Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/sAlcT023Re1_motyjBVZccLuCgg.roa
File:                     sAlcT023Re1_motyjBVZccLuCgg.roa (raw, json)
Hash identifier:          tja1+p7BrfZqb4rfBBKJcVOy+ZddkR/MXj/lAwerOJo=
Subject key identifier:   B0:09:5C:4F:4D:B7:45:ED:7F:9A:8B:72:8C:15:59:71:C2:EE:0A:08
Certificate issuer:       /CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
Certificate serial:       019421B216B0AE434B27EBEB617E11834252
Authority key identifier: 2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/sAlcT023Re1_motyjBVZccLuCgg.roa
Signing time:             Wed 01 Jan 2025 11:48:26 +0000
ROA not before:           Wed 01 Jan 2025 11:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212609
IP address blocks:        195.95.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 23:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:16:b0:ae:43:4b:27:eb:eb:61:7e:11:83:42:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
        Validity
            Not Before: Jan  1 11:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0095c4f4db745ed7f9a8b728c155971c2ee0a08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:57:80:e4:1a:aa:0f:d9:9d:58:cb:cb:62:cc:
                    08:b0:61:b8:ee:32:a9:de:46:6b:00:2b:88:00:a3:
                    bd:c3:9f:75:d4:df:ae:d2:85:a9:21:fe:38:ca:b0:
                    be:8f:cb:71:6d:9f:35:82:0c:73:55:22:4c:5f:8f:
                    be:ba:e0:36:53:8f:8b:0b:7c:4a:3e:1c:cd:13:92:
                    e1:ac:20:e7:c3:ce:50:ba:79:da:48:e7:6d:a3:55:
                    eb:d2:ce:66:46:20:22:88:13:5f:b3:35:1f:e0:2d:
                    97:85:37:ae:7e:3a:f0:b8:f9:23:d2:eb:31:08:af:
                    55:a7:40:18:76:87:82:7e:de:cc:7f:10:c9:9c:f9:
                    06:38:95:74:b7:c3:05:a0:0d:33:eb:cd:5a:5d:37:
                    85:84:33:b1:56:b4:e0:2e:fb:da:08:3e:77:84:2f:
                    08:3d:61:cc:09:77:2f:be:5c:5a:90:f8:3d:a9:87:
                    e5:1b:77:02:4a:98:2a:bf:b4:9b:4b:19:4d:6b:50:
                    a7:b0:e4:95:fd:a9:61:41:c0:12:2e:ac:89:2b:ab:
                    24:5e:08:c9:2d:7b:be:65:6d:84:33:ee:e2:9a:2e:
                    ac:f8:c2:77:10:91:e1:63:5e:b1:a5:80:17:e5:43:
                    d0:92:96:dd:2d:cf:ed:31:1c:2d:7e:12:af:db:9a:
                    ac:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:09:5C:4F:4D:B7:45:ED:7F:9A:8B:72:8C:15:59:71:C2:EE:0A:08
            X509v3 Authority Key Identifier:
                keyid:2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/sAlcT023Re1_motyjBVZccLuCgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:6f:a1:a0:2e:ac:ad:db:ee:b7:11:16:6c:1c:51:07:57:73:
         5a:b1:d9:8d:67:2c:80:40:81:37:36:47:38:1d:c2:d3:99:47:
         9f:4a:3b:18:65:bd:d5:e0:fb:16:15:8f:30:51:1a:13:19:2f:
         ec:17:96:75:2f:e8:10:12:9a:81:9a:37:33:c4:65:51:4f:a3:
         4e:87:5a:1c:51:fc:e2:a8:af:e2:46:9f:d1:f8:b2:68:88:53:
         39:b8:22:22:a8:19:07:2d:20:c9:ad:88:9d:a3:c6:a7:36:29:
         96:55:79:bc:16:d8:45:57:53:56:c8:16:f2:3c:0d:80:4b:bb:
         5b:37:5c:88:59:3b:e5:a8:58:ec:21:44:a7:af:36:76:7c:e5:
         c9:4e:dc:0b:29:dd:03:d3:b6:1a:ce:41:2b:85:0e:55:67:55:
         85:d9:ed:6d:01:6f:29:d5:d6:79:df:c2:5a:49:ea:bc:74:23:
         5e:08:2c:f7:61:fe:c5:40:40:a1:6a:5e:4d:d0:84:b5:8e:bb:
         6a:ff:fa:ab:ac:05:30:02:9f:bf:f7:a8:b8:23:66:15:02:23:
         42:33:95:43:29:49:ab:a8:2a:0f:48:1a:f9:1e:45:47:fc:e9:
         e3:3c:15:f2:08:93:1e:80:7f:dc:e7:c7:c0:c4:79:e7:34:74:
         41:33:bc:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhshawrkNLJ+vrYX4Rg0JSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODI5NjNmZjFhYTcwYWIxMGQxZDMzZTg2YjFkNmQ0OTRk
NmNlNTEwHhcNMjUwMTAxMTE0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDA5NWM0ZjRkYjc0NWVkN2Y5YThiNzI4YzE1NTk3MWMyZWUwYTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1eA5BqqD9mdWMvLYswIsGG47jKp
3kZrACuIAKO9w5911N+u0oWpIf44yrC+j8txbZ81ggxzVSJMX4++uuA2U4+LC3xK
PhzNE5LhrCDnw85QunnaSOdto1Xr0s5mRiAiiBNfszUf4C2XhTeufjrwuPkj0usx
CK9Vp0AYdoeCft7MfxDJnPkGOJV0t8MFoA0z681aXTeFhDOxVrTgLvvaCD53hC8I
PWHMCXcvvlxakPg9qYflG3cCSpgqv7SbSxlNa1CnsOSV/alhQcASLqyJK6skXgjJ
LXu+ZW2EM+7imi6s+MJ3EJHhY16xpYAX5UPQkpbdLc/tMRwtfhKv25qs6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLAJXE9Nt0Xtf5qLcowVWXHC7goIMB8GA1UdIwQY
MBaAFC6Clj/xqnCrENHTPoax1tSU1s5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQt
ZGY2NGYwZTgyMzYwLzEvc0FsY1QwMjNSZTFfbW90eWpCVlpjY0x1Q2dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQtZGY2NGYwZTgyMzYw
LzEvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1/NMA0G
CSqGSIb3DQEBCwUAA4IBAQAkb6GgLqyt2+63ERZsHFEHV3NasdmNZyyAQIE3Nkc4
HcLTmUefSjsYZb3V4PsWFY8wURoTGS/sF5Z1L+gQEpqBmjczxGVRT6NOh1ocUfzi
qK/iRp/R+LJoiFM5uCIiqBkHLSDJrYido8anNimWVXm8FthFV1NWyBbyPA2AS7tb
N1yIWTvlqFjsIUSnrzZ2fOXJTtwLKd0D07YazkErhQ5VZ1WF2e1tAW8p1dZ538Ja
Seq8dCNeCCz3Yf7FQEChal5N0IS1jrtq//qrrAUwAp+/96i4I2YVAiNCM5VDKUmr
qCoPSBr5HkVH/OnjPBXyCJMegH/c58fAxHnnNHRBM7y+
-----END CERTIFICATE-----