Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ynIC2k9Zg__KwAeoNTNG0bArD-U.roa
File:                     ynIC2k9Zg__KwAeoNTNG0bArD-U.roa (raw, json)
Hash identifier:          5Ajojpz05vtDS1PNGYDFkdTg/bEXVujVwdDKcOqrTO0=
Subject key identifier:   CA:72:02:DA:4F:59:83:FF:CA:C0:07:A8:35:33:46:D1:B0:2B:0F:E5
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018F5C86EB53FCA25EF78286E230DD4C3C1A
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ynIC2k9Zg__KwAeoNTNG0bArD-U.roa
Signing time:             Thu 09 May 2024 08:44:56 +0000
ROA not before:           Thu 09 May 2024 08:44:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1
IP address blocks:        95.214.25.0/24 maxlen: 24
                          95.214.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:5c:86:eb:53:fc:a2:5e:f7:82:86:e2:30:dd:4c:3c:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May  9 08:44:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca7202da4f5983ffcac007a8353346d1b02b0fe5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fd:fc:22:1d:26:16:df:d9:aa:34:af:1b:83:78:
                    6c:7d:1a:f6:6d:5a:42:e1:60:c3:fc:7d:18:e3:f5:
                    2e:9c:59:b3:3f:2f:fb:65:be:26:6d:70:5d:0b:46:
                    35:a1:85:c0:f9:23:43:26:25:0d:0e:ae:b0:2d:7c:
                    b0:83:d5:08:d6:2a:cb:df:ce:e3:90:e9:9e:f8:cd:
                    ad:5a:71:b8:7e:b0:ea:08:e6:a7:ba:cb:6c:d5:06:
                    64:be:2f:ab:e0:23:f7:4d:80:32:f4:42:69:26:23:
                    95:fa:d8:79:72:45:e0:39:51:af:2a:8c:71:7f:74:
                    ed:c0:dc:da:49:16:e5:37:85:f4:1d:7c:d7:cc:69:
                    73:bc:2f:67:27:03:20:99:7d:5c:0d:1f:92:29:eb:
                    66:0a:96:49:d7:e8:34:56:fa:f2:a5:cb:01:42:38:
                    e6:34:08:ab:ab:60:80:46:f3:d0:8d:fb:1a:a0:82:
                    ab:d7:86:2e:4a:5c:5b:d4:2a:3a:cc:cf:c7:78:22:
                    28:bb:b0:74:04:bc:80:3c:be:32:a8:b2:44:0c:e5:
                    46:3e:57:d2:25:4f:3f:67:71:89:90:cd:53:fa:51:
                    1d:b2:1d:00:62:9e:89:b8:b8:2d:56:aa:5e:28:43:
                    3f:19:59:79:13:83:38:e0:e9:ca:d2:92:43:a0:7a:
                    a2:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:72:02:DA:4F:59:83:FF:CA:C0:07:A8:35:33:46:D1:B0:2B:0F:E5
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ynIC2k9Zg__KwAeoNTNG0bArD-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.214.25.0-95.214.26.255

    Signature Algorithm: sha256WithRSAEncryption
         4a:72:57:aa:0c:76:d1:df:58:e4:fa:a1:31:1c:dc:1d:26:ba:
         dd:e8:3d:a7:6d:ec:f1:2e:57:17:31:9d:dd:3e:1d:61:99:64:
         e3:38:a3:d3:78:f7:1d:aa:8f:55:6c:78:8e:87:0d:cc:25:52:
         ed:c1:db:2e:e1:93:f3:b9:11:1d:6a:da:41:a4:35:6b:72:51:
         76:0e:2a:9a:1b:05:01:fa:60:80:f6:24:61:6e:c4:e3:53:d0:
         04:01:b0:e4:00:94:79:3a:d8:cf:9d:2b:27:ba:91:72:90:71:
         27:b1:96:6d:a5:58:69:65:4b:5c:88:19:fb:00:d4:c4:5b:36:
         09:71:75:57:61:63:6f:97:6d:20:b9:0e:2b:88:8d:df:ca:13:
         6a:af:70:6b:12:02:f8:e3:09:ca:3d:24:c5:a6:e8:54:d0:e8:
         49:de:a6:f1:ed:e7:bf:45:ed:df:30:d8:2a:75:c5:f3:56:5c:
         36:bf:9c:a4:7e:a7:f0:33:c6:d4:fa:76:24:7f:a9:c9:f7:79:
         94:54:4a:19:1b:1e:7f:4f:10:30:e2:2c:8d:8f:8d:e2:e2:cd:
         fe:a0:bf:ac:12:57:78:c2:03:9c:fc:bb:a8:a7:55:72:7b:db:
         8f:16:9f:bf:d5:89:8b:31:ba:41:78:a8:2c:fe:6d:be:6f:a0:
         30:b7:fd:ec
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY9chutT/KJe94KG4jDdTDwaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNTA5MDg0NDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTcyMDJkYTRmNTk4M2ZmY2FjMDA3YTgzNTMzNDZkMWIwMmIwZmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/fwiHSYW39mqNK8bg3hsfRr2bVpC
4WDD/H0Y4/UunFmzPy/7Zb4mbXBdC0Y1oYXA+SNDJiUNDq6wLXywg9UI1irL387j
kOme+M2tWnG4frDqCOanusts1QZkvi+r4CP3TYAy9EJpJiOV+th5ckXgOVGvKoxx
f3TtwNzaSRblN4X0HXzXzGlzvC9nJwMgmX1cDR+SKetmCpZJ1+g0VvrypcsBQjjm
NAirq2CARvPQjfsaoIKr14YuSlxb1Co6zM/HeCIou7B0BLyAPL4yqLJEDOVGPlfS
JU8/Z3GJkM1T+lEdsh0AYp6JuLgtVqpeKEM/GVl5E4M44OnK0pJDoHqiGQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMpyAtpPWYP/ysAHqDUzRtGwKw/lMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEveW5JQzJrOVpnX19Ld0Flb05UTkcwYkFyRC1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABf1hkD
BABf1howDQYJKoZIhvcNAQELBQADggEBAEpyV6oMdtHfWOT6oTEc3B0mut3oPadt
7PEuVxcxnd0+HWGZZOM4o9N49x2qj1VseI6HDcwlUu3B2y7hk/O5ER1q2kGkNWty
UXYOKpobBQH6YID2JGFuxONT0AQBsOQAlHk62M+dKye6kXKQcSexlm2lWGllS1yI
GfsA1MRbNglxdVdhY2+XbSC5DiuIjd/KE2qvcGsSAvjjCco9JMWm6FTQ6EnepvHt
579F7d8w2Cp1xfNWXDa/nKR+p/AzxtT6diR/qcn3eZRUShkbHn9PEDDiLI2PjeLi
zf6gv6wSV3jCA5z8u6inVXJ7248Wn7/ViYsxukF4qCz+bb5voDC3/ew=
-----END CERTIFICATE-----