Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/b31935-efc0-4cc8-b85d-db13cc3f1db6/1/UABXDisY7UIcuu729SEVeaTHi9g.roa
File:                     UABXDisY7UIcuu729SEVeaTHi9g.roa (raw, json)
Hash identifier:          OYLFe1eOiXjeIqPxbtFA6YEKDGNFPpOrX8ZmLcir4vI=
Subject key identifier:   50:00:57:0E:2B:18:ED:42:1C:BA:EE:F6:F5:21:15:79:A4:C7:8B:D8
Certificate issuer:       /CN=24d0a5ca2cf1bd912f42cc8cf651f6fe88e726a4
Certificate serial:       01944AD632FA7FBC6D21DD87C3A4931938B8
Authority key identifier: 24:D0:A5:CA:2C:F1:BD:91:2F:42:CC:8C:F6:51:F6:FE:88:E7:26:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JNClyizxvZEvQsyM9lH2_ojnJqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/b31935-efc0-4cc8-b85d-db13cc3f1db6/1/UABXDisY7UIcuu729SEVeaTHi9g.roa
Signing time:             Thu 09 Jan 2025 11:32:19 +0000
ROA not before:           Thu 09 Jan 2025 11:32:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206910
IP address blocks:        185.28.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/b31935-efc0-4cc8-b85d-db13cc3f1db6/1/JNClyizxvZEvQsyM9lH2_ojnJqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/b31935-efc0-4cc8-b85d-db13cc3f1db6/1/JNClyizxvZEvQsyM9lH2_ojnJqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JNClyizxvZEvQsyM9lH2_ojnJqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4a:d6:32:fa:7f:bc:6d:21:dd:87:c3:a4:93:19:38:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24d0a5ca2cf1bd912f42cc8cf651f6fe88e726a4
        Validity
            Not Before: Jan  9 11:32:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5000570e2b18ed421cbaeef6f5211579a4c78bd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:7c:a9:fc:da:2c:1a:5a:d2:48:d9:07:b5:d7:
                    23:65:a2:56:e5:31:5e:02:d3:38:01:17:f1:2c:50:
                    4c:77:b3:fa:a8:d7:87:ad:64:e4:71:13:9e:be:6b:
                    8a:d7:69:f5:a8:a6:c7:ca:9d:15:e1:49:4e:ae:2b:
                    43:17:41:69:ad:2b:04:5b:f8:df:bb:fc:dd:25:db:
                    90:54:ac:1d:c6:f3:45:1f:b2:68:a7:5b:e6:a1:91:
                    2c:36:7c:88:cf:7b:26:11:eb:05:31:6a:2b:f5:af:
                    27:32:00:10:d9:75:30:8b:40:0a:c1:cd:84:90:e3:
                    44:01:86:e8:06:de:94:e2:d7:3e:ca:99:82:1d:c4:
                    18:a3:b1:fd:5c:1a:cf:46:d7:55:08:fd:28:56:bd:
                    b4:08:59:d1:94:5f:bf:5b:53:e0:e1:21:92:7d:b6:
                    ad:58:da:a5:22:5d:5b:d8:27:58:48:ac:be:20:a0:
                    d4:eb:4b:1d:d0:d0:53:9c:3e:f8:18:f3:3b:17:b8:
                    0b:90:bc:c0:ef:59:54:5d:56:01:3c:d4:82:3b:0c:
                    ef:be:27:7f:8f:ae:ea:8b:d8:f5:82:80:d2:37:eb:
                    31:e7:e5:fa:4c:a5:c6:26:66:c7:c7:28:58:f1:28:
                    5c:fa:ef:11:4f:b0:e1:5e:b5:39:de:df:4d:f7:1f:
                    d3:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:00:57:0E:2B:18:ED:42:1C:BA:EE:F6:F5:21:15:79:A4:C7:8B:D8
            X509v3 Authority Key Identifier:
