Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/TPGabRFCyApRYylnzXDE-1EJs9A.roa
File:                     TPGabRFCyApRYylnzXDE-1EJs9A.roa (raw, json)
Hash identifier:          EAdDiGEy3TYUqK1VO+A8Od9DJIftaQ1NGNwmoQi5V2s=
Subject key identifier:   4C:F1:9A:6D:11:42:C8:0A:51:63:29:67:CD:70:C4:FB:51:09:B3:D0
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       0195EE00E0CAD9B5917C772DF2D857D4D0D1
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/TPGabRFCyApRYylnzXDE-1EJs9A.roa
Signing time:             Mon 31 Mar 2025 20:59:49 +0000
ROA not before:           Mon 31 Mar 2025 20:59:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204487
IP address blocks:        95.164.52.0/24 maxlen: 24
                          95.164.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ee:00:e0:ca:d9:b5:91:7c:77:2d:f2:d8:57:d4:d0:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Mar 31 20:59:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4cf19a6d1142c80a51632967cd70c4fb5109b3d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:40:ab:06:e8:72:29:b4:3e:d7:78:88:6d:87:
                    14:1e:57:cc:26:9c:8b:01:aa:b0:5a:98:34:62:3c:
                    19:a2:eb:59:88:24:4e:e9:28:91:fb:bc:e4:5e:d0:
                    2c:46:3c:83:09:f2:79:86:c5:ba:36:ce:38:a0:db:
                    b7:18:76:10:44:6f:bf:f3:28:63:c8:36:a4:92:23:
                    de:18:49:d7:7c:2c:6f:ce:67:4b:bc:42:e6:d4:d9:
                    1f:a6:ef:07:16:27:38:f7:a4:c0:4d:a0:60:1c:5e:
                    1b:b0:06:8a:80:d6:be:a0:be:0e:61:de:c7:d5:79:
                    39:22:25:8d:5c:83:1f:79:7c:12:b8:ea:09:af:e7:
                    aa:8c:88:cb:ec:16:f0:c3:a9:d3:75:ae:8a:7d:55:
                    ee:b9:a1:e4:92:d4:7d:76:d0:7b:f2:95:08:ba:f4:
                    cd:6d:99:8d:0e:23:88:a8:a1:9d:8b:4e:ca:8c:ed:
                    7a:2d:13:6a:a9:7f:5b:86:d5:6e:69:e4:70:ef:b3:
                    73:3f:21:04:96:b7:93:5f:49:64:c4:f2:32:17:02:
                    02:09:f0:8f:72:ee:b7:a5:c8:71:59:cd:00:8d:c5:
                    fe:dd:ae:b1:4a:6a:4d:bb:11:58:c3:fc:c7:36:f3:
                    a8:dc:01:de:bd:c6:20:a6:6b:77:8b:d1:30:1c:0d:
                    e8:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:F1:9A:6D:11:42:C8:0A:51:63:29:67:CD:70:C4:FB:51:09:B3:D0
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/TPGabRFCyApRYylnzXDE-1EJs9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.52.0/24
                  95.164.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:3c:17:33:66:3c:c3:af:be:0d:47:cf:bd:e5:29:f9:05:e4:
         1d:85:38:64:92:7d:52:c3:3e:b1:d7:e0:ea:5f:93:af:9a:49:
         ec:0f:69:c4:5a:12:be:c7:7f:4b:0b:31:fd:b8:4c:c5:b0:10:
         4b:07:19:3c:a6:3e:5b:d3:97:18:37:59:a5:ea:1d:64:1f:54:
         ce:86:fc:70:9c:b9:b6:c4:ba:11:bc:51:cf:f6:fd:ae:7a:c6:
         e7:f4:f9:f0:76:5e:d8:61:17:58:e3:ed:46:7b:7d:a9:c1:66:
         0a:23:36:00:b7:97:ff:17:f4:b6:7f:01:10:ad:34:be:92:ad:
         1d:db:27:5f:21:31:3e:f3:c3:d8:7b:1c:02:58:7e:a0:0d:16:
         e1:82:62:e7:4b:08:8a:31:06:fe:22:10:50:ea:b0:be:d4:e8:
         b6:a1:be:cd:29:32:6c:a8:53:21:cd:b8:f7:9b:d4:50:b2:4b:
         56:7d:db:a9:86:cc:cf:c4:2c:4f:3f:00:07:db:c9:34:55:ba:
         4d:68:19:d3:3c:03:c7:0d:26:0e:2d:17:69:53:bb:32:f6:05:
         f5:35:13:bc:8f:da:1e:e9:98:05:7d:97:e9:f0:69:20:1c:1d:
         43:b1:63:fa:4f:53:4f:87:ab:11:a4:55:c0:58:6b:9d:20:d2:
         fe:8f:4b:a5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZXuAODK2bWRfHct8thX1NDRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjUwMzMxMjA1OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2YxOWE2ZDExNDJjODBhNTE2MzI5NjdjZDcwYzRmYjUxMDliM2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlUCrBuhyKbQ+13iIbYcUHlfMJpyL
AaqwWpg0YjwZoutZiCRO6SiR+7zkXtAsRjyDCfJ5hsW6Ns44oNu3GHYQRG+/8yhj
yDakkiPeGEnXfCxvzmdLvELm1Nkfpu8HFic496TATaBgHF4bsAaKgNa+oL4OYd7H
1Xk5IiWNXIMfeXwSuOoJr+eqjIjL7Bbww6nTda6KfVXuuaHkktR9dtB78pUIuvTN
bZmNDiOIqKGdi07KjO16LRNqqX9bhtVuaeRw77NzPyEElreTX0lkxPIyFwICCfCP
cu63pchxWc0AjcX+3a6xSmpNuxFYw/zHNvOo3AHevcYgpmt3i9EwHA3oqwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEzxmm0RQsgKUWMpZ81wxPtRCbPQMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvVFBHYWJSRkN5QXBSWXlsbnpYREUtMUVKczlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX6Q0AwQA
X6ReMA0GCSqGSIb3DQEBCwUAA4IBAQBPPBczZjzDr74NR8+95Sn5BeQdhThkkn1S
wz6x1+DqX5OvmknsD2nEWhK+x39LCzH9uEzFsBBLBxk8pj5b05cYN1ml6h1kH1TO
hvxwnLm2xLoRvFHP9v2uesbn9Pnwdl7YYRdY4+1Ge32pwWYKIzYAt5f/F/S2fwEQ
rTS+kq0d2ydfITE+88PYexwCWH6gDRbhgmLnSwiKMQb+IhBQ6rC+1Oi2ob7NKTJs
qFMhzbj3m9RQsktWfduphszPxCxPPwAH28k0VbpNaBnTPAPHDSYOLRdpU7sy9gX1
NRO8j9oe6ZgFfZfp8GkgHB1DsWP6T1NPh6sRpFXAWGudINL+j0ul
-----END CERTIFICATE-----