Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/e0cf43-e4c0-46f7-bde8-16fd5ba4f0e4/1/vZ7fLTwGe3pN0WsqPAfruHccdbk.roa
File:                     vZ7fLTwGe3pN0WsqPAfruHccdbk.roa (raw, json)
Hash identifier:          9g6hu0m8vRcGZRduasR5e4ncErGbwpEZrVb52EXejog=
Subject key identifier:   BD:9E:DF:2D:3C:06:7B:7A:4D:D1:6B:2A:3C:07:EB:B8:77:1C:75:B9
Certificate issuer:       /CN=495e500149ce8d71b9604b589e0c32fea07a98b8
Certificate serial:       018F0F757BC289111926A615C1D757095500
Authority key identifier: 49:5E:50:01:49:CE:8D:71:B9:60:4B:58:9E:0C:32:FE:A0:7A:98:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SV5QAUnOjXG5YEtYngwy_qB6mLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/e0cf43-e4c0-46f7-bde8-16fd5ba4f0e4/1/vZ7fLTwGe3pN0WsqPAfruHccdbk.roa
Signing time:             Wed 24 Apr 2024 09:35:08 +0000
ROA not before:           Wed 24 Apr 2024 09:35:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        195.182.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/e0cf43-e4c0-46f7-bde8-16fd5ba4f0e4/1/SV5QAUnOjXG5YEtYngwy_qB6mLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/e0cf43-e4c0-46f7-bde8-16fd5ba4f0e4/1/SV5QAUnOjXG5YEtYngwy_qB6mLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SV5QAUnOjXG5YEtYngwy_qB6mLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 12:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0f:75:7b:c2:89:11:19:26:a6:15:c1:d7:57:09:55:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=495e500149ce8d71b9604b589e0c32fea07a98b8
        Validity
            Not Before: Apr 24 09:35:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd9edf2d3c067b7a4dd16b2a3c07ebb8771c75b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:a1:c3:27:9e:09:9d:98:96:7e:9f:47:92:c3:
                    ca:5e:bc:e5:0f:aa:8f:81:09:ff:a1:59:50:0a:f0:
                    dc:3d:ea:99:9d:be:5d:b1:15:6e:6e:07:2d:b4:88:
                    19:74:60:ab:36:62:3e:60:90:4c:47:71:bb:0d:d9:
                    e5:23:df:4b:8a:86:e1:3d:46:5b:af:84:46:8b:fd:
                    71:64:af:93:a4:36:28:80:9c:73:5e:bb:5d:d1:d5:
                    a5:53:79:27:4a:ec:ea:93:d4:f5:d3:38:a0:5f:15:
                    26:75:46:14:09:79:d9:ff:2d:14:eb:c9:65:37:0a:
                    e6:e2:90:9b:b6:bb:b7:3d:b7:11:6c:6c:c8:79:24:
                    9b:1a:1d:d3:3f:83:e3:1a:d0:9f:3d:a3:47:6c:05:
                    31:7e:42:7a:e4:ec:b0:93:09:99:0d:cf:85:d7:15:
                    ee:55:7a:a4:58:ff:1b:5c:04:81:72:ae:b0:8c:2f:
                    1f:53:d8:d2:3d:96:c1:e4:26:49:ef:a7:c5:a4:a9:
                    5b:3b:35:05:12:05:08:45:7a:de:e2:51:df:da:a0:
                    38:a6:49:1e:05:5f:a3:25:5f:bb:34:95:2d:29:86:
                    fc:ef:bc:49:b4:8b:88:b7:ff:22:03:b2:c5:d3:2c:
                    9a:e9:ca:b4:b1:c1:61:21:d3:36:b4:69:7e:9a:fd:
                    fe:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:9E:DF:2D:3C:06:7B:7A:4D:D1:6B:2A:3C:07:EB:B8:77:1C:75:B9
            X509v3 Authority Key Identifier:
