Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/XRMjotv_RyNi_vyyDUqJa5DvdNQ.roa
File:                     XRMjotv_RyNi_vyyDUqJa5DvdNQ.roa (raw, json)
Hash identifier:          NqkkZ+12y4P7wuBMP3qkI6mM9Ot2hXdE9NxBdiV//lo=
Subject key identifier:   5D:13:23:A2:DB:FF:47:23:62:FE:FC:B2:0D:4A:89:6B:90:EF:74:D4
Certificate issuer:       /CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
Certificate serial:       019425FDA57ABE4B9F46DB4F397132EA25AD
Authority key identifier: 62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/XRMjotv_RyNi_vyyDUqJa5DvdNQ.roa
Signing time:             Thu 02 Jan 2025 07:49:27 +0000
ROA not before:           Thu 02 Jan 2025 07:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39688
IP address blocks:        95.161.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:a5:7a:be:4b:9f:46:db:4f:39:71:32:ea:25:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
        Validity
            Not Before: Jan  2 07:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d1323a2dbff472362fefcb20d4a896b90ef74d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:06:db:2f:97:60:e0:2d:e9:1c:cf:1e:9b:04:
                    dc:3b:fb:31:66:75:42:74:03:f4:10:15:52:77:ca:
                    6b:0f:54:dd:12:a0:7a:29:a6:e8:cb:cf:d2:04:33:
                    80:5d:09:bb:2d:8e:b9:1f:32:23:68:10:c2:42:e1:
                    d1:54:6b:0e:0f:4d:16:99:ac:c3:bd:62:2b:85:e5:
                    f4:98:c8:29:83:9c:6d:ab:83:e7:42:6d:30:07:bd:
                    d3:d2:fa:fd:09:7f:6d:81:15:b0:fe:f7:a0:f2:ee:
                    72:30:c6:af:9d:90:22:42:47:bb:1b:04:68:b9:b3:
                    ad:e2:9a:e0:8a:14:c5:94:7b:b2:1f:aa:d1:f8:ea:
                    d3:7d:7d:3a:2d:f0:40:c5:1d:b4:3f:da:d0:85:c5:
                    2e:1c:74:64:89:3e:96:0f:32:c0:86:22:5b:34:56:
                    50:1a:a3:a7:df:fc:83:fd:8e:39:f5:d9:7f:cd:70:
                    f1:4c:51:6d:a9:09:a1:4d:0d:bf:b8:fb:fc:9c:c1:
                    3a:3d:45:ee:84:eb:e0:a6:c7:d6:38:5c:8b:d6:d2:
                    9e:ed:49:f6:1b:8f:d4:b1:58:ea:a9:5b:d8:42:c5:
                    63:06:a7:f8:a6:dd:0c:24:5b:f3:5e:44:0b:d5:50:
                    b2:21:cd:f4:2d:82:ad:aa:3d:74:54:5f:b1:48:9b:
                    6d:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:13:23:A2:DB:FF:47:23:62:FE:FC:B2:0D:4A:89:6B:90:EF:74:D4
            X509v3 Authority Key Identifier:
                keyid:62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/XRMjotv_RyNi_vyyDUqJa5DvdNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.161.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:7f:3a:62:25:86:4f:b3:e8:61:c6:47:a5:f0:55:bb:d8:43:
         19:bc:dc:2f:92:10:97:32:c3:22:59:54:dd:69:56:e5:8b:b5:
         70:81:eb:3c:19:9c:33:72:85:23:7b:bc:c2:0e:b5:9e:09:79:
         55:90:03:18:1f:04:c4:aa:6f:b3:86:7c:81:dd:81:ee:ac:65:
         69:d9:e6:85:ac:a9:b6:5d:bd:a8:f1:e0:84:1c:54:ff:ad:91:
         a1:31:b3:8e:bf:3f:89:ca:26:b1:4a:c5:eb:94:49:54:18:cc:
         f9:ff:99:57:18:ad:65:94:3f:45:a0:24:58:d3:c4:a2:ba:e4:
         e0:85:fc:eb:d1:05:49:11:ed:a9:93:8d:d7:52:70:8f:6c:e4:
         05:87:e4:7e:88:76:7e:6e:49:76:ec:26:fa:a4:46:35:45:b9:
         33:59:0b:8c:df:6a:63:ce:4d:b4:30:e4:63:6b:b4:85:d8:b5:
         eb:01:cc:de:db:d1:e5:4f:52:4c:2d:ba:da:3b:27:41:97:70:
         9e:fb:45:b3:5b:9c:88:78:26:4b:b8:2b:af:48:f5:7b:d5:ff:
         29:6e:83:67:cb:01:45:f8:ae:19:1b:cc:c7:59:c5:d2:78:e2:
         52:a1:ce:9d:20:c7:5a:7c:05:75:b1:11:d7:b7:cc:56:77:11:
         6c:82:56:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/aV6vkufRttPOXEy6iWtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjhlN2UwMWZhZGE0OWMxYTUyZmExM2YzNjI2YzQxYjQx
YTUxYjgwHhcNMjUwMTAyMDc0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDEzMjNhMmRiZmY0NzIzNjJmZWZjYjIwZDRhODk2YjkwZWY3NGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAbbL5dg4C3pHM8emwTcO/sxZnVC
dAP0EBVSd8prD1TdEqB6Kaboy8/SBDOAXQm7LY65HzIjaBDCQuHRVGsOD00WmazD
vWIrheX0mMgpg5xtq4PnQm0wB73T0vr9CX9tgRWw/veg8u5yMMavnZAiQke7GwRo
ubOt4prgihTFlHuyH6rR+OrTfX06LfBAxR20P9rQhcUuHHRkiT6WDzLAhiJbNFZQ
GqOn3/yD/Y459dl/zXDxTFFtqQmhTQ2/uPv8nME6PUXuhOvgpsfWOFyL1tKe7Un2
G4/UsVjqqVvYQsVjBqf4pt0MJFvzXkQL1VCyIc30LYKtqj10VF+xSJttPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF0TI6Lb/0cjYv78sg1KiWuQ73TUMB8GA1UdIwQY
MBaAFGIo5+AfraScGlL6E/NibEG0GlG4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUt
NzY3NDE2NTI1MTBkLzEvWFJNam90dl9SeU5pX3Z5eURVcUphNUR2ZE5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUtNzY3NDE2NTI1MTBk
LzEvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6FSMA0G
CSqGSIb3DQEBCwUAA4IBAQCwfzpiJYZPs+hhxkel8FW72EMZvNwvkhCXMsMiWVTd
aVbli7Vwges8GZwzcoUje7zCDrWeCXlVkAMYHwTEqm+zhnyB3YHurGVp2eaFrKm2
Xb2o8eCEHFT/rZGhMbOOvz+JyiaxSsXrlElUGMz5/5lXGK1llD9FoCRY08SiuuTg
hfzr0QVJEe2pk43XUnCPbOQFh+R+iHZ+bkl27Cb6pEY1RbkzWQuM32pjzk20MORj
a7SF2LXrAcze29HlT1JMLbraOydBl3Ce+0WzW5yIeCZLuCuvSPV71f8pboNnywFF
+K4ZG8zHWcXSeOJSoc6dIMdafAV1sRHXt8xWdxFsglbe
-----END CERTIFICATE-----