Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/64fe7d-862d-4e1a-9fd0-06b41ef1398d/1/UY5PADzbeIj93cBuCOAZIezRods.roa
File:                     UY5PADzbeIj93cBuCOAZIezRods.roa (raw, json)
Hash identifier:          94p+JoB1n19vWg1B3h2izrs5nmNxhhnj9iR596bjT+I=
Subject key identifier:   51:8E:4F:00:3C:DB:78:88:FD:DD:C0:6E:08:E0:19:21:EC:D1:A1:DB
Certificate issuer:       /CN=2956584b70ce847c1a9b400548b14db031bedff2
Certificate serial:       01942521A5D469522564EA353D3869E1F66C
Authority key identifier: 29:56:58:4B:70:CE:84:7C:1A:9B:40:05:48:B1:4D:B0:31:BE:DF:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KVZYS3DOhHwam0AFSLFNsDG-3_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/64fe7d-862d-4e1a-9fd0-06b41ef1398d/1/UY5PADzbeIj93cBuCOAZIezRods.roa
Signing time:             Thu 02 Jan 2025 03:49:09 +0000
ROA not before:           Thu 02 Jan 2025 03:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48678
IP address blocks:        195.24.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/64fe7d-862d-4e1a-9fd0-06b41ef1398d/1/KVZYS3DOhHwam0AFSLFNsDG-3_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/64fe7d-862d-4e1a-9fd0-06b41ef1398d/1/KVZYS3DOhHwam0AFSLFNsDG-3_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KVZYS3DOhHwam0AFSLFNsDG-3_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 08:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:a5:d4:69:52:25:64:ea:35:3d:38:69:e1:f6:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2956584b70ce847c1a9b400548b14db031bedff2
        Validity
            Not Before: Jan  2 03:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=518e4f003cdb7888fdddc06e08e01921ecd1a1db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:41:c6:20:fa:37:36:85:24:e4:22:15:a2:e8:
                    07:57:16:29:e3:a8:98:da:e9:24:51:39:fc:1f:2e:
                    24:de:93:ab:e0:53:a5:f5:1c:39:72:bb:1f:62:f7:
                    84:01:10:6e:a9:d4:79:47:1c:25:1f:01:52:de:9c:
                    4b:3a:e2:89:a1:d9:0a:8d:42:3d:51:21:9c:41:5f:
                    15:d2:66:97:e9:36:89:5b:76:ef:2c:ff:e4:43:b5:
                    f9:5d:8d:b5:ab:53:0e:07:e5:c2:5a:42:ff:62:72:
                    2a:31:d3:d5:d5:50:85:b6:a2:5e:d8:0c:ce:d2:de:
                    a3:f6:51:8b:d1:a8:a3:8d:8a:94:b5:53:03:aa:5e:
                    c1:3b:e7:1c:40:de:e4:09:2f:e4:e0:bb:55:ef:56:
                    f0:b0:c2:c0:8c:18:70:02:bd:2e:5b:c5:8d:2f:a1:
                    15:af:02:4a:54:6c:17:d2:7d:b4:1e:58:70:83:ea:
                    de:55:6a:65:dc:63:6a:45:58:b8:68:84:52:a7:a2:
                    7b:8a:c2:6b:7a:db:5c:da:8e:4f:6e:99:1d:c5:c6:
                    ec:05:cd:82:d9:d8:bf:d8:e9:f9:01:32:22:57:25:
                    79:97:34:86:f8:a5:43:b8:a6:7b:ab:ca:eb:16:ed:
                    d0:25:87:4f:ad:ad:84:57:53:df:77:0e:7a:09:97:
                    7f:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:8E:4F:00:3C:DB:78:88:FD:DD:C0:6E:08:E0:19:21:EC:D1:A1:DB
            X509v3 Authority Key Identifier:
                keyid:29:56:58:4B:70:CE:84:7C:1A:9B:40:05:48:B1:4D:B0:31:BE:DF:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KVZYS3DOhHwam0AFSLFNsDG-3_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/64fe7d-862d-4e1a-9fd0-06b41ef1398d/1/UY5PADzbeIj93cBuCOAZIezRods.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/64fe7d-862d-4e1a-9fd0-06b41ef1398d/1/KVZYS3DOhHwam0AFSLFNsDG-3_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.24.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:75:e1:f9:54:7c:34:16:46:4b:eb:75:0b:be:cc:7a:f2:3d:
         53:1f:97:7f:41:e0:e0:37:2c:d6:6d:fa:9a:c5:df:22:57:44:
         9d:1e:e8:96:fe:f4:4c:5c:0d:45:dc:e2:1c:2e:52:08:f2:8d:
         d7:11:06:7d:dd:ab:54:dc:c7:3a:b0:25:96:98:8e:d5:41:2d:
         83:a8:df:eb:8a:1f:92:90:bf:4a:88:4a:28:21:fb:af:80:db:
         60:40:a4:74:62:30:79:aa:8a:63:6f:d8:32:f0:50:18:4b:83:
         a9:90:d4:da:28:35:d1:c7:48:0b:6a:19:68:65:2a:81:e2:1e:
         05:25:75:1d:c7:e8:34:4f:b0:3b:0f:cc:af:7f:50:3e:93:93:
         95:17:f6:1d:34:e2:c8:fc:f9:2b:19:92:06:08:6f:64:9a:e1:
         b4:02:5c:16:61:18:85:18:31:78:24:68:38:d4:73:63:0b:84:
         04:3d:47:51:93:cd:24:05:fe:8f:e0:e3:5f:79:2c:a2:24:65:
         ad:15:d3:2f:53:52:4b:7d:8c:a2:73:a6:fe:f6:ff:3b:a4:0b:
         58:11:61:5b:44:f7:4c:bf:05:90:ca:06:cb:70:45:df:92:3f:
         07:fa:9f:c3:1f:36:b7:c6:16:34:cf:69:e6:cd:67:d6:b4:5a:
         2c:2b:89:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIaXUaVIlZOo1PThp4fZsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NTY1ODRiNzBjZTg0N2MxYTliNDAwNTQ4YjE0ZGIwMzFi
ZWRmZjIwHhcNMjUwMTAyMDM0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MThlNGYwMDNjZGI3ODg4ZmRkZGMwNmUwOGUwMTkyMWVjZDFhMWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkHGIPo3NoUk5CIVougHVxYp46iY
2ukkUTn8Hy4k3pOr4FOl9Rw5crsfYveEARBuqdR5RxwlHwFS3pxLOuKJodkKjUI9
USGcQV8V0maX6TaJW3bvLP/kQ7X5XY21q1MOB+XCWkL/YnIqMdPV1VCFtqJe2AzO
0t6j9lGL0aijjYqUtVMDql7BO+ccQN7kCS/k4LtV71bwsMLAjBhwAr0uW8WNL6EV
rwJKVGwX0n20Hlhwg+reVWpl3GNqRVi4aIRSp6J7isJrettc2o5PbpkdxcbsBc2C
2di/2On5ATIiVyV5lzSG+KVDuKZ7q8rrFu3QJYdPra2EV1Pfdw56CZd/WQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFGOTwA823iI/d3AbgjgGSHs0aHbMB8GA1UdIwQY
MBaAFClWWEtwzoR8GptABUixTbAxvt/yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1ZaWVMzRE9oSHdhbTBBRlNMRk5zREctM19JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi82NGZlN2QtODYyZC00ZTFhLTlmZDAt
MDZiNDFlZjEzOThkLzEvVVk1UEFEemJlSWo5M2NCdUNPQVpJZXpSb2RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi82NGZlN2QtODYyZC00ZTFhLTlmZDAtMDZiNDFlZjEzOThk
LzEvS1ZaWVMzRE9oSHdhbTBBRlNMRk5zREctM19JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxjoMA0G
CSqGSIb3DQEBCwUAA4IBAQCKdeH5VHw0FkZL63ULvsx68j1TH5d/QeDgNyzWbfqa
xd8iV0SdHuiW/vRMXA1F3OIcLlII8o3XEQZ93atU3Mc6sCWWmI7VQS2DqN/rih+S
kL9KiEooIfuvgNtgQKR0YjB5qopjb9gy8FAYS4OpkNTaKDXRx0gLahloZSqB4h4F
JXUdx+g0T7A7D8yvf1A+k5OVF/YdNOLI/PkrGZIGCG9kmuG0AlwWYRiFGDF4JGg4
1HNjC4QEPUdRk80kBf6P4ONfeSyiJGWtFdMvU1JLfYyic6b+9v87pAtYEWFbRPdM
vwWQygbLcEXfkj8H+p/DHza3xhY0z2nmzWfWtFosK4lm
-----END CERTIFICATE-----