Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/lXo95w5iGY2qlCwar4Vb6ngfmUQ.roa
File:                     lXo95w5iGY2qlCwar4Vb6ngfmUQ.roa (raw, json)
Hash identifier:          K7cw6ymMs8oJcHolnWrjFvAyiZlrz4VloYZ/Ck1llmM=
Subject key identifier:   95:7A:3D:E7:0E:62:19:8D:AA:94:2C:1A:AF:85:5B:EA:78:1F:99:44
Certificate issuer:       /CN=f19918ed219e7d3d922737ecdc731f0ca60a68b8
Certificate serial:       01942144292D5E8C97E9DF08D29CEC974E58
Authority key identifier: F1:99:18:ED:21:9E:7D:3D:92:27:37:EC:DC:73:1F:0C:A6:0A:68:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/lXo95w5iGY2qlCwar4Vb6ngfmUQ.roa
Signing time:             Wed 01 Jan 2025 09:48:22 +0000
ROA not before:           Wed 01 Jan 2025 09:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5432
IP address blocks:        195.66.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 15:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:29:2d:5e:8c:97:e9:df:08:d2:9c:ec:97:4e:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f19918ed219e7d3d922737ecdc731f0ca60a68b8
        Validity
            Not Before: Jan  1 09:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=957a3de70e62198daa942c1aaf855bea781f9944
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:b8:2d:fa:d7:5a:d2:96:1e:08:a8:20:c0:16:
                    8a:9d:9a:02:19:3b:40:9e:86:1f:c1:97:cb:3b:99:
                    86:fe:40:b6:79:b2:fe:cf:b5:00:95:d2:51:b8:29:
                    d8:7f:92:02:28:11:1a:78:f8:91:f8:8f:3a:17:1a:
                    69:32:19:01:5d:11:b4:0c:b1:31:d6:34:25:e5:b8:
                    25:fc:4e:78:7f:77:d1:71:6a:3a:6e:81:b4:5f:74:
                    b6:2c:52:c8:64:24:eb:bf:f0:b7:4e:db:98:9f:d4:
                    b4:bf:52:51:48:50:07:a6:3f:65:32:b2:ba:97:a2:
                    66:94:a5:d0:46:88:da:ae:4f:61:3d:f2:10:5b:c4:
                    98:6a:2f:fb:42:b4:de:a9:aa:19:d3:14:1a:f4:60:
                    be:d6:e5:21:76:ec:2b:0e:29:d3:44:9b:c1:e7:08:
                    e4:0f:59:61:e4:ef:1d:a7:89:f6:b0:58:27:1c:c3:
                    9a:b3:84:cb:1b:8d:7e:ee:13:09:2e:83:10:83:a7:
                    7b:79:03:df:f1:32:28:d2:3f:51:06:ae:73:16:bd:
                    68:13:ff:e6:5d:63:8b:da:f8:71:36:b5:86:b2:35:
                    6e:c4:64:39:32:8c:cb:95:70:44:12:ee:bc:1e:b7:
                    ca:a6:be:be:3b:65:38:66:d3:41:0d:52:4c:fe:f1:
                    6a:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:7A:3D:E7:0E:62:19:8D:AA:94:2C:1A:AF:85:5B:EA:78:1F:99:44
            X509v3 Authority Key Identifier:
