Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/38e975-1f4f-4114-bfa1-a79da1a85513/1/ge3kV53d3-LqnCvvkoEAivLZ1y8.roa
File:                     ge3kV53d3-LqnCvvkoEAivLZ1y8.roa (raw, json)
Hash identifier:          SauMWlDrg7IfvsdJxQ9Eu8dcWvkF6O4OvV9rmn3sxVs=
Subject key identifier:   81:ED:E4:57:9D:DD:DF:E2:EA:9C:2B:EF:92:81:00:8A:F2:D9:D7:2F
Certificate issuer:       /CN=4c897f1a3497ebbe27b9e2f0d6f3eae2bbe68b27
Certificate serial:       019427478FA6F28DA93131E332740A7637B9
Authority key identifier: 4C:89:7F:1A:34:97:EB:BE:27:B9:E2:F0:D6:F3:EA:E2:BB:E6:8B:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TIl_GjSX674nueLw1vPq4rvmiyc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/38e975-1f4f-4114-bfa1-a79da1a85513/1/ge3kV53d3-LqnCvvkoEAivLZ1y8.roa
Signing time:             Thu 02 Jan 2025 13:49:48 +0000
ROA not before:           Thu 02 Jan 2025 13:49:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29278
IP address blocks:        95.141.255.0/24 maxlen: 24
                          2a13:46c0:ce00::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/38e975-1f4f-4114-bfa1-a79da1a85513/1/TIl_GjSX674nueLw1vPq4rvmiyc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/38e975-1f4f-4114-bfa1-a79da1a85513/1/TIl_GjSX674nueLw1vPq4rvmiyc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TIl_GjSX674nueLw1vPq4rvmiyc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 10:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:8f:a6:f2:8d:a9:31:31:e3:32:74:0a:76:37:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c897f1a3497ebbe27b9e2f0d6f3eae2bbe68b27
        Validity
            Not Before: Jan  2 13:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=81ede4579ddddfe2ea9c2bef9281008af2d9d72f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d0:46:be:61:6e:df:9a:5a:c4:d9:6c:2d:eb:
                    66:c7:61:67:5d:8d:ea:dd:1a:aa:d6:32:97:44:d6:
                    73:77:3b:cb:0e:05:06:ed:8a:50:10:8d:ac:64:62:
                    60:ce:ef:12:45:51:6a:81:db:f7:fc:4e:39:2f:81:
                    e8:1d:b5:4f:4b:2b:bc:6c:64:3e:ec:3a:ae:c4:d2:
                    e9:30:98:11:f1:a0:22:59:2e:9d:c5:bd:0d:98:da:
                    9a:82:5d:8f:53:07:96:16:b6:63:c7:1f:ab:b1:10:
                    bc:d7:8e:c0:da:dd:43:a3:0b:60:b9:53:2e:86:59:
                    0b:f0:71:54:ed:94:a5:05:8c:ff:38:eb:b5:fc:59:
                    a3:ac:47:56:a5:51:60:18:2b:fb:6c:7f:da:e3:10:
                    51:7b:e7:99:14:77:25:ee:67:a5:b7:ab:29:7a:65:
                    ee:2f:62:0e:52:1d:c7:aa:f5:b5:fb:d8:8a:f8:11:
                    f4:e0:af:74:d0:c0:bb:28:78:29:9e:da:2f:05:37:
                    86:56:7d:7e:92:36:2d:85:79:81:e7:a6:27:43:78:
                    9d:b3:68:42:ea:ff:18:08:6f:f3:01:8a:d2:2e:75:
                    78:0c:c4:f4:a3:bd:16:5e:0e:7b:87:3b:34:ab:10:
                    5f:e7:83:be:b8:38:5d:d7:9e:00:c0:3b:a1:65:ea:
                    03:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:ED:E4:57:9D:DD:DF:E2:EA:9C:2B:EF:92:81:00:8A:F2:D9:D7:2F
            X509v3 Authority Key Identifier:
