Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/6d67rMtr4GuH1dvCJNjz5D7iXoo.roa
File:                     6d67rMtr4GuH1dvCJNjz5D7iXoo.roa (raw, json)
Hash identifier:          Pmk+Kfc5Rha3OaHR73ki2JxS/B/Xtt3nCaF6HyQJZpA=
Subject key identifier:   E9:DE:BB:AC:CB:6B:E0:6B:87:D5:DB:C2:24:D8:F3:E4:3E:E2:5E:8A
Certificate issuer:       /CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
Certificate serial:       01926F4602971B513B17268E33CC25C638F5
Authority key identifier: 36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/6d67rMtr4GuH1dvCJNjz5D7iXoo.roa
Signing time:             Wed 09 Oct 2024 03:15:12 +0000
ROA not before:           Wed 09 Oct 2024 03:15:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41717
IP address blocks:        95.181.154.0/24 maxlen: 24
                          95.181.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:6f:46:02:97:1b:51:3b:17:26:8e:33:cc:25:c6:38:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
        Validity
            Not Before: Oct  9 03:15:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9debbaccb6be06b87d5dbc224d8f3e43ee25e8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:9a:23:7c:a6:08:89:77:f9:d9:b7:4f:19:bd:
                    35:a3:a8:f0:b4:a9:78:d1:03:02:cc:4b:fd:23:a1:
                    2c:56:5f:db:4a:2d:d3:c8:0b:36:16:70:cf:10:09:
                    f2:30:44:7a:cc:d8:f9:22:d3:9a:e9:c4:b9:29:80:
                    20:04:ba:e6:44:d1:89:ae:76:39:02:24:b2:4f:63:
                    64:d8:0d:cc:c7:fa:35:88:94:4c:b5:c7:d9:af:2d:
                    9d:e4:b0:62:79:72:83:a4:5b:60:7f:06:5e:60:18:
                    ff:4e:ca:24:34:8a:1f:1f:41:aa:ac:fb:44:d3:71:
                    85:dd:26:f9:d3:8b:ef:b5:4b:df:a3:96:60:43:a5:
                    d7:6a:d5:be:69:c9:47:1b:86:d8:b9:87:7f:b1:55:
                    4e:0f:38:22:5d:c5:88:1e:d4:19:74:58:f2:38:64:
                    01:5d:1f:38:e9:d7:52:f1:83:32:53:47:39:c2:34:
                    e5:a7:f8:a9:29:bb:dd:23:46:14:ce:f2:82:e4:58:
                    11:a9:01:e0:e2:a8:57:0e:fb:93:d9:03:18:74:51:
                    73:79:06:33:76:85:ff:2e:62:ec:8e:e3:7c:80:b3:
                    10:18:f2:69:01:60:4d:32:73:27:a8:24:c9:03:85:
                    9c:f3:68:b4:29:dc:74:ec:1c:a9:b4:04:da:8f:c7:
                    6c:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:DE:BB:AC:CB:6B:E0:6B:87:D5:DB:C2:24:D8:F3:E4:3E:E2:5E:8A
            X509v3 Authority Key Identifier:
                keyid:36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/6d67rMtr4GuH1dvCJNjz5D7iXoo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.181.154.0/24
                  95.181.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:13:d6:ec:ad:9d:8e:08:fc:e0:77:24:89:c0:a6:f0:75:cb:
         af:8f:e7:09:99:34:bd:be:88:14:d3:5c:58:b7:68:04:23:1b:
         4c:c9:2f:82:cb:a2:9b:b6:7d:4b:dc:fd:57:2e:d0:84:b6:dd:
         ab:d2:79:45:2b:bf:5b:f5:87:4c:28:7f:7a:96:1c:00:ae:9e:
         2b:e5:04:46:69:18:e3:32:8d:88:c8:65:e3:59:6f:4a:cb:3b:
         b9:f1:6b:d2:31:00:dc:34:15:6b:1b:83:b7:34:60:e9:ae:d6:
         f1:7b:a8:51:92:53:e7:5d:37:14:26:bc:9d:4a:bd:da:28:cf:
         fd:a2:6a:5d:ad:c9:21:f9:c5:00:59:c7:8a:ee:e7:95:4f:70:
         04:11:d7:4d:b5:e4:de:ff:d3:64:a7:fa:0a:1a:d1:32:65:41:
         85:c4:30:fb:bc:07:a3:f7:a6:f3:82:8f:88:5d:1f:61:c9:5d:
         6d:dc:19:16:b9:2c:e9:ca:df:6c:85:dd:61:30:86:78:35:a8:
         5a:c4:7f:2b:39:d7:d5:dc:b6:36:05:6f:85:bb:c7:43:5d:50:
         90:2d:8d:49:bd:77:4a:1a:e5:24:a7:48:0d:d8:2a:a0:dc:a9:
         4a:20:42:39:ea:de:b2:de:52:50:8c:9c:c2:1e:b3:2c:aa:d7:
         f3:89:59:f5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZJvRgKXG1E7FyaOM8wlxjj1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2Mzc2OWY4NjQ0YTVhNzE4YWU2MmIwNThkZDFmYjYyY2I1
YTNjMjAwHhcNMjQxMDA5MDMxNTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWRlYmJhY2NiNmJlMDZiODdkNWRiYzIyNGQ4ZjNlNDNlZTI1ZThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5ojfKYIiXf52bdPGb01o6jwtKl4
0QMCzEv9I6EsVl/bSi3TyAs2FnDPEAnyMER6zNj5ItOa6cS5KYAgBLrmRNGJrnY5
AiSyT2Nk2A3Mx/o1iJRMtcfZry2d5LBieXKDpFtgfwZeYBj/TsokNIofH0GqrPtE
03GF3Sb504vvtUvfo5ZgQ6XXatW+aclHG4bYuYd/sVVODzgiXcWIHtQZdFjyOGQB
XR846ddS8YMyU0c5wjTlp/ipKbvdI0YUzvKC5FgRqQHg4qhXDvuT2QMYdFFzeQYz
doX/LmLsjuN8gLMQGPJpAWBNMnMnqCTJA4Wc82i0Kdx07ByptATaj8dspQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOneu6zLa+Brh9XbwiTY8+Q+4l6KMB8GA1UdIwQY
MBaAFDY3afhkSlpxiuYrBY3R+2LLWjwgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYt
Mzk5ZmM5NjkzYjIyLzEvNmQ2N3JNdHI0R3VIMWR2Q0pOano1RDdpWG9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYtMzk5ZmM5NjkzYjIy
LzEvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX7WaAwQA
X7WiMA0GCSqGSIb3DQEBCwUAA4IBAQBJE9bsrZ2OCPzgdySJwKbwdcuvj+cJmTS9
vogU01xYt2gEIxtMyS+Cy6Kbtn1L3P1XLtCEtt2r0nlFK79b9YdMKH96lhwArp4r
5QRGaRjjMo2IyGXjWW9Kyzu58WvSMQDcNBVrG4O3NGDprtbxe6hRklPnXTcUJryd
Sr3aKM/9ompdrckh+cUAWceK7ueVT3AEEddNteTe/9Nkp/oKGtEyZUGFxDD7vAej
96bzgo+IXR9hyV1t3BkWuSzpyt9shd1hMIZ4NahaxH8rOdfV3LY2BW+Fu8dDXVCQ
LY1JvXdKGuUkp0gN2Cqg3KlKIEI56t6y3lJQjJzCHrMsqtfziVn1
-----END CERTIFICATE-----