Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/38e975-1f4f-4114-bfa1-a79da1a85513/1/ZmeLBfUw3zbNaumPEQ9ZqyGPMbU.roa
File:                     ZmeLBfUw3zbNaumPEQ9ZqyGPMbU.roa (raw, json)
Hash identifier:          tJtG0Q2f35y50oegN+6vaNpHd93mQw8Tffkiqg6jQvg=
Subject key identifier:   66:67:8B:05:F5:30:DF:36:CD:6A:E9:8F:11:0F:59:AB:21:8F:31:B5
Certificate issuer:       /CN=4c897f1a3497ebbe27b9e2f0d6f3eae2bbe68b27
Certificate serial:       018FBA8002F3DA9D16336AEB625C31596DAE
Authority key identifier: 4C:89:7F:1A:34:97:EB:BE:27:B9:E2:F0:D6:F3:EA:E2:BB:E6:8B:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TIl_GjSX674nueLw1vPq4rvmiyc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/38e975-1f4f-4114-bfa1-a79da1a85513/1/ZmeLBfUw3zbNaumPEQ9ZqyGPMbU.roa
Signing time:             Mon 27 May 2024 14:41:42 +0000
ROA not before:           Mon 27 May 2024 14:41:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29278
IP address blocks:        95.141.255.0/24 maxlen: 24
                          2a13:46c0:ce00::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/38e975-1f4f-4114-bfa1-a79da1a85513/1/TIl_GjSX674nueLw1vPq4rvmiyc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/38e975-1f4f-4114-bfa1-a79da1a85513/1/TIl_GjSX674nueLw1vPq4rvmiyc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TIl_GjSX674nueLw1vPq4rvmiyc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 05:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ba:80:02:f3:da:9d:16:33:6a:eb:62:5c:31:59:6d:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c897f1a3497ebbe27b9e2f0d6f3eae2bbe68b27
        Validity
            Not Before: May 27 14:41:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66678b05f530df36cd6ae98f110f59ab218f31b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b4:08:08:ec:fc:f1:88:ac:93:b2:61:f0:d8:
                    b9:d4:bb:4a:f0:aa:28:80:28:57:fd:53:00:d5:0b:
                    13:9e:6a:d2:36:7d:36:b0:a3:0c:ca:39:82:8e:50:
                    5c:d2:3a:60:07:ac:bd:0d:1c:60:b2:1e:5f:dd:a0:
                    18:4b:a7:88:27:4d:38:cf:8f:23:02:da:77:c4:01:
                    ef:ab:18:02:72:df:ae:92:66:5e:e8:80:20:d1:b3:
                    ed:05:d8:f7:5a:07:f6:9c:dc:1a:f9:01:83:f2:35:
                    35:49:3e:d6:31:90:3f:54:52:b1:96:e5:f8:bc:0b:
                    10:29:5d:ab:3a:4f:2b:0d:90:21:a6:0e:6f:20:41:
                    a2:77:40:c5:20:ac:97:a7:5b:ee:17:24:b3:36:f4:
                    60:75:53:12:02:1f:ef:de:a2:8b:1d:ac:df:b5:64:
                    86:3f:50:42:75:80:49:b9:34:b8:b1:3f:27:1e:4f:
                    ee:eb:b3:c0:49:bf:dd:f9:59:88:b6:8b:3a:ba:a7:
                    07:43:50:15:b2:79:10:2c:94:9f:b1:aa:23:80:de:
                    cb:f3:2a:02:b5:18:c9:64:d7:07:f6:fd:14:81:6c:
                    21:a1:92:85:61:2a:fb:bf:62:0e:d4:a5:dc:81:e1:
                    57:98:b4:ba:4c:5b:09:85:5c:4c:37:17:25:bc:95:
                    7e:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:67:8B:05:F5:30:DF:36:CD:6A:E9:8F:11:0F:59:AB:21:8F:31:B5
            X509v3 Authority Key Identifier:
