Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/5a7731-ef54-4501-86f4-98e9e2510bb6/1/DAprp1jU9mjWeTMQ4zqYWAlF99E.roa
File:                     DAprp1jU9mjWeTMQ4zqYWAlF99E.roa (raw, json)
Hash identifier:          5UCreSEQ0cD98yP9A7sen4+ZVnf4RJinEuGBlveuw0g=
Subject key identifier:   0C:0A:6B:A7:58:D4:F6:68:D6:79:33:10:E3:3A:98:58:09:45:F7:D1
Certificate issuer:       /CN=505e2f2d5e7093ff8d4003a02b7d3e131ce70a12
Certificate serial:       0194266B9F420AB49C4758BED1038C317F1D
Authority key identifier: 50:5E:2F:2D:5E:70:93:FF:8D:40:03:A0:2B:7D:3E:13:1C:E7:0A:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UF4vLV5wk_-NQAOgK30-ExznChI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/5a7731-ef54-4501-86f4-98e9e2510bb6/1/DAprp1jU9mjWeTMQ4zqYWAlF99E.roa
Signing time:             Thu 02 Jan 2025 09:49:34 +0000
ROA not before:           Thu 02 Jan 2025 09:49:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        178.255.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/5a7731-ef54-4501-86f4-98e9e2510bb6/1/UF4vLV5wk_-NQAOgK30-ExznChI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/5a7731-ef54-4501-86f4-98e9e2510bb6/1/UF4vLV5wk_-NQAOgK30-ExznChI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UF4vLV5wk_-NQAOgK30-ExznChI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:9f:42:0a:b4:9c:47:58:be:d1:03:8c:31:7f:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=505e2f2d5e7093ff8d4003a02b7d3e131ce70a12
        Validity
            Not Before: Jan  2 09:49:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c0a6ba758d4f668d6793310e33a98580945f7d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:2f:b6:b7:59:7e:c1:13:81:34:9f:e9:47:0f:
                    0a:9f:a9:36:d6:af:1f:ba:7c:ac:21:33:58:c9:96:
                    97:d8:f8:1b:d5:d1:86:57:3d:8d:06:01:98:33:6a:
                    37:15:f4:fc:c7:a9:8e:db:ec:24:32:d2:41:fe:a6:
                    b3:52:37:1a:ec:25:43:1b:0c:9f:93:8c:c2:1b:cf:
                    67:50:03:ef:4f:03:41:ab:90:82:c1:fb:9f:c5:78:
                    85:88:22:5e:cb:83:46:6f:b7:72:aa:f8:22:3e:b2:
                    31:89:dd:61:48:b4:69:ba:77:19:53:47:05:63:05:
                    a4:87:07:2e:aa:d3:40:c6:b0:ec:35:04:cd:7d:af:
                    3c:1c:2b:98:cb:7b:e0:1c:7d:6d:51:26:e0:2f:5f:
                    12:3f:b7:42:c8:ec:23:6c:8c:68:33:0d:63:02:6e:
                    13:89:cc:43:60:52:f7:ff:ec:b1:5f:8b:44:53:15:
                    a0:d2:98:e6:0c:d9:a6:5e:1d:4f:a9:56:bb:a7:b9:
                    24:c5:7b:d1:b4:34:6d:60:0e:1d:92:76:e2:5b:e7:
                    73:31:dc:6a:e9:cf:d6:7c:3c:40:56:3a:78:1b:a4:
                    df:00:b2:4a:f7:4e:56:a6:31:2f:cf:d5:d0:06:a1:
                    5a:86:1c:d9:d6:2f:89:40:fe:4a:23:db:d4:ff:a8:
                    2b:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:0A:6B:A7:58:D4:F6:68:D6:79:33:10:E3:3A:98:58:09:45:F7:D1
            X509v3 Authority Key Identifier:
