Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/U551-ULmm4y7w3gBKmPFTqokscc.roa
File:                     U551-ULmm4y7w3gBKmPFTqokscc.roa (raw, json)
Hash identifier:          dKpczAgVEG4tL+3IVkFuxHV+1uuvaoTsSzTWU5ho7Oc=
Subject key identifier:   53:9E:75:F9:42:E6:9B:8C:BB:C3:78:01:2A:63:C5:4E:AA:24:B1:C7
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019425FD5103B0242660099B09484F488CE3
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/U551-ULmm4y7w3gBKmPFTqokscc.roa
Signing time:             Thu 02 Jan 2025 07:49:05 +0000
ROA not before:           Thu 02 Jan 2025 07:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16345
IP address blocks:        194.85.128.0/19 maxlen: 24
                          195.209.160.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:51:03:b0:24:26:60:09:9b:09:48:4f:48:8c:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  2 07:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=539e75f942e69b8cbbc378012a63c54eaa24b1c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:9b:e4:c3:d6:19:b7:6b:24:30:63:fd:a2:88:
                    2f:d0:fb:67:78:72:e0:95:e2:68:b1:f7:ec:19:09:
                    ff:93:f9:e9:58:ba:c4:55:15:8f:f6:e2:42:29:b4:
                    a7:b1:a7:5c:a1:34:b0:7d:a9:37:9e:82:62:e8:59:
                    e6:fa:ae:3b:ce:ca:33:f2:c4:e0:2f:c6:34:a8:23:
                    11:10:91:4c:14:27:ea:c0:cd:cf:fc:f0:11:82:3c:
                    3d:b2:6f:43:a5:0f:4e:a7:5f:7b:9f:0b:fe:18:6b:
                    ec:04:dd:3c:ab:15:ca:c2:02:05:35:2c:7c:f4:5a:
                    1a:0f:d9:c7:df:96:d5:b8:49:a4:a1:ba:0b:ed:ab:
                    0e:66:ba:90:d9:83:39:fa:39:46:85:9a:a9:d0:cd:
                    8d:5e:2e:d5:41:10:2b:d0:18:e6:71:83:ba:8a:e4:
                    da:dd:56:fd:b8:24:ec:25:b5:49:5a:89:e5:37:2d:
                    13:12:33:0c:5f:68:71:2c:56:2d:c8:54:5c:b6:30:
                    06:ba:ab:29:c6:57:36:8d:80:59:95:1a:7c:29:01:
                    b1:a1:95:38:df:b0:18:c2:86:29:2f:80:44:a1:5e:
                    9a:b7:4f:fd:9b:5f:83:f7:b9:c3:ad:c0:b9:a3:43:
                    71:66:b0:15:cb:7c:ca:13:8a:62:6e:1e:76:6c:3f:
                    65:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:9E:75:F9:42:E6:9B:8C:BB:C3:78:01:2A:63:C5:4E:AA:24:B1:C7
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/U551-ULmm4y7w3gBKmPFTqokscc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.85.128.0/19
                  195.209.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         b0:57:67:8c:36:d4:a7:cc:78:a0:98:4c:99:10:40:fc:02:75:
         9a:a1:19:ed:db:a7:94:4a:83:86:12:74:95:02:13:18:d5:76:
         f0:31:17:5f:60:e3:ea:9e:a9:e9:e6:57:64:31:bc:74:66:6a:
         f3:8c:95:4b:1c:e3:0f:e5:1a:38:42:4b:9e:1d:a4:92:62:2c:
         58:ba:b1:cd:f2:0e:96:42:af:0b:1a:61:1b:0d:38:81:e5:4b:
         be:86:e9:52:e2:86:15:8e:10:25:c6:37:70:99:d3:7c:76:fd:
         b5:36:a0:4e:ec:1f:a9:89:30:34:9c:8f:53:7d:d4:f6:23:99:
         3c:05:aa:6c:19:a4:73:58:9a:df:e3:f1:5d:88:15:fc:43:b3:
         24:6e:99:14:39:dc:89:f7:87:9e:eb:56:59:f9:c3:28:3c:0b:
         2e:68:61:aa:b1:8d:87:a7:b3:d4:15:e2:14:df:01:1e:34:f0:
         90:35:a5:a1:f9:cf:93:50:61:db:5f:2c:44:cc:b8:7a:0a:f7:
         70:1e:7f:42:73:d9:1c:34:ad:e9:ac:26:46:a5:9c:1d:db:84:
         dc:5e:8e:cb:2c:06:60:e5:a0:7f:7c:77:b5:cc:d9:1e:ab:6f:
         51:83:75:d5:cc:d1:ef:e0:f0:11:44:50:0c:d3:5e:88:68:f1:
         91:80:d2:26
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/VEDsCQmYAmbCUhPSIzjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUwMTAyMDc0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzllNzVmOTQyZTY5YjhjYmJjMzc4MDEyYTYzYzU0ZWFhMjRiMWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppvkw9YZt2skMGP9oogv0PtneHLg
leJosffsGQn/k/npWLrEVRWP9uJCKbSnsadcoTSwfak3noJi6Fnm+q47zsoz8sTg
L8Y0qCMREJFMFCfqwM3P/PARgjw9sm9DpQ9Op197nwv+GGvsBN08qxXKwgIFNSx8
9FoaD9nH35bVuEmkoboL7asOZrqQ2YM5+jlGhZqp0M2NXi7VQRAr0BjmcYO6iuTa
3Vb9uCTsJbVJWonlNy0TEjMMX2hxLFYtyFRctjAGuqspxlc2jYBZlRp8KQGxoZU4
37AYwoYpL4BEoV6at0/9m1+D97nDrcC5o0NxZrAVy3zKE4pibh52bD9lWQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFOedflC5puMu8N4ASpjxU6qJLHHMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvVTU1MS1VTG1tNHk3dzNnQkttUEZUcW9rc2NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFwlWAAwQE
w9GgMA0GCSqGSIb3DQEBCwUAA4IBAQCwV2eMNtSnzHigmEyZEED8AnWaoRnt26eU
SoOGEnSVAhMY1XbwMRdfYOPqnqnp5ldkMbx0ZmrzjJVLHOMP5Ro4QkueHaSSYixY
urHN8g6WQq8LGmEbDTiB5Uu+hulS4oYVjhAlxjdwmdN8dv21NqBO7B+piTA0nI9T
fdT2I5k8BapsGaRzWJrf4/FdiBX8Q7MkbpkUOdyJ94ee61ZZ+cMoPAsuaGGqsY2H
p7PUFeIU3wEeNPCQNaWh+c+TUGHbXyxEzLh6CvdwHn9Cc9kcNK3prCZGpZwd24Tc
Xo7LLAZg5aB/fHe1zNkeq29Rg3XVzNHv4PARRFAM016IaPGRgNIm
-----END CERTIFICATE-----