Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/1cb911-5e7f-49e8-b4f0-3f6ee705915b/1/z4qOlf0RFKvmrLipGybi9vRSQo8.roa
File:                     z4qOlf0RFKvmrLipGybi9vRSQo8.roa (raw, json)
Hash identifier:          ekx6TWWmFCXsO4PnzGvIUJMQy90Loghm7Y0vzWHJWE8=
Subject key identifier:   CF:8A:8E:95:FD:11:14:AB:E6:AC:B8:A9:1B:26:E2:F6:F4:52:42:8F
Certificate issuer:       /CN=6954e90899ff25644520724cde8c211613600bef
Certificate serial:       01942143870DBFD759ACFA9F6325F93DC6F4
Authority key identifier: 69:54:E9:08:99:FF:25:64:45:20:72:4C:DE:8C:21:16:13:60:0B:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aVTpCJn_JWRFIHJM3owhFhNgC-8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/1cb911-5e7f-49e8-b4f0-3f6ee705915b/1/z4qOlf0RFKvmrLipGybi9vRSQo8.roa
Signing time:             Wed 01 Jan 2025 09:47:41 +0000
ROA not before:           Wed 01 Jan 2025 09:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1299
IP address blocks:        185.95.136.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/1cb911-5e7f-49e8-b4f0-3f6ee705915b/1/aVTpCJn_JWRFIHJM3owhFhNgC-8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/1cb911-5e7f-49e8-b4f0-3f6ee705915b/1/aVTpCJn_JWRFIHJM3owhFhNgC-8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aVTpCJn_JWRFIHJM3owhFhNgC-8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:87:0d:bf:d7:59:ac:fa:9f:63:25:f9:3d:c6:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6954e90899ff25644520724cde8c211613600bef
        Validity
            Not Before: Jan  1 09:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf8a8e95fd1114abe6acb8a91b26e2f6f452428f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c9:ac:fa:52:62:98:53:06:7a:7e:d8:df:67:
                    53:f1:f3:9d:e8:9e:24:35:64:20:63:d1:ad:86:c6:
                    30:4e:0f:73:65:72:d6:e3:0e:40:f5:8a:df:14:81:
                    45:6b:68:1c:dc:34:3e:02:b0:da:3c:3e:49:bd:e4:
                    16:58:27:f3:cd:89:46:15:9f:c3:34:cb:71:53:a9:
                    6b:99:1c:17:60:c7:f1:83:d4:71:7c:be:1a:6c:2f:
                    84:37:a5:e1:9d:b7:c8:12:b8:aa:50:eb:fb:fa:d9:
                    f5:69:67:9b:68:41:f5:54:ea:ae:2e:7d:e9:1a:0b:
                    be:d4:a2:ed:e4:47:5f:67:f7:b3:69:b6:23:e8:1f:
                    99:b1:39:19:01:c4:4c:ad:5c:52:e7:04:4a:9e:f3:
                    f2:7c:8e:f4:a9:ba:0f:9f:1b:92:d9:ec:ac:90:ab:
                    75:8e:b7:d5:97:d9:c6:54:68:ed:69:fe:70:81:6c:
                    19:02:38:39:34:fb:81:10:e9:21:0c:cb:9f:92:98:
                    5d:f6:7b:15:01:0a:86:72:f8:58:c1:44:9e:01:2e:
                    9b:98:40:e1:11:e6:28:99:5d:ef:e3:cd:b0:dd:e8:
                    88:73:40:a2:3a:64:8d:28:18:8a:44:a4:c3:e5:f6:
                    79:bf:b0:56:2d:cb:c2:6f:7f:0d:14:16:c6:8b:64:
                    99:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:8A:8E:95:FD:11:14:AB:E6:AC:B8:A9:1B:26:E2:F6:F4:52:42:8F
            X509v3 Authority Key Identifier:
