Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/631521-d4b7-4f10-8c06-87aa285f807c/1/eR5EevbZ-cAP0rVdhXMRAu6R2DU.roa
File:                     eR5EevbZ-cAP0rVdhXMRAu6R2DU.roa (raw, json)
Hash identifier:          MFuL2PsX4eqPDfqD1XxiSAvnb9qnnDDl40Z3XSXhTPs=
Subject key identifier:   79:1E:44:7A:F6:D9:F9:C0:0F:D2:B5:5D:85:73:11:02:EE:91:D8:35
Certificate issuer:       /CN=cf5ef7a870d4b148eb1d4f4fe666ed5054adeaec
Certificate serial:       01941FFA7FE38E399CCF05BDA6F076FAAD45
Authority key identifier: CF:5E:F7:A8:70:D4:B1:48:EB:1D:4F:4F:E6:66:ED:50:54:AD:EA:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z173qHDUsUjrHU9P5mbtUFSt6uw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/631521-d4b7-4f10-8c06-87aa285f807c/1/eR5EevbZ-cAP0rVdhXMRAu6R2DU.roa
Signing time:             Wed 01 Jan 2025 03:48:17 +0000
ROA not before:           Wed 01 Jan 2025 03:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29028
IP address blocks:        195.20.143.0/24 maxlen: 24
                          195.22.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/631521-d4b7-4f10-8c06-87aa285f807c/1/z173qHDUsUjrHU9P5mbtUFSt6uw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/631521-d4b7-4f10-8c06-87aa285f807c/1/z173qHDUsUjrHU9P5mbtUFSt6uw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z173qHDUsUjrHU9P5mbtUFSt6uw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 12:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:7f:e3:8e:39:9c:cf:05:bd:a6:f0:76:fa:ad:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf5ef7a870d4b148eb1d4f4fe666ed5054adeaec
        Validity
            Not Before: Jan  1 03:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=791e447af6d9f9c00fd2b55d85731102ee91d835
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:79:a3:f0:69:31:1b:b6:b5:7c:9c:c3:f9:b6:
                    66:54:b7:70:0c:38:8c:c1:2c:aa:28:29:88:b0:c9:
                    ff:2e:77:81:6d:6b:6d:30:ed:9f:17:4b:a3:12:e4:
                    eb:59:99:06:81:65:8e:a8:24:5e:d0:d0:75:58:fd:
                    ed:cc:67:c1:f0:38:c3:19:9c:c4:16:a9:a6:0d:6a:
                    50:56:38:c0:bb:97:87:df:41:a3:2e:01:5b:6c:83:
                    da:a6:82:c6:3e:b1:f0:92:97:82:29:08:bb:ac:a6:
                    a6:3e:62:c3:a4:e3:7b:bb:77:a6:8b:06:b5:fe:71:
                    1c:8e:1f:af:80:31:41:0a:ad:d1:53:fc:70:11:af:
                    d4:dd:9b:4f:cf:83:0f:47:8e:e6:83:f1:43:7b:85:
                    c8:59:60:ca:a5:36:0e:fe:c2:55:79:7d:52:37:57:
                    f9:20:e9:7b:f1:95:a9:ba:5b:8d:cb:a8:cf:e7:18:
                    2a:af:5f:1d:bb:72:09:da:a3:c3:38:b2:0e:b5:45:
                    38:30:97:76:1a:5e:3a:c7:5b:71:f6:16:92:b2:47:
                    e8:99:83:c7:23:df:22:88:d0:40:75:5a:f8:36:f6:
                    7a:5b:6a:1d:d5:4d:51:cb:b0:d5:d4:75:4a:f0:ee:
                    dd:87:c8:37:77:17:49:4a:13:08:14:62:f3:89:64:
                    8e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:1E:44:7A:F6:D9:F9:C0:0F:D2:B5:5D:85:73:11:02:EE:91:D8:35
            X509v3 Authority Key Identifier:
