Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/f04a57-5ee9-4b6a-9da2-bd9a3b55f125/1/O6XxnBxdjAHrB6cqnybF-q5zhEI.roa
File:                     O6XxnBxdjAHrB6cqnybF-q5zhEI.roa (raw, json)
Hash identifier:          I3o5BuOlE43DLGmjrJZTKVLwzcox6qkRQGzuUzhTBPQ=
Subject key identifier:   3B:A5:F1:9C:1C:5D:8C:01:EB:07:A7:2A:9F:26:C5:FA:AE:73:84:42
Certificate issuer:       /CN=558dcc5d7e6887c941ae3b28ce3cbf2fb4f20603
Certificate serial:       0194206855D8402A423E3C7C6D2C8C55A9D6
Authority key identifier: 55:8D:CC:5D:7E:68:87:C9:41:AE:3B:28:CE:3C:BF:2F:B4:F2:06:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VY3MXX5oh8lBrjsozjy_L7TyBgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/f04a57-5ee9-4b6a-9da2-bd9a3b55f125/1/O6XxnBxdjAHrB6cqnybF-q5zhEI.roa
Signing time:             Wed 01 Jan 2025 05:48:16 +0000
ROA not before:           Wed 01 Jan 2025 05:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209681
IP address blocks:        95.214.68.0/22 maxlen: 24
                          2a09:d980::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/f04a57-5ee9-4b6a-9da2-bd9a3b55f125/1/VY3MXX5oh8lBrjsozjy_L7TyBgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/f04a57-5ee9-4b6a-9da2-bd9a3b55f125/1/VY3MXX5oh8lBrjsozjy_L7TyBgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VY3MXX5oh8lBrjsozjy_L7TyBgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:55:d8:40:2a:42:3e:3c:7c:6d:2c:8c:55:a9:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=558dcc5d7e6887c941ae3b28ce3cbf2fb4f20603
        Validity
            Not Before: Jan  1 05:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ba5f19c1c5d8c01eb07a72a9f26c5faae738442
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a9:7e:1c:75:46:1a:d6:35:21:9e:70:2c:2b:
                    4e:18:5a:de:23:72:77:e4:1c:da:d4:39:de:8a:7b:
                    c9:cf:0a:ad:57:e9:88:eb:25:4b:fe:76:d0:28:79:
                    2f:02:ca:b9:2c:f5:5c:b3:78:ba:c4:6b:16:b2:b8:
                    9e:ef:1b:7a:cf:f4:13:8f:73:87:28:25:da:79:cd:
                    9f:d0:ec:38:76:6b:aa:9c:ac:08:bc:32:5d:3e:b5:
                    a7:48:cb:ee:c3:74:92:eb:04:e0:5e:3e:f5:60:d9:
                    0b:3d:36:ae:bd:6f:12:de:dd:a2:28:c7:45:ba:bd:
                    4e:6a:1a:d4:3e:76:ae:89:31:f6:a9:72:8b:09:d7:
                    b8:81:03:b4:0b:c1:1f:d7:b9:28:22:b0:dd:49:c2:
                    86:b4:32:f4:32:d6:eb:90:82:91:e8:3b:f1:0e:24:
                    58:36:c1:a9:c9:c2:76:34:6f:86:aa:4e:9a:4a:f3:
                    36:bb:0f:3d:7a:d8:f1:f0:e4:f8:08:ca:c0:65:38:
                    ae:16:2f:ed:1a:4e:6d:5f:84:8a:e2:76:02:4c:4e:
                    49:98:e5:10:62:72:32:65:55:97:c0:1b:d2:5b:c5:
                    24:e2:53:67:46:f8:55:44:95:34:cc:a5:2f:bc:a5:
                    e0:49:77:ca:b0:89:0f:5e:26:5f:d5:9e:a3:41:4f:
                    af:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:A5:F1:9C:1C:5D:8C:01:EB:07:A7:2A:9F:26:C5:FA:AE:73:84:42
            X509v3 Authority Key Identifier:
