Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/V5ODpODeEpbvwE5LkAOqCcmWmW4.roa
File:                     V5ODpODeEpbvwE5LkAOqCcmWmW4.roa (raw, json)
Hash identifier:          3zSs5+AdI87WAq0+TxR5DJAM9u9GKSXdTdosv1S/PNM=
Subject key identifier:   57:93:83:A4:E0:DE:12:96:EF:C0:4E:4B:90:03:AA:09:C9:96:99:6E
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       0194266C8BFF46BB96B39ED97B64DA3335A5
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/V5ODpODeEpbvwE5LkAOqCcmWmW4.roa
Signing time:             Thu 02 Jan 2025 09:50:35 +0000
ROA not before:           Thu 02 Jan 2025 09:50:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209313
IP address blocks:        94.25.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 20:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:8b:ff:46:bb:96:b3:9e:d9:7b:64:da:33:35:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Jan  2 09:50:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=579383a4e0de1296efc04e4b9003aa09c996996e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:4d:9b:20:6f:16:b3:9a:af:a1:bc:22:42:21:
                    09:26:0f:99:d6:a8:f4:7c:ca:1e:9c:bc:7f:d1:7f:
                    ab:c5:3a:8d:2a:51:85:f7:41:17:b8:21:ee:a9:74:
                    86:e1:e5:01:90:af:26:71:89:3d:30:aa:71:dc:b2:
                    aa:54:6c:82:49:ad:20:c6:cb:d5:71:7d:c7:d1:5f:
                    50:50:2f:17:82:3a:31:b9:d8:8f:34:44:5d:5b:8a:
                    f8:d0:89:7b:df:b2:61:37:06:18:e1:c7:6a:51:c6:
                    17:33:6e:e3:31:97:5b:70:0e:a7:a4:c8:a9:5d:49:
                    a0:c5:3a:12:42:65:67:2d:77:2d:94:c9:d1:bd:12:
                    ef:92:c6:12:97:09:c6:72:ad:2d:05:85:8f:a3:ef:
                    fa:55:79:16:77:41:23:bc:93:2a:26:71:c5:c4:6a:
                    5e:50:ae:06:60:ee:0c:3d:1f:83:1d:24:9a:b4:33:
                    96:d4:e5:0d:49:dd:6d:ff:d0:c6:97:f4:f6:9e:9c:
                    e4:b8:1d:15:41:a5:6f:e8:25:25:4f:38:99:72:24:
                    df:3b:c7:df:48:55:84:5b:a7:96:69:a7:c5:a9:59:
                    7a:f4:10:98:93:58:0a:12:f2:46:b1:e2:0a:43:7c:
                    93:f1:0d:f6:a3:32:59:87:36:7c:7a:91:63:7d:2d:
                    55:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:93:83:A4:E0:DE:12:96:EF:C0:4E:4B:90:03:AA:09:C9:96:99:6E
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/V5ODpODeEpbvwE5LkAOqCcmWmW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.25.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:86:8d:92:3c:fe:84:58:61:53:fc:ff:8a:13:3f:25:ae:8f:
         a2:eb:10:5c:83:04:4e:f2:9f:22:c2:40:cc:fa:25:8c:79:22:
         0f:6f:4e:4e:bf:f4:68:13:7a:6c:13:72:96:c1:df:52:9e:58:
         51:db:b9:04:6e:03:e5:21:54:65:de:03:08:19:8a:ad:d1:ad:
         3b:19:1f:54:cf:87:8a:1f:79:44:ab:c7:02:73:5f:92:77:2f:
         51:9d:73:ac:87:79:9e:1c:ce:c1:45:de:3c:31:17:ad:05:ba:
         14:ab:2f:44:d3:04:59:82:52:0a:26:ad:79:3b:43:9e:44:e1:
         c0:3c:7d:f2:75:e6:d6:19:66:e4:0e:06:d6:99:e9:b8:58:0d:
         7c:d9:a5:c3:f6:ff:41:5d:ca:39:9f:71:e0:fd:5f:85:24:68:
         62:81:b8:64:c5:41:d5:dd:88:fb:bc:7f:e3:af:06:d5:3f:fd:
         f1:7b:57:f4:65:2c:01:d4:78:18:d9:96:43:c9:15:e6:57:87:
         a8:5f:58:30:65:13:30:62:63:e6:d1:e1:af:f3:53:13:c2:0d:
         dd:bc:c1:39:42:b2:85:88:7d:a3:a7:06:09:05:08:3a:0d:26:
         00:43:f0:70:5c:88:b2:82:42:a3:d8:87:5f:b1:a0:6a:3f:b9:
         5a:ed:26:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbIv/RruWs57Ze2TaMzWlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwMTAyMDk1MDM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzkzODNhNGUwZGUxMjk2ZWZjMDRlNGI5MDAzYWEwOWM5OTY5OTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwk2bIG8Ws5qvobwiQiEJJg+Z1qj0
fMoenLx/0X+rxTqNKlGF90EXuCHuqXSG4eUBkK8mcYk9MKpx3LKqVGyCSa0gxsvV
cX3H0V9QUC8XgjoxudiPNERdW4r40Il737JhNwYY4cdqUcYXM27jMZdbcA6npMip
XUmgxToSQmVnLXctlMnRvRLvksYSlwnGcq0tBYWPo+/6VXkWd0EjvJMqJnHFxGpe
UK4GYO4MPR+DHSSatDOW1OUNSd1t/9DGl/T2npzkuB0VQaVv6CUlTziZciTfO8ff
SFWEW6eWaafFqVl69BCYk1gKEvJGseIKQ3yT8Q32ozJZhzZ8epFjfS1VuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFeTg6Tg3hKW78BOS5ADqgnJlpluMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvVjVPRHBPRGVFcGJ2d0U1TGtBT3FDY21XbVc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXhkeMA0G
CSqGSIb3DQEBCwUAA4IBAQAyho2SPP6EWGFT/P+KEz8lro+i6xBcgwRO8p8iwkDM
+iWMeSIPb05Ov/RoE3psE3KWwd9SnlhR27kEbgPlIVRl3gMIGYqt0a07GR9Uz4eK
H3lEq8cCc1+Sdy9RnXOsh3meHM7BRd48MRetBboUqy9E0wRZglIKJq15O0OeROHA
PH3ydebWGWbkDgbWmem4WA182aXD9v9BXco5n3Hg/V+FJGhigbhkxUHV3Yj7vH/j
rwbVP/3xe1f0ZSwB1HgY2ZZDyRXmV4eoX1gwZRMwYmPm0eGv81MTwg3dvME5QrKF
iH2jpwYJBQg6DSYAQ/BwXIiygkKj2IdfsaBqP7la7SaF
-----END CERTIFICATE-----