Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/UMD_GrrBm5exfk4ne6BfKt3EdWg.roa
File:                     UMD_GrrBm5exfk4ne6BfKt3EdWg.roa (raw, json)
Hash identifier:          r961vKQM2ic8nkYfC0teGF9Gu+iyVr4kAJkHxGV3f5E=
Subject key identifier:   50:C0:FF:1A:BA:C1:9B:97:B1:7E:4E:27:7B:A0:5F:2A:DD:C4:75:68
Certificate issuer:       /CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
Certificate serial:       019421B213B4A4C3FFDCF0808B5585A04520
Authority key identifier: 2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/UMD_GrrBm5exfk4ne6BfKt3EdWg.roa
Signing time:             Wed 01 Jan 2025 11:48:26 +0000
ROA not before:           Wed 01 Jan 2025 11:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5065
IP address blocks:        195.95.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 23:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:13:b4:a4:c3:ff:dc:f0:80:8b:55:85:a0:45:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
        Validity
            Not Before: Jan  1 11:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50c0ff1abac19b97b17e4e277ba05f2addc47568
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:2b:a0:1f:51:97:9d:f1:dc:7e:e9:d8:e9:d1:
                    e7:be:ae:40:f0:3c:68:3e:6f:85:3d:fe:3a:20:90:
                    ea:32:f1:be:58:cd:9f:bd:0a:fe:82:df:65:d4:35:
                    fa:97:06:ca:b4:74:2b:b5:49:65:1d:a1:57:76:75:
                    aa:27:20:19:70:57:28:b1:89:db:12:98:41:f0:af:
                    73:91:6e:93:91:fd:04:8c:99:59:72:cc:f5:63:9e:
                    be:4b:78:57:c9:a1:f8:2c:42:f9:1d:ce:34:47:f0:
                    88:14:c1:a2:88:c3:1e:74:40:f9:75:bc:d6:d1:b9:
                    24:0f:db:42:08:94:65:63:ac:a1:87:65:4f:32:1e:
                    fb:71:67:e8:3c:7b:d2:d0:c9:8b:1c:ab:54:97:8d:
                    74:cd:a1:ba:42:9e:ef:f4:7c:40:d2:5f:74:26:f0:
                    54:fe:32:fc:3c:d4:70:30:2d:e1:df:ee:47:8c:a1:
                    16:34:76:b4:3c:eb:c0:7b:7c:48:19:83:94:3d:dd:
                    ec:bc:f7:fe:5a:f7:76:06:e1:3d:76:14:6d:90:99:
                    8f:a1:e1:21:47:3c:86:04:8c:fd:07:1e:11:a0:a1:
                    10:d0:35:98:bc:3c:2e:b0:4e:4a:cf:89:59:94:a2:
                    8e:46:e6:4a:78:09:0d:4d:fb:4e:82:3f:b0:be:fd:
                    48:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:C0:FF:1A:BA:C1:9B:97:B1:7E:4E:27:7B:A0:5F:2A:DD:C4:75:68
            X509v3 Authority Key Identifier:
                keyid:2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/UMD_GrrBm5exfk4ne6BfKt3EdWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ce:77:40:e2:19:ff:9b:a2:4a:96:e1:de:58:49:57:f6:de:d1:
         c9:00:42:10:30:fc:32:83:6c:ed:af:42:f8:87:0c:04:7f:bd:
         53:98:3e:34:ee:f6:96:db:78:0b:09:e0:67:2a:83:51:91:bd:
         93:c2:dc:e6:98:3b:c0:12:e9:c1:f3:69:b1:3a:9c:ba:2a:63:
         91:a2:15:ff:06:ec:c2:1b:ec:fc:02:b2:c0:55:3b:0f:df:be:
         12:18:4c:86:01:d7:5a:25:4e:03:0e:22:ae:09:69:75:84:ea:
         91:d5:b8:d1:ec:22:96:98:8f:37:a8:f8:c7:2e:1e:b9:5b:3a:
         d1:65:bd:1e:ab:97:33:7e:e0:c1:79:c9:e0:ef:a3:19:86:85:
         07:14:b2:4c:57:cf:e1:e1:e2:e1:23:a6:fd:b3:a8:ca:22:3e:
         1c:a5:76:97:05:7b:31:66:ff:85:ad:c4:de:67:82:24:da:9f:
         73:bb:9d:31:43:3b:05:cb:48:fe:e6:7d:6d:90:f0:4f:84:58:
         e7:22:35:51:ff:ab:7c:42:67:c1:52:b4:4e:3e:df:4e:14:a9:
         67:6f:1c:b0:64:a8:52:51:99:0f:20:1d:d8:1d:49:ce:38:4a:
         9b:13:99:58:a2:56:3a:a0:38:29:a1:d9:ae:94:94:61:2e:4f:
         d4:54:5f:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhshO0pMP/3PCAi1WFoEUgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODI5NjNmZjFhYTcwYWIxMGQxZDMzZTg2YjFkNmQ0OTRk
NmNlNTEwHhcNMjUwMTAxMTE0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGMwZmYxYWJhYzE5Yjk3YjE3ZTRlMjc3YmEwNWYyYWRkYzQ3NTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriugH1GXnfHcfunY6dHnvq5A8Dxo
Pm+FPf46IJDqMvG+WM2fvQr+gt9l1DX6lwbKtHQrtUllHaFXdnWqJyAZcFcosYnb
EphB8K9zkW6Tkf0EjJlZcsz1Y56+S3hXyaH4LEL5Hc40R/CIFMGiiMMedED5dbzW
0bkkD9tCCJRlY6yhh2VPMh77cWfoPHvS0MmLHKtUl410zaG6Qp7v9HxA0l90JvBU
/jL8PNRwMC3h3+5HjKEWNHa0POvAe3xIGYOUPd3svPf+Wvd2BuE9dhRtkJmPoeEh
RzyGBIz9Bx4RoKEQ0DWYvDwusE5Kz4lZlKKORuZKeAkNTftOgj+wvv1IaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFDA/xq6wZuXsX5OJ3ugXyrdxHVoMB8GA1UdIwQY
MBaAFC6Clj/xqnCrENHTPoax1tSU1s5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQt
ZGY2NGYwZTgyMzYwLzEvVU1EX0dyckJtNWV4Zms0bmU2QmZLdDNFZFdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQtZGY2NGYwZTgyMzYw
LzEvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1/JMA0G
CSqGSIb3DQEBCwUAA4IBAQDOd0DiGf+bokqW4d5YSVf23tHJAEIQMPwyg2ztr0L4
hwwEf71TmD407vaW23gLCeBnKoNRkb2TwtzmmDvAEunB82mxOpy6KmORohX/BuzC
G+z8ArLAVTsP374SGEyGAddaJU4DDiKuCWl1hOqR1bjR7CKWmI83qPjHLh65WzrR
Zb0eq5czfuDBecng76MZhoUHFLJMV8/h4eLhI6b9s6jKIj4cpXaXBXsxZv+FrcTe
Z4Ik2p9zu50xQzsFy0j+5n1tkPBPhFjnIjVR/6t8QmfBUrROPt9OFKlnbxywZKhS
UZkPIB3YHUnOOEqbE5lYolY6oDgpodmulJRhLk/UVF/6
-----END CERTIFICATE-----