Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/UmWol24Z1jCTfjEp_MvTPtb1tBk.roa
File:                     UmWol24Z1jCTfjEp_MvTPtb1tBk.roa (raw, json)
Hash identifier:          COPfsyux35Sm2Dilg0uBivAQ4UwahKUGIAKYrH4YhiQ=
Subject key identifier:   52:65:A8:97:6E:19:D6:30:93:7E:31:29:FC:CB:D3:3E:D6:F5:B4:19
Certificate issuer:       /CN=304e59a223f4bcb823492fb1096c3a82310c03da
Certificate serial:       019427B6264AA7D83C49F4AC4BEC184B01A7
Authority key identifier: 30:4E:59:A2:23:F4:BC:B8:23:49:2F:B1:09:6C:3A:82:31:0C:03:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/UmWol24Z1jCTfjEp_MvTPtb1tBk.roa
Signing time:             Thu 02 Jan 2025 15:50:36 +0000
ROA not before:           Thu 02 Jan 2025 15:50:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59808
IP address blocks:        45.151.212.0/24 maxlen: 24
                          2a0e:b580::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:26:4a:a7:d8:3c:49:f4:ac:4b:ec:18:4b:01:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=304e59a223f4bcb823492fb1096c3a82310c03da
        Validity
            Not Before: Jan  2 15:50:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5265a8976e19d630937e3129fccbd33ed6f5b419
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:7b:71:35:f7:b5:3e:b1:b2:36:77:05:93:96:
                    39:04:c2:68:54:5e:d6:f5:b8:43:e4:e8:b4:7a:52:
                    9a:1a:1a:c3:00:f8:d0:41:6e:53:02:37:df:93:09:
                    72:b5:78:9a:96:fe:31:df:af:3b:24:32:17:cb:42:
                    c0:9f:f5:40:c2:9f:1c:6d:f8:5e:bc:68:67:d7:a5:
                    aa:d0:d6:8c:4c:d8:f4:59:7c:26:0c:84:8f:60:09:
                    73:cb:27:0f:ae:0f:45:ae:51:3a:ae:1a:87:15:1e:
                    73:7d:33:4a:63:90:fc:e6:4e:53:11:25:2e:81:72:
                    d5:32:30:1e:e5:db:ae:21:15:6f:78:b2:7a:c0:e1:
                    a5:67:5a:c4:14:64:f4:7b:a4:58:aa:a2:4b:2a:d4:
                    a4:89:d7:33:ae:34:13:c4:d6:7c:64:3c:d1:d1:c5:
                    3b:47:a0:5f:ac:81:0c:30:94:9f:34:70:d4:44:fe:
                    37:83:6a:d2:34:50:5d:b0:61:cc:07:67:d9:6a:56:
                    b9:ee:87:bb:96:65:57:e3:5b:6c:3a:04:cd:4b:4f:
                    f0:69:19:f5:8d:5e:c1:b0:fe:61:d9:6d:03:5c:f7:
                    b6:d5:64:17:47:34:e6:5f:b4:17:04:9c:55:e0:3e:
                    b2:80:cb:7b:4a:43:df:05:06:0d:26:8b:39:9e:65:
                    5d:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:65:A8:97:6E:19:D6:30:93:7E:31:29:FC:CB:D3:3E:D6:F5:B4:19
            X509v3 Authority Key Identifier:
                keyid:30:4E:59:A2:23:F4:BC:B8:23:49:2F:B1:09:6C:3A:82:31:0C:03:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/UmWol24Z1jCTfjEp_MvTPtb1tBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.212.0/24