                keyid:50:5E:2F:2D:5E:70:93:FF:8D:40:03:A0:2B:7D:3E:13:1C:E7:0A:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UF4vLV5wk_-NQAOgK30-ExznChI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5a7731-ef54-4501-86f4-98e9e2510bb6/1/DAprp1jU9mjWeTMQ4zqYWAlF99E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5a7731-ef54-4501-86f4-98e9e2510bb6/1/UF4vLV5wk_-NQAOgK30-ExznChI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.255.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:0d:54:f5:54:65:bf:69:5e:79:06:59:ae:8d:38:2c:b9:1e:
         a4:70:21:43:23:82:10:a4:3d:e8:4d:70:67:c2:2d:71:7f:f1:
         e1:3e:c5:1d:87:5d:cc:ee:88:e3:44:a3:46:26:89:80:bc:17:
         b7:7e:c3:40:d7:df:4c:59:df:30:69:87:aa:8a:fa:66:08:e6:
         cd:74:d9:3c:b8:10:ef:f2:55:70:de:72:3e:58:de:5b:8f:88:
         82:03:32:58:63:09:91:f0:a8:e8:4d:aa:c0:2c:d6:e3:8d:43:
         da:38:76:45:2b:e4:0b:72:43:7f:59:77:4f:d9:e7:a0:97:19:
         c3:8b:94:03:b0:5c:fd:dd:cd:79:e1:7f:51:a2:56:9b:02:98:
         07:b4:ac:b1:94:57:7f:c6:e4:28:95:e4:2b:8e:a6:37:2d:45:
         a9:4e:c1:7c:df:4b:99:ab:93:02:70:95:73:75:3c:90:f1:1b:
         70:66:21:3e:ca:3b:2a:de:89:62:5a:03:f5:4d:a8:13:fc:ca:
         4b:b0:01:a9:14:d6:6c:59:14:1c:8c:71:b8:56:3c:d0:db:2a:
         77:b8:fb:19:1e:cf:4f:32:0a:b0:e2:33:5b:c2:dd:48:44:e5:
         2c:ac:87:ad:a5:4c:ae:1f:a8:31:06:81:a4:81:df:6f:53:e4:
         70:30:43:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma59CCrScR1i+0QOMMX8dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNWUyZjJkNWU3MDkzZmY4ZDQwMDNhMDJiN2QzZTEzMWNl
NzBhMTIwHhcNMjUwMTAyMDk0OTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzBhNmJhNzU4ZDRmNjY4ZDY3OTMzMTBlMzNhOTg1ODA5NDVmN2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnC+2t1l+wROBNJ/pRw8Kn6k21q8f
unysITNYyZaX2Pgb1dGGVz2NBgGYM2o3FfT8x6mO2+wkMtJB/qazUjca7CVDGwyf
k4zCG89nUAPvTwNBq5CCwfufxXiFiCJey4NGb7dyqvgiPrIxid1hSLRpuncZU0cF
YwWkhwcuqtNAxrDsNQTNfa88HCuYy3vgHH1tUSbgL18SP7dCyOwjbIxoMw1jAm4T
icxDYFL3/+yxX4tEUxWg0pjmDNmmXh1PqVa7p7kkxXvRtDRtYA4dknbiW+dzMdxq
6c/WfDxAVjp4G6TfALJK905WpjEvz9XQBqFahhzZ1i+JQP5KI9vU/6grCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAwKa6dY1PZo1nkzEOM6mFgJRffRMB8GA1UdIwQY
MBaAFFBeLy1ecJP/jUADoCt9PhMc5woSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUY0dkxWNXdrXy1OUUFPZ0szMC1FeHpuQ2hJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC81YTc3MzEtZWY1NC00NTAxLTg2ZjQt
OThlOWUyNTEwYmI2LzEvREFwcnAxalU5bWpXZVRNUTR6cVlXQWxGOTlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC81YTc3MzEtZWY1NC00NTAxLTg2ZjQtOThlOWUyNTEwYmI2
LzEvVUY0dkxWNXdrXy1OUUFPZ0szMC1FeHpuQ2hJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv/yMA0G
CSqGSIb3DQEBCwUAA4IBAQBADVT1VGW/aV55BlmujTgsuR6kcCFDI4IQpD3oTXBn
wi1xf/HhPsUdh13M7ojjRKNGJomAvBe3fsNA199MWd8waYeqivpmCObNdNk8uBDv
8lVw3nI+WN5bj4iCAzJYYwmR8KjoTarALNbjjUPaOHZFK+QLckN/WXdP2eeglxnD
i5QDsFz93c154X9RolabApgHtKyxlFd/xuQoleQrjqY3LUWpTsF830uZq5MCcJVz
dTyQ8RtwZiE+yjsq3oliWgP1TagT/MpLsAGpFNZsWRQcjHG4VjzQ2yp3uPsZHs9P
Mgqw4jNbwt1IROUsrIetpUyuH6gxBoGkgd9vU+RwMEOB
-----END CERTIFICATE-----