Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/b7fe75-30ee-4a6f-b528-fa3071c435f1/1/736mr1KkVtoBPW1oR7owGe-ullo.roa
File:                     736mr1KkVtoBPW1oR7owGe-ullo.roa (raw, json)
Hash identifier:          uR2lVV+jre6sPLOQey9198pgiqdr//RLVlkZmwpBaQw=
Subject key identifier:   EF:7E:A6:AF:52:A4:56:DA:01:3D:6D:68:47:BA:30:19:EF:AE:96:5A
Certificate issuer:       /CN=5c57b61611719ec7c8e0012b1aff7e81fc7689bd
Certificate serial:       019427B57296DE768FB9249FB66CFBE554C2
Authority key identifier: 5C:57:B6:16:11:71:9E:C7:C8:E0:01:2B:1A:FF:7E:81:FC:76:89:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XFe2FhFxnsfI4AErGv9-gfx2ib0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/b7fe75-30ee-4a6f-b528-fa3071c435f1/1/736mr1KkVtoBPW1oR7owGe-ullo.roa
Signing time:             Thu 02 Jan 2025 15:49:50 +0000
ROA not before:           Thu 02 Jan 2025 15:49:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28984
IP address blocks:        195.47.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/b7fe75-30ee-4a6f-b528-fa3071c435f1/1/XFe2FhFxnsfI4AErGv9-gfx2ib0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/b7fe75-30ee-4a6f-b528-fa3071c435f1/1/XFe2FhFxnsfI4AErGv9-gfx2ib0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XFe2FhFxnsfI4AErGv9-gfx2ib0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:72:96:de:76:8f:b9:24:9f:b6:6c:fb:e5:54:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c57b61611719ec7c8e0012b1aff7e81fc7689bd
        Validity
            Not Before: Jan  2 15:49:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef7ea6af52a456da013d6d6847ba3019efae965a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:68:aa:5c:85:13:c5:4d:ff:54:01:d7:10:41:
                    8c:41:38:87:d7:19:e4:ea:7b:81:8c:21:ee:14:1b:
                    ef:21:e5:7e:4b:02:b6:36:0f:7a:d5:46:90:3a:64:
                    2f:87:40:5f:e9:39:f5:8e:d6:13:ab:97:84:36:87:
                    34:cc:a4:93:4a:9c:f8:3a:a7:c1:d3:e0:d6:34:64:
                    8b:24:ce:c9:38:06:58:7b:8d:de:47:b4:72:df:d1:
                    e7:7d:76:37:e7:f3:a4:06:5e:72:d7:99:e1:aa:ef:
                    4c:09:4c:7e:34:d2:7b:31:de:a3:3a:71:5a:55:8f:
                    7e:18:49:4b:41:a1:f1:cf:2d:21:01:2f:c4:1f:ac:
                    b4:38:ea:ae:78:6b:e3:4b:4e:01:9e:10:61:34:2a:
                    f3:6e:7f:5d:88:a7:7d:9f:e9:13:9f:6e:6f:73:96:
                    08:9b:2f:ff:89:c5:37:1d:41:cc:60:88:ea:80:cf:
                    2a:b9:72:82:86:9c:3d:78:3a:a0:39:de:1c:e4:4e:
                    4c:4a:87:37:21:a2:7a:a3:91:0d:13:3d:98:94:eb:
                    02:66:a0:d6:4d:8b:fb:76:0a:bb:9e:68:95:b4:a7:
                    fc:19:84:f7:72:18:e1:c5:48:28:d7:0c:d1:6f:46:
                    3d:48:a6:43:00:6d:8a:68:1a:50:b9:34:22:6f:53:
                    fe:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:7E:A6:AF:52:A4:56:DA:01:3D:6D:68:47:BA:30:19:EF:AE:96:5A
            X509v3 Authority Key Identifier:
                keyid:5C:57:B6:16:11:71:9E:C7:C8:E0:01:2B:1A:FF:7E:81:FC:76:89:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XFe2FhFxnsfI4AErGv9-gfx2ib0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/b7fe75-30ee-4a6f-b528-fa3071c435f1/1/736mr1KkVtoBPW1oR7owGe-ullo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/b7fe75-30ee-4a6f-b528-fa3071c435f1/1/XFe2FhFxnsfI4AErGv9-gfx2ib0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.47.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:f9:dc:26:a7:a9:94:61:70:be:81:2c:51:76:9a:a8:43:76:
         05:bb:e9:be:d0:71:57:26:7d:38:a0:50:aa:54:be:aa:e1:7a:
         33:ee:6d:b2:4c:8a:37:6c:e1:21:04:ef:2a:c1:e6:c1:3f:db:
         67:fb:c2:ea:c8:f2:4f:d7:e9:80:25:86:82:d8:b2:20:52:89:
         f7:37:c9:2b:cf:d7:40:b3:23:1b:d2:8c:df:24:fe:85:e4:30:
         d6:f8:c9:0c:3d:46:9b:02:d5:33:2e:f1:82:d8:96:18:30:02:
         70:a0:b3:b9:ca:f8:ab:b3:cd:bd:a8:21:b6:a1:23:15:97:39:
         c6:b6:44:2d:eb:f2:e0:55:c2:77:61:06:b2:de:c0:ee:50:d0:
         d8:2b:89:93:23:a9:81:21:3b:be:4b:d1:4c:a8:82:ca:8f:11:
         51:25:38:63:3e:77:85:b1:a6:4e:88:7b:45:de:36:a3:6f:3c:
         2d:cb:fe:c8:67:14:b7:07:fb:3f:30:ca:1d:91:8d:a0:ff:98:
         33:ad:8a:91:e8:2c:bc:3c:70:fc:f1:34:ac:e0:13:0a:84:0b:
         23:64:82:d6:bb:20:90:cf:28:1e:98:5c:5a:7a:1a:6e:fb:24:
         2f:ac:b7:5c:03:37:48:cf:f7:e5:7f:67:3f:ec:6e:c0:c5:5b:
         96:88:99:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntXKW3naPuSSftmz75VTCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNTdiNjE2MTE3MTllYzdjOGUwMDEyYjFhZmY3ZTgxZmM3
Njg5YmQwHhcNMjUwMTAyMTU0OTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjdlYTZhZjUyYTQ1NmRhMDEzZDZkNjg0N2JhMzAxOWVmYWU5NjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmiqXIUTxU3/VAHXEEGMQTiH1xnk
6nuBjCHuFBvvIeV+SwK2Ng961UaQOmQvh0Bf6Tn1jtYTq5eENoc0zKSTSpz4OqfB
0+DWNGSLJM7JOAZYe43eR7Ry39HnfXY35/OkBl5y15nhqu9MCUx+NNJ7Md6jOnFa
VY9+GElLQaHxzy0hAS/EH6y0OOqueGvjS04BnhBhNCrzbn9diKd9n+kTn25vc5YI
my//icU3HUHMYIjqgM8quXKChpw9eDqgOd4c5E5MSoc3IaJ6o5ENEz2YlOsCZqDW
TYv7dgq7nmiVtKf8GYT3chjhxUgo1wzRb0Y9SKZDAG2KaBpQuTQib1P+2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO9+pq9SpFbaAT1taEe6MBnvrpZaMB8GA1UdIwQY
MBaAFFxXthYRcZ7HyOABKxr/foH8dom9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEZlMkZoRnhuc2ZJNEFFckd2OS1nZngyaWIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9iN2ZlNzUtMzBlZS00YTZmLWI1Mjgt
ZmEzMDcxYzQzNWYxLzEvNzM2bXIxS2tWdG9CUFcxb1I3b3dHZS11bGxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9iN2ZlNzUtMzBlZS00YTZmLWI1MjgtZmEzMDcxYzQzNWYx
LzEvWEZlMkZoRnhuc2ZJNEFFckd2OS1nZngyaWIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwy/gMA0G
CSqGSIb3DQEBCwUAA4IBAQCW+dwmp6mUYXC+gSxRdpqoQ3YFu+m+0HFXJn04oFCq
VL6q4Xoz7m2yTIo3bOEhBO8qwebBP9tn+8LqyPJP1+mAJYaC2LIgUon3N8krz9dA
syMb0ozfJP6F5DDW+MkMPUabAtUzLvGC2JYYMAJwoLO5yvirs829qCG2oSMVlznG
tkQt6/LgVcJ3YQay3sDuUNDYK4mTI6mBITu+S9FMqILKjxFRJThjPneFsaZOiHtF
3jajbzwty/7IZxS3B/s/MModkY2g/5gzrYqR6Cy8PHD88TSs4BMKhAsjZILWuyCQ
zygemFxaehpu+yQvrLdcAzdIz/flf2c/7G7AxVuWiJmL
-----END CERTIFICATE-----