Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/WG6LyvBNGDffIpI-sro91f49_9w.roa
File:                     WG6LyvBNGDffIpI-sro91f49_9w.roa (raw, json)
Hash identifier:          b/qtnEn82SM9GjcD6krB3YfyzXk8Gafv29kH0MahfZE=
Subject key identifier:   58:6E:8B:CA:F0:4D:18:37:DF:22:92:3E:B2:BA:3D:D5:FE:3D:FF:DC
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       019424B3AC79D8E7ADE701674BC7D240E69D
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/WG6LyvBNGDffIpI-sro91f49_9w.roa
Signing time:             Thu 02 Jan 2025 01:49:02 +0000
ROA not before:           Thu 02 Jan 2025 01:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39762
IP address blocks:        95.164.64.0/22 maxlen: 24
                          95.164.64.0/24 maxlen: 24
                          95.164.65.0/24 maxlen: 24
                          95.164.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:ac:79:d8:e7:ad:e7:01:67:4b:c7:d2:40:e6:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  2 01:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=586e8bcaf04d1837df22923eb2ba3dd5fe3dffdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:92:2a:5d:94:6c:db:5b:3f:bb:a5:c1:1c:88:
                    52:69:7c:6a:9b:67:e6:02:6b:80:23:48:4a:8b:db:
                    d9:99:f0:88:6b:77:9a:f0:0f:9d:4b:34:1a:7d:cf:
                    fb:2a:d8:46:a4:68:3f:00:61:46:f1:2a:84:cf:d4:
                    22:9e:d8:45:65:72:0b:71:ff:01:f0:17:c3:d7:09:
                    cf:24:88:df:11:85:b5:b7:35:3c:01:b3:ea:6f:c5:
                    81:4c:6f:03:f4:aa:c7:95:c4:0c:12:c5:09:b9:6f:
                    b1:6c:36:f6:6e:99:11:19:b7:d1:36:f2:12:4e:7f:
                    3e:d0:fc:8e:fd:e0:27:2b:32:f8:77:59:4d:41:4c:
                    c1:69:db:ed:97:5b:4a:cf:b8:1f:7d:ff:7d:71:c3:
                    8c:27:f5:f2:01:b3:15:87:dc:d6:69:45:44:c7:c8:
                    d9:77:a3:58:f3:05:c6:aa:0a:4b:81:cf:c8:55:c5:
                    eb:84:9f:c6:7a:91:f5:b5:0b:20:23:0e:06:8c:77:
                    5b:18:d8:ed:6e:4d:48:2f:d2:85:78:5d:72:2b:f5:
                    ba:42:ad:ff:0f:da:bd:0a:25:8d:ad:f0:e9:6e:46:
                    b6:71:1f:bf:c8:55:31:4f:3f:81:fe:f1:70:df:ea:
                    44:08:14:de:f7:32:a0:8e:bc:bd:35:4c:bb:26:d7:
                    2f:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:6E:8B:CA:F0:4D:18:37:DF:22:92:3E:B2:BA:3D:D5:FE:3D:FF:DC
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/WG6LyvBNGDffIpI-sro91f49_9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:a4:0d:51:a5:3c:7b:a4:03:4e:c5:73:de:ed:52:b0:0e:ea:
         9a:03:76:34:16:3f:74:ae:c0:6c:34:fb:05:b3:1a:8d:30:d8:
         d4:db:0b:4a:61:e9:c1:2d:e6:00:56:a5:55:ce:10:6a:c6:d7:
         f7:4d:26:cf:70:6a:61:73:6c:40:4d:1d:02:7b:ed:23:39:82:
         a5:25:67:80:26:64:7e:cd:33:b5:f6:ed:5e:0f:91:05:3b:22:
         bd:ae:62:f6:ab:3b:fc:54:cd:c4:58:60:f9:23:d2:c0:cd:3a:
         df:20:03:d3:79:6e:4c:55:d3:01:9b:50:60:17:d4:0b:f8:42:
         91:c7:4e:f4:94:f0:0a:95:8a:b0:29:c7:6d:a2:09:18:09:e1:
         f2:7d:02:77:aa:eb:19:61:5f:3b:40:a8:ff:b5:54:5e:68:55:
         b3:cb:03:d7:eb:3b:8a:42:2e:b9:2f:68:5a:1c:b1:73:f6:73:
         b6:da:99:fc:d5:18:5b:98:85:d6:83:56:71:ec:1a:d9:06:c3:
         ea:81:b6:95:10:95:78:71:af:50:77:c5:13:40:cf:81:4a:82:
         97:81:2a:d2:b5:96:c2:92:f8:1f:0a:40:f8:03:39:3b:21:56:
         2c:cb:d0:17:92:b8:d6:f2:c0:a2:53:ed:9c:f0:85:eb:a7:d8:
         5f:be:53:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks6x52Oet5wFnS8fSQOadMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjUwMTAyMDE0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODZlOGJjYWYwNGQxODM3ZGYyMjkyM2ViMmJhM2RkNWZlM2RmZmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpIqXZRs21s/u6XBHIhSaXxqm2fm
AmuAI0hKi9vZmfCIa3ea8A+dSzQafc/7KthGpGg/AGFG8SqEz9QinthFZXILcf8B
8BfD1wnPJIjfEYW1tzU8AbPqb8WBTG8D9KrHlcQMEsUJuW+xbDb2bpkRGbfRNvIS
Tn8+0PyO/eAnKzL4d1lNQUzBadvtl1tKz7gfff99ccOMJ/XyAbMVh9zWaUVEx8jZ
d6NY8wXGqgpLgc/IVcXrhJ/GepH1tQsgIw4GjHdbGNjtbk1IL9KFeF1yK/W6Qq3/
D9q9CiWNrfDpbka2cR+/yFUxTz+B/vFw3+pECBTe9zKgjry9NUy7JtcvcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFhui8rwTRg33yKSPrK6PdX+Pf/cMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvV0c2THl2Qk5HRGZmSXBJLXNybzkxZjQ5Xzl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX6RAMA0G
CSqGSIb3DQEBCwUAA4IBAQBGpA1RpTx7pANOxXPe7VKwDuqaA3Y0Fj90rsBsNPsF
sxqNMNjU2wtKYenBLeYAVqVVzhBqxtf3TSbPcGphc2xATR0Ce+0jOYKlJWeAJmR+
zTO19u1eD5EFOyK9rmL2qzv8VM3EWGD5I9LAzTrfIAPTeW5MVdMBm1BgF9QL+EKR
x070lPAKlYqwKcdtogkYCeHyfQJ3qusZYV87QKj/tVReaFWzywPX6zuKQi65L2ha
HLFz9nO22pn81RhbmIXWg1Zx7BrZBsPqgbaVEJV4ca9Qd8UTQM+BSoKXgSrStZbC
kvgfCkD4Azk7IVYsy9AXkrjW8sCiU+2c8IXrp9hfvlOW
-----END CERTIFICATE-----