Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/757eae-f439-4c50-969c-5b6d7bcf8081/1/2vSSEUGyoECcbr-T4y2ubbHraKg.roa
File:                     2vSSEUGyoECcbr-T4y2ubbHraKg.roa (raw, json)
Hash identifier:          B7WLa2ysTg94FsBb1jS1WwKUUvVr7kQqcY57g1dK/4s=
Subject key identifier:   DA:F4:92:11:41:B2:A0:40:9C:6E:BF:93:E3:2D:AE:6D:B1:EB:68:A8
Certificate issuer:       /CN=6a03e10b6ea3b8f362cfb23aef589c77771e7eca
Certificate serial:       019421B2508A88FFDBC4882246B1BDA840C6
Authority key identifier: 6A:03:E1:0B:6E:A3:B8:F3:62:CF:B2:3A:EF:58:9C:77:77:1E:7E:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/agPhC26juPNiz7I671icd3cefso.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/757eae-f439-4c50-969c-5b6d7bcf8081/1/2vSSEUGyoECcbr-T4y2ubbHraKg.roa
Signing time:             Wed 01 Jan 2025 11:48:41 +0000
ROA not before:           Wed 01 Jan 2025 11:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56798
IP address blocks:        195.114.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/757eae-f439-4c50-969c-5b6d7bcf8081/1/agPhC26juPNiz7I671icd3cefso.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/757eae-f439-4c50-969c-5b6d7bcf8081/1/agPhC26juPNiz7I671icd3cefso.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/agPhC26juPNiz7I671icd3cefso.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 20:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:50:8a:88:ff:db:c4:88:22:46:b1:bd:a8:40:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a03e10b6ea3b8f362cfb23aef589c77771e7eca
        Validity
            Not Before: Jan  1 11:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=daf4921141b2a0409c6ebf93e32dae6db1eb68a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:75:83:ec:4e:6d:b4:3f:4a:16:23:03:7c:00:
                    99:99:26:2a:0a:10:f7:28:b8:d3:f6:10:b3:08:f4:
                    48:1f:b9:db:ba:2f:90:c2:e1:7b:4f:b5:47:ea:75:
                    c9:7c:05:05:29:12:b8:38:3a:67:94:ef:01:99:30:
                    a5:7f:7a:53:74:10:65:47:29:f0:71:0f:93:7e:60:
                    7d:e6:4b:17:9b:3b:b9:08:fa:5b:f0:0d:85:dd:7a:
                    12:b1:45:33:76:3d:d7:74:b1:12:2b:eb:02:36:7f:
                    43:8c:b3:d4:91:0b:73:6c:31:56:5e:96:30:8e:a8:
                    e4:fa:be:b7:13:9e:ec:ab:c6:b9:6a:51:09:84:b6:
                    42:79:c5:3e:6b:e4:4f:1b:62:30:6b:1e:d5:85:5a:
                    15:7f:27:b0:cd:47:0b:1e:49:0a:4b:0b:99:77:9c:
                    0e:86:f9:ec:f3:96:89:d2:ca:ef:dc:ac:85:79:6d:
                    68:cf:37:e9:b1:ae:30:dc:32:6b:5e:83:a2:a6:d9:
                    b9:40:4e:ed:cb:17:fe:1d:42:97:0b:bd:f2:ec:6b:
                    4f:ea:e9:c4:71:0f:7b:4b:ae:c4:9c:a9:9d:98:20:
                    cd:7c:87:72:53:06:ba:6e:dc:7d:a9:93:32:7b:15:
                    2a:6e:83:aa:63:e5:87:80:2e:94:45:5b:ee:22:af:
                    ee:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:F4:92:11:41:B2:A0:40:9C:6E:BF:93:E3:2D:AE:6D:B1:EB:68:A8
            X509v3 Authority Key Identifier:
                keyid:6A:03:E1:0B:6E:A3:B8:F3:62:CF:B2:3A:EF:58:9C:77:77:1E:7E:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/agPhC26juPNiz7I671icd3cefso.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/757eae-f439-4c50-969c-5b6d7bcf8081/1/2vSSEUGyoECcbr-T4y2ubbHraKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/757eae-f439-4c50-969c-5b6d7bcf8081/1/agPhC26juPNiz7I671icd3cefso.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.114.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:85:cb:f0:2d:19:33:1f:17:1b:5c:ab:41:0f:46:a5:19:48:
         51:b1:6b:6d:9e:b5:d8:64:21:61:96:34:f2:2a:ad:f5:57:87:
         c5:99:0e:fc:4d:c6:fb:40:1b:9e:1d:c3:ba:01:a5:6d:b9:22:
         90:53:36:b4:bf:6a:97:bc:c5:91:bf:f2:a2:88:09:f2:d3:99:
         e1:02:7a:db:07:90:9a:ab:19:c9:4a:4c:14:7e:a7:e5:03:e3:
         11:2d:8a:0b:a8:a2:b2:00:19:07:10:27:51:19:17:71:3a:e3:
         94:c2:06:8a:aa:70:7e:00:aa:62:5c:3d:53:dc:51:31:f3:8d:
         34:39:1d:d8:47:f5:29:2f:2e:18:11:0c:b9:ee:60:31:79:4c:
         d0:ce:a4:5f:d3:8d:07:1c:f3:99:3d:a0:51:bd:a2:eb:d9:8b:
         64:26:c3:53:6c:e1:ac:15:de:62:6d:20:0c:d1:0a:85:d5:47:
         7b:ea:f5:df:c4:02:47:15:70:6d:fe:39:a7:76:c8:ab:6e:6e:
         53:5c:ec:5f:51:55:e4:a2:6d:25:24:e7:9a:03:5e:49:39:27:
         ed:f0:f9:92:39:f4:33:af:f3:5a:9e:3c:de:54:16:20:18:41:
         03:43:a2:35:fb:5c:85:e7:95:cc:6b:fb:f3:1a:6e:42:8d:73:
         92:c7:9d:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhslCKiP/bxIgiRrG9qEDGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhMDNlMTBiNmVhM2I4ZjM2MmNmYjIzYWVmNTg5Yzc3Nzcx
ZTdlY2EwHhcNMjUwMTAxMTE0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWY0OTIxMTQxYjJhMDQwOWM2ZWJmOTNlMzJkYWU2ZGIxZWI2OGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXWD7E5ttD9KFiMDfACZmSYqChD3
KLjT9hCzCPRIH7nbui+QwuF7T7VH6nXJfAUFKRK4ODpnlO8BmTClf3pTdBBlRynw
cQ+TfmB95ksXmzu5CPpb8A2F3XoSsUUzdj3XdLESK+sCNn9DjLPUkQtzbDFWXpYw
jqjk+r63E57sq8a5alEJhLZCecU+a+RPG2Iwax7VhVoVfyewzUcLHkkKSwuZd5wO
hvns85aJ0srv3KyFeW1ozzfpsa4w3DJrXoOiptm5QE7tyxf+HUKXC73y7GtP6unE
cQ97S67EnKmdmCDNfIdyUwa6btx9qZMyexUqboOqY+WHgC6URVvuIq/u3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNr0khFBsqBAnG6/k+Mtrm2x62ioMB8GA1UdIwQY
MBaAFGoD4Qtuo7jzYs+yOu9YnHd3Hn7KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWdQaEMyNmp1UE5pejdJNjcxaWNkM2NlZnNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS83NTdlYWUtZjQzOS00YzUwLTk2OWMt
NWI2ZDdiY2Y4MDgxLzEvMnZTU0VVR3lvRUNjYnItVDR5MnViYkhyYUtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS83NTdlYWUtZjQzOS00YzUwLTk2OWMtNWI2ZDdiY2Y4MDgx
LzEvYWdQaEMyNmp1UE5pejdJNjcxaWNkM2NlZnNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw3J9MA0G
CSqGSIb3DQEBCwUAA4IBAQCohcvwLRkzHxcbXKtBD0alGUhRsWttnrXYZCFhljTy
Kq31V4fFmQ78Tcb7QBueHcO6AaVtuSKQUza0v2qXvMWRv/KiiAny05nhAnrbB5Ca
qxnJSkwUfqflA+MRLYoLqKKyABkHECdRGRdxOuOUwgaKqnB+AKpiXD1T3FEx8400
OR3YR/UpLy4YEQy57mAxeUzQzqRf040HHPOZPaBRvaLr2YtkJsNTbOGsFd5ibSAM
0QqF1Ud76vXfxAJHFXBt/jmndsirbm5TXOxfUVXkom0lJOeaA15JOSft8PmSOfQz
r/NanjzeVBYgGEEDQ6I1+1yF55XMa/vzGm5CjXOSx52g
-----END CERTIFICATE-----