                keyid:4C:89:7F:1A:34:97:EB:BE:27:B9:E2:F0:D6:F3:EA:E2:BB:E6:8B:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TIl_GjSX674nueLw1vPq4rvmiyc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/38e975-1f4f-4114-bfa1-a79da1a85513/1/ZmeLBfUw3zbNaumPEQ9ZqyGPMbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/38e975-1f4f-4114-bfa1-a79da1a85513/1/TIl_GjSX674nueLw1vPq4rvmiyc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.141.255.0/24
                IPv6:
                  2a13:46c0:ce00::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:4f:6e:a3:99:0e:f7:96:a7:9d:94:a2:87:c7:80:6b:86:5a:
         e0:ba:15:8c:65:fc:43:67:7f:dd:9b:d0:d8:92:52:87:af:e1:
         80:67:70:29:b5:97:ab:3b:c6:c1:3d:81:09:cc:27:c4:62:3f:
         53:47:f6:95:66:8c:ce:ef:3a:00:6a:77:a0:5f:22:50:3c:c4:
         3e:70:f6:61:8d:45:42:42:f8:42:59:ab:1c:08:cf:ae:08:ac:
         f6:4d:11:e2:05:61:04:be:97:7e:82:66:e0:6a:21:15:e4:91:
         44:f4:75:2b:8e:e0:1d:df:57:e7:c3:62:16:e6:77:54:96:76:
         2b:54:cc:d1:af:64:c5:ff:52:7d:64:3f:cf:ed:2d:7e:7e:97:
         00:ce:ad:26:4a:f7:f9:c5:5c:c8:af:8d:f3:44:a2:95:ea:e0:
         df:49:05:ae:16:8d:9e:6e:07:0d:18:38:fe:55:17:f2:17:08:
         34:41:0e:ae:59:ec:aa:c7:5b:ea:8c:ae:9c:30:6a:d1:1c:c3:
         7f:1d:44:74:d7:f3:33:06:72:34:b9:43:fb:fb:0f:6c:c9:43:
         d4:eb:d9:15:0f:17:89:ad:78:85:70:a2:45:20:75:f5:58:a6:
         ea:78:75:c3:28:dd:f2:44:5e:1e:d9:10:e1:b8:54:a8:e5:6b:
         59:0e:cd:7e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY+6gALz2p0WM2rrYlwxWW2uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjODk3ZjFhMzQ5N2ViYmUyN2I5ZTJmMGQ2ZjNlYWUyYmJl
NjhiMjcwHhcNMjQwNTI3MTQ0MTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjY3OGIwNWY1MzBkZjM2Y2Q2YWU5OGYxMTBmNTlhYjIxOGYzMWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLQICOz88Yisk7Jh8Ni51LtK8Koo
gChX/VMA1QsTnmrSNn02sKMMyjmCjlBc0jpgB6y9DRxgsh5f3aAYS6eIJ004z48j
Atp3xAHvqxgCct+ukmZe6IAg0bPtBdj3Wgf2nNwa+QGD8jU1ST7WMZA/VFKxluX4
vAsQKV2rOk8rDZAhpg5vIEGid0DFIKyXp1vuFySzNvRgdVMSAh/v3qKLHazftWSG
P1BCdYBJuTS4sT8nHk/u67PASb/d+VmItos6uqcHQ1AVsnkQLJSfsaojgN7L8yoC
tRjJZNcH9v0UgWwhoZKFYSr7v2IO1KXcgeFXmLS6TFsJhVxMNxclvJV+wQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGZniwX1MN82zWrpjxEPWashjzG1MB8GA1UdIwQY
MBaAFEyJfxo0l+u+J7ni8Nbz6uK75osnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVElsX0dqU1g2NzRudWVMdzF2UHE0cnZtaXljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zOGU5NzUtMWY0Zi00MTE0LWJmYTEt
YTc5ZGExYTg1NTEzLzEvWm1lTEJmVXczemJOYXVtUEVROVpxeUdQTWJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zOGU5NzUtMWY0Zi00MTE0LWJmYTEtYTc5ZGExYTg1NTEz
LzEvVElsX0dqU1g2NzRudWVMdzF2UHE0cnZtaXljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAX43/MA8E
AgACMAkDBwAqE0bAzgAwDQYJKoZIhvcNAQELBQADggEBACdPbqOZDveWp52UoofH
gGuGWuC6FYxl/ENnf92b0NiSUoev4YBncCm1l6s7xsE9gQnMJ8RiP1NH9pVmjM7v
OgBqd6BfIlA8xD5w9mGNRUJC+EJZqxwIz64IrPZNEeIFYQS+l36CZuBqIRXkkUT0
dSuO4B3fV+fDYhbmd1SWditUzNGvZMX/Un1kP8/tLX5+lwDOrSZK9/nFXMivjfNE
opXq4N9JBa4WjZ5uBw0YOP5VF/IXCDRBDq5Z7KrHW+qMrpwwatEcw38dRHTX8zMG
cjS5Q/v7D2zJQ9Tr2RUPF4mteIVwokUgdfVYpup4dcMo3fJEXh7ZEOG4VKjla1kO
zX4=
-----END CERTIFICATE-----