Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/9_VTzPNMtq6bRoN_2gQPbFirB_4.roa
File:                     9_VTzPNMtq6bRoN_2gQPbFirB_4.roa (raw, json)
Hash identifier:          GFcx39JAffdglXqipIFTeQRGB4wpQ89alaTRPqJNkCk=
Subject key identifier:   F7:F5:53:CC:F3:4C:B6:AE:9B:46:83:7F:DA:04:0F:6C:58:AB:07:FE
Certificate issuer:       /CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
Certificate serial:       019421B20856E6C248A16133E5219EC3DBC1
Authority key identifier: 36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/9_VTzPNMtq6bRoN_2gQPbFirB_4.roa
Signing time:             Wed 01 Jan 2025 11:48:23 +0000
ROA not before:           Wed 01 Jan 2025 11:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41717
IP address blocks:        95.181.154.0/24 maxlen: 24
                          95.181.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:08:56:e6:c2:48:a1:61:33:e5:21:9e:c3:db:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
        Validity
            Not Before: Jan  1 11:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f7f553ccf34cb6ae9b46837fda040f6c58ab07fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:41:66:5b:d3:f0:3d:0a:25:22:33:7c:89:7a:
                    2f:0f:da:17:b1:0e:dd:71:50:95:be:b5:59:5e:48:
                    02:0f:6c:5a:c8:7c:5d:22:01:1e:d8:53:7f:e3:65:
                    e6:8c:86:c7:b2:51:3e:9c:5d:dd:2f:ce:af:9b:05:
                    ce:c2:69:1b:c8:f2:15:36:de:ef:08:c9:ea:22:22:
                    55:b9:a5:0c:40:a1:7e:3a:5e:29:aa:84:0b:5a:30:
                    31:aa:33:72:76:af:0c:4b:93:ab:b7:d3:b5:2e:58:
                    dd:82:9a:54:98:87:8d:0a:7b:9b:10:ad:3e:69:01:
                    9a:ae:db:f0:31:86:76:a3:83:fa:29:dc:13:b7:5f:
                    71:f2:e7:b3:53:b1:7d:96:0b:31:86:3f:ff:f0:4a:
                    41:bf:e9:77:91:e1:66:dc:4b:38:a8:fb:ec:31:9f:
                    9b:00:db:40:d9:56:0a:6d:fc:bc:92:c7:e3:4c:9a:
                    29:9d:cc:b5:89:88:4e:f3:8e:d6:70:7b:9c:80:92:
                    55:10:bc:fb:5b:75:39:c7:bb:44:cd:08:3d:66:04:
                    2e:9d:d7:84:a6:67:1b:04:b9:78:d3:f7:94:24:35:
                    4e:de:0c:53:a1:1d:84:85:79:fc:3b:aa:f4:c1:bd:
                    71:48:27:d9:22:49:a9:d6:ae:78:d6:f3:6e:34:bc:
                    7a:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:F5:53:CC:F3:4C:B6:AE:9B:46:83:7F:DA:04:0F:6C:58:AB:07:FE
            X509v3 Authority Key Identifier:
                keyid:36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/9_VTzPNMtq6bRoN_2gQPbFirB_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.181.154.0/24
                  95.181.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:4f:2f:7b:44:97:20:0b:27:ef:b5:d9:91:1c:0c:14:ad:b5:
         df:1f:a1:4e:35:c1:80:2e:25:d2:a9:cc:e6:2c:9b:eb:62:da:
         3e:58:a2:0e:e4:58:34:f2:26:a0:96:fc:82:b5:36:0a:a1:81:
         e8:6e:7e:a8:90:10:ca:35:4f:21:fc:5a:2d:98:0c:0c:75:b8:
         ae:bf:fa:c4:5c:06:3c:d3:7b:ff:10:e7:3e:0f:53:bc:de:73:
         c2:76:6a:45:07:be:18:85:98:43:d1:5d:2a:35:2d:5a:0f:da:
         ad:af:98:48:02:fd:03:98:d5:9d:34:b6:7a:86:be:1b:3c:3d:
         d4:73:32:70:fc:15:fe:89:53:41:d7:b5:39:7a:db:e0:81:e4:
         d3:44:8a:66:78:6c:dc:05:ea:5f:ae:b8:4f:5d:ec:68:91:6a:
         6d:82:fd:c2:b6:de:eb:9b:ff:4d:3a:2b:6b:49:7f:bc:ac:0c:
         07:26:c1:94:ae:96:ae:47:a9:30:2b:34:65:41:ac:08:2e:55:
         c7:da:7c:42:91:55:e6:fc:50:71:28:17:98:40:36:67:35:85:
         2e:ae:ab:a9:9d:ab:61:94:55:a3:9e:e7:ba:ae:29:4d:8b:84:
         e7:71:87:24:40:b5:d6:c8:ad:eb:4d:de:38:68:9c:e8:75:96:
         57:af:e7:49
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhsghW5sJIoWEz5SGew9vBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2Mzc2OWY4NjQ0YTVhNzE4YWU2MmIwNThkZDFmYjYyY2I1
YTNjMjAwHhcNMjUwMTAxMTE0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2Y1NTNjY2YzNGNiNmFlOWI0NjgzN2ZkYTA0MGY2YzU4YWIwN2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA80FmW9PwPQolIjN8iXovD9oXsQ7d
cVCVvrVZXkgCD2xayHxdIgEe2FN/42XmjIbHslE+nF3dL86vmwXOwmkbyPIVNt7v
CMnqIiJVuaUMQKF+Ol4pqoQLWjAxqjNydq8MS5Ort9O1LljdgppUmIeNCnubEK0+
aQGartvwMYZ2o4P6KdwTt19x8uezU7F9lgsxhj//8EpBv+l3keFm3Es4qPvsMZ+b
ANtA2VYKbfy8ksfjTJopncy1iYhO847WcHucgJJVELz7W3U5x7tEzQg9ZgQundeE
pmcbBLl40/eUJDVO3gxToR2EhXn8O6r0wb1xSCfZIkmp1q541vNuNLx6SwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPf1U8zzTLaum0aDf9oED2xYqwf+MB8GA1UdIwQY
MBaAFDY3afhkSlpxiuYrBY3R+2LLWjwgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYt
Mzk5ZmM5NjkzYjIyLzEvOV9WVHpQTk10cTZiUm9OXzJnUVBiRmlyQl80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYtMzk5ZmM5NjkzYjIy
LzEvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX7WaAwQA
X7WiMA0GCSqGSIb3DQEBCwUAA4IBAQBDTy97RJcgCyfvtdmRHAwUrbXfH6FONcGA
LiXSqczmLJvrYto+WKIO5Fg08iaglvyCtTYKoYHobn6okBDKNU8h/FotmAwMdbiu
v/rEXAY803v/EOc+D1O83nPCdmpFB74YhZhD0V0qNS1aD9qtr5hIAv0DmNWdNLZ6
hr4bPD3UczJw/BX+iVNB17U5etvggeTTRIpmeGzcBepfrrhPXexokWptgv3Ctt7r
m/9NOitrSX+8rAwHJsGUrpauR6kwKzRlQawILlXH2nxCkVXm/FBxKBeYQDZnNYUu
rqupnathlFWjnue6rilNi4TncYckQLXWyK3rTd44aJzodZZXr+dJ
-----END CERTIFICATE-----