Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/CzaaDeOWHQ6kTwaAx_O9YkLSomg.roa
File:                     CzaaDeOWHQ6kTwaAx_O9YkLSomg.roa (raw, json)
Hash identifier:          GUI6ZQYLsnldTDNTDgycT5JJ61OE2lf64zAhH2MlHo0=
Subject key identifier:   0B:36:9A:0D:E3:96:1D:0E:A4:4F:06:80:C7:F3:BD:62:42:D2:A2:68
Certificate issuer:       /CN=aedaeea9117a1d5ccc320222955a09faa0798fd9
Certificate serial:       019423D7183034D92A2AFF7527219B773093
Authority key identifier: AE:DA:EE:A9:11:7A:1D:5C:CC:32:02:22:95:5A:09:FA:A0:79:8F:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/CzaaDeOWHQ6kTwaAx_O9YkLSomg.roa
Signing time:             Wed 01 Jan 2025 21:48:06 +0000
ROA not before:           Wed 01 Jan 2025 21:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     18692
IP address blocks:        95.172.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:18:30:34:d9:2a:2a:ff:75:27:21:9b:77:30:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aedaeea9117a1d5ccc320222955a09faa0798fd9
        Validity
            Not Before: Jan  1 21:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b369a0de3961d0ea44f0680c7f3bd6242d2a268
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e5:93:1c:7e:6d:ef:71:21:70:5d:a1:f5:ca:
                    a6:0d:60:ac:93:e2:4c:d1:f7:5c:a4:72:8d:09:5d:
                    d1:c3:16:48:65:14:71:6a:c9:9f:3b:dc:4d:4f:b6:
                    5d:e6:02:f6:38:03:f1:3e:42:07:a5:ae:47:7b:28:
                    53:bd:19:b4:d7:2b:d6:8e:83:47:cc:bb:b0:1c:9b:
                    be:0c:cc:d1:14:5b:6d:91:7f:79:13:a1:80:33:a0:
                    a2:6f:6a:ee:13:1f:ee:55:f3:d3:42:eb:e2:a1:7d:
                    45:36:27:93:72:35:25:b0:61:71:e4:d8:bf:ba:45:
                    d7:53:89:f4:d1:4e:65:c8:2e:7c:14:b4:d9:aa:16:
                    50:fb:16:f5:d3:36:5e:c6:3c:f3:bf:22:29:8d:00:
                    51:5b:c1:23:43:40:8b:18:bc:7d:63:46:7e:8e:f7:
                    b4:6b:c8:56:d8:78:ac:1f:a6:39:20:cb:5c:ba:ce:
                    e2:4e:8f:2d:b8:12:49:42:65:6a:dc:c4:37:4f:85:
                    93:65:80:e4:cd:e6:ad:29:7a:d2:30:71:e6:43:21:
                    ad:85:62:3a:2e:a0:d9:01:5d:37:0c:4b:ac:cb:7d:
                    a4:ce:a5:d9:c5:ba:17:0a:38:61:f6:aa:fd:4f:ed:
                    73:5c:74:c1:42:40:f7:27:10:d5:ce:5c:e9:d4:69:
                    87:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:36:9A:0D:E3:96:1D:0E:A4:4F:06:80:C7:F3:BD:62:42:D2:A2:68
            X509v3 Authority Key Identifier:
                keyid:AE:DA:EE:A9:11:7A:1D:5C:CC:32:02:22:95:5A:09:FA:A0:79:8F:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/CzaaDeOWHQ6kTwaAx_O9YkLSomg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.172.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:72:b8:31:fb:14:cd:ae:71:b0:c6:e2:9f:94:ba:a5:49:d2:
