Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/DXJwtRiRfrT-lHhN528NFgWXdIQ.roa
File:                     DXJwtRiRfrT-lHhN528NFgWXdIQ.roa (raw, json)
Hash identifier:          j9+HHgQSi2EW+sVAKQIsjnaBthzI4UJaZdqhtFogKaE=
Subject key identifier:   0D:72:70:B5:18:91:7E:B4:FE:94:78:4D:E7:6F:0D:16:05:97:74:84
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       01970D02C5706B46EADEA6C17A7628908C2D
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/DXJwtRiRfrT-lHhN528NFgWXdIQ.roa
Signing time:             Mon 26 May 2025 14:32:54 +0000
ROA not before:           Mon 26 May 2025 14:32:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59682
IP address blocks:        94.131.5.0/24 maxlen: 24
                          95.164.54.0/24 maxlen: 24
                          95.164.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 16:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0d:02:c5:70:6b:46:ea:de:a6:c1:7a:76:28:90:8c:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: May 26 14:32:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d7270b518917eb4fe94784de76f0d1605977484
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:46:6b:83:90:f5:47:ea:a4:96:77:50:b9:7e:
                    84:ba:59:b9:3c:67:55:fb:09:8b:4c:37:ca:77:90:
                    55:5b:e7:23:5f:94:0f:df:24:02:81:5c:19:07:85:
                    d5:6f:00:db:f6:05:1a:67:94:f4:c5:16:de:f0:bb:
                    4c:cf:8a:8c:d4:0f:39:67:e4:30:17:65:e8:d7:a3:
                    1d:93:61:3e:72:72:aa:3f:ae:ac:81:76:e8:e0:63:
                    49:74:fe:22:58:7b:b0:1a:21:16:31:8f:a8:d9:e3:
                    09:95:b3:d4:b9:b1:dd:f6:7d:4c:07:5c:e8:1d:11:
                    19:14:a6:7a:5e:fc:df:46:f4:9b:07:64:91:09:96:
                    6e:9d:c8:0a:b7:fb:13:65:75:b6:15:85:19:99:c4:
                    78:70:58:19:e2:ab:17:58:5a:41:4e:03:76:5f:16:
                    cd:30:b2:e7:8d:f5:6c:da:d8:84:44:55:52:09:ae:
                    c7:84:95:08:6b:f1:21:8c:22:48:36:66:5a:eb:1c:
                    f3:a9:7d:77:01:d6:cb:50:6c:96:5c:ad:f9:c1:31:
                    ff:c1:1a:51:a0:27:f3:35:06:8a:a7:db:cc:73:2d:
                    13:d4:8b:cb:43:da:31:19:17:2e:8e:b1:48:b8:d2:
                    d7:76:34:84:78:fd:0a:aa:14:8c:64:4b:37:1a:48:
                    07:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:72:70:B5:18:91:7E:B4:FE:94:78:4D:E7:6F:0D:16:05:97:74:84
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/DXJwtRiRfrT-lHhN528NFgWXdIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.5.0/24
                  95.164.54.0/24
                  95.164.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:f7:db:fb:94:1d:6c:87:b9:17:5e:3e:03:99:8a:4c:f9:dc:
         96:be:d5:3e:55:8a:ef:c6:81:41:4b:9a:c6:0b:86:80:bb:3c:
         5d:d6:cc:33:d4:32:2f:83:3c:16:cf:15:85:1b:fe:6d:94:65:
         a6:b3:74:0d:b8:6c:18:45:51:af:47:b6:8c:53:d6:4f:3f:d2:
         e1:cf:7c:41:32:3f:1a:7a:a9:9b:8a:ed:46:d8:52:91:56:47:
         95:23:8c:20:3f:18:32:d5:95:36:eb:86:48:ea:e1:3d:f3:04:
         31:17:ec:d6:a9:0d:f8:27:df:c0:63:b9:f8:bd:d8:87:32:71:
         7b:d7:a0:22:0d:dc:c6:fd:a6:ac:68:f6:63:a1:17:13:5e:32:
         de:ba:80:8f:9f:ae:db:fa:2e:c5:fa:9e:86:dc:32:c4:fb:7d:
         ff:93:3b:4a:75:5c:66:f1:83:a6:a6:7d:96:b0:67:17:00:06:
         e0:a4:d8:e5:dd:8b:1d:63:62:18:a9:68:62:fa:36:c2:1a:74:
         d0:1f:db:aa:9b:a0:42:a0:b4:f1:d3:50:90:bc:d0:a5:36:06:
         40:0b:e8:04:6d:d5:d7:a2:80:72:c5:9b:46:77:56:16:d0:71:
         cb:34:b7:95:ff:ee:6e:89:cc:48:ce:d4:6a:ff:d3:42:be:a0:
         79:86:d5:9c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZcNAsVwa0bq3qbBenYokIwtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjUwNTI2MTQzMjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDcyNzBiNTE4OTE3ZWI0ZmU5NDc4NGRlNzZmMGQxNjA1OTc3NDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjkZrg5D1R+qklndQuX6Eulm5PGdV
+wmLTDfKd5BVW+cjX5QP3yQCgVwZB4XVbwDb9gUaZ5T0xRbe8LtMz4qM1A85Z+Qw
F2Xo16Mdk2E+cnKqP66sgXbo4GNJdP4iWHuwGiEWMY+o2eMJlbPUubHd9n1MB1zo
HREZFKZ6XvzfRvSbB2SRCZZuncgKt/sTZXW2FYUZmcR4cFgZ4qsXWFpBTgN2XxbN
MLLnjfVs2tiERFVSCa7HhJUIa/EhjCJINmZa6xzzqX13AdbLUGyWXK35wTH/wRpR
oCfzNQaKp9vMcy0T1IvLQ9oxGRcujrFIuNLXdjSEeP0KqhSMZEs3GkgHhQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFA1ycLUYkX60/pR4TedvDRYFl3SEMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvRFhKd3RSaVJmclQtbEhoTjUyOE5GZ1dYZElRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXoMFAwQA
X6Q2AwQAX6RfMA0GCSqGSIb3DQEBCwUAA4IBAQCQ99v7lB1sh7kXXj4DmYpM+dyW
vtU+VYrvxoFBS5rGC4aAuzxd1swz1DIvgzwWzxWFG/5tlGWms3QNuGwYRVGvR7aM
U9ZPP9Lhz3xBMj8aeqmbiu1G2FKRVkeVI4wgPxgy1ZU264ZI6uE98wQxF+zWqQ34
J9/AY7n4vdiHMnF716AiDdzG/aasaPZjoRcTXjLeuoCPn67b+i7F+p6G3DLE+33/
kztKdVxm8YOmpn2WsGcXAAbgpNjl3YsdY2IYqWhi+jbCGnTQH9uqm6BCoLTx01CQ
vNClNgZAC+gEbdXXooByxZtGd1YW0HHLNLeV/+5uicxIztRq/9NCvqB5htWc
-----END CERTIFICATE-----