU0OTNjMWY5
LzEvVXZsQkZ6VmtvSnQ4LU9fZG1IVmhRbUtuM1dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw72UMA0G
CSqGSIb3DQEBCwUAA4IBAQCX0gFEDCs9UXjsEGnTobMYGDXONiF6n3y5v0xw2QzU
9m0Lsz5I55ZqBMEeTevT1PvyjqqoF1Nux4ZsL1Mv//4CPrUELB6CuiN+OJH6UPHZ
vfzY/tN1NL2YWXQTOua3GYiOAnhUW3Kov/kkLAotXV6CIOsqFnAKItkThg0KEugM
DV7bXOpPl2l/8kn5FwxULSP4qt1XjaDoYXfKJpNf4BgAbu4g5vzzZtX2edzdXYm6
krXdjIvRz5sP/aEmHr4rqigZd0+IWUjDqRaCnlMCUvrf9/IYzi5845ujWBZbcb2H
v2F+wv6W4SWzGCRRN9kR0vEOlxkruauafrq6wNH9H5S7
-----END CERTIFICATE-----