Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/oFZG6FuqcB6CEgUjG9AbuL9dAS0.roa
File:                     oFZG6FuqcB6CEgUjG9AbuL9dAS0.roa (raw, json)
Hash identifier:          UZD/yf7XHoNO7JDGnUu+XcMvM0jiJ1W2cL6Q6ekzwvE=
Subject key identifier:   A0:56:46:E8:5B:AA:70:1E:82:12:05:23:1B:D0:1B:B8:BF:5D:01:2D
Certificate issuer:       /CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
Certificate serial:       0194236A286723710F77B366AD551C475126
Authority key identifier: BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/oFZG6FuqcB6CEgUjG9AbuL9dAS0.roa
Signing time:             Wed 01 Jan 2025 19:49:07 +0000
ROA not before:           Wed 01 Jan 2025 19:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25537
IP address blocks:        195.24.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:28:67:23:71:0f:77:b3:66:ad:55:1c:47:51:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
        Validity
            Not Before: Jan  1 19:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a05646e85baa701e821205231bd01bb8bf5d012d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:4a:f7:12:1f:f3:4f:e1:79:f7:90:de:e5:ff:
                    92:96:0a:90:ae:7a:13:eb:0f:6f:2e:14:a5:9a:bc:
                    e9:a0:a9:a6:d6:db:b1:06:38:c1:5e:f3:9a:a1:20:
                    2f:cb:15:33:9a:ce:ee:e1:78:83:b0:8b:c6:8a:d0:
                    f1:47:39:75:cf:ed:e8:34:62:f4:1d:ce:20:f4:06:
                    72:b8:74:51:c2:c6:50:42:44:09:43:eb:a7:9c:1a:
                    58:8e:00:02:ff:5f:9b:30:2e:e0:13:fb:c3:8d:0e:
                    47:d2:e7:9c:20:69:49:85:ac:df:00:72:a4:41:73:
                    23:e7:dd:f2:8f:32:32:0b:ee:02:d0:99:fe:31:5c:
                    c7:36:b8:e5:7f:b6:6c:9d:f8:38:59:15:0f:0c:b3:
                    78:2a:9b:9b:86:15:6d:7a:b7:1c:03:3a:06:25:52:
                    2b:43:7e:e7:c4:c8:36:8f:00:81:e7:31:31:b3:40:
                    29:f5:81:5a:91:99:1f:fa:f1:4a:c2:e6:bf:d5:4b:
                    8e:34:02:05:b2:78:a9:18:71:17:18:81:1c:05:34:
                    a5:25:d7:b4:f8:a5:d9:65:76:92:de:65:13:22:af:
                    91:33:11:f1:17:6f:0e:ed:36:10:41:d3:ad:ef:0c:
                    31:e6:4a:87:96:df:f0:0f:a0:7c:8e:96:04:66:6e:
                    35:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:56:46:E8:5B:AA:70:1E:82:12:05:23:1B:D0:1B:B8:BF:5D:01:2D
            X509v3 Authority Key Identifier:
                keyid:BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/oFZG6FuqcB6CEgUjG9AbuL9dAS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.24.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:8e:7b:43:ab:c5:44:9a:4c:8b:ab:ce:0a:6d:87:b9:3d:4a:
         59:ad:05:7a:90:93:18:c8:ae:3b:9f:7d:f8:4e:f6:bc:0b:84:
         6e:60:95:f8:eb:b4:b5:20:88:dc:45:d7:d0:59:81:70:15:0a:
         7e:65:16:3e:d5:46:53:e7:4f:cc:0d:f0:01:4c:b7:19:79:c5:
         74:c5:7f:ba:f0:b3:0d:49:5a:0e:74:cd:dd:a1:af:63:76:cc:
         4a:b7:dd:6e:1c:e3:01:6d:f1:cf:0b:60:15:27:1f:36:86:4b:
         c8:40:74:13:34:7b:bd:c1:51:f0:c2:8a:a7:04:f1:39:5b:dc:
         0d:14:8f:5f:45:bb:de:1e:ce:2b:c0:80:30:75:6d:76:d4:f4:
         ae:37:b4:c4:83:fa:9c:47:b2:ea:b9:44:04:07:26:4d:8b:07:
         5c:0d:91:ee:a8:33:fe:80:c9:79:21:57:d8:88:b9:49:e8:d3:
         6a:03:76:97:87:fb:71:35:f7:10:1a:4e:1c:a0:94:d9:32:8e:
         41:50:a1:64:cb:54:02:32:cd:ac:7c:46:c3:b7:75:35:65:ad:
         08:0d:c9:ea:37:f8:e0:cd:b4:39:89:c8:2d:74:11:c8:a8:d2:
         64:04:a8:c1:19:1c:60:80:3f:d9:85:d3:1b:f3:3f:9d:ee:62:
         d3:99:85:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaihnI3EPd7NmrVUcR1EmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZmFkMjNlMTFjZjBkMjRhNDc3NTk0ZWJhMDlmOTlhY2M2
ZjFmZmYwHhcNMjUwMTAxMTk0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDU2NDZlODViYWE3MDFlODIxMjA1MjMxYmQwMWJiOGJmNWQwMTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEr3Eh/zT+F595De5f+SlgqQrnoT
6w9vLhSlmrzpoKmm1tuxBjjBXvOaoSAvyxUzms7u4XiDsIvGitDxRzl1z+3oNGL0
Hc4g9AZyuHRRwsZQQkQJQ+unnBpYjgAC/1+bMC7gE/vDjQ5H0uecIGlJhazfAHKk
QXMj593yjzIyC+4C0Jn+MVzHNrjlf7Zsnfg4WRUPDLN4KpubhhVterccAzoGJVIr
Q37nxMg2jwCB5zExs0Ap9YFakZkf+vFKwua/1UuONAIFsnipGHEXGIEcBTSlJde0
+KXZZXaS3mUTIq+RMxHxF28O7TYQQdOt7wwx5kqHlt/wD6B8jpYEZm41YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKBWRuhbqnAeghIFIxvQG7i/XQEtMB8GA1UdIwQY
MBaAFL360j4Rzw0kpHdZTroJ+ZrMbx//MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEt
NGY0ZTcxZTMyMDg0LzEvb0ZaRzZGdXFjQjZDRWdVakc5QWJ1TDlkQVMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEtNGY0ZTcxZTMyMDg0
LzEvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxhHMA0G
CSqGSIb3DQEBCwUAA4IBAQCfjntDq8VEmkyLq84KbYe5PUpZrQV6kJMYyK47n334
Tva8C4RuYJX467S1IIjcRdfQWYFwFQp+ZRY+1UZT50/MDfABTLcZecV0xX+68LMN
SVoOdM3doa9jdsxKt91uHOMBbfHPC2AVJx82hkvIQHQTNHu9wVHwwoqnBPE5W9wN
FI9fRbveHs4rwIAwdW121PSuN7TEg/qcR7LquUQEByZNiwdcDZHuqDP+gMl5IVfY
iLlJ6NNqA3aXh/txNfcQGk4coJTZMo5BUKFky1QCMs2sfEbDt3U1Za0IDcnqN/jg
zbQ5icgtdBHIqNJkBKjBGRxggD/ZhdMb8z+d7mLTmYWX
-----END CERTIFICATE-----