Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/eknd7AvZ78A2jpsWiLdD7r5PyWo.roa
File:                     eknd7AvZ78A2jpsWiLdD7r5PyWo.roa (raw, json)
Hash identifier:          d0fU0qc8+0HlmnrsMQ3Ex2lp/A6PLPh3xmwGDWTtY/w=
Subject key identifier:   7A:49:DD:EC:0B:D9:EF:C0:36:8E:9B:16:88:B7:43:EE:BE:4F:C9:6A
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       019424B3B7479E0C0DAAE6D2FEFC82548F8A
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/eknd7AvZ78A2jpsWiLdD7r5PyWo.roa
Signing time:             Thu 02 Jan 2025 01:49:05 +0000
ROA not before:           Thu 02 Jan 2025 01:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212496
IP address blocks:        95.164.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:b7:47:9e:0c:0d:aa:e6:d2:fe:fc:82:54:8f:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  2 01:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7a49ddec0bd9efc0368e9b1688b743eebe4fc96a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:58:c4:91:bc:44:9e:32:a6:39:30:d8:bb:2d:
                    50:74:fe:fe:92:21:42:5b:90:24:09:72:7f:d7:db:
                    f4:5d:4c:28:dd:d2:f0:c2:be:72:43:33:fd:01:93:
                    ac:e2:a7:9b:b5:08:ea:31:be:50:60:17:8f:bf:7d:
                    29:b1:f0:44:8e:0b:a6:2b:56:cd:7d:24:8b:2b:04:
                    a7:ed:77:82:57:cb:5e:47:a1:8a:cb:30:4e:13:25:
                    05:71:1b:9c:91:0a:8f:5e:41:85:03:fa:ba:a7:4c:
                    21:3f:bc:41:c3:d0:08:26:7b:4b:df:eb:31:26:26:
                    f8:14:24:a4:ff:e4:98:34:fa:03:ba:b0:5a:7f:56:
                    cd:7b:1d:1b:1d:7e:53:af:be:de:20:6b:8b:42:5f:
                    6b:04:91:49:3a:8c:fe:3e:8e:03:e2:79:5f:55:0c:
                    81:a2:18:03:64:86:e6:bd:25:d5:e7:fc:2e:42:4a:
                    aa:84:b6:fd:6c:80:cf:97:31:99:af:68:14:49:0f:
                    79:e9:2d:e2:e9:6b:34:e5:55:f4:2d:ab:07:b5:1a:
                    89:7f:18:5f:c0:68:0f:fb:cf:3d:e5:3a:6e:28:23:
                    80:15:41:28:b3:b5:86:8a:0c:dd:48:51:26:c9:2d:
                    d2:fd:74:4f:54:bc:f8:a4:75:c0:eb:44:15:00:f4:
                    ce:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:49:DD:EC:0B:D9:EF:C0:36:8E:9B:16:88:B7:43:EE:BE:4F:C9:6A
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/eknd7AvZ78A2jpsWiLdD7r5PyWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:8c:04:02:b1:e1:35:d0:c5:62:87:b8:55:91:85:af:c8:a0:
         e7:73:0c:9c:bd:3d:bf:8f:2d:45:d3:46:e5:0d:5d:02:07:4b:
         82:10:1c:6f:c0:d9:77:cc:a6:d1:33:22:f9:80:49:cf:a1:c6:
         bd:17:70:e6:f0:48:45:ca:86:35:32:79:89:65:e3:fc:72:04:
         48:eb:7b:f5:36:95:1b:9a:8f:70:20:0d:c9:55:9f:30:83:43:
         bc:cc:eb:ef:4e:e7:68:28:31:68:e6:3c:c3:14:4a:dd:85:73:
         df:b3:21:68:b5:df:ec:07:02:33:cb:55:09:33:e2:24:81:2a:
         25:c9:b9:9f:c8:71:b5:7f:1c:0b:f0:0b:48:45:9a:55:4e:70:
         6d:29:42:cf:2f:6f:b3:9e:fa:b8:03:70:5b:59:a8:b2:48:7f:
         4d:62:25:08:10:9e:a7:57:a1:a8:20:e9:b2:f9:ee:b7:73:55:
         1a:1f:11:f8:8d:da:e7:b4:c2:5a:b2:5a:e2:b1:86:3b:1d:3f:
         42:aa:eb:7f:b1:d5:64:14:a3:08:c7:38:44:7e:61:de:f1:9f:
         aa:2d:4c:44:88:cf:5b:fe:5d:0b:11:a0:09:6a:3d:5d:cb:d3:
         25:80:26:36:b1:08:16:bb:82:de:10:0d:6c:d8:14:4c:81:cf:
         f8:28:3b:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks7dHngwNqubS/vyCVI+KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjUwMTAyMDE0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTQ5ZGRlYzBiZDllZmMwMzY4ZTliMTY4OGI3NDNlZWJlNGZjOTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0FjEkbxEnjKmOTDYuy1QdP7+kiFC
W5AkCXJ/19v0XUwo3dLwwr5yQzP9AZOs4qebtQjqMb5QYBePv30psfBEjgumK1bN
fSSLKwSn7XeCV8teR6GKyzBOEyUFcRuckQqPXkGFA/q6p0whP7xBw9AIJntL3+sx
Jib4FCSk/+SYNPoDurBaf1bNex0bHX5Tr77eIGuLQl9rBJFJOoz+Po4D4nlfVQyB
ohgDZIbmvSXV5/wuQkqqhLb9bIDPlzGZr2gUSQ956S3i6Ws05VX0LasHtRqJfxhf
wGgP+8895TpuKCOAFUEos7WGigzdSFEmyS3S/XRPVLz4pHXA60QVAPTOJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHpJ3ewL2e/ANo6bFoi3Q+6+T8lqMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvZWtuZDdBdlo3OEEyanBzV2lMZEQ3cjVQeVdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6RbMA0G
CSqGSIb3DQEBCwUAA4IBAQBSjAQCseE10MVih7hVkYWvyKDncwycvT2/jy1F00bl
DV0CB0uCEBxvwNl3zKbRMyL5gEnPoca9F3Dm8EhFyoY1MnmJZeP8cgRI63v1NpUb
mo9wIA3JVZ8wg0O8zOvvTudoKDFo5jzDFErdhXPfsyFotd/sBwIzy1UJM+IkgSol
ybmfyHG1fxwL8AtIRZpVTnBtKULPL2+znvq4A3BbWaiySH9NYiUIEJ6nV6GoIOmy
+e63c1UaHxH4jdrntMJaslrisYY7HT9Cqut/sdVkFKMIxzhEfmHe8Z+qLUxEiM9b
/l0LEaAJaj1dy9MlgCY2sQgWu4LeEA1s2BRMgc/4KDtO
-----END CERTIFICATE-----