Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/uhXLHo-0al5-4Ywodvl9WZhyWo8.roa
File:                     uhXLHo-0al5-4Ywodvl9WZhyWo8.roa (raw, json)
Hash identifier:          0/9YYUjWHhEdcxBlaT2sTrFe7bjXv5gIpAHJ+J4XCPg=
Subject key identifier:   BA:15:CB:1E:8F:B4:6A:5E:7E:E1:8C:28:76:F9:7D:59:98:72:5A:8F
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       018CC5DC4C4D73FC9CF11FF96D13AAFB8C08
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/uhXLHo-0al5-4Ywodvl9WZhyWo8.roa
Signing time:             Mon 01 Jan 2024 16:29:58 +0000
ROA not before:           Mon 01 Jan 2024 16:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60375
IP address blocks:        195.209.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:4c:4d:73:fc:9c:f1:1f:f9:6d:13:aa:fb:8c:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 16:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba15cb1e8fb46a5e7ee18c2876f97d5998725a8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:a4:16:b9:11:a3:4b:aa:8b:aa:e2:e0:19:50:
                    d9:34:92:76:0e:68:57:5f:6f:32:95:37:3e:48:00:
                    7a:f5:5e:ce:a4:17:95:28:a4:b1:e9:c1:a7:94:83:
                    a6:ac:da:fd:11:01:8a:b3:20:63:95:a2:fa:b7:06:
                    4c:09:56:7a:b5:e0:e0:36:12:fb:7a:41:a8:78:69:
                    3f:01:92:24:46:46:0a:21:38:5c:69:75:c8:66:89:
                    a9:16:da:22:dc:14:47:24:54:ae:de:19:c7:67:cc:
                    9a:a9:27:16:41:00:8e:5c:4c:29:e5:82:6e:1b:01:
                    f5:f2:32:7e:8f:25:8b:ef:3a:7d:25:c8:0e:9f:e2:
                    e3:28:f8:da:cf:63:85:93:d8:b5:26:ce:76:7b:91:
                    a1:80:25:f2:f6:04:79:07:bf:3b:ef:bd:17:ad:4e:
                    47:be:70:18:ea:54:55:59:78:cb:da:31:09:80:3a:
                    f4:9b:16:fc:02:2d:14:76:9b:dc:4d:a2:aa:5a:7a:
                    45:a7:c2:3f:b3:b9:5a:be:75:db:32:77:d0:83:ca:
                    a4:19:9e:fd:86:4b:be:d2:14:22:63:55:6d:78:cc:
                    44:40:42:2a:54:ef:c6:b9:fa:fd:31:17:86:c3:f6:
                    70:c7:5b:7d:67:96:04:e7:8a:0d:a5:89:46:35:20:
                    9a:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:15:CB:1E:8F:B4:6A:5E:7E:E1:8C:28:76:F9:7D:59:98:72:5A:8F
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/uhXLHo-0al5-4Ywodvl9WZhyWo8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.209.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:12:47:75:86:36:fd:90:3e:3e:e5:dc:c2:50:2f:6f:6a:cf:
         ba:33:78:84:b6:e5:ba:54:cc:80:fd:f3:3b:da:c7:18:da:d5:
         77:d6:29:55:1b:81:73:02:94:b2:0a:5d:56:84:d1:14:d2:26:
         6f:9f:73:90:be:8c:7b:d9:7a:60:30:4d:4a:72:3e:35:0f:3f:
         e1:35:af:4c:a2:d7:b9:5c:b8:b7:74:7f:31:1a:5a:d8:0b:ce:
         88:3e:a2:61:dc:6c:4d:09:28:d1:27:13:e7:88:21:98:9a:f8:
         fd:79:15:88:d0:39:98:44:d1:4e:1f:06:22:5a:ff:32:f0:51:
         05:de:dd:94:7d:a5:5d:0f:fb:68:c1:d4:ec:a8:82:c1:33:a8:
         ed:f2:91:1f:7b:3f:3d:fe:2c:dd:68:b9:96:34:75:df:5b:25:
         06:97:86:9f:9d:6e:81:cb:38:12:5f:b3:08:47:b8:6c:eb:20:
         b7:a3:a7:1a:20:4e:93:35:54:d1:19:41:a2:3f:ae:ee:9f:f6:
         db:6a:3d:81:b9:0e:79:e4:a1:8c:3d:bc:86:ce:00:33:76:ff:
         9d:24:35:36:ca:3e:80:fd:a0:93:f2:ff:c3:9c:a3:ea:b0:9c:
         d4:62:49:5e:23:a1:d5:eb:bc:a9:20:49:f7:46:b4:37:13:36:
         f3:38:d5:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3ExNc/yc8R/5bROq+4wIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQwMTAxMTYyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTE1Y2IxZThmYjQ2YTVlN2VlMThjMjg3NmY5N2Q1OTk4NzI1YThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgqQWuRGjS6qLquLgGVDZNJJ2DmhX
X28ylTc+SAB69V7OpBeVKKSx6cGnlIOmrNr9EQGKsyBjlaL6twZMCVZ6teDgNhL7
ekGoeGk/AZIkRkYKIThcaXXIZompFtoi3BRHJFSu3hnHZ8yaqScWQQCOXEwp5YJu
GwH18jJ+jyWL7zp9JcgOn+LjKPjaz2OFk9i1Js52e5GhgCXy9gR5B787770XrU5H
vnAY6lRVWXjL2jEJgDr0mxb8Ai0UdpvcTaKqWnpFp8I/s7lavnXbMnfQg8qkGZ79
hku+0hQiY1VteMxEQEIqVO/Gufr9MReGw/Zwx1t9Z5YE54oNpYlGNSCa+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLoVyx6PtGpefuGMKHb5fVmYclqPMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvdWhYTEhvLTBhbDUtNFl3b2R2bDlXWmh5V284LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9FoMA0G
CSqGSIb3DQEBCwUAA4IBAQCOEkd1hjb9kD4+5dzCUC9vas+6M3iEtuW6VMyA/fM7
2scY2tV31ilVG4FzApSyCl1WhNEU0iZvn3OQvox72XpgME1Kcj41Dz/hNa9Mote5
XLi3dH8xGlrYC86IPqJh3GxNCSjRJxPniCGYmvj9eRWI0DmYRNFOHwYiWv8y8FEF
3t2UfaVdD/towdTsqILBM6jt8pEfez89/izdaLmWNHXfWyUGl4afnW6ByzgSX7MI
R7hs6yC3o6caIE6TNVTRGUGiP67un/bbaj2BuQ555KGMPbyGzgAzdv+dJDU2yj6A
/aCT8v/DnKPqsJzUYkleI6HV67ypIEn3RrQ3EzbzONWt
-----END CERTIFICATE-----