                IPv6:
                  2a0e:b580::/29

    Signature Algorithm: sha256WithRSAEncryption
         b1:88:4f:dc:3d:71:77:e0:e3:b0:ab:51:7c:ca:6e:80:5b:42:
         aa:cb:b4:58:a4:e8:5d:28:ce:55:82:03:fe:cd:df:ff:ae:4f:
         46:e1:64:e1:fd:e2:d8:74:48:36:2e:62:0a:70:20:14:8b:a4:
         2b:fa:2a:30:b5:2a:c4:9c:12:ac:15:bb:91:df:eb:92:56:cb:
         6a:bd:b1:19:a2:be:2e:27:28:63:ec:e9:4f:c6:91:70:70:7b:
         9d:12:f8:e8:97:32:6c:b9:eb:d2:5c:d6:c9:d4:33:df:81:7d:
         f5:91:2c:51:37:9d:87:9b:31:8f:88:c2:57:f2:ce:14:c5:b3:
         4c:a8:33:00:25:08:13:d2:1f:a9:72:aa:e4:48:0d:23:0c:b7:
         8f:32:64:d1:d6:2e:bf:78:ea:ec:aa:bd:54:b6:d9:df:a4:09:
         24:bc:3d:89:0d:23:5e:1f:0a:d8:9b:d4:88:40:9d:7d:28:68:
         7e:e3:58:d2:05:70:a8:4a:a0:46:bf:6f:6c:7a:b1:27:6a:14:
         bc:99:e9:f8:fd:f5:d7:2b:b5:ec:d4:6e:aa:b9:8d:c1:da:f2:
         04:d1:a6:95:39:54:be:66:c7:53:9e:45:93:b6:bb:aa:1f:11:
         7b:b0:2e:f8:58:e9:ae:b9:bb:fb:84:74:8b:45:ed:0e:8f:ba:
         d0:e8:a8:cc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQntiZKp9g8SfSsS+wYSwGnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwNGU1OWEyMjNmNGJjYjgyMzQ5MmZiMTA5NmMzYTgyMzEw
YzAzZGEwHhcNMjUwMTAyMTU1MDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjY1YTg5NzZlMTlkNjMwOTM3ZTMxMjlmY2NiZDMzZWQ2ZjViNDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuntxNfe1PrGyNncFk5Y5BMJoVF7W
9bhD5Oi0elKaGhrDAPjQQW5TAjffkwlytXialv4x3687JDIXy0LAn/VAwp8cbfhe
vGhn16Wq0NaMTNj0WXwmDISPYAlzyycPrg9FrlE6rhqHFR5zfTNKY5D85k5TESUu
gXLVMjAe5duuIRVveLJ6wOGlZ1rEFGT0e6RYqqJLKtSkidczrjQTxNZ8ZDzR0cU7
R6BfrIEMMJSfNHDURP43g2rSNFBdsGHMB2fZala57oe7lmVX41tsOgTNS0/waRn1
jV7BsP5h2W0DXPe21WQXRzTmX7QXBJxV4D6ygMt7SkPfBQYNJos5nmVdAQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFJlqJduGdYwk34xKfzL0z7W9bQZMB8GA1UdIwQY
MBaAFDBOWaIj9Ly4I0kvsQlsOoIxDAPaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUU1Wm9pUDB2TGdqU1MteENXdzZnakVNQTlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9mNTM2Y2QtOTQzZi00NTU0LTlmMTct
MzQ0Y2M1MDJmMWJkLzEvVW1Xb2wyNFoxakNUZmpFcF9NdlRQdGIxdEJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9mNTM2Y2QtOTQzZi00NTU0LTlmMTctMzQ0Y2M1MDJmMWJk
LzEvTUU1Wm9pUDB2TGdqU1MteENXdzZnakVNQTlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALZfUMA0E
AgACMAcDBQMqDrWAMA0GCSqGSIb3DQEBCwUAA4IBAQCxiE/cPXF34OOwq1F8ym6A
W0Kqy7RYpOhdKM5VggP+zd//rk9G4WTh/eLYdEg2LmIKcCAUi6Qr+iowtSrEnBKs
FbuR3+uSVstqvbEZor4uJyhj7OlPxpFwcHudEvjolzJsuevSXNbJ1DPfgX31kSxR
N52HmzGPiMJX8s4UxbNMqDMAJQgT0h+pcqrkSA0jDLePMmTR1i6/eOrsqr1Uttnf
pAkkvD2JDSNeHwrYm9SIQJ19KGh+41jSBXCoSqBGv29serEnahS8men4/fXXK7Xs
1G6quY3B2vIE0aaVOVS+ZsdTnkWTtruqHxF7sC74WOmuubv7hHSLRe0Oj7rQ6KjM
-----END CERTIFICATE-----