Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/973431-5ae4-4521-9454-c8eb08ce9089/1/ct0pyOPI6fIxvI90voKvQ2P09kc.roa
File:                     ct0pyOPI6fIxvI90voKvQ2P09kc.roa (raw, json)
Hash identifier:          HL+IQFJP+wo1WUNFcjpb/00F+VP2TuCmZyFITiHM4E4=
Subject key identifier:   72:DD:29:C8:E3:C8:E9:F2:31:BC:8F:74:BE:82:AF:43:63:F4:F6:47
Certificate issuer:       /CN=be37c70f1c67eca1775a709c9235d6a2f55516b8
Certificate serial:       0194252154358F2A811ECB262A402D0E46CA
Authority key identifier: BE:37:C7:0F:1C:67:EC:A1:77:5A:70:9C:92:35:D6:A2:F5:55:16:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vjfHDxxn7KF3WnCckjXWovVVFrg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/973431-5ae4-4521-9454-c8eb08ce9089/1/ct0pyOPI6fIxvI90voKvQ2P09kc.roa
Signing time:             Thu 02 Jan 2025 03:48:48 +0000
ROA not before:           Thu 02 Jan 2025 03:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15685
IP address blocks:        185.95.117.0/24 maxlen: 24
                          185.95.118.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/973431-5ae4-4521-9454-c8eb08ce9089/1/vjfHDxxn7KF3WnCckjXWovVVFrg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/973431-5ae4-4521-9454-c8eb08ce9089/1/vjfHDxxn7KF3WnCckjXWovVVFrg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vjfHDxxn7KF3WnCckjXWovVVFrg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 15:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:54:35:8f:2a:81:1e:cb:26:2a:40:2d:0e:46:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be37c70f1c67eca1775a709c9235d6a2f55516b8
        Validity
            Not Before: Jan  2 03:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=72dd29c8e3c8e9f231bc8f74be82af4363f4f647
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:5a:74:6c:52:4c:a7:d4:84:cf:c1:a9:2d:28:
                    53:93:03:70:0c:25:0a:cd:63:61:7f:b5:45:39:71:
                    a2:11:b1:05:20:a5:98:22:26:af:59:74:13:c8:01:
                    ee:5d:d9:07:d5:ba:66:e4:c9:c0:ce:4a:24:2d:3d:
                    e5:cb:12:0c:8d:cf:f8:a8:0c:4a:11:d1:12:f7:23:
                    59:f9:9a:95:2a:70:ad:97:38:d6:f2:b8:c4:c6:96:
                    a2:a6:28:64:1a:fb:f3:65:ad:f9:df:4f:5a:ab:57:
                    33:17:5a:e2:8a:5c:72:b2:a8:2d:20:7d:1c:0e:71:
                    e1:a9:df:bd:db:1a:00:35:d1:7b:f3:33:31:7e:f7:
                    28:3a:a9:fd:49:a7:10:f9:10:c1:7d:da:d8:1b:3a:
                    a0:b4:4e:64:4d:67:01:23:32:89:ef:f1:43:d5:65:
                    fb:8e:d3:91:6d:14:0a:36:0f:7e:6f:31:06:d9:fb:
                    c4:5f:cb:56:97:84:3c:1f:a8:c0:aa:dd:ab:d9:ab:
                    8d:28:81:dc:f4:77:24:2a:d7:0b:c2:54:a4:77:2e:
                    a7:6c:46:6f:8a:76:aa:41:a5:ae:0e:00:6c:49:14:
                    9b:04:e9:37:5a:58:d7:97:21:1a:6c:42:0e:1a:bc:
                    d8:c3:01:21:cf:ed:d4:51:6a:79:4d:ba:a6:76:4c:
                    40:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:DD:29:C8:E3:C8:E9:F2:31:BC:8F:74:BE:82:AF:43:63:F4:F6:47
            X509v3 Authority Key Identifier:
                keyid:BE:37:C7:0F:1C:67:EC:A1:77:5A:70:9C:92:35:D6:A2:F5:55:16:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vjfHDxxn7KF3WnCckjXWovVVFrg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/973431-5ae4-4521-9454-c8eb08ce9089/1/ct0pyOPI6fIxvI90voKvQ2P09kc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/973431-5ae4-4521-9454-c8eb08ce9089/1/vjfHDxxn7KF3WnCckjXWovVVFrg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.95.117.0-185.95.119.255

    Signature Algorithm: sha256WithRSAEncryption
         aa:29:f1:6e:e3:43:fe:b0:01:6e:f2:57:a8:fe:6f:78:59:24:
         9e:4c:9b:68:43:72:85:c3:d2:de:78:c1:21:59:6b:31:a5:78:
         bc:5c:0f:fc:94:54:8d:c5:b9:35:ff:90:01:85:e5:35:d4:0f:
         ac:c3:fd:6c:68:eb:b1:c8:40:3a:4e:99:db:5e:f9:02:5a:db:
         00:d5:e3:ad:77:b8:55:4e:2f:e9:ca:40:9a:0b:c1:ec:ed:07:
         f0:76:3f:98:3c:10:12:e0:d0:2d:83:dd:fd:02:db:7a:64:03:
         9d:93:b2:1b:2f:f8:af:c0:c9:2c:9e:a3:7a:09:40:85:79:55:
         f3:3c:1e:2b:03:c4:fd:84:ce:00:c7:92:1c:6d:9f:bb:9c:b7:
         a7:e8:ea:a3:c3:4b:da:2d:36:5b:ac:82:29:a4:53:ba:f1:47:
         ab:e6:f9:66:97:1e:2e:73:e4:5b:09:4c:64:16:f2:28:2e:cd:
         3b:ae:91:b4:9f:66:12:ed:0b:03:61:d8:85:b8:ce:92:1b:83:
         65:18:35:18:5d:bc:c4:9c:4d:ac:a5:c1:08:61:f6:8e:72:02:
         be:a6:9a:2c:61:bd:f0:75:86:99:1f:e1:21:8e:3e:c2:79:9d:
         ba:27:e4:e7:93:0b:c5:91:d6:d0:5e:8b:35:76:65:e4:fc:04:
         24:03:dd:66
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQlIVQ1jyqBHssmKkAtDkbKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlMzdjNzBmMWM2N2VjYTE3NzVhNzA5YzkyMzVkNmEyZjU1
NTE2YjgwHhcNMjUwMTAyMDM0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmRkMjljOGUzYzhlOWYyMzFiYzhmNzRiZTgyYWY0MzYzZjRmNjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Vp0bFJMp9SEz8GpLShTkwNwDCUK
zWNhf7VFOXGiEbEFIKWYIiavWXQTyAHuXdkH1bpm5MnAzkokLT3lyxIMjc/4qAxK
EdES9yNZ+ZqVKnCtlzjW8rjExpaipihkGvvzZa35309aq1czF1riilxysqgtIH0c
DnHhqd+92xoANdF78zMxfvcoOqn9SacQ+RDBfdrYGzqgtE5kTWcBIzKJ7/FD1WX7
jtORbRQKNg9+bzEG2fvEX8tWl4Q8H6jAqt2r2auNKIHc9HckKtcLwlSkdy6nbEZv
inaqQaWuDgBsSRSbBOk3WljXlyEabEIOGrzYwwEhz+3UUWp5TbqmdkxA5wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHLdKcjjyOnyMbyPdL6Cr0Nj9PZHMB8GA1UdIwQY
MBaAFL43xw8cZ+yhd1pwnJI11qL1VRa4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmpmSER4eG43S0YzV25DY2tqWFdvdlZWRnJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS85NzM0MzEtNWFlNC00NTIxLTk0NTQt
YzhlYjA4Y2U5MDg5LzEvY3QwcHlPUEk2Zkl4dkk5MHZvS3ZRMlAwOWtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS85NzM0MzEtNWFlNC00NTIxLTk0NTQtYzhlYjA4Y2U5MDg5
LzEvdmpmSER4eG43S0YzV25DY2tqWFdvdlZWRnJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5X3UD
BAO5X3AwDQYJKoZIhvcNAQELBQADggEBAKop8W7jQ/6wAW7yV6j+b3hZJJ5Mm2hD
coXD0t54wSFZazGleLxcD/yUVI3FuTX/kAGF5TXUD6zD/Wxo67HIQDpOmdte+QJa
2wDV4613uFVOL+nKQJoLweztB/B2P5g8EBLg0C2D3f0C23pkA52Tshsv+K/AySye
o3oJQIV5VfM8HisDxP2EzgDHkhxtn7uct6fo6qPDS9otNlusgimkU7rxR6vm+WaX
Hi5z5FsJTGQW8iguzTuukbSfZhLtCwNh2IW4zpIbg2UYNRhdvMScTaylwQhh9o5y
Ar6mmixhvfB1hpkf4SGOPsJ5nbon5OeTC8WR1tBeizV2ZeT8BCQD3WY=
-----END CERTIFICATE-----