                keyid:69:54:E9:08:99:FF:25:64:45:20:72:4C:DE:8C:21:16:13:60:0B:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aVTpCJn_JWRFIHJM3owhFhNgC-8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/1cb911-5e7f-49e8-b4f0-3f6ee705915b/1/z4qOlf0RFKvmrLipGybi9vRSQo8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/1cb911-5e7f-49e8-b4f0-3f6ee705915b/1/aVTpCJn_JWRFIHJM3owhFhNgC-8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.95.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         40:d0:5b:7d:9d:2e:fe:cd:87:2b:52:09:49:7c:ba:d2:e7:1c:
         b7:2f:b1:b0:9d:11:10:e6:82:04:2d:c0:43:3d:29:70:20:21:
         29:c0:ac:80:af:0f:fe:a1:b9:95:24:b6:b8:55:2d:b5:f7:fe:
         3f:50:12:0b:cd:9b:af:bf:8f:d2:2c:90:3f:77:c2:3a:f1:f6:
         55:c1:74:81:e6:0f:6c:e1:33:7b:bb:60:2e:b3:46:55:7d:04:
         f7:67:14:b2:ce:e4:50:c3:46:b3:00:af:10:fb:2c:3f:8d:e9:
         d0:5a:14:d0:df:91:8a:10:6f:d7:2a:3e:e2:ea:b7:08:33:f9:
         f6:f2:ba:5e:a8:13:17:15:87:ab:28:0c:6b:1c:46:9a:f7:64:
         92:17:8d:59:89:26:3c:5c:40:95:b6:0c:f0:d0:3a:b5:92:32:
         c8:54:e1:b3:14:53:8d:d8:78:6e:b3:72:8d:20:ca:ef:ba:c2:
         75:e8:10:a7:e9:69:94:fa:39:a1:35:e5:af:26:27:ee:f3:3d:
         7c:0f:22:8e:19:c9:07:fa:28:dd:df:b1:5c:dd:af:6b:ad:ff:
         39:0e:06:49:52:29:70:14:6f:93:fb:b2:83:a6:da:ce:fc:ab:
         f8:1d:f4:76:46:f4:06:a6:48:05:d5:78:cc:42:29:57:e2:28:
         24:19:c7:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ4cNv9dZrPqfYyX5Pcb0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5NTRlOTA4OTlmZjI1NjQ0NTIwNzI0Y2RlOGMyMTE2MTM2
MDBiZWYwHhcNMjUwMTAxMDk0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjhhOGU5NWZkMTExNGFiZTZhY2I4YTkxYjI2ZTJmNmY0NTI0MjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcms+lJimFMGen7Y32dT8fOd6J4k
NWQgY9GthsYwTg9zZXLW4w5A9YrfFIFFa2gc3DQ+ArDaPD5JveQWWCfzzYlGFZ/D
NMtxU6lrmRwXYMfxg9RxfL4abC+EN6XhnbfIEriqUOv7+tn1aWebaEH1VOquLn3p
Ggu+1KLt5EdfZ/ezabYj6B+ZsTkZAcRMrVxS5wRKnvPyfI70qboPnxuS2eyskKt1
jrfVl9nGVGjtaf5wgWwZAjg5NPuBEOkhDMufkphd9nsVAQqGcvhYwUSeAS6bmEDh
EeYomV3v482w3eiIc0CiOmSNKBiKRKTD5fZ5v7BWLcvCb38NFBbGi2SZkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM+KjpX9ERSr5qy4qRsm4vb0UkKPMB8GA1UdIwQY
MBaAFGlU6QiZ/yVkRSByTN6MIRYTYAvvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVZUcENKbl9KV1JGSUhKTTNvd2hGaE5nQy04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8xY2I5MTEtNWU3Zi00OWU4LWI0ZjAt
M2Y2ZWU3MDU5MTViLzEvejRxT2xmMFJGS3ZtckxpcEd5Ymk5dlJTUW84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8xY2I5MTEtNWU3Zi00OWU4LWI0ZjAtM2Y2ZWU3MDU5MTVi
LzEvYVZUcENKbl9KV1JGSUhKTTNvd2hGaE5nQy04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuV+IMA0G
CSqGSIb3DQEBCwUAA4IBAQBA0Ft9nS7+zYcrUglJfLrS5xy3L7GwnREQ5oIELcBD
PSlwICEpwKyArw/+obmVJLa4VS219/4/UBILzZuvv4/SLJA/d8I68fZVwXSB5g9s
4TN7u2Aus0ZVfQT3ZxSyzuRQw0azAK8Q+yw/jenQWhTQ35GKEG/XKj7i6rcIM/n2
8rpeqBMXFYerKAxrHEaa92SSF41ZiSY8XECVtgzw0Dq1kjLIVOGzFFON2Hhus3KN
IMrvusJ16BCn6WmU+jmhNeWvJifu8z18DyKOGckH+ijd37Fc3a9rrf85DgZJUilw
FG+T+7KDptrO/Kv4HfR2RvQGpkgF1XjMQilX4igkGccJ
-----END CERTIFICATE-----