Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/Um1PZhGXZ7KzU5zkJ2mBWgRYing.roa
File:                     Um1PZhGXZ7KzU5zkJ2mBWgRYing.roa (raw, json)
Hash identifier:          r8yw/kx6PR2QiDWv/zH9T6r2Gmbp9EAyZ7zdCGmWEQY=
Subject key identifier:   52:6D:4F:66:11:97:67:B2:B3:53:9C:E4:27:69:81:5A:04:58:8A:78
Certificate issuer:       /CN=25776c77f8ebe7094ca007ace1a9c0bfdc2b3aec
Certificate serial:       019423D74780B258FD77204BDC23A63E112A
Authority key identifier: 25:77:6C:77:F8:EB:E7:09:4C:A0:07:AC:E1:A9:C0:BF:DC:2B:3A:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/Um1PZhGXZ7KzU5zkJ2mBWgRYing.roa
Signing time:             Wed 01 Jan 2025 21:48:18 +0000
ROA not before:           Wed 01 Jan 2025 21:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     133865
IP address blocks:        193.118.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 12:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:47:80:b2:58:fd:77:20:4b:dc:23:a6:3e:11:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25776c77f8ebe7094ca007ace1a9c0bfdc2b3aec
        Validity
            Not Before: Jan  1 21:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=526d4f66119767b2b3539ce42769815a04588a78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:aa:28:e7:ee:52:41:fa:ec:ce:86:61:4b:cb:
                    b4:58:30:74:89:94:ec:b3:e2:b8:16:0a:3a:5d:3f:
                    c8:bb:3c:f2:8e:0b:91:c3:96:d8:c6:53:78:de:99:
                    90:ef:9d:16:c2:08:ef:47:1e:93:32:82:df:8a:f3:
                    67:a4:07:73:c3:94:e6:dc:c4:da:10:ba:5e:3e:08:
                    32:92:a3:5d:75:db:ec:ce:ad:20:30:2c:9d:6a:2c:
                    42:0f:b4:a5:c9:ab:25:4a:51:bf:ab:19:59:4f:f6:
                    63:b9:c7:ff:8d:45:5a:68:00:ea:4a:59:aa:8b:25:
                    ae:7e:b5:52:81:8b:32:9e:ff:5c:fc:b1:a5:cb:d4:
                    e9:98:89:35:ae:a3:ca:2d:5f:1f:26:44:fd:50:13:
                    93:83:12:1c:d7:a7:9b:a5:a1:41:2b:32:ab:36:45:
                    7e:ff:df:29:c2:83:45:1d:a0:8c:28:9e:a8:0e:34:
                    e6:6e:0c:dd:b2:c1:46:89:f6:57:8b:78:0f:12:a5:
                    3d:5f:3a:25:02:b7:19:e9:bd:9e:4c:3f:13:0a:38:
                    b2:52:4d:cf:95:19:01:e4:bc:31:26:e1:4f:1a:7a:
                    f9:6b:ce:1d:69:8b:eb:32:43:bb:53:d7:f2:bc:67:
                    64:11:99:71:44:b4:b7:3b:49:a2:c8:86:f4:bb:16:
                    1c:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:6D:4F:66:11:97:67:B2:B3:53:9C:E4:27:69:81:5A:04:58:8A:78
            X509v3 Authority Key Identifier:
