Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/321678-ab13-4354-b07a-359e5624eb3c/1/eJu8DAG80mqEMpGkhj3wQuOHXr8.roa
File:                     eJu8DAG80mqEMpGkhj3wQuOHXr8.roa (raw, json)
Hash identifier:          DOaRxNn/SrZmdsc84BhZlu4cBq+qb0YX2eXor7BoVjI=
Subject key identifier:   78:9B:BC:0C:01:BC:D2:6A:84:32:91:A4:86:3D:F0:42:E3:87:5E:BF
Certificate issuer:       /CN=7913fcfc0627ff219fe5d654980ad48f447ab415
Certificate serial:       0195CCA5C29FB0B497EE52F6FD547C41A473
Authority key identifier: 79:13:FC:FC:06:27:FF:21:9F:E5:D6:54:98:0A:D4:8F:44:7A:B4:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eRP8_AYn_yGf5dZUmArUj0R6tBU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/321678-ab13-4354-b07a-359e5624eb3c/1/eJu8DAG80mqEMpGkhj3wQuOHXr8.roa
Signing time:             Tue 25 Mar 2025 09:32:49 +0000
ROA not before:           Tue 25 Mar 2025 09:32:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        195.95.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/321678-ab13-4354-b07a-359e5624eb3c/1/eRP8_AYn_yGf5dZUmArUj0R6tBU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/321678-ab13-4354-b07a-359e5624eb3c/1/eRP8_AYn_yGf5dZUmArUj0R6tBU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eRP8_AYn_yGf5dZUmArUj0R6tBU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:cc:a5:c2:9f:b0:b4:97:ee:52:f6:fd:54:7c:41:a4:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7913fcfc0627ff219fe5d654980ad48f447ab415
        Validity
            Not Before: Mar 25 09:32:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=789bbc0c01bcd26a843291a4863df042e3875ebf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:3d:46:d6:15:b5:6e:c5:55:2a:72:67:27:ec:
                    10:f3:1f:37:53:4d:19:61:39:52:84:36:62:62:ef:
                    3c:1c:b9:9b:ff:ef:31:bf:e9:b7:bb:13:5f:49:30:
                    79:22:f2:4d:45:00:d6:cd:37:b1:00:aa:5b:e6:db:
                    52:a1:7c:63:9b:87:fc:b6:07:f2:58:bf:78:ca:a8:
                    4e:2d:a6:4f:c1:ea:2d:b0:92:95:e5:e7:1d:a5:98:
                    e6:91:6e:fa:31:c3:a9:b4:56:08:7d:0a:d0:99:35:
                    31:e1:2a:5c:30:d0:a3:33:7c:be:bc:32:27:4e:57:
                    b3:65:b4:ee:d2:37:a3:00:5a:48:ec:cf:ca:de:ab:
                    05:79:be:6b:cf:5f:65:ee:bc:4c:ce:ce:27:6b:75:
                    02:86:54:06:3a:db:05:b2:63:90:56:b1:c9:62:c3:
                    84:19:5d:d8:4b:6c:07:ce:2c:2b:a4:2c:23:4d:89:
                    7f:ad:27:4e:ac:09:28:39:02:8f:c9:c3:fb:2d:92:
                    85:54:6b:80:2a:4d:9e:a8:76:0b:69:c0:40:94:cd:
                    ce:00:58:6e:76:9a:45:e9:b0:6f:7c:cf:c0:91:96:
                    b3:5b:6a:7c:79:3c:be:2a:88:01:98:92:73:0c:08:
                    8f:fb:bd:a7:ef:ce:3c:20:56:5d:ad:37:21:9e:61:
                    4f:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:9B:BC:0C:01:BC:D2:6A:84:32:91:A4:86:3D:F0:42:E3:87:5E:BF
            X509v3 Authority Key Identifier:
                keyid:79:13:FC:FC:06:27:FF:21:9F:E5:D6:54:98:0A:D4:8F:44:7A:B4:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eRP8_AYn_yGf5dZUmArUj0R6tBU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/321678-ab13-4354-b07a-359e5624eb3c/1/eJu8DAG80mqEMpGkhj3wQuOHXr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/321678-ab13-4354-b07a-359e5624eb3c/1/eRP8_AYn_yGf5dZUmArUj0R6tBU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:0a:f9:0e:b9:50:c4:a1:a0:ba:3d:51:bb:8c:25:09:6f:4b:
         89:b9:6f:00:88:28:b3:8a:1f:10:92:6b:da:57:6b:55:ea:ed:
         5d:fc:80:3c:df:b8:76:0d:4e:7a:6d:eb:9f:23:b3:ea:b3:20:
         01:aa:ee:f7:3b:04:49:03:2e:57:37:bf:cf:4b:fc:08:4d:8e:
         5d:fa:e2:ef:d7:64:89:e5:3a:51:bb:b5:fd:4c:dd:98:fe:b1:
         e6:dd:18:d3:85:18:c8:19:7d:a5:11:81:c0:da:e3:d0:12:b5:
         74:49:c6:1e:ce:a5:5a:31:41:fa:62:3a:df:cc:9d:ea:eb:f3:
         c7:90:c1:70:67:58:62:aa:15:ea:39:8b:e5:e5:bc:37:2c:e8:
         ac:3e:7f:23:15:38:f1:3c:18:cc:a3:ce:4e:09:69:7d:6e:de:
         ed:5f:e5:7e:3c:b0:fa:01:5a:2e:1c:71:54:c7:90:1b:a3:05:
         1b:18:1f:36:05:0e:ea:ac:55:96:e9:79:c2:97:5e:18:ac:20:
         ef:f1:6c:9a:59:92:8e:b4:59:a4:bd:0e:d2:37:40:c2:d2:b3:
         c7:1f:ca:f3:dc:4b:7a:3c:6a:4d:c7:c7:99:60:82:3d:59:4b:
         c5:7e:bc:6b:8c:3f:d1:bf:52:bb:07:64:74:ad:17:69:f0:7d:
         c4:c7:9a:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXMpcKfsLSX7lL2/VR8QaRzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5MTNmY2ZjMDYyN2ZmMjE5ZmU1ZDY1NDk4MGFkNDhmNDQ3
YWI0MTUwHhcNMjUwMzI1MDkzMjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODliYmMwYzAxYmNkMjZhODQzMjkxYTQ4NjNkZjA0MmUzODc1ZWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxT1G1hW1bsVVKnJnJ+wQ8x83U00Z
YTlShDZiYu88HLmb/+8xv+m3uxNfSTB5IvJNRQDWzTexAKpb5ttSoXxjm4f8tgfy
WL94yqhOLaZPweotsJKV5ecdpZjmkW76McOptFYIfQrQmTUx4SpcMNCjM3y+vDIn
TlezZbTu0jejAFpI7M/K3qsFeb5rz19l7rxMzs4na3UChlQGOtsFsmOQVrHJYsOE
GV3YS2wHziwrpCwjTYl/rSdOrAkoOQKPycP7LZKFVGuAKk2eqHYLacBAlM3OAFhu
dppF6bBvfM/AkZazW2p8eTy+KogBmJJzDAiP+72n7848IFZdrTchnmFPxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHibvAwBvNJqhDKRpIY98ELjh16/MB8GA1UdIwQY
MBaAFHkT/PwGJ/8hn+XWVJgK1I9EerQVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVJQOF9BWW5feUdmNWRaVW1BclVqMFI2dEJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi8zMjE2NzgtYWIxMy00MzU0LWIwN2Et
MzU5ZTU2MjRlYjNjLzEvZUp1OERBRzgwbXFFTXBHa2hqM3dRdU9IWHI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi8zMjE2NzgtYWIxMy00MzU0LWIwN2EtMzU5ZTU2MjRlYjNj
LzEvZVJQOF9BWW5feUdmNWRaVW1BclVqMFI2dEJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1/1MA0G
CSqGSIb3DQEBCwUAA4IBAQBfCvkOuVDEoaC6PVG7jCUJb0uJuW8AiCizih8Qkmva
V2tV6u1d/IA837h2DU56beufI7PqsyABqu73OwRJAy5XN7/PS/wITY5d+uLv12SJ
5TpRu7X9TN2Y/rHm3RjThRjIGX2lEYHA2uPQErV0ScYezqVaMUH6YjrfzJ3q6/PH
kMFwZ1hiqhXqOYvl5bw3LOisPn8jFTjxPBjMo85OCWl9bt7tX+V+PLD6AVouHHFU
x5AbowUbGB82BQ7qrFWW6XnCl14YrCDv8WyaWZKOtFmkvQ7SN0DC0rPHH8rz3Et6
PGpNx8eZYII9WUvFfrxrjD/Rv1K7B2R0rRdp8H3Ex5pY
-----END CERTIFICATE-----