Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/gyt2kSGVKUIn4OLRbtH0JFOAGc4.roa
File:                     gyt2kSGVKUIn4OLRbtH0JFOAGc4.roa (raw, json)
Hash identifier:          8KsOfH2/AI6bh14EEZiTzs/sURZTj/ffUhLf17pJGo0=
Subject key identifier:   83:2B:76:91:21:95:29:42:27:E0:E2:D1:6E:D1:F4:24:53:80:19:CE
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       01932CA7BAB869AC3D04DCEFBF77037D8D6B
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/gyt2kSGVKUIn4OLRbtH0JFOAGc4.roa
Signing time:             Thu 14 Nov 2024 21:50:10 +0000
ROA not before:           Thu 14 Nov 2024 21:50:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        95.164.77.0/24 maxlen: 24
                          95.164.78.0/24 maxlen: 24
                          95.164.79.0/24 maxlen: 24
                          95.164.224.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 14:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2c:a7:ba:b8:69:ac:3d:04:dc:ef:bf:77:03:7d:8d:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Nov 14 21:50:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=832b76912195294227e0e2d16ed1f424538019ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a4:17:15:78:01:78:3d:8d:e3:43:db:6a:40:
                    cd:64:7a:3a:b9:5d:5c:9c:3e:26:7a:9e:a8:73:2b:
                    1e:ef:e9:5b:b7:20:a8:b4:cf:37:8e:cb:6d:31:68:
                    1f:3b:ee:3c:ad:5b:a2:a0:ef:d5:db:9c:17:67:06:
                    38:8d:fb:08:0a:4d:e3:99:e5:67:10:e4:03:fe:b4:
                    5e:1c:17:59:57:9b:f0:03:3e:85:8f:73:53:d2:5a:
                    74:32:a3:d8:71:72:52:33:3e:c8:63:82:fd:e1:b6:
                    91:db:9c:06:e1:5b:96:ad:42:d1:6f:e1:9a:36:da:
                    b0:7d:f7:57:0a:b6:b0:58:b1:e8:35:0c:da:1f:01:
                    be:f5:b9:d0:4e:b9:f0:48:c8:02:88:f6:78:f9:3e:
                    5d:83:e9:5a:d0:f6:0c:fd:f8:42:25:26:00:2d:10:
                    96:0e:ce:7d:3b:9f:c6:98:de:b5:70:11:a6:ff:0f:
                    23:2a:7f:59:0d:b8:92:e9:7d:7d:07:1c:ba:b1:3f:
                    e5:f0:88:ef:9f:12:c5:ba:11:fc:d2:86:de:f4:9b:
                    6f:41:5d:a6:b6:25:4d:66:a6:c9:4a:08:ae:c0:fe:
                    25:a0:d0:56:1c:0d:2a:2b:18:20:b2:ee:b1:3c:e9:
                    1f:2b:d2:1f:10:6b:53:f0:ec:8a:59:e3:44:23:6a:
                    87:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:2B:76:91:21:95:29:42:27:E0:E2:D1:6E:D1:F4:24:53:80:19:CE
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/gyt2kSGVKUIn4OLRbtH0JFOAGc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.77.0-95.164.79.255
                  95.164.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         18:6f:4b:40:53:2c:36:d1:58:6e:64:ac:cd:1d:a3:f3:ea:a8:
         0a:f7:d3:2d:6c:29:fb:2b:1a:92:bc:b1:e8:3f:01:25:79:65:
         15:36:36:f0:e9:93:b4:92:01:fd:93:c9:64:98:ac:cd:b8:42:
         82:92:97:9b:92:0d:22:0b:f8:89:b2:d6:65:d4:c0:60:86:90:
         3f:19:5c:ab:51:7b:ab:4e:30:0c:52:01:1b:eb:1b:74:b3:5e:
         a3:09:0b:16:9d:ce:a9:06:3b:ef:8e:22:b8:85:13:9b:2b:09:
         fe:44:62:1c:99:8e:ca:07:aa:25:ad:07:6d:97:b2:15:db:22:
         9d:10:43:06:26:01:f9:27:c5:53:cd:5a:fa:f8:44:23:db:cd:
         88:93:59:1a:0a:7c:1c:40:64:cc:41:ba:ac:fa:a7:f2:b5:2d:
         95:aa:00:b7:bb:f9:58:c6:45:e7:ac:d1:e6:4e:f0:03:62:fe:
         50:79:53:34:53:4d:66:e6:90:1b:49:97:6d:03:94:7f:d8:92:
         d7:ee:38:26:a1:4f:f8:b5:5f:f6:a2:fd:06:45:37:5c:86:24:
         26:aa:83:e7:f6:66:c4:ec:47:23:27:2b:44:f6:c7:6b:d1:c7:
         13:de:30:c4:50:ea:b0:c0:fc:a6:2b:a7:10:3b:65:aa:08:33:
         c0:28:76:2e
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZMsp7q4aaw9BNzvv3cDfY1rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQxMTE0MjE1MDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzJiNzY5MTIxOTUyOTQyMjdlMGUyZDE2ZWQxZjQyNDUzODAxOWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqQXFXgBeD2N40PbakDNZHo6uV1c
nD4mep6ocyse7+lbtyCotM83jsttMWgfO+48rVuioO/V25wXZwY4jfsICk3jmeVn
EOQD/rReHBdZV5vwAz6Fj3NT0lp0MqPYcXJSMz7IY4L94baR25wG4VuWrULRb+Ga
NtqwffdXCrawWLHoNQzaHwG+9bnQTrnwSMgCiPZ4+T5dg+la0PYM/fhCJSYALRCW
Ds59O5/GmN61cBGm/w8jKn9ZDbiS6X19Bxy6sT/l8IjvnxLFuhH80obe9JtvQV2m
tiVNZqbJSgiuwP4loNBWHA0qKxggsu6xPOkfK9IfEGtT8OyKWeNEI2qH2QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFIMrdpEhlSlCJ+Di0W7R9CRTgBnOMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvZ3l0MmtTR1ZLVUluNE9MUmJ0SDBKRk9BR2M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBABfpE0D
BARfpEADBAJfpOAwDQYJKoZIhvcNAQELBQADggEBABhvS0BTLDbRWG5krM0do/Pq
qAr30y1sKfsrGpK8seg/ASV5ZRU2NvDpk7SSAf2TyWSYrM24QoKSl5uSDSIL+Imy
1mXUwGCGkD8ZXKtRe6tOMAxSARvrG3SzXqMJCxadzqkGO++OIriFE5srCf5EYhyZ
jsoHqiWtB22XshXbIp0QQwYmAfknxVPNWvr4RCPbzYiTWRoKfBxAZMxBuqz6p/K1
LZWqALe7+VjGRees0eZO8ANi/lB5UzRTTWbmkBtJl20DlH/YktfuOCahT/i1X/ai
/QZFN1yGJCaqg+f2ZsTsRyMnK0T2x2vRxxPeMMRQ6rDA/KYrpxA7ZaoIM8Aodi4=
-----END CERTIFICATE-----