                keyid:F1:99:18:ED:21:9E:7D:3D:92:27:37:EC:DC:73:1F:0C:A6:0A:68:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/lXo95w5iGY2qlCwar4Vb6ngfmUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.66.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:61:40:97:a5:93:89:80:bd:94:3b:98:6d:6e:74:e7:38:9f:
         38:2d:c1:03:b8:ed:de:09:d2:86:47:50:15:7a:ce:02:83:d5:
         c2:eb:26:51:ac:02:dc:d7:66:f7:a7:21:29:89:34:17:c3:fa:
         1f:42:c3:5e:6a:98:51:5f:f5:1e:21:93:b1:1e:d5:45:4e:b8:
         5b:1d:2b:d6:99:cf:56:34:ba:a9:e4:be:e7:ed:06:5c:fe:bd:
         89:9c:ca:ae:8e:d8:63:d0:82:bf:37:ce:63:36:ad:21:cb:0a:
         71:61:b2:83:6e:b1:45:aa:fa:21:b1:c3:2d:88:18:82:73:9e:
         44:cb:b0:56:d3:6c:c0:c6:02:b1:89:50:89:25:93:02:d2:4b:
         8e:98:33:67:c7:3f:84:b5:b6:1b:2f:58:f7:67:fd:cf:db:58:
         36:49:0c:99:75:59:cb:8d:fa:e0:0b:b5:20:12:03:ec:4d:41:
         a0:f2:83:23:aa:af:31:07:d8:0a:40:96:8d:42:b6:b9:9e:75:
         d6:f7:a4:02:72:b8:8d:bf:79:e7:c4:ef:a0:14:20:db:dc:74:
         0b:dc:5f:3e:ae:85:fa:66:97:f6:5b:3a:36:aa:04:2f:24:ad:
         7d:a1:29:e9:cf:10:69:92:26:3b:c3:58:57:9e:8b:bc:d8:86:
         d7:a9:6b:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRCktXoyX6d8I0pzsl05YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxOTkxOGVkMjE5ZTdkM2Q5MjI3MzdlY2RjNzMxZjBjYTYw
YTY4YjgwHhcNMjUwMTAxMDk0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTdhM2RlNzBlNjIxOThkYWE5NDJjMWFhZjg1NWJlYTc4MWY5OTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Lgt+tda0pYeCKggwBaKnZoCGTtA
noYfwZfLO5mG/kC2ebL+z7UAldJRuCnYf5ICKBEaePiR+I86FxppMhkBXRG0DLEx
1jQl5bgl/E54f3fRcWo6boG0X3S2LFLIZCTrv/C3TtuYn9S0v1JRSFAHpj9lMrK6
l6JmlKXQRojark9hPfIQW8SYai/7QrTeqaoZ0xQa9GC+1uUhduwrDinTRJvB5wjk
D1lh5O8dp4n2sFgnHMOas4TLG41+7hMJLoMQg6d7eQPf8TIo0j9RBq5zFr1oE//m
XWOL2vhxNrWGsjVuxGQ5MozLlXBEEu68HrfKpr6+O2U4ZtNBDVJM/vFqJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJV6PecOYhmNqpQsGq+FW+p4H5lEMB8GA1UdIwQY
MBaAFPGZGO0hnn09kic37NxzHwymCmi4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFprWTdTR2VmVDJTSnpmczNITWZES1lLYUxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS82MmIwOTgtNTY4ZC00ODcyLWEwMzIt
MzEzZWZlYjBiMTlkLzEvbFhvOTV3NWlHWTJxbEN3YXI0VmI2bmdmbVVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS82MmIwOTgtNTY4ZC00ODcyLWEwMzItMzEzZWZlYjBiMTlk
LzEvOFprWTdTR2VmVDJTSnpmczNITWZES1lLYUxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0JrMA0G
CSqGSIb3DQEBCwUAA4IBAQBWYUCXpZOJgL2UO5htbnTnOJ84LcEDuO3eCdKGR1AV
es4Cg9XC6yZRrALc12b3pyEpiTQXw/ofQsNeaphRX/UeIZOxHtVFTrhbHSvWmc9W
NLqp5L7n7QZc/r2JnMqujthj0IK/N85jNq0hywpxYbKDbrFFqvohscMtiBiCc55E
y7BW02zAxgKxiVCJJZMC0kuOmDNnxz+EtbYbL1j3Z/3P21g2SQyZdVnLjfrgC7Ug
EgPsTUGg8oMjqq8xB9gKQJaNQra5nnXW96QCcriNv3nnxO+gFCDb3HQL3F8+roX6
Zpf2Wzo2qgQvJK19oSnpzxBpkiY7w1hXnou82IbXqWvm
-----END CERTIFICATE-----