Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/qsgnBWOI_l3aIenONb8LAoOprjc.roa
File:                     qsgnBWOI_l3aIenONb8LAoOprjc.roa (raw, json)
Hash identifier:          j7ezlBbBq+vnsejKRpwPOPv4y6U4cobOl9xfONfFjh8=
Subject key identifier:   AA:C8:27:05:63:88:FE:5D:DA:21:E9:CE:35:BF:0B:02:83:A9:AE:37
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       01924A1F59B49AAB1B0008D4EF0A280F8629
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/qsgnBWOI_l3aIenONb8LAoOprjc.roa
Signing time:             Tue 01 Oct 2024 22:07:01 +0000
ROA not before:           Tue 01 Oct 2024 22:07:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204487
IP address blocks:        95.164.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:4a:1f:59:b4:9a:ab:1b:00:08:d4:ef:0a:28:0f:86:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Oct  1 22:07:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aac827056388fe5dda21e9ce35bf0b0283a9ae37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:12:a9:0d:df:4c:78:d2:d8:ed:ba:53:aa:83:
                    6e:8d:df:df:1c:72:8a:8e:ee:26:32:13:f6:e7:21:
                    9b:0c:6f:f9:7e:a0:35:e0:67:ba:83:c9:67:37:8d:
                    05:6e:8a:a0:5d:2d:57:99:e8:13:f6:0c:03:fb:30:
                    a0:39:de:e2:b4:6b:2f:66:f2:7d:55:e4:3b:10:54:
                    9f:65:d5:40:d7:7c:2b:bb:61:b2:70:f9:70:ad:77:
                    51:af:0e:c8:15:fd:d1:81:3b:9d:34:2e:7f:c1:07:
                    87:8c:07:87:ae:c1:88:15:12:43:6b:a9:bb:4e:e4:
                    39:64:15:c8:43:a6:3e:7a:0d:74:c9:85:a6:94:99:
                    08:5c:91:57:7e:22:3a:72:2c:c6:42:67:71:f5:ae:
                    00:c4:ac:8a:52:5b:3b:39:5c:d0:8e:c9:9e:d4:f0:
                    80:54:8a:9d:6b:e3:7b:3f:73:61:67:ad:b1:b2:0b:
                    e0:e2:90:71:c1:68:66:bb:17:35:e5:a8:17:6f:08:
                    c4:04:14:ad:a9:65:b8:fd:c9:bc:ad:3e:53:57:4d:
                    6a:db:ce:58:5e:e7:ac:cc:b5:85:d0:66:e0:33:7d:
                    35:4d:3c:8a:5a:8b:3d:78:01:7d:77:d6:89:66:7b:
                    8a:b5:07:b1:5d:47:4f:6f:0f:00:c2:5c:3b:8b:98:
                    6c:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:C8:27:05:63:88:FE:5D:DA:21:E9:CE:35:BF:0B:02:83:A9:AE:37
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/qsgnBWOI_l3aIenONb8LAoOprjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:f8:32:b5:9b:9f:54:38:43:16:3c:3f:a2:22:d7:4f:81:7f:
         ce:a0:16:b9:29:58:41:81:6d:7e:91:7c:ab:2d:2d:dc:65:9d:
         bf:c0:21:2b:b9:ff:bd:26:74:a2:f9:e3:62:c6:4a:86:31:13:
         54:a5:a5:2f:0a:1c:5f:49:da:70:7b:04:ce:e6:ba:d3:63:23:
         e2:cf:4e:0d:47:51:83:82:1a:4b:2d:ca:48:ff:49:20:c4:04:
         17:69:c7:99:95:22:11:51:3d:48:61:0c:0f:72:32:44:ba:92:
         58:6b:62:5d:75:8a:e4:d9:d7:69:2b:b3:7b:e1:2b:f3:93:41:
         af:c9:9b:28:e4:2d:cf:1f:b6:c7:9f:b0:7e:58:2a:e8:55:06:
         48:31:9b:95:73:63:cf:f4:79:4b:0e:e8:f4:ef:31:5a:42:d4:
         b1:12:df:47:a7:71:8d:f4:ec:44:10:71:a0:56:fb:0c:45:c2:
         0d:3d:a5:d2:c6:3e:23:13:3a:39:f5:30:9d:29:6f:d1:a5:44:
         23:9c:36:6a:06:a2:29:91:ac:53:81:7e:fc:bd:68:b4:df:40:
         f7:74:fb:fd:b1:77:6b:15:ce:c6:cd:70:aa:88:26:75:fe:90:
         5c:59:02:41:72:c7:99:46:72:7f:e5:48:66:06:32:c7:b6:e0:
         b1:39:13:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJKH1m0mqsbAAjU7wooD4YpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQxMDAxMjIwNzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWM4MjcwNTYzODhmZTVkZGEyMWU5Y2UzNWJmMGIwMjgzYTlhZTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxKpDd9MeNLY7bpTqoNujd/fHHKK
ju4mMhP25yGbDG/5fqA14Ge6g8lnN40FboqgXS1XmegT9gwD+zCgOd7itGsvZvJ9
VeQ7EFSfZdVA13wru2GycPlwrXdRrw7IFf3RgTudNC5/wQeHjAeHrsGIFRJDa6m7
TuQ5ZBXIQ6Y+eg10yYWmlJkIXJFXfiI6cizGQmdx9a4AxKyKUls7OVzQjsme1PCA
VIqda+N7P3NhZ62xsgvg4pBxwWhmuxc15agXbwjEBBStqWW4/cm8rT5TV01q285Y
XueszLWF0GbgM301TTyKWos9eAF9d9aJZnuKtQexXUdPbw8Awlw7i5hsxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKrIJwVjiP5d2iHpzjW/CwKDqa43MB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvcXNnbkJXT0lfbDNhSWVuT05iOExBb09wcmpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6ReMA0G
CSqGSIb3DQEBCwUAA4IBAQAT+DK1m59UOEMWPD+iItdPgX/OoBa5KVhBgW1+kXyr
LS3cZZ2/wCEruf+9JnSi+eNixkqGMRNUpaUvChxfSdpwewTO5rrTYyPiz04NR1GD
ghpLLcpI/0kgxAQXaceZlSIRUT1IYQwPcjJEupJYa2JddYrk2ddpK7N74Svzk0Gv
yZso5C3PH7bHn7B+WCroVQZIMZuVc2PP9HlLDuj07zFaQtSxEt9Hp3GN9OxEEHGg
VvsMRcINPaXSxj4jEzo59TCdKW/RpUQjnDZqBqIpkaxTgX78vWi030D3dPv9sXdr
Fc7GzXCqiCZ1/pBcWQJBcseZRnJ/5UhmBjLHtuCxORNr
-----END CERTIFICATE-----