                keyid:4C:89:7F:1A:34:97:EB:BE:27:B9:E2:F0:D6:F3:EA:E2:BB:E6:8B:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TIl_GjSX674nueLw1vPq4rvmiyc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/38e975-1f4f-4114-bfa1-a79da1a85513/1/ge3kV53d3-LqnCvvkoEAivLZ1y8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/38e975-1f4f-4114-bfa1-a79da1a85513/1/TIl_GjSX674nueLw1vPq4rvmiyc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.141.255.0/24
                IPv6:
                  2a13:46c0:ce00::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:69:a3:98:91:95:82:8f:32:61:51:8e:da:03:de:3b:f2:26:
         47:2f:3b:08:5f:76:1c:d6:3a:07:c3:ed:c4:d4:b6:d8:f3:4f:
         b4:79:30:cb:1e:8a:3e:be:45:fd:28:98:bb:f2:64:a9:65:0c:
         29:ee:f1:f8:ca:45:81:92:35:65:31:89:30:39:9b:8e:b6:15:
         3e:40:37:e2:7a:83:88:69:90:43:54:02:3d:cc:4f:62:67:3b:
         70:d9:ce:a4:0b:5b:5e:44:56:ea:79:4a:03:f9:4c:61:d0:79:
         ff:ff:20:da:fa:a4:54:2a:50:87:76:79:f9:df:a3:22:6d:35:
         41:4d:5e:9d:56:05:dc:65:3f:d2:fe:01:94:c9:08:ad:4c:e0:
         24:75:86:f3:e5:e0:4b:f3:b4:01:98:b8:e8:6f:5b:76:79:12:
         e1:86:91:e2:ab:4c:45:10:38:a8:bb:e1:8b:1d:0c:3b:f6:ab:
         a9:5d:84:fe:4a:0a:0b:e0:b8:ec:6a:ad:af:53:ca:1c:0d:be:
         50:ed:f1:3f:2c:26:79:6f:4c:b0:77:12:e9:8f:03:92:42:79:
         c4:eb:20:f0:f0:b4:be:b8:2d:6d:1c:ce:29:c8:27:3b:6b:79:
         60:34:07:ad:e5:12:a6:1a:57:fa:ec:a4:b1:d1:34:16:83:8c:
         50:62:72:15
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQnR4+m8o2pMTHjMnQKdje5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjODk3ZjFhMzQ5N2ViYmUyN2I5ZTJmMGQ2ZjNlYWUyYmJl
NjhiMjcwHhcNMjUwMTAyMTM0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWVkZTQ1NzlkZGRkZmUyZWE5YzJiZWY5MjgxMDA4YWYyZDlkNzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9BGvmFu35paxNlsLetmx2FnXY3q
3Rqq1jKXRNZzdzvLDgUG7YpQEI2sZGJgzu8SRVFqgdv3/E45L4HoHbVPSyu8bGQ+
7DquxNLpMJgR8aAiWS6dxb0NmNqagl2PUweWFrZjxx+rsRC8147A2t1DowtguVMu
hlkL8HFU7ZSlBYz/OOu1/FmjrEdWpVFgGCv7bH/a4xBRe+eZFHcl7melt6spemXu
L2IOUh3HqvW1+9iK+BH04K900MC7KHgpntovBTeGVn1+kjYthXmB56YnQ3ids2hC
6v8YCG/zAYrSLnV4DMT0o70WXg57hzs0qxBf54O+uDhd154AwDuhZeoDFwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIHt5Fed3d/i6pwr75KBAIry2dcvMB8GA1UdIwQY
MBaAFEyJfxo0l+u+J7ni8Nbz6uK75osnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVElsX0dqU1g2NzRudWVMdzF2UHE0cnZtaXljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zOGU5NzUtMWY0Zi00MTE0LWJmYTEt
YTc5ZGExYTg1NTEzLzEvZ2Uza1Y1M2QzLUxxbkN2dmtvRUFpdkxaMXk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zOGU5NzUtMWY0Zi00MTE0LWJmYTEtYTc5ZGExYTg1NTEz
LzEvVElsX0dqU1g2NzRudWVMdzF2UHE0cnZtaXljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAX43/MA8E
AgACMAkDBwAqE0bAzgAwDQYJKoZIhvcNAQELBQADggEBADVpo5iRlYKPMmFRjtoD
3jvyJkcvOwhfdhzWOgfD7cTUttjzT7R5MMseij6+Rf0omLvyZKllDCnu8fjKRYGS
NWUxiTA5m462FT5AN+J6g4hpkENUAj3MT2JnO3DZzqQLW15EVup5SgP5TGHQef//
INr6pFQqUId2efnfoyJtNUFNXp1WBdxlP9L+AZTJCK1M4CR1hvPl4EvztAGYuOhv
W3Z5EuGGkeKrTEUQOKi74YsdDDv2q6ldhP5KCgvguOxqra9TyhwNvlDt8T8sJnlv
TLB3EumPA5JCecTrIPDwtL64LW0czinIJztreWA0B63lEqYaV/rspLHRNBaDjFBi
chU=
-----END CERTIFICATE-----