Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/f9f131-2ded-4754-884c-c9a80f53fc0e/1/xejEvq2_5yeDF0GwkZuRWsGYSWk.roa
File:                     xejEvq2_5yeDF0GwkZuRWsGYSWk.roa (raw, json)
Hash identifier:          yAHlAuK/EdK5itDCocTrcEIFy6ruqiXmp5QBNqW7iWg=
Subject key identifier:   C5:E8:C4:BE:AD:BF:E7:27:83:17:41:B0:91:9B:91:5A:C1:98:49:69
Certificate issuer:       /CN=58c3c43b444ca835cc76f4c4c3c639752ed1aa7b
Certificate serial:       01925138A2EA5F01DA8F19306B1D35D93BFC
Authority key identifier: 58:C3:C4:3B:44:4C:A8:35:CC:76:F4:C4:C3:C6:39:75:2E:D1:AA:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WMPEO0RMqDXMdvTEw8Y5dS7Rqns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/f9f131-2ded-4754-884c-c9a80f53fc0e/1/xejEvq2_5yeDF0GwkZuRWsGYSWk.roa
Signing time:             Thu 03 Oct 2024 07:11:59 +0000
ROA not before:           Thu 03 Oct 2024 07:11:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29331
IP address blocks:        195.149.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/f9f131-2ded-4754-884c-c9a80f53fc0e/1/WMPEO0RMqDXMdvTEw8Y5dS7Rqns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/f9f131-2ded-4754-884c-c9a80f53fc0e/1/WMPEO0RMqDXMdvTEw8Y5dS7Rqns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WMPEO0RMqDXMdvTEw8Y5dS7Rqns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:51:38:a2:ea:5f:01:da:8f:19:30:6b:1d:35:d9:3b:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58c3c43b444ca835cc76f4c4c3c639752ed1aa7b
        Validity
            Not Before: Oct  3 07:11:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5e8c4beadbfe727831741b0919b915ac1984969
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:ef:2a:fe:fb:c6:28:e4:e5:b4:bf:10:0d:3f:
                    01:1f:a8:08:00:0b:2e:a7:70:d1:e3:21:ae:93:db:
                    5d:2a:4a:a3:7b:71:ae:ce:6a:18:e2:6f:17:86:23:
                    99:1a:e8:36:5b:9d:c6:19:31:44:38:a5:e0:24:87:
                    3f:3e:46:77:b5:4c:16:0d:69:1e:3e:35:51:c1:4e:
                    d0:03:30:cc:9f:d8:75:ab:33:2c:9b:59:e1:a2:b3:
                    bf:33:2e:95:b8:96:cd:8e:b6:21:65:b6:14:6d:da:
                    ad:f1:8e:fc:ae:53:9a:d6:2a:8c:49:7f:4e:14:8e:
                    a5:d0:c8:d2:d0:be:eb:15:4b:7a:44:5c:0d:09:73:
                    a4:31:67:80:ec:5c:60:d7:99:e1:58:de:47:a7:46:
                    2b:0d:08:f6:86:69:d2:ec:4a:0a:c2:17:a8:d7:58:
                    e4:2f:e5:f0:47:a8:4e:5c:45:c0:b6:72:fa:64:56:
                    d6:03:d0:99:0c:34:e5:74:1f:b3:ae:5e:7e:c7:41:
                    49:97:ee:1a:15:47:26:73:d6:34:14:bc:33:08:ff:
                    ef:ac:58:68:a4:b4:b8:b4:4a:5b:32:c4:ed:d0:6f:
                    a4:09:e7:35:b5:a5:d8:f0:d8:50:a0:96:a5:ea:ee:
                    d0:f6:35:d8:e2:d4:2e:3a:38:ab:6c:4b:f3:09:95:
                    0a:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:E8:C4:BE:AD:BF:E7:27:83:17:41:B0:91:9B:91:5A:C1:98:49:69
            X509v3 Authority Key Identifier:
                keyid:58:C3:C4:3B:44:4C:A8:35:CC:76:F4:C4:C3:C6:39:75:2E:D1:AA:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WMPEO0RMqDXMdvTEw8Y5dS7Rqns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/f9f131-2ded-4754-884c-c9a80f53fc0e/1/xejEvq2_5yeDF0GwkZuRWsGYSWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/f9f131-2ded-4754-884c-c9a80f53fc0e/1/WMPEO0RMqDXMdvTEw8Y5dS7Rqns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.149.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:76:54:fe:d6:53:1c:b7:59:cc:90:a9:9c:2c:ee:6d:5a:c6:
         88:10:a7:28:fa:ba:c4:4b:ee:d2:30:0c:48:0a:30:27:8b:ba:
         74:35:00:8e:8a:69:14:93:b6:ce:2c:72:92:93:01:ea:7d:f9:
         27:08:e0:aa:e1:93:73:fa:d8:f5:76:8a:81:a6:cc:ec:a8:8d:
         79:83:e5:33:0e:0a:93:92:2a:4f:17:62:be:bb:b7:d0:3e:50:
         43:3a:b6:9c:a8:25:a3:2e:44:b4:03:35:40:e0:89:20:0a:7a:
         f6:f5:ed:f7:87:d8:2c:7f:af:ae:60:bc:06:e9:70:fe:9c:3a:
         c9:8a:f9:74:7b:e5:91:f2:ac:1c:f2:18:c5:cb:9b:b9:75:ca:
         2d:f0:a7:ad:bd:b1:b1:3f:d1:9f:f6:00:8d:4d:64:eb:89:df:
         c7:22:97:7f:11:a6:0c:41:cb:c8:e2:6f:c8:46:42:c9:a5:85:
         cf:fe:ac:48:fd:b5:46:6b:d7:10:8f:70:30:7b:d5:26:1f:4c:
         75:ed:3b:db:cd:f9:d8:ca:d5:70:82:43:a9:81:4d:de:cb:a8:
         5f:df:5d:58:89:3e:86:c9:eb:2d:03:30:af:1c:11:87:eb:18:
         30:f9:58:97:ce:4d:1f:bc:57:a9:5c:fb:d2:49:d8:c7:5c:88:
         c3:7e:5e:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJROKLqXwHajxkwax012Tv8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YzNjNDNiNDQ0Y2E4MzVjYzc2ZjRjNGMzYzYzOTc1MmVk
MWFhN2IwHhcNMjQxMDAzMDcxMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWU4YzRiZWFkYmZlNzI3ODMxNzQxYjA5MTliOTE1YWMxOTg0OTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2+8q/vvGKOTltL8QDT8BH6gIAAsu
p3DR4yGuk9tdKkqje3GuzmoY4m8XhiOZGug2W53GGTFEOKXgJIc/PkZ3tUwWDWke
PjVRwU7QAzDMn9h1qzMsm1nhorO/My6VuJbNjrYhZbYUbdqt8Y78rlOa1iqMSX9O
FI6l0MjS0L7rFUt6RFwNCXOkMWeA7Fxg15nhWN5Hp0YrDQj2hmnS7EoKwheo11jk
L+XwR6hOXEXAtnL6ZFbWA9CZDDTldB+zrl5+x0FJl+4aFUcmc9Y0FLwzCP/vrFho
pLS4tEpbMsTt0G+kCec1taXY8NhQoJal6u7Q9jXY4tQuOjirbEvzCZUKbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXoxL6tv+cngxdBsJGbkVrBmElpMB8GA1UdIwQY
MBaAFFjDxDtETKg1zHb0xMPGOXUu0ap7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV01QRU8wUk1xRFhNZHZURXc4WTVkUzdScW5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9mOWYxMzEtMmRlZC00NzU0LTg4NGMt
YzlhODBmNTNmYzBlLzEveGVqRXZxMl81eWVERjBHd2tadVJXc0dZU1drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9mOWYxMzEtMmRlZC00NzU0LTg4NGMtYzlhODBmNTNmYzBl
LzEvV01QRU8wUk1xRFhNZHZURXc4WTVkUzdScW5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5VOMA0G
CSqGSIb3DQEBCwUAA4IBAQBEdlT+1lMct1nMkKmcLO5tWsaIEKco+rrES+7SMAxI
CjAni7p0NQCOimkUk7bOLHKSkwHqffknCOCq4ZNz+tj1doqBpszsqI15g+UzDgqT
kipPF2K+u7fQPlBDOracqCWjLkS0AzVA4IkgCnr29e33h9gsf6+uYLwG6XD+nDrJ
ivl0e+WR8qwc8hjFy5u5dcot8KetvbGxP9Gf9gCNTWTrid/HIpd/EaYMQcvI4m/I
RkLJpYXP/qxI/bVGa9cQj3Awe9UmH0x17TvbzfnYytVwgkOpgU3ey6hf311YiT6G
yestAzCvHBGH6xgw+ViXzk0fvFepXPvSSdjHXIjDfl6t
-----END CERTIFICATE-----