Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/1-3fiDUT6gzjtAQogV6bgofonnG4.roa
File:                     1-3fiDUT6gzjtAQogV6bgofonnG4.roa (raw, json)
Hash identifier:          pc7dIo5ndDhRJIrcZvUMyHa9aA2Wx3LxCkefIcK3Gqc=
Subject key identifier:   FB:77:E2:0D:44:FA:83:38:ED:01:0A:20:57:A6:E0:A1:FA:27:9C:6E
Certificate issuer:       /CN=3ad734cf90c773428806b968209515b914831a9d
Certificate serial:       0195A3A27D4BCBC4FF62C2C169C663EAF139
Authority key identifier: 3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/1-3fiDUT6gzjtAQogV6bgofonnG4.roa
Signing time:             Mon 17 Mar 2025 10:24:49 +0000
ROA not before:           Mon 17 Mar 2025 10:24:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197537
IP address blocks:        188.95.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a3:a2:7d:4b:cb:c4:ff:62:c2:c1:69:c6:63:ea:f1:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ad734cf90c773428806b968209515b914831a9d
        Validity
            Not Before: Mar 17 10:24:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fb77e20d44fa8338ed010a2057a6e0a1fa279c6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f7:e8:ad:8e:aa:bb:f0:75:05:63:3b:22:82:
                    83:8d:42:e4:41:ce:3e:84:03:97:cb:fd:80:18:f8:
                    ad:46:34:36:40:17:e4:f2:7c:de:44:1c:6a:58:5c:
                    e7:e7:35:8e:56:3f:a1:9c:d1:60:39:e1:57:4c:85:
                    3f:d0:01:07:50:7f:a8:17:d9:68:f5:b3:2d:4f:16:
                    ac:08:4d:35:26:a8:4b:ea:7d:a9:d0:0e:23:8c:1f:
                    5e:b8:a3:9b:80:0d:48:78:c7:70:7b:6e:bb:fd:50:
                    ae:33:f7:db:27:e3:79:a7:a5:5c:a5:6e:94:f8:98:
                    a3:9c:76:40:73:36:fd:6f:60:a1:ab:74:40:53:f2:
                    10:96:27:f2:e9:cf:87:e4:65:37:24:73:1c:89:15:
                    bd:20:13:9c:96:41:8b:75:02:93:d7:08:e7:cd:82:
                    d3:ee:aa:97:6d:4b:68:47:fb:6d:cc:91:6e:f4:c5:
                    a2:23:23:17:85:a0:63:ce:45:05:9e:cd:89:fa:db:
                    83:51:42:25:54:6c:86:b5:1e:e2:ce:4a:c3:d2:3a:
                    f4:22:53:93:8f:04:33:47:ba:ec:ee:f0:bc:02:8b:
                    63:b4:48:af:d4:34:6f:4a:d3:e8:54:ce:87:bb:90:
                    82:28:16:0d:97:7c:cc:8b:91:d0:c5:0d:41:79:d0:
                    19:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:77:E2:0D:44:FA:83:38:ED:01:0A:20:57:A6:E0:A1:FA:27:9C:6E
            X509v3 Authority Key Identifier:
                keyid:3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/1-3fiDUT6gzjtAQogV6bgofonnG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.95.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:f2:83:fe:3c:a1:8a:72:45:aa:9f:e6:fe:05:bc:77:a4:19:
         07:dc:c2:67:5e:ea:55:2e:c4:9c:cb:07:f1:04:05:1f:b8:c0:
         1e:62:6c:6d:2f:f8:78:03:94:5e:c2:73:f1:56:94:62:69:f8:
         56:d6:1e:56:66:b8:13:d0:aa:2a:22:f7:8d:8e:e6:03:24:47:
         ce:94:f2:12:79:1e:ab:7a:de:7e:4a:b2:39:d3:22:35:56:67:
         50:1e:a1:04:f4:d9:8e:ed:29:ce:ed:ea:00:70:1c:ef:58:36:
         bb:d3:c0:df:79:46:ce:1a:08:80:eb:5a:01:1b:4e:02:84:8c:
         6d:36:60:5a:0b:68:48:aa:34:a9:45:69:b5:52:88:fd:c3:e8:
         fe:fd:ea:ee:49:4b:b4:30:9c:61:f1:2d:c4:6a:f1:01:1b:47:
         4c:a9:ec:fd:ef:43:30:4f:f9:30:19:a5:5d:26:cf:ab:26:9f:
         d3:ff:e4:76:08:b6:cb:7d:c3:f3:4c:02:24:80:45:7d:22:a8:
         5a:47:b2:31:96:a5:9a:97:0f:0d:ef:e0:20:a6:bd:09:28:7e:
         fb:69:83:e7:54:c5:e5:fd:26:f6:d3:06:1f:69:92:52:ff:b7:
         af:5a:42:52:63:c4:28:4d:14:fe:19:ca:a1:9e:28:75:12:98:
         42:42:14:80
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZWjon1Ly8T/YsLBacZj6vE5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZDczNGNmOTBjNzczNDI4ODA2Yjk2ODIwOTUxNWI5MTQ4
MzFhOWQwHhcNMjUwMzE3MTAyNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjc3ZTIwZDQ0ZmE4MzM4ZWQwMTBhMjA1N2E2ZTBhMWZhMjc5YzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPforY6qu/B1BWM7IoKDjULkQc4+
hAOXy/2AGPitRjQ2QBfk8nzeRBxqWFzn5zWOVj+hnNFgOeFXTIU/0AEHUH+oF9lo
9bMtTxasCE01JqhL6n2p0A4jjB9euKObgA1IeMdwe267/VCuM/fbJ+N5p6VcpW6U
+JijnHZAczb9b2Chq3RAU/IQlify6c+H5GU3JHMciRW9IBOclkGLdQKT1wjnzYLT
7qqXbUtoR/ttzJFu9MWiIyMXhaBjzkUFns2J+tuDUUIlVGyGtR7izkrD0jr0IlOT
jwQzR7rs7vC8AotjtEiv1DRvStPoVM6Hu5CCKBYNl3zMi5HQxQ1BedAZewIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPt34g1E+oM47QEKIFem4KH6J5xuMB8GA1UdIwQY
MBaAFDrXNM+Qx3NCiAa5aCCVFbkUgxqdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMt
NzZhMWQ0ZDgzMTk3LzEvMS0zZmlEVVQ2Z3pqdEFRb2dWNmJnb2Zvbm5HNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDEvZWJmMzgxLTAwYzgtNDgwZC1hNjZjLTc2YTFkNGQ4MzE5
Ny8xL090YzB6NURIYzBLSUJybG9JSlVWdVJTREdwMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALxfRTAN
BgkqhkiG9w0BAQsFAAOCAQEAdPKD/jyhinJFqp/m/gW8d6QZB9zCZ17qVS7EnMsH
8QQFH7jAHmJsbS/4eAOUXsJz8VaUYmn4VtYeVma4E9CqKiL3jY7mAyRHzpTyEnke
q3refkqyOdMiNVZnUB6hBPTZju0pzu3qAHAc71g2u9PA33lGzhoIgOtaARtOAoSM
bTZgWgtoSKo0qUVptVKI/cPo/v3q7klLtDCcYfEtxGrxARtHTKns/e9DME/5MBml
XSbPqyaf0//kdgi2y33D80wCJIBFfSKoWkeyMZalmpcPDe/gIKa9CSh++2mD51TF
5f0m9tMGH2mSUv+3r1pCUmPEKE0U/hnKoZ4odRKYQkIUgA==
-----END CERTIFICATE-----