Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/ac7949-a1ca-47f4-b393-2bf34c5262e7/1/rEJUWBjq_sWfsa1cNiXjG-c5ovw.roa
File:                     rEJUWBjq_sWfsa1cNiXjG-c5ovw.roa (raw, json)
Hash identifier:          ZZH1S0+UsBnMa9sS+gXeBGEXEb7GWoo4AFZx2+gdykk=
Subject key identifier:   AC:42:54:58:18:EA:FE:C5:9F:B1:AD:5C:36:25:E3:1B:E7:39:A2:FC
Certificate issuer:       /CN=3cff1f2b1175f0605d025e51017369c1ca8b1a46
Certificate serial:       019420D5F8F1B82839649D38B94C8254ED64
Authority key identifier: 3C:FF:1F:2B:11:75:F0:60:5D:02:5E:51:01:73:69:C1:CA:8B:1A:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PP8fKxF18GBdAl5RAXNpwcqLGkY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/ac7949-a1ca-47f4-b393-2bf34c5262e7/1/rEJUWBjq_sWfsa1cNiXjG-c5ovw.roa
Signing time:             Wed 01 Jan 2025 07:48:01 +0000
ROA not before:           Wed 01 Jan 2025 07:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12803
IP address blocks:        195.200.250.0/24 maxlen: 24
                          195.200.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/ac7949-a1ca-47f4-b393-2bf34c5262e7/1/PP8fKxF18GBdAl5RAXNpwcqLGkY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/ac7949-a1ca-47f4-b393-2bf34c5262e7/1/PP8fKxF18GBdAl5RAXNpwcqLGkY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PP8fKxF18GBdAl5RAXNpwcqLGkY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:f8:f1:b8:28:39:64:9d:38:b9:4c:82:54:ed:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cff1f2b1175f0605d025e51017369c1ca8b1a46
        Validity
            Not Before: Jan  1 07:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac42545818eafec59fb1ad5c3625e31be739a2fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:2c:41:50:ac:6f:0f:88:11:19:d0:06:63:c3:
                    29:89:ed:a0:66:58:ca:1f:e8:c4:c6:e0:dc:87:d7:
                    b2:64:11:5a:6a:54:45:ed:67:80:cb:3a:40:f4:bc:
                    31:6d:58:5e:a9:92:c0:0c:08:36:63:5a:d7:a8:d1:
                    ef:86:13:d6:2f:1e:81:dd:82:dc:43:05:cc:69:02:
                    d9:35:a1:de:62:0b:67:fa:b4:aa:aa:44:77:c7:09:
                    15:cd:ab:3a:a1:cc:8f:8b:cf:32:a9:dd:d4:9f:77:
                    f0:7c:92:a8:d0:fc:ae:db:f0:9d:1f:20:34:fb:05:
                    c8:14:e7:34:a8:a5:c2:91:4f:e2:b9:d5:cf:0d:da:
                    a2:1c:6f:f1:7e:3e:56:33:62:24:f7:e4:96:b4:fc:
                    e3:9e:1a:00:8c:ba:76:df:58:88:e6:56:f2:bc:37:
                    33:7f:11:fa:3b:17:0a:58:f8:88:7c:da:fd:10:43:
                    2e:6a:9c:16:12:66:9b:20:ef:fc:b1:0e:63:d1:6d:
                    05:ea:ab:23:71:7b:03:05:04:11:47:91:ef:ef:d3:
                    eb:8a:ae:65:71:30:e2:f2:78:91:fa:a5:03:bd:ad:
                    43:36:79:08:0b:d7:b6:80:be:2c:da:dd:ba:42:3c:
                    8e:a8:18:7e:cf:06:72:44:6f:91:8a:b4:65:73:ee:
                    c0:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:42:54:58:18:EA:FE:C5:9F:B1:AD:5C:36:25:E3:1B:E7:39:A2:FC
            X509v3 Authority Key Identifier:
                keyid:3C:FF:1F:2B:11:75:F0:60:5D:02:5E:51:01:73:69:C1:CA:8B:1A:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PP8fKxF18GBdAl5RAXNpwcqLGkY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/ac7949-a1ca-47f4-b393-2bf34c5262e7/1/rEJUWBjq_sWfsa1cNiXjG-c5ovw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/ac7949-a1ca-47f4-b393-2bf34c5262e7/1/PP8fKxF18GBdAl5RAXNpwcqLGkY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.200.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:53:38:41:92:19:67:93:f2:95:6d:79:0d:7f:34:39:80:d7:
         cd:44:ed:59:ae:3c:be:51:2b:f4:f5:1c:34:02:ef:e6:e8:e2:
         d2:18:ff:1c:f3:ef:15:08:29:6c:ab:c2:21:2e:05:00:8e:9f:
         2d:97:0e:65:06:f0:3b:6d:0e:cc:71:4f:f2:96:cb:cb:57:bc:
         e3:fe:70:53:28:9d:8a:65:64:fd:5f:d7:cf:a7:83:25:d1:b9:
         f1:bd:de:c2:f6:63:12:7a:69:1b:c2:0c:b4:14:3c:75:eb:4c:
         b1:99:51:74:2a:1d:ed:13:41:9f:1d:19:a6:a1:2a:95:1e:05:
         7b:37:de:0f:21:01:b8:32:4f:91:82:e4:67:48:bc:22:32:69:
         9f:3b:87:d8:16:6f:84:9b:30:10:a7:4a:7c:ef:99:17:55:cb:
         98:28:e7:29:87:00:75:a2:f4:3f:5c:88:b8:15:b9:58:d1:5e:
         89:bd:0b:11:dd:ce:ee:0a:75:8b:f6:d7:d7:1f:0f:db:7e:3f:
         e2:34:ab:b7:00:23:01:9e:43:17:8f:ea:c3:e3:6b:42:36:7c:
         a8:fc:92:77:81:99:97:6c:3c:57:3d:48:76:e4:93:b0:b3:62:
         8d:2d:8b:98:e9:49:69:10:42:e2:d7:a3:d5:0c:12:23:ee:f9:
         15:1e:d5:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1fjxuCg5ZJ04uUyCVO1kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjZmYxZjJiMTE3NWYwNjA1ZDAyNWU1MTAxNzM2OWMxY2E4
YjFhNDYwHhcNMjUwMTAxMDc0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzQyNTQ1ODE4ZWFmZWM1OWZiMWFkNWMzNjI1ZTMxYmU3MzlhMmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlixBUKxvD4gRGdAGY8Mpie2gZljK
H+jExuDch9eyZBFaalRF7WeAyzpA9LwxbVheqZLADAg2Y1rXqNHvhhPWLx6B3YLc
QwXMaQLZNaHeYgtn+rSqqkR3xwkVzas6ocyPi88yqd3Un3fwfJKo0Pyu2/CdHyA0
+wXIFOc0qKXCkU/iudXPDdqiHG/xfj5WM2Ik9+SWtPzjnhoAjLp231iI5lbyvDcz
fxH6OxcKWPiIfNr9EEMuapwWEmabIO/8sQ5j0W0F6qsjcXsDBQQRR5Hv79Priq5l
cTDi8niR+qUDva1DNnkIC9e2gL4s2t26QjyOqBh+zwZyRG+RirRlc+7A7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKxCVFgY6v7Fn7GtXDYl4xvnOaL8MB8GA1UdIwQY
MBaAFDz/HysRdfBgXQJeUQFzacHKixpGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFA4Zkt4RjE4R0JkQWw1UkFYTnB3Y3FMR2tZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9hYzc5NDktYTFjYS00N2Y0LWIzOTMt
MmJmMzRjNTI2MmU3LzEvckVKVVdCanFfc1dmc2ExY05pWGpHLWM1b3Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9hYzc5NDktYTFjYS00N2Y0LWIzOTMtMmJmMzRjNTI2MmU3
LzEvUFA4Zkt4RjE4R0JkQWw1UkFYTnB3Y3FMR2tZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw8j6MA0G
CSqGSIb3DQEBCwUAA4IBAQAKUzhBkhlnk/KVbXkNfzQ5gNfNRO1Zrjy+USv09Rw0
Au/m6OLSGP8c8+8VCClsq8IhLgUAjp8tlw5lBvA7bQ7McU/ylsvLV7zj/nBTKJ2K
ZWT9X9fPp4Ml0bnxvd7C9mMSemkbwgy0FDx160yxmVF0Kh3tE0GfHRmmoSqVHgV7
N94PIQG4Mk+RguRnSLwiMmmfO4fYFm+EmzAQp0p875kXVcuYKOcphwB1ovQ/XIi4
FblY0V6JvQsR3c7uCnWL9tfXHw/bfj/iNKu3ACMBnkMXj+rD42tCNnyo/JJ3gZmX
bDxXPUh25JOws2KNLYuY6UlpEELi16PVDBIj7vkVHtUz
-----END CERTIFICATE-----