                keyid:24:D0:A5:CA:2C:F1:BD:91:2F:42:CC:8C:F6:51:F6:FE:88:E7:26:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JNClyizxvZEvQsyM9lH2_ojnJqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/b31935-efc0-4cc8-b85d-db13cc3f1db6/1/UABXDisY7UIcuu729SEVeaTHi9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/b31935-efc0-4cc8-b85d-db13cc3f1db6/1/JNClyizxvZEvQsyM9lH2_ojnJqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.28.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:ca:15:d4:94:ab:70:cc:cc:dd:52:36:f0:cc:54:36:f3:54:
         76:2f:fd:0c:73:4a:cb:bc:eb:5a:19:7c:37:11:5d:11:1f:5b:
         59:ce:62:a9:01:13:36:ef:38:d5:91:3b:59:06:45:0b:d1:9e:
         50:70:37:2f:3d:37:d4:21:a0:d7:b8:4b:02:5d:be:d0:c8:7b:
         5d:fe:19:4f:5c:eb:38:c3:52:0d:d2:a3:31:86:1f:37:07:7f:
         8a:ee:51:0c:43:91:aa:68:77:f3:11:ae:4e:79:dc:5b:18:2b:
         2c:5d:93:f7:1e:f4:c4:7c:ad:fe:cb:ee:68:a3:40:99:12:de:
         10:cd:af:4a:c7:92:9b:a0:39:67:ce:27:d0:19:ee:3d:de:ec:
         7b:68:61:e5:b1:9b:67:a4:b2:1a:ef:4f:c0:69:cb:55:ab:a4:
         85:f4:d6:d8:f2:c8:c2:3f:eb:73:cc:2e:8a:b5:50:74:fc:0d:
         10:b2:94:c4:b5:33:48:1e:6d:06:f1:bd:5d:dd:5a:86:d4:05:
         bf:ab:94:81:2e:b2:8f:97:50:43:4a:94:75:4e:ce:20:2f:c9:
         05:67:f2:3e:e8:aa:7c:84:57:da:82:f4:e1:cc:88:67:04:97:
         4e:2c:3e:34:24:7f:24:5c:0c:91:d7:be:97:80:b2:0f:c5:d6:
         44:1c:fd:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRK1jL6f7xtId2Hw6STGTi4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0ZDBhNWNhMmNmMWJkOTEyZjQyY2M4Y2Y2NTFmNmZlODhl
NzI2YTQwHhcNMjUwMTA5MTEzMjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDAwNTcwZTJiMThlZDQyMWNiYWVlZjZmNTIxMTU3OWE0Yzc4YmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3yp/NosGlrSSNkHtdcjZaJW5TFe
AtM4ARfxLFBMd7P6qNeHrWTkcROevmuK12n1qKbHyp0V4UlOritDF0FprSsEW/jf
u/zdJduQVKwdxvNFH7Jop1vmoZEsNnyIz3smEesFMWor9a8nMgAQ2XUwi0AKwc2E
kONEAYboBt6U4tc+ypmCHcQYo7H9XBrPRtdVCP0oVr20CFnRlF+/W1Pg4SGSfbat
WNqlIl1b2CdYSKy+IKDU60sd0NBTnD74GPM7F7gLkLzA71lUXVYBPNSCOwzvvid/
j67qi9j1goDSN+sx5+X6TKXGJmbHxyhY8Shc+u8RT7DhXrU53t9N9x/TLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFAAVw4rGO1CHLru9vUhFXmkx4vYMB8GA1UdIwQY
MBaAFCTQpcos8b2RL0LMjPZR9v6I5yakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSk5DbHlpenh2WkV2UXN5TTlsSDJfb2puSnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9iMzE5MzUtZWZjMC00Y2M4LWI4NWQt
ZGIxM2NjM2YxZGI2LzEvVUFCWERpc1k3VUljdXU3MjlTRVZlYVRIaTlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9iMzE5MzUtZWZjMC00Y2M4LWI4NWQtZGIxM2NjM2YxZGI2
LzEvSk5DbHlpenh2WkV2UXN5TTlsSDJfb2puSnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRz6MA0G
CSqGSIb3DQEBCwUAA4IBAQBYyhXUlKtwzMzdUjbwzFQ281R2L/0Mc0rLvOtaGXw3
EV0RH1tZzmKpARM27zjVkTtZBkUL0Z5QcDcvPTfUIaDXuEsCXb7QyHtd/hlPXOs4
w1IN0qMxhh83B3+K7lEMQ5GqaHfzEa5OedxbGCssXZP3HvTEfK3+y+5oo0CZEt4Q
za9Kx5KboDlnzifQGe493ux7aGHlsZtnpLIa70/AactVq6SF9NbY8sjCP+tzzC6K
tVB0/A0QspTEtTNIHm0G8b1d3VqG1AW/q5SBLrKPl1BDSpR1Ts4gL8kFZ/I+6Kp8
hFfagvThzIhnBJdOLD40JH8kXAyR176XgLIPxdZEHP3r
-----END CERTIFICATE-----