                keyid:CF:5E:F7:A8:70:D4:B1:48:EB:1D:4F:4F:E6:66:ED:50:54:AD:EA:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z173qHDUsUjrHU9P5mbtUFSt6uw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/631521-d4b7-4f10-8c06-87aa285f807c/1/eR5EevbZ-cAP0rVdhXMRAu6R2DU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/631521-d4b7-4f10-8c06-87aa285f807c/1/z173qHDUsUjrHU9P5mbtUFSt6uw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.20.143.0/24
                  195.22.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:a3:30:07:64:62:49:ff:9e:c9:fd:63:21:7c:a9:0c:39:84:
         d8:e3:36:09:21:d4:c1:bc:37:89:fd:5c:40:a9:3a:76:82:43:
         ce:7d:be:d9:96:08:89:2c:31:35:38:8f:88:da:fa:c7:e1:6e:
         ae:4e:47:2a:e9:59:24:f1:51:4a:07:2c:51:bd:3e:2b:cf:1a:
         3b:a4:ab:1f:23:9d:3f:89:aa:03:25:cd:6f:1d:5f:07:90:cb:
         71:86:0b:11:1e:ab:b7:32:21:4a:e4:03:e7:d9:34:a3:be:7d:
         c7:31:8c:c6:33:a2:94:48:a6:47:74:83:76:74:f7:a4:ab:fb:
         5b:2e:0c:82:40:47:15:5e:6c:b7:b9:da:84:fc:0e:c6:92:fb:
         15:b6:62:46:08:71:d9:11:53:f8:54:39:16:bd:78:ad:d3:9b:
         95:96:3d:fb:c0:0f:6d:d2:25:80:b3:d6:af:99:56:98:41:8c:
         54:5e:cd:10:95:0f:71:dc:49:30:3b:f4:bb:83:8b:eb:69:ae:
         59:97:a3:eb:e4:43:6e:ec:96:9a:e4:1c:19:bc:a6:d2:65:0a:
         8b:fd:f1:70:58:0b:3f:6f:4b:ee:eb:6b:55:e7:27:87:90:a6:
         7e:3b:06:20:0a:ae:01:a0:43:e2:a1:cb:a4:10:ee:f9:d2:a9:
         56:8b:bd:b6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+n/jjjmczwW9pvB2+q1FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmNWVmN2E4NzBkNGIxNDhlYjFkNGY0ZmU2NjZlZDUwNTRh
ZGVhZWMwHhcNMjUwMTAxMDM0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTFlNDQ3YWY2ZDlmOWMwMGZkMmI1NWQ4NTczMTEwMmVlOTFkODM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxnmj8GkxG7a1fJzD+bZmVLdwDDiM
wSyqKCmIsMn/LneBbWttMO2fF0ujEuTrWZkGgWWOqCRe0NB1WP3tzGfB8DjDGZzE
FqmmDWpQVjjAu5eH30GjLgFbbIPapoLGPrHwkpeCKQi7rKamPmLDpON7u3emiwa1
/nEcjh+vgDFBCq3RU/xwEa/U3ZtPz4MPR47mg/FDe4XIWWDKpTYO/sJVeX1SN1f5
IOl78ZWpuluNy6jP5xgqr18du3IJ2qPDOLIOtUU4MJd2Gl46x1tx9haSskfomYPH
I98iiNBAdVr4NvZ6W2od1U1Ry7DV1HVK8O7dh8g3dxdJShMIFGLziWSOvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHkeRHr22fnAD9K1XYVzEQLukdg1MB8GA1UdIwQY
MBaAFM9e96hw1LFI6x1PT+Zm7VBUrersMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejE3M3FIRFVzVWpySFU5UDVtYnRVRlN0NnV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82MzE1MjEtZDRiNy00ZjEwLThjMDYt
ODdhYTI4NWY4MDdjLzEvZVI1RWV2YlotY0FQMHJWZGhYTVJBdTZSMkRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82MzE1MjEtZDRiNy00ZjEwLThjMDYtODdhYTI4NWY4MDdj
LzEvejE3M3FIRFVzVWpySFU5UDVtYnRVRlN0NnV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwxSPAwQA
wxZ6MA0GCSqGSIb3DQEBCwUAA4IBAQAyozAHZGJJ/57J/WMhfKkMOYTY4zYJIdTB
vDeJ/VxAqTp2gkPOfb7ZlgiJLDE1OI+I2vrH4W6uTkcq6Vkk8VFKByxRvT4rzxo7
pKsfI50/iaoDJc1vHV8HkMtxhgsRHqu3MiFK5APn2TSjvn3HMYzGM6KUSKZHdIN2
dPekq/tbLgyCQEcVXmy3udqE/A7GkvsVtmJGCHHZEVP4VDkWvXit05uVlj37wA9t
0iWAs9avmVaYQYxUXs0QlQ9x3EkwO/S7g4vraa5Zl6Pr5ENu7Jaa5BwZvKbSZQqL
/fFwWAs/b0vu62tV5yeHkKZ+OwYgCq4BoEPiocukEO750qlWi722
-----END CERTIFICATE-----