Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/JYjBLHISlsCRY1VE046gR6U-_0o.roa
File:                     JYjBLHISlsCRY1VE046gR6U-_0o.roa (raw, json)
Hash identifier:          DXDBr85QH6G55Y1r8qEGfg8VXQudlrc8fyTIopTHRbM=
Subject key identifier:   25:88:C1:2C:72:12:96:C0:91:63:55:44:D3:8E:A0:47:A5:3E:FF:4A
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       019420D5A8A83393C50C591BA25CA5822B46
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/JYjBLHISlsCRY1VE046gR6U-_0o.roa
Signing time:             Wed 01 Jan 2025 07:47:40 +0000
ROA not before:           Wed 01 Jan 2025 07:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24954
IP address blocks:        195.25.79.0/24 maxlen: 24
                          195.25.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 07:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:a8:a8:33:93:c5:0c:59:1b:a2:5c:a5:82:2b:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 07:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2588c12c721296c091635544d38ea047a53eff4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:f5:3e:18:51:ad:03:8f:f4:d6:38:c4:f0:a8:
                    a6:ce:2b:2a:5e:15:97:19:82:81:f2:6a:c8:00:e8:
                    8a:03:3e:04:3a:aa:21:b9:be:2b:06:f0:b0:32:1e:
                    75:c3:9b:91:e7:99:0d:18:14:ca:80:80:ba:bd:fe:
                    df:79:17:db:ce:e1:bb:7f:41:9f:fc:02:b8:22:4d:
                    62:1d:f2:83:4a:58:cb:23:ed:05:dd:06:3b:dd:65:
                    59:b8:a6:a5:5c:5e:c9:c3:a0:1a:09:9d:b2:fa:ab:
                    dc:96:44:b7:72:dc:79:32:15:28:2c:77:d2:34:c9:
                    eb:0d:bd:60:2b:11:78:72:7e:e7:7e:93:60:b5:a3:
                    7a:fb:62:8a:e4:61:ff:af:85:9b:0f:98:90:8d:f0:
                    bb:33:64:64:52:81:f2:b8:e4:b1:e2:c7:56:ba:a6:
                    02:e5:6f:57:c8:7d:18:f6:19:75:34:91:2b:65:b9:
                    11:72:cf:3e:b7:8e:aa:71:46:db:a3:6d:5b:5f:b3:
                    6b:7e:51:50:2f:8c:f0:0c:1a:74:d7:ee:a0:a1:3e:
                    45:09:8f:72:7a:c9:a5:00:e7:4c:1d:f9:10:bf:52:
                    3b:09:1a:5e:7e:63:f6:fd:06:cb:68:d3:ad:fb:7c:
                    f2:52:69:ad:b7:02:52:79:b4:8f:ad:71:26:b5:67:
                    42:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:88:C1:2C:72:12:96:C0:91:63:55:44:D3:8E:A0:47:A5:3E:FF:4A
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/JYjBLHISlsCRY1VE046gR6U-_0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.25.79.0-195.25.80.255

    Signature Algorithm: sha256WithRSAEncryption
         0e:60:ea:96:9b:69:76:14:28:c3:37:5a:34:57:32:4c:8d:46:
         c5:39:74:52:8c:27:0c:7c:21:d9:39:94:e2:37:9a:58:8d:19:
         42:8d:1f:da:a8:fa:d8:1e:1f:a6:d3:64:05:e3:34:b9:0d:b1:
         02:37:69:68:e8:5a:18:17:52:1b:e4:e7:ec:36:07:6c:04:16:
         2d:0d:bc:3c:fc:fa:de:f3:ec:25:95:c3:1f:4a:49:85:b9:be:
         6a:b0:c2:c4:7e:97:78:e7:31:e5:db:f4:04:ac:f0:47:b7:12:
         e6:83:50:e7:d0:1d:ca:c3:34:ed:b0:bf:d8:4b:f5:2b:d2:87:
         f2:8a:81:5b:2e:bc:04:7b:28:85:1a:71:de:ea:6b:45:16:a9:
         6d:67:77:0e:aa:c4:dd:99:df:bb:f8:3b:a8:b4:51:cc:86:7f:
         4f:ec:90:36:31:a7:f3:b7:3f:d3:05:4f:6d:fc:9a:b2:cc:fb:
         b1:01:6c:d3:9e:fb:29:8e:a2:9d:f8:77:cb:17:63:fd:60:69:
         e9:ed:68:0a:5b:39:fd:04:1b:e2:71:7e:3e:a3:d5:2e:b7:bb:
         8c:c1:a9:e5:48:e1:5c:54:28:9f:a2:78:89:5a:90:93:52:b1:
         33:2a:a1:35:67:e3:fa:74:7e:a0:62:5d:0c:b6:f8:8a:8b:8c:
         fe:78:b5:0e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQg1aioM5PFDFkbolylgitGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjUwMTAxMDc0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTg4YzEyYzcyMTI5NmMwOTE2MzU1NDRkMzhlYTA0N2E1M2VmZjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2PU+GFGtA4/01jjE8KimzisqXhWX
GYKB8mrIAOiKAz4EOqohub4rBvCwMh51w5uR55kNGBTKgIC6vf7feRfbzuG7f0Gf
/AK4Ik1iHfKDSljLI+0F3QY73WVZuKalXF7Jw6AaCZ2y+qvclkS3ctx5MhUoLHfS
NMnrDb1gKxF4cn7nfpNgtaN6+2KK5GH/r4WbD5iQjfC7M2RkUoHyuOSx4sdWuqYC
5W9XyH0Y9hl1NJErZbkRcs8+t46qcUbbo21bX7NrflFQL4zwDBp01+6goT5FCY9y
esmlAOdMHfkQv1I7CRpefmP2/QbLaNOt+3zyUmmttwJSebSPrXEmtWdCYwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCWIwSxyEpbAkWNVRNOOoEelPv9KMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvSllqQkxISVNsc0NSWTFWRTA0NmdSNlUtXzBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADDGU8D
BADDGVAwDQYJKoZIhvcNAQELBQADggEBAA5g6pabaXYUKMM3WjRXMkyNRsU5dFKM
Jwx8Idk5lOI3mliNGUKNH9qo+tgeH6bTZAXjNLkNsQI3aWjoWhgXUhvk5+w2B2wE
Fi0NvDz8+t7z7CWVwx9KSYW5vmqwwsR+l3jnMeXb9ASs8Ee3EuaDUOfQHcrDNO2w
v9hL9SvSh/KKgVsuvAR7KIUacd7qa0UWqW1ndw6qxN2Z37v4O6i0UcyGf0/skDYx
p/O3P9MFT238mrLM+7EBbNOe+ymOop34d8sXY/1gaentaApbOf0EG+Jxfj6j1S63
u4zBqeVI4VxUKJ+ieIlakJNSsTMqoTVn4/p0fqBiXQy2+IqLjP54tQ4=
-----END CERTIFICATE-----