                keyid:49:5E:50:01:49:CE:8D:71:B9:60:4B:58:9E:0C:32:FE:A0:7A:98:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SV5QAUnOjXG5YEtYngwy_qB6mLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/e0cf43-e4c0-46f7-bde8-16fd5ba4f0e4/1/vZ7fLTwGe3pN0WsqPAfruHccdbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/e0cf43-e4c0-46f7-bde8-16fd5ba4f0e4/1/SV5QAUnOjXG5YEtYngwy_qB6mLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.182.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:84:d4:92:29:2b:66:f5:02:37:da:ca:3b:10:b9:d8:a5:80:
         f6:05:c7:49:b8:d2:c6:a3:47:b4:7c:d4:ef:0b:b8:b6:31:b9:
         e0:66:cb:dd:45:97:5c:a0:13:8e:05:92:06:fe:0b:3b:7a:e3:
         a8:b5:0d:5b:1f:07:2a:0b:b6:97:e4:26:c1:de:02:dd:a5:f3:
         98:e6:de:e7:d9:e6:c4:65:05:15:79:16:df:38:83:45:c5:b1:
         62:b6:c4:63:d9:1f:fa:ba:d0:cb:38:b1:55:aa:a8:2b:33:ed:
         55:df:eb:c7:13:98:e0:dc:a7:a6:bb:7f:a6:b0:f2:2f:2e:46:
         69:e8:9b:0a:ae:25:85:ef:cd:fc:2e:54:20:de:ff:7f:4e:40:
         9f:2f:9d:3d:9c:a0:4f:36:31:59:4c:14:07:39:fe:52:2f:6c:
         3c:1e:47:e8:e8:dd:7c:b0:bc:53:45:25:1f:e2:14:76:ca:17:
         ef:7c:41:05:60:0d:87:73:6f:62:c6:5c:9b:fb:09:2a:9d:fb:
         ad:ee:2c:87:58:04:26:b9:1a:ab:53:3f:13:e8:97:5c:03:5b:
         cd:c1:bc:05:f3:58:34:39:23:a5:a2:ad:3b:d8:de:ad:de:00:
         1a:b7:0f:db:7d:9e:7d:66:d1:4b:7b:dc:8e:75:48:c8:cb:d2:
         dd:cd:9c:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8PdXvCiREZJqYVwddXCVUAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5NWU1MDAxNDljZThkNzFiOTYwNGI1ODllMGMzMmZlYTA3
YTk4YjgwHhcNMjQwNDI0MDkzNTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDllZGYyZDNjMDY3YjdhNGRkMTZiMmEzYzA3ZWJiODc3MWM3NWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqHDJ54JnZiWfp9HksPKXrzlD6qP
gQn/oVlQCvDcPeqZnb5dsRVubgcttIgZdGCrNmI+YJBMR3G7DdnlI99LiobhPUZb
r4RGi/1xZK+TpDYogJxzXrtd0dWlU3knSuzqk9T10zigXxUmdUYUCXnZ/y0U68ll
Nwrm4pCbtru3PbcRbGzIeSSbGh3TP4PjGtCfPaNHbAUxfkJ65OywkwmZDc+F1xXu
VXqkWP8bXASBcq6wjC8fU9jSPZbB5CZJ76fFpKlbOzUFEgUIRXre4lHf2qA4pkke
BV+jJV+7NJUtKYb877xJtIuIt/8iA7LF0yya6cq0scFhIdM2tGl+mv3+xQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL2e3y08Bnt6TdFrKjwH67h3HHW5MB8GA1UdIwQY
MBaAFEleUAFJzo1xuWBLWJ4MMv6gepi4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1Y1UUFVbk9qWEc1WUV0WW5nd3lfcUI2bUxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9lMGNmNDMtZTRjMC00NmY3LWJkZTgt
MTZmZDViYTRmMGU0LzEvdlo3ZkxUd0dlM3BOMFdzcVBBZnJ1SGNjZGJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9lMGNmNDMtZTRjMC00NmY3LWJkZTgtMTZmZDViYTRmMGU0
LzEvU1Y1UUFVbk9qWEc1WUV0WW5nd3lfcUI2bUxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7YZMA0G
CSqGSIb3DQEBCwUAA4IBAQBkhNSSKStm9QI32so7ELnYpYD2BcdJuNLGo0e0fNTv
C7i2MbngZsvdRZdcoBOOBZIG/gs7euOotQ1bHwcqC7aX5CbB3gLdpfOY5t7n2ebE
ZQUVeRbfOINFxbFitsRj2R/6utDLOLFVqqgrM+1V3+vHE5jg3Kemu3+msPIvLkZp
6JsKriWF7838LlQg3v9/TkCfL509nKBPNjFZTBQHOf5SL2w8Hkfo6N18sLxTRSUf
4hR2yhfvfEEFYA2Hc29ixlyb+wkqnfut7iyHWAQmuRqrUz8T6JdcA1vNwbwF81g0
OSOloq072N6t3gAatw/bfZ59ZtFLe9yOdUjIy9LdzZy4
-----END CERTIFICATE-----