Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/CnJ0efIeU-_D8bkw9PjHTa7GuHc.roa
File:                     CnJ0efIeU-_D8bkw9PjHTa7GuHc.roa (raw, json)
Hash identifier:          ZI1rrVvCMwiWM4q2IQFLr5Xoi2kmWIQld6eFoeHKNU4=
Subject key identifier:   0A:72:74:79:F2:1E:53:EF:C3:F1:B9:30:F4:F8:C7:4D:AE:C6:B8:77
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       01942067CAF60213C4888A4FCC3591E4D573
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/CnJ0efIeU-_D8bkw9PjHTa7GuHc.roa
Signing time:             Wed 01 Jan 2025 05:47:40 +0000
ROA not before:           Wed 01 Jan 2025 05:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47299
IP address blocks:        195.65.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:ca:f6:02:13:c4:88:8a:4f:cc:35:91:e4:d5:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 05:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a727479f21e53efc3f1b930f4f8c74daec6b877
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:8d:ff:db:13:70:56:50:95:8c:44:5c:9b:1b:
                    5b:35:48:6c:74:56:4c:9c:48:b9:38:15:15:48:3c:
                    cb:47:40:c3:c9:c3:4d:58:c3:9b:0f:8c:eb:65:d4:
                    44:2e:88:ba:30:66:31:6a:83:f7:0d:31:6a:36:0b:
                    ed:40:ad:23:6a:69:f0:5b:32:27:c6:d7:56:59:5c:
                    b1:f7:b2:13:9a:94:63:7e:e7:ac:f7:bf:b7:fc:93:
                    6b:ec:2e:52:f0:3b:1f:ca:5e:eb:60:2f:b7:f0:21:
                    28:10:76:3b:c4:2e:ab:30:c0:79:b0:27:f2:bd:cd:
                    37:cd:c8:26:76:37:e2:8b:78:89:78:57:43:fe:b4:
                    76:0c:98:09:f8:e1:67:cc:68:35:39:64:c5:53:fc:
                    94:03:86:b0:80:d4:1b:df:87:50:03:3d:1a:6f:80:
                    55:0b:05:e7:65:6b:9c:35:ff:e1:61:38:ce:52:50:
                    db:fc:65:a0:4d:63:34:65:28:bf:3c:dd:84:e6:85:
                    98:24:94:88:83:9e:9c:c6:56:2a:94:b2:de:b5:fa:
                    32:03:76:5c:96:8f:db:f5:84:1c:52:6e:09:e8:56:
                    9c:87:d2:03:ee:ac:67:b2:59:18:6c:74:ec:b4:b2:
                    76:00:5a:ad:63:e0:a7:0a:80:4c:4d:d7:70:c2:45:
                    27:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:72:74:79:F2:1E:53:EF:C3:F1:B9:30:F4:F8:C7:4D:AE:C6:B8:77
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/CnJ0efIeU-_D8bkw9PjHTa7GuHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.65.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:d7:f5:34:fb:8e:67:85:b4:6d:ce:b6:3b:92:f3:fa:00:e7:
         b7:52:aa:d3:53:83:fd:fc:cc:db:cc:5b:bd:78:b1:06:42:57:
         fc:91:74:cd:30:73:09:c9:a9:57:fe:93:e3:31:3d:dc:c9:d6:
         f8:1d:00:90:7e:47:41:b8:0a:3d:b7:6b:e1:68:ed:ca:fb:ed:
         2c:2f:d3:39:0f:3f:ee:09:cc:9b:75:af:39:c3:eb:92:9a:98:
         6b:bd:fb:b1:e4:03:2f:0f:a9:2d:f8:f1:01:44:ce:cb:98:a6:
         42:fc:cb:b8:54:51:b1:56:dd:59:0c:f3:cf:ea:2d:1a:d5:a1:
         20:2e:be:21:26:25:d7:76:0d:e3:6d:9d:e1:a3:e3:5d:51:d2:
         bd:53:79:f1:35:58:bf:a1:7f:a9:e2:e7:0c:d4:8d:4a:b8:70:
         e6:94:9e:b1:6b:0c:c8:37:a6:9c:01:60:3d:17:f0:14:69:7d:
         1e:43:15:16:cb:ca:1b:2e:d9:06:70:73:19:03:29:49:b9:81:
         b1:8a:7f:02:4b:95:be:ae:79:a9:46:3d:5a:d8:0e:2c:a4:3b:
         ef:e3:4a:22:da:27:d1:08:a1:cd:62:fb:d5:c9:b0:1b:b2:39:
         a4:ad:6a:0e:a3:b4:36:16:48:b1:65:82:41:9e:e9:fb:b0:71:
         2e:da:30:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ8r2AhPEiIpPzDWR5NVzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjUwMTAxMDU0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTcyNzQ3OWYyMWU1M2VmYzNmMWI5MzBmNGY4Yzc0ZGFlYzZiODc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAto3/2xNwVlCVjERcmxtbNUhsdFZM
nEi5OBUVSDzLR0DDycNNWMObD4zrZdRELoi6MGYxaoP3DTFqNgvtQK0jamnwWzIn
xtdWWVyx97ITmpRjfues97+3/JNr7C5S8Dsfyl7rYC+38CEoEHY7xC6rMMB5sCfy
vc03zcgmdjfii3iJeFdD/rR2DJgJ+OFnzGg1OWTFU/yUA4awgNQb34dQAz0ab4BV
CwXnZWucNf/hYTjOUlDb/GWgTWM0ZSi/PN2E5oWYJJSIg56cxlYqlLLetfoyA3Zc
lo/b9YQcUm4J6Fach9ID7qxnslkYbHTstLJ2AFqtY+CnCoBMTddwwkUnEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFApydHnyHlPvw/G5MPT4x02uxrh3MB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvQ25KMGVmSWVVLV9EOGJrdzlQakhUYTdHdUhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0ElMA0G
CSqGSIb3DQEBCwUAA4IBAQAD1/U0+45nhbRtzrY7kvP6AOe3UqrTU4P9/MzbzFu9
eLEGQlf8kXTNMHMJyalX/pPjMT3cydb4HQCQfkdBuAo9t2vhaO3K++0sL9M5Dz/u
Ccybda85w+uSmphrvfux5AMvD6kt+PEBRM7LmKZC/Mu4VFGxVt1ZDPPP6i0a1aEg
Lr4hJiXXdg3jbZ3ho+NdUdK9U3nxNVi/oX+p4ucM1I1KuHDmlJ6xawzIN6acAWA9
F/AUaX0eQxUWy8obLtkGcHMZAylJuYGxin8CS5W+rnmpRj1a2A4spDvv40oi2ifR
CKHNYvvVybAbsjmkrWoOo7Q2FkixZYJBnun7sHEu2jBx
-----END CERTIFICATE-----