Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/UrXy_LDsHx2iNrccJeDCBS_jIt8.roa
File:                     UrXy_LDsHx2iNrccJeDCBS_jIt8.roa (raw, json)
Hash identifier:          TsZDwaHwD4vmvW8H5SOM5KIJanIsOqNbP0SQtQy4htA=
Subject key identifier:   52:B5:F2:FC:B0:EC:1F:1D:A2:36:B7:1C:25:E0:C2:05:2F:E3:22:DF
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       0195B372F3BEA673E22DF3A34CB110BE41B7
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/UrXy_LDsHx2iNrccJeDCBS_jIt8.roa
Signing time:             Thu 20 Mar 2025 12:06:49 +0000
ROA not before:           Thu 20 Mar 2025 12:06:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        45.95.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b3:72:f3:be:a6:73:e2:2d:f3:a3:4c:b1:10:be:41:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Mar 20 12:06:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=52b5f2fcb0ec1f1da236b71c25e0c2052fe322df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:56:60:2a:86:2f:4c:f0:04:00:9f:cb:36:15:
                    f3:8c:b0:8e:20:2f:79:65:3c:2e:2e:7f:04:77:76:
                    03:9b:46:36:b8:1c:e4:a6:51:2c:76:2a:a4:27:64:
                    77:83:1a:5a:09:02:6c:88:00:0f:26:4e:3a:68:6f:
                    65:c2:c7:6a:9f:3c:78:d2:08:51:f9:c6:63:53:70:
                    b6:14:de:61:be:bb:b9:d1:9c:59:52:88:22:46:d1:
                    f1:d9:9d:aa:2c:8a:ca:53:b7:47:5b:fc:d0:b8:d7:
                    d0:de:0a:8d:4f:28:ec:e8:27:1c:05:ed:86:b8:6d:
                    fd:b4:71:e6:f4:de:cf:62:40:92:33:bd:94:12:bc:
                    72:85:cb:60:6e:0f:2e:08:3d:46:8f:31:09:e2:38:
                    b2:4b:c0:f9:0c:13:de:b4:3d:3d:ba:7b:5e:2c:f2:
                    8e:8e:ac:4b:a9:59:d8:7a:be:8a:f5:14:dc:dc:7e:
                    f4:eb:5b:62:9a:ce:15:66:f5:33:8a:9e:54:8b:55:
                    6a:40:39:da:71:11:f3:63:20:4d:cd:5b:31:63:ec:
                    ab:77:57:11:da:22:c6:eb:09:4e:bb:ab:3d:f3:99:
                    98:f8:5f:04:5e:cb:d8:2a:d9:db:8a:bc:9e:8f:77:
                    3f:c6:30:79:41:36:54:cd:d0:6e:af:6d:f8:65:a6:
                    5a:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:B5:F2:FC:B0:EC:1F:1D:A2:36:B7:1C:25:E0:C2:05:2F:E3:22:DF
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/UrXy_LDsHx2iNrccJeDCBS_jIt8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:c4:68:bc:6f:b9:e5:50:01:13:d0:48:36:76:1a:be:56:bc:
         8f:7e:a3:1c:d5:3f:21:d6:42:7b:97:f0:6e:91:d9:b2:f3:8d:
         fd:92:3b:bc:cb:17:bb:96:1f:d5:43:81:6f:44:97:5e:52:f5:
         25:9f:71:3e:ff:7a:98:99:09:04:cd:ff:3f:35:38:f8:13:52:
         c8:ac:25:bb:e9:0b:bb:88:58:77:a4:c3:db:bc:50:b2:3a:e5:
         9b:92:a4:1a:11:c0:66:2d:01:48:49:80:2f:a0:ae:c3:e7:cf:
         ab:40:1f:57:ae:96:19:04:b8:1d:48:00:64:83:0a:9d:72:7d:
         e5:12:c1:54:d4:05:01:27:3b:f5:2c:59:ad:78:6e:70:20:96:
         36:0a:1d:76:da:96:51:2b:aa:77:ec:0c:d8:7a:25:c6:e2:d6:
         c8:2d:2c:29:61:78:ab:f3:34:ec:ae:03:4a:05:d0:13:b8:44:
         b7:fe:36:eb:3e:e3:ed:6f:b8:44:8a:71:e2:5f:71:51:58:25:
         1d:dd:32:6e:a5:2b:a9:d3:9e:98:12:e9:c4:e5:b6:d1:5a:e7:
         d9:dc:16:c9:ad:ed:7e:ce:15:6c:be:f5:de:e7:30:66:65:64:
         b6:f4:0f:51:b6:8a:b9:b4:60:8d:b6:b4:68:bb:a4:e2:62:0b:
         e6:c4:05:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWzcvO+pnPiLfOjTLEQvkG3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjUwMzIwMTIwNjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmI1ZjJmY2IwZWMxZjFkYTIzNmI3MWMyNWUwYzIwNTJmZTMyMmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFZgKoYvTPAEAJ/LNhXzjLCOIC95
ZTwuLn8Ed3YDm0Y2uBzkplEsdiqkJ2R3gxpaCQJsiAAPJk46aG9lwsdqnzx40ghR
+cZjU3C2FN5hvru50ZxZUogiRtHx2Z2qLIrKU7dHW/zQuNfQ3gqNTyjs6CccBe2G
uG39tHHm9N7PYkCSM72UErxyhctgbg8uCD1GjzEJ4jiyS8D5DBPetD09unteLPKO
jqxLqVnYer6K9RTc3H7061tims4VZvUzip5Ui1VqQDnacRHzYyBNzVsxY+yrd1cR
2iLG6wlOu6s985mY+F8EXsvYKtnbiryej3c/xjB5QTZUzdBur234ZaZaIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFK18vyw7B8doja3HCXgwgUv4yLfMB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvVXJYeV9MRHNIeDJpTnJjY0plRENCU19qSXQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV8jMA0G
CSqGSIb3DQEBCwUAA4IBAQC2xGi8b7nlUAET0Eg2dhq+VryPfqMc1T8h1kJ7l/Bu
kdmy8439kju8yxe7lh/VQ4FvRJdeUvUln3E+/3qYmQkEzf8/NTj4E1LIrCW76Qu7
iFh3pMPbvFCyOuWbkqQaEcBmLQFISYAvoK7D58+rQB9XrpYZBLgdSABkgwqdcn3l
EsFU1AUBJzv1LFmteG5wIJY2Ch122pZRK6p37AzYeiXG4tbILSwpYXir8zTsrgNK
BdATuES3/jbrPuPtb7hEinHiX3FRWCUd3TJupSup056YEunE5bbRWufZ3BbJre1+
zhVsvvXe5zBmZWS29A9Rtoq5tGCNtrRou6TiYgvmxAXe
-----END CERTIFICATE-----