Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/bWPpXfM0t8DZozdgVuoIuOmty6U.roa
File:                     bWPpXfM0t8DZozdgVuoIuOmty6U.roa (raw, json)
Hash identifier:          DNEemSG0PqXZNx4n7cLqzTbH2v8r72VEpOmSe4kxNgk=
Subject key identifier:   6D:63:E9:5D:F3:34:B7:C0:D9:A3:37:60:56:EA:08:B8:E9:AD:CB:A5
Certificate issuer:       /CN=29390ec0adca5f0743d181145c7899f991fb65e0
Certificate serial:       01956AEC84D67DB4A2D383B6E718A6850C7A
Authority key identifier: 29:39:0E:C0:AD:CA:5F:07:43:D1:81:14:5C:78:99:F9:91:FB:65:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/bWPpXfM0t8DZozdgVuoIuOmty6U.roa
Signing time:             Thu 06 Mar 2025 10:07:20 +0000
ROA not before:           Thu 06 Mar 2025 10:07:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213630
IP address blocks:        195.151.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 05:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6a:ec:84:d6:7d:b4:a2:d3:83:b6:e7:18:a6:85:0c:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29390ec0adca5f0743d181145c7899f991fb65e0
        Validity
            Not Before: Mar  6 10:07:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d63e95df334b7c0d9a3376056ea08b8e9adcba5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:49:95:9c:5a:ed:7d:5d:5a:0c:39:17:0f:a4:
                    a9:02:02:d2:a5:73:e2:2e:15:c6:32:e1:a1:51:c1:
                    7c:8e:b6:12:f9:31:1c:c0:38:2d:a4:55:48:49:42:
                    7e:cf:64:2c:4b:5f:c5:d2:c3:67:fd:a0:45:d8:2e:
                    5a:49:6b:83:22:f1:cc:9c:94:83:44:48:73:6b:ac:
                    28:f6:1d:99:53:24:36:dd:af:b4:7c:bb:38:d0:0f:
                    21:70:4e:69:1d:d0:21:2f:c0:cd:23:a5:92:eb:e8:
                    64:34:5f:95:a5:8a:9a:11:f2:95:dc:8d:a8:a4:fd:
                    03:8c:59:81:5b:00:f0:f8:de:f4:3e:07:e7:21:fe:
                    1d:a8:b9:0b:24:d9:98:88:48:06:20:7f:8e:03:64:
                    e2:dd:25:56:0f:4b:13:ff:a1:75:59:eb:f4:02:18:
                    9b:4c:c8:f2:c9:67:91:d1:58:24:da:ea:5e:bf:43:
                    c0:93:94:03:6d:88:ea:1c:3d:e2:53:9d:a4:c8:04:
                    57:07:c0:f9:25:09:89:fe:72:33:7d:e6:89:11:31:
                    19:2b:60:a3:05:87:2d:fc:f5:e4:39:f9:ff:af:68:
                    10:41:2d:69:70:77:8c:1c:37:8b:e1:cf:8e:c6:4b:
                    c1:c9:e5:5d:72:04:e6:b7:07:fe:db:00:6e:22:ee:
                    59:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:63:E9:5D:F3:34:B7:C0:D9:A3:37:60:56:EA:08:B8:E9:AD:CB:A5
            X509v3 Authority Key Identifier:
                keyid:29:39:0E:C0:AD:CA:5F:07:43:D1:81:14:5C:78:99:F9:91:FB:65:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/bWPpXfM0t8DZozdgVuoIuOmty6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/b31392-2d1c-4934-a59e-ed433aac7828/1/KTkOwK3KXwdD0YEUXHiZ-ZH7ZeA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.151.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:ed:86:a4:89:3c:c3:5c:f2:f5:53:b1:48:40:eb:34:cb:38:
         61:d5:ed:4c:d3:31:65:17:50:80:d3:08:6f:41:75:cb:a1:26:
         48:11:73:90:f0:df:39:bf:2c:31:80:9e:c3:7c:e3:f1:4f:93:
         6c:34:b0:63:ff:55:2f:eb:13:4e:31:18:65:8e:29:d2:ed:b0:
         16:c8:aa:3b:2a:3f:19:52:13:87:76:e3:8c:11:81:a4:49:c5:
         ff:85:f0:f3:6a:3d:fa:98:86:21:f4:15:3d:9e:49:30:d1:d8:
         98:5a:25:ce:29:60:84:3c:6d:a5:67:e4:23:d6:0a:80:c8:ca:
         31:a5:68:ee:70:2a:53:99:22:c7:6e:f0:fe:c5:1d:36:2c:41:
         99:65:e8:8c:8d:1c:ea:c0:c6:71:84:02:60:6c:2f:2c:51:b7:
         96:a4:5a:a9:93:e6:b0:90:ab:b0:ff:7a:06:17:3b:9d:b1:18:
         8e:e3:bd:b9:51:26:83:89:a5:b7:9e:ff:45:91:8d:bb:b8:04:
         12:ab:dd:67:53:3f:bf:c9:ea:c6:41:d8:02:85:51:81:44:9d:
         15:9f:be:b9:5a:7a:94:35:9e:bc:ac:22:a1:77:d1:89:09:fa:
         c6:de:52:62:5c:2f:2c:b0:23:c8:c4:3d:7f:3c:b7:0c:a1:4a:
         81:c1:95:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVq7ITWfbSi04O25ximhQx6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MzkwZWMwYWRjYTVmMDc0M2QxODExNDVjNzg5OWY5OTFm
YjY1ZTAwHhcNMjUwMzA2MTAwNzIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDYzZTk1ZGYzMzRiN2MwZDlhMzM3NjA1NmVhMDhiOGU5YWRjYmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3UmVnFrtfV1aDDkXD6SpAgLSpXPi
LhXGMuGhUcF8jrYS+TEcwDgtpFVISUJ+z2QsS1/F0sNn/aBF2C5aSWuDIvHMnJSD
REhza6wo9h2ZUyQ23a+0fLs40A8hcE5pHdAhL8DNI6WS6+hkNF+VpYqaEfKV3I2o
pP0DjFmBWwDw+N70PgfnIf4dqLkLJNmYiEgGIH+OA2Ti3SVWD0sT/6F1Wev0Ahib
TMjyyWeR0Vgk2upev0PAk5QDbYjqHD3iU52kyARXB8D5JQmJ/nIzfeaJETEZK2Cj
BYct/PXkOfn/r2gQQS1pcHeMHDeL4c+OxkvByeVdcgTmtwf+2wBuIu5ZEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG1j6V3zNLfA2aM3YFbqCLjprculMB8GA1UdIwQY
MBaAFCk5DsCtyl8HQ9GBFFx4mfmR+2XgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1RrT3dLM0tYd2REMFlFVVhIaVotWkg3WmVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9iMzEzOTItMmQxYy00OTM0LWE1OWUt
ZWQ0MzNhYWM3ODI4LzEvYldQcFhmTTB0OERab3pkZ1Z1b0l1T210eTZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9iMzEzOTItMmQxYy00OTM0LWE1OWUtZWQ0MzNhYWM3ODI4
LzEvS1RrT3dLM0tYd2REMFlFVVhIaVotWkg3WmVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5cOMA0G
CSqGSIb3DQEBCwUAA4IBAQCb7YakiTzDXPL1U7FIQOs0yzhh1e1M0zFlF1CA0whv
QXXLoSZIEXOQ8N85vywxgJ7DfOPxT5NsNLBj/1Uv6xNOMRhljinS7bAWyKo7Kj8Z
UhOHduOMEYGkScX/hfDzaj36mIYh9BU9nkkw0diYWiXOKWCEPG2lZ+Qj1gqAyMox
pWjucCpTmSLHbvD+xR02LEGZZeiMjRzqwMZxhAJgbC8sUbeWpFqpk+awkKuw/3oG
FzudsRiO4725USaDiaW3nv9FkY27uAQSq91nUz+/yerGQdgChVGBRJ0Vn765WnqU
NZ68rCKhd9GJCfrG3lJiXC8ssCPIxD1/PLcMoUqBwZVL
-----END CERTIFICATE-----