                keyid:25:77:6C:77:F8:EB:E7:09:4C:A0:07:AC:E1:A9:C0:BF:DC:2B:3A:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/Um1PZhGXZ7KzU5zkJ2mBWgRYing.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.118.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:a4:a5:44:45:7d:f8:ff:ce:58:95:f4:06:c9:d4:4c:a0:95:
         b9:0c:c8:73:a6:33:71:90:95:02:94:86:a3:1a:18:90:2d:81:
         ab:3a:bd:e1:45:bb:2a:39:79:6e:74:9b:76:ee:4e:8d:b8:20:
         78:68:6e:8b:b1:a0:fb:8a:60:3a:27:3a:b9:b2:e4:9e:80:3d:
         06:41:93:b6:e2:db:13:86:6d:9c:be:ae:99:c4:51:a7:63:eb:
         9e:35:21:7a:b1:1f:35:11:99:ed:52:a9:73:68:af:56:0c:83:
         cf:1d:ea:f1:0d:a4:67:04:79:33:01:a5:3e:94:ef:24:58:ff:
         16:ae:76:a5:21:e2:6f:27:d3:bc:fd:a1:8c:4a:66:49:8d:99:
         a9:51:ad:95:b0:62:87:42:06:dc:4b:87:ee:3c:3a:df:da:4b:
         05:3c:08:eb:72:a1:69:f4:36:bc:da:ca:4f:d3:97:94:37:34:
         65:46:90:0f:28:eb:c6:5b:43:7e:75:91:20:c2:bc:07:14:44:
         10:ac:51:31:a2:39:2a:c8:4f:1f:86:38:c9:8f:41:5a:2e:a7:
         cf:56:d2:17:0b:f0:2c:7a:f9:38:c6:22:b3:9e:81:4f:a0:4d:
         cc:f4:0e:a5:22:d0:cc:48:75:f5:bc:ca:34:90:24:28:7f:2b:
         d7:04:2a:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj10eAslj9dyBL3COmPhEqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1Nzc2Yzc3ZjhlYmU3MDk0Y2EwMDdhY2UxYTljMGJmZGMy
YjNhZWMwHhcNMjUwMTAxMjE0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjZkNGY2NjExOTc2N2IyYjM1MzljZTQyNzY5ODE1YTA0NTg4YTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjqoo5+5SQfrszoZhS8u0WDB0iZTs
s+K4Fgo6XT/IuzzyjguRw5bYxlN43pmQ750WwgjvRx6TMoLfivNnpAdzw5Tm3MTa
ELpePggykqNdddvszq0gMCydaixCD7SlyaslSlG/qxlZT/Zjucf/jUVaaADqSlmq
iyWufrVSgYsynv9c/LGly9TpmIk1rqPKLV8fJkT9UBOTgxIc16ebpaFBKzKrNkV+
/98pwoNFHaCMKJ6oDjTmbgzdssFGifZXi3gPEqU9XzolArcZ6b2eTD8TCjiyUk3P
lRkB5LwxJuFPGnr5a84daYvrMkO7U9fyvGdkEZlxRLS3O0miyIb0uxYcwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFJtT2YRl2eys1Oc5CdpgVoEWIp4MB8GA1UdIwQY
MBaAFCV3bHf46+cJTKAHrOGpwL/cKzrsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlhkc2RfanI1d2xNb0FlczRhbkF2OXdyT3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS81N2UwOGMtY2EzYS00MDk5LWFlNzQt
ZTdkYWVjMTk0YTY5LzEvVW0xUFpoR1haN0t6VTV6a0oybUJXZ1JZaW5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS81N2UwOGMtY2EzYS00MDk5LWFlNzQtZTdkYWVjMTk0YTY5
LzEvSlhkc2RfanI1d2xNb0FlczRhbkF2OXdyT3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXYhMA0G
CSqGSIb3DQEBCwUAA4IBAQCWpKVERX34/85YlfQGydRMoJW5DMhzpjNxkJUClIaj
GhiQLYGrOr3hRbsqOXludJt27k6NuCB4aG6LsaD7imA6Jzq5suSegD0GQZO24tsT
hm2cvq6ZxFGnY+ueNSF6sR81EZntUqlzaK9WDIPPHerxDaRnBHkzAaU+lO8kWP8W
rnalIeJvJ9O8/aGMSmZJjZmpUa2VsGKHQgbcS4fuPDrf2ksFPAjrcqFp9Da82spP
05eUNzRlRpAPKOvGW0N+dZEgwrwHFEQQrFExojkqyE8fhjjJj0FaLqfPVtIXC/As
evk4xiKznoFPoE3M9A6lItDMSHX1vMo0kCQofyvXBCpS
-----END CERTIFICATE-----