         a5:c1:71:fd:f1:ea:92:8a:00:84:1f:3b:9f:a3:c6:8b:50:98:
         2f:d2:ce:15:7a:12:9c:f1:24:a6:1e:e5:7b:05:9e:e6:bb:fe:
         c9:6b:6e:f0:f7:a9:b6:d4:a2:17:4d:9b:af:38:57:c8:09:26:
         3b:5d:b5:d9:83:d8:a7:cc:d5:62:e4:b7:bb:45:74:36:bc:43:
         e3:6b:b6:09:57:1b:be:02:23:65:d0:be:2e:17:ca:f2:2f:1b:
         f3:63:17:b6:b1:9a:1b:94:ba:fa:bd:95:74:ac:e4:1e:5d:7a:
         c7:de:e9:94:4c:8b:62:14:65:18:e1:b4:fe:91:5c:be:20:ab:
         00:cc:06:65:80:69:8d:66:3e:ea:a7:86:de:9c:aa:d7:10:76:
         7b:26:52:7c:4c:92:c4:3c:95:9b:e7:b5:95:65:42:4c:36:04:
         43:4a:e8:45:e0:32:ff:0f:f8:f6:0a:f6:fd:c2:18:14:8c:e0:
         98:af:d1:2a:ba:8b:a4:74:ca:74:4f:cf:12:ae:eb:d2:3c:81:
         8b:71:82:02:b3:7d:c8:5f:28:69:f8:34:21:6e:ac:4a:2d:e1:
         ed:45:54:7d:1c:ec:83:04:54:ea:b9:e5:51:9e:5a:1d:da:a7:
         7e:0e:12:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1xgwNNkqKv91JyGbdzCTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZGFlZWE5MTE3YTFkNWNjYzMyMDIyMjk1NWEwOWZhYTA3
OThmZDkwHhcNMjUwMTAxMjE0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjM2OWEwZGUzOTYxZDBlYTQ0ZjA2ODBjN2YzYmQ2MjQyZDJhMjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAruWTHH5t73EhcF2h9cqmDWCsk+JM
0fdcpHKNCV3RwxZIZRRxasmfO9xNT7Zd5gL2OAPxPkIHpa5HeyhTvRm01yvWjoNH
zLuwHJu+DMzRFFttkX95E6GAM6Cib2ruEx/uVfPTQuvioX1FNieTcjUlsGFx5Ni/
ukXXU4n00U5lyC58FLTZqhZQ+xb10zZexjzzvyIpjQBRW8EjQ0CLGLx9Y0Z+jve0
a8hW2HisH6Y5IMtcus7iTo8tuBJJQmVq3MQ3T4WTZYDkzeatKXrSMHHmQyGthWI6
LqDZAV03DEusy32kzqXZxboXCjhh9qr9T+1zXHTBQkD3JxDVzlzp1GmHJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAs2mg3jlh0OpE8GgMfzvWJC0qJoMB8GA1UdIwQY
MBaAFK7a7qkReh1czDICIpVaCfqgeY/ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnRydXFSRjZIVnpNTWdJaWxWb0otcUI1ajlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9hMTNiMDEtNDE1My00ZWE1LWJmMjEt
OTk4NjhjNTEzMjlhLzEvQ3phYURlT1dIUTZrVHdhQXhfTzlZa0xTb21nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9hMTNiMDEtNDE1My00ZWE1LWJmMjEtOTk4NjhjNTEzMjlh
LzEvcnRydXFSRjZIVnpNTWdJaWxWb0otcUI1ajlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6xIMA0G
CSqGSIb3DQEBCwUAA4IBAQAvcrgx+xTNrnGwxuKflLqlSdKlwXH98eqSigCEHzuf
o8aLUJgv0s4VehKc8SSmHuV7BZ7mu/7Ja27w96m21KIXTZuvOFfICSY7XbXZg9in
zNVi5Le7RXQ2vEPja7YJVxu+AiNl0L4uF8ryLxvzYxe2sZoblLr6vZV0rOQeXXrH
3umUTItiFGUY4bT+kVy+IKsAzAZlgGmNZj7qp4benKrXEHZ7JlJ8TJLEPJWb57WV
ZUJMNgRDSuhF4DL/D/j2Cvb9whgUjOCYr9EquoukdMp0T88SruvSPIGLcYICs33I
Xyhp+DQhbqxKLeHtRVR9HOyDBFTqueVRnlod2qd+DhK4
-----END CERTIFICATE-----