                keyid:55:8D:CC:5D:7E:68:87:C9:41:AE:3B:28:CE:3C:BF:2F:B4:F2:06:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VY3MXX5oh8lBrjsozjy_L7TyBgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/f04a57-5ee9-4b6a-9da2-bd9a3b55f125/1/O6XxnBxdjAHrB6cqnybF-q5zhEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/f04a57-5ee9-4b6a-9da2-bd9a3b55f125/1/VY3MXX5oh8lBrjsozjy_L7TyBgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.214.68.0/22
                IPv6:
                  2a09:d980::/29

    Signature Algorithm: sha256WithRSAEncryption
         86:52:08:7e:80:5a:20:0c:2d:32:10:58:28:73:17:e2:95:c6:
         92:4f:26:75:e5:e3:d9:ea:db:b6:38:ff:20:81:87:b9:8d:8d:
         f6:23:9a:7f:70:4e:0b:29:8a:14:e6:54:39:6b:a8:94:e5:79:
         17:c8:76:a5:c8:3d:27:2d:b0:49:9f:78:24:94:af:a6:52:b4:
         30:05:0a:62:d2:7a:72:f8:68:d4:5d:bb:f7:4f:85:db:10:b0:
         ae:b0:26:1b:26:0e:0e:4b:ff:ec:ae:d4:ff:72:65:56:df:7c:
         30:ab:f7:31:fb:44:b8:fa:af:18:4b:cf:9f:ab:38:df:23:88:
         fc:f2:f9:ce:7f:ac:5a:ef:6f:60:30:fd:b3:b1:eb:7d:db:48:
         76:8b:c9:e1:d7:b4:54:34:cc:30:a0:ec:5d:9f:3d:0a:bf:2d:
         1f:94:b2:3e:10:93:d9:d0:3c:d9:0a:1b:6f:f3:b3:e2:84:e5:
         71:87:1b:6e:4d:d4:96:97:a3:f8:a0:8d:8a:26:e1:ed:80:8b:
         76:fd:4d:95:ae:ee:86:7e:3e:6b:57:f8:c6:fd:61:cf:ef:70:
         05:2d:62:50:99:a9:b6:a3:04:ac:f9:53:ca:c8:3f:03:3d:49:
         c0:3a:13:22:77:a0:7e:eb:06:5c:96:3c:6f:25:dc:ad:12:c8:
         eb:82:40:5e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgaFXYQCpCPjx8bSyMVanWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1OGRjYzVkN2U2ODg3Yzk0MWFlM2IyOGNlM2NiZjJmYjRm
MjA2MDMwHhcNMjUwMTAxMDU0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmE1ZjE5YzFjNWQ4YzAxZWIwN2E3MmE5ZjI2YzVmYWFlNzM4NDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAual+HHVGGtY1IZ5wLCtOGFreI3J3
5Bza1DneinvJzwqtV+mI6yVL/nbQKHkvAsq5LPVcs3i6xGsWsrie7xt6z/QTj3OH
KCXaec2f0Ow4dmuqnKwIvDJdPrWnSMvuw3SS6wTgXj71YNkLPTauvW8S3t2iKMdF
ur1OahrUPnauiTH2qXKLCde4gQO0C8Ef17koIrDdScKGtDL0MtbrkIKR6DvxDiRY
NsGpycJ2NG+Gqk6aSvM2uw89etjx8OT4CMrAZTiuFi/tGk5tX4SK4nYCTE5JmOUQ
YnIyZVWXwBvSW8Uk4lNnRvhVRJU0zKUvvKXgSXfKsIkPXiZf1Z6jQU+vMwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDul8ZwcXYwB6wenKp8mxfquc4RCMB8GA1UdIwQY
MBaAFFWNzF1+aIfJQa47KM48vy+08gYDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlkzTVhYNW9oOGxCcmpzb3pqeV9MN1R5QmdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9mMDRhNTctNWVlOS00YjZhLTlkYTIt
YmQ5YTNiNTVmMTI1LzEvTzZYeG5CeGRqQUhyQjZjcW55YkYtcTV6aEVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9mMDRhNTctNWVlOS00YjZhLTlkYTItYmQ5YTNiNTVmMTI1
LzEvVlkzTVhYNW9oOGxCcmpzb3pqeV9MN1R5QmdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCX9ZEMA0E
AgACMAcDBQMqCdmAMA0GCSqGSIb3DQEBCwUAA4IBAQCGUgh+gFogDC0yEFgocxfi
lcaSTyZ15ePZ6tu2OP8ggYe5jY32I5p/cE4LKYoU5lQ5a6iU5XkXyHalyD0nLbBJ
n3gklK+mUrQwBQpi0npy+GjUXbv3T4XbELCusCYbJg4OS//srtT/cmVW33wwq/cx
+0S4+q8YS8+fqzjfI4j88vnOf6xa729gMP2zset920h2i8nh17RUNMwwoOxdnz0K
vy0flLI+EJPZ0DzZChtv87PihOVxhxtuTdSWl6P4oI2KJuHtgIt2/U2Vru6Gfj5r
V/jG/WHP73AFLWJQmam2owSs+VPKyD8DPUnAOhMid6B+6wZcljxvJdytEsjrgkBe
-----END CERTIFICATE-----