Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/e0cf43-e4c0-46f7-bde8-16fd5ba4f0e4/1/MS0JYHiwGaa9m4Dpe1xVefysv6A.roa
File:                     MS0JYHiwGaa9m4Dpe1xVefysv6A.roa (raw, json)
Hash identifier:          kqb1ibrSkIqNLR48AW26qqkPyUPXvsNXAKPUzOFD6mo=
Subject key identifier:   31:2D:09:60:78:B0:19:A6:BD:9B:80:E9:7B:5C:55:79:FC:AC:BF:A0
Certificate issuer:       /CN=495e500149ce8d71b9604b589e0c32fea07a98b8
Certificate serial:       0190FA9C494F876F212164CF65017D750D7F
Authority key identifier: 49:5E:50:01:49:CE:8D:71:B9:60:4B:58:9E:0C:32:FE:A0:7A:98:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SV5QAUnOjXG5YEtYngwy_qB6mLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/e0cf43-e4c0-46f7-bde8-16fd5ba4f0e4/1/MS0JYHiwGaa9m4Dpe1xVefysv6A.roa
Signing time:             Sun 28 Jul 2024 18:31:04 +0000
ROA not before:           Sun 28 Jul 2024 18:31:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49581
IP address blocks:        195.182.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/e0cf43-e4c0-46f7-bde8-16fd5ba4f0e4/1/SV5QAUnOjXG5YEtYngwy_qB6mLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/e0cf43-e4c0-46f7-bde8-16fd5ba4f0e4/1/SV5QAUnOjXG5YEtYngwy_qB6mLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SV5QAUnOjXG5YEtYngwy_qB6mLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:fa:9c:49:4f:87:6f:21:21:64:cf:65:01:7d:75:0d:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=495e500149ce8d71b9604b589e0c32fea07a98b8
        Validity
            Not Before: Jul 28 18:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=312d096078b019a6bd9b80e97b5c5579fcacbfa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d9:cf:af:e3:a3:05:12:41:8b:eb:d2:1c:8a:
                    c8:d8:b7:13:c6:d3:8e:84:96:37:c4:01:67:2b:35:
                    f5:c5:4c:20:8a:b2:d7:92:97:68:38:24:47:d5:34:
                    5d:39:c2:34:a2:ce:63:69:60:35:5e:5d:40:0f:b9:
                    c4:21:62:34:cb:31:53:cb:d1:f9:09:46:09:91:9f:
                    64:77:5c:f9:5e:71:9b:7b:72:e7:94:4f:92:f8:cc:
                    8d:1d:63:8e:54:34:84:94:02:f8:0c:41:27:00:e0:
                    e4:bb:eb:00:ac:13:d8:68:3e:10:e6:4a:13:9f:58:
                    00:6a:d7:87:ba:a0:87:7e:53:9f:ca:ba:5b:47:7e:
                    d0:1d:be:8e:1f:8b:be:4c:91:dd:72:81:fc:89:96:
                    8b:b6:dc:c7:b4:fc:6a:a8:5d:83:cd:3e:7e:d8:57:
                    53:2e:00:71:4d:bb:71:78:9c:97:af:ed:96:90:89:
                    e5:78:95:29:7c:81:cd:2a:02:0a:a6:7b:02:cb:2b:
                    d4:27:e0:3f:d6:b8:4b:2c:f7:29:7d:54:c9:b1:20:
                    b3:9f:d3:65:84:ab:cc:73:90:8a:dd:e0:fc:42:ed:
                    12:2b:51:68:cb:d0:9a:5c:a0:de:2e:60:83:a5:e0:
                    30:6f:aa:67:cc:43:5c:bc:f9:e9:e9:4d:49:68:04:
                    62:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:2D:09:60:78:B0:19:A6:BD:9B:80:E9:7B:5C:55:79:FC:AC:BF:A0
            X509v3 Authority Key Identifier:
                keyid:49:5E:50:01:49:CE:8D:71:B9:60:4B:58:9E:0C:32:FE:A0:7A:98:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SV5QAUnOjXG5YEtYngwy_qB6mLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/e0cf43-e4c0-46f7-bde8-16fd5ba4f0e4/1/MS0JYHiwGaa9m4Dpe1xVefysv6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/e0cf43-e4c0-46f7-bde8-16fd5ba4f0e4/1/SV5QAUnOjXG5YEtYngwy_qB6mLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.182.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:eb:2e:89:bc:f2:b3:94:52:8a:4c:af:55:c2:c5:bf:e1:c5:
         f2:0f:6d:2e:c5:0c:ac:15:6c:ec:36:cd:b6:83:e8:a5:df:3d:
         7c:46:55:b2:bd:11:6a:e6:ca:06:35:ad:43:54:2b:52:2d:3e:
         f6:de:f4:d4:29:e6:e2:39:bc:58:e3:3c:91:45:65:27:d8:cb:
         12:f3:37:35:5f:51:12:b2:18:ab:95:87:94:75:eb:32:eb:ee:
         f2:26:ca:73:dd:95:56:ab:e7:48:05:de:d9:dc:f9:bd:a0:28:
         2c:4c:09:4f:b7:af:39:7d:39:f4:49:9b:ff:31:98:02:d4:f0:
         e6:07:0d:e0:e6:3e:3a:2f:52:23:43:38:da:48:b3:d8:4f:4d:
         41:b0:fc:1e:fe:f5:87:35:16:0a:7b:fd:55:d6:f1:71:de:5b:
         be:6d:ed:c8:22:b2:75:1c:0b:51:56:56:ca:a0:f7:36:6b:6f:
         54:34:2f:c9:ce:ca:70:76:68:8a:37:7b:4c:84:1c:66:df:34:
         38:10:da:e4:43:bc:85:b4:44:64:a3:04:c0:41:8b:b9:50:f9:
         8d:7b:09:38:77:60:b7:39:e6:91:31:73:db:5f:1c:8b:4b:45:
         77:64:d9:9a:d8:17:7f:9b:04:b5:7a:be:98:ca:a4:9e:7f:c2:
         7a:76:7e:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZD6nElPh28hIWTPZQF9dQ1/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5NWU1MDAxNDljZThkNzFiOTYwNGI1ODllMGMzMmZlYTA3
YTk4YjgwHhcNMjQwNzI4MTgzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTJkMDk2MDc4YjAxOWE2YmQ5YjgwZTk3YjVjNTU3OWZjYWNiZmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9nPr+OjBRJBi+vSHIrI2LcTxtOO
hJY3xAFnKzX1xUwgirLXkpdoOCRH1TRdOcI0os5jaWA1Xl1AD7nEIWI0yzFTy9H5
CUYJkZ9kd1z5XnGbe3LnlE+S+MyNHWOOVDSElAL4DEEnAODku+sArBPYaD4Q5koT
n1gAateHuqCHflOfyrpbR37QHb6OH4u+TJHdcoH8iZaLttzHtPxqqF2DzT5+2FdT
LgBxTbtxeJyXr+2WkInleJUpfIHNKgIKpnsCyyvUJ+A/1rhLLPcpfVTJsSCzn9Nl
hKvMc5CK3eD8Qu0SK1Foy9CaXKDeLmCDpeAwb6pnzENcvPnp6U1JaARiUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDEtCWB4sBmmvZuA6XtcVXn8rL+gMB8GA1UdIwQY
MBaAFEleUAFJzo1xuWBLWJ4MMv6gepi4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1Y1UUFVbk9qWEc1WUV0WW5nd3lfcUI2bUxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9lMGNmNDMtZTRjMC00NmY3LWJkZTgt
MTZmZDViYTRmMGU0LzEvTVMwSllIaXdHYWE5bTREcGUxeFZlZnlzdjZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9lMGNmNDMtZTRjMC00NmY3LWJkZTgtMTZmZDViYTRmMGU0
LzEvU1Y1UUFVbk9qWEc1WUV0WW5nd3lfcUI2bUxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7YZMA0G
CSqGSIb3DQEBCwUAA4IBAQBt6y6JvPKzlFKKTK9VwsW/4cXyD20uxQysFWzsNs22
g+il3z18RlWyvRFq5soGNa1DVCtSLT723vTUKebiObxY4zyRRWUn2MsS8zc1X1ES
shirlYeUdesy6+7yJspz3ZVWq+dIBd7Z3Pm9oCgsTAlPt685fTn0SZv/MZgC1PDm
Bw3g5j46L1IjQzjaSLPYT01BsPwe/vWHNRYKe/1V1vFx3lu+be3IIrJ1HAtRVlbK
oPc2a29UNC/JzspwdmiKN3tMhBxm3zQ4ENrkQ7yFtERkowTAQYu5UPmNewk4d2C3
OeaRMXPbXxyLS0V3ZNma2Bd/mwS1er6YyqSef8J6dn4N
-----END CERTIFICATE-----