Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/pVY_FGIDhlEf6vs7MShMAVBNlQk.roa
File:                     pVY_FGIDhlEf6vs7MShMAVBNlQk.roa (raw, json)
Hash identifier:          36C0/NjrkK4EvhEr+5+ZgIKhG5JQMFDTmhg9XNYss9Q=
Subject key identifier:   A5:56:3F:14:62:03:86:51:1F:EA:FB:3B:31:28:4C:01:50:4D:95:09
Certificate issuer:       /CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
Certificate serial:       019421B20DC8E20DE8B7CC88E03A90A79C1F
Authority key identifier: 36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/pVY_FGIDhlEf6vs7MShMAVBNlQk.roa
Signing time:             Wed 01 Jan 2025 11:48:24 +0000
ROA not before:           Wed 01 Jan 2025 11:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215897
IP address blocks:        95.181.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:0d:c8:e2:0d:e8:b7:cc:88:e0:3a:90:a7:9c:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
        Validity
            Not Before: Jan  1 11:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a5563f14620386511feafb3b31284c01504d9509
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:37:60:a6:54:de:e4:04:58:9e:bc:c4:64:b4:
                    a0:e2:4d:34:e4:9a:9a:e9:bf:ad:2a:34:b2:61:8d:
                    ba:78:66:43:57:69:7f:f1:f3:a2:e7:d6:95:46:d1:
                    49:b7:fa:31:de:5b:da:ff:69:51:46:43:b0:20:c9:
                    9e:a6:07:26:01:99:aa:e8:53:4d:37:f1:d7:59:6a:
                    75:3a:69:26:ea:f6:48:e0:fc:ad:9f:f3:2c:af:d4:
                    e6:b6:cd:86:e2:f2:5a:28:f8:9d:00:5a:81:bb:cb:
                    af:68:d4:a1:40:b5:ab:3f:07:7f:d4:c6:9d:57:73:
                    3c:90:28:8d:d1:7c:5c:12:35:38:d2:76:25:c1:af:
                    44:2d:48:9b:95:26:1e:35:79:4a:e1:07:45:3c:3d:
                    f5:51:d3:ef:87:d0:a9:4e:59:5a:d3:a5:bc:c5:69:
                    04:aa:3a:4b:af:34:3a:7a:a7:18:88:62:5b:41:14:
                    a0:84:bb:7c:b6:e9:fb:ce:4e:ea:8f:0c:e4:77:a5:
                    1f:91:83:60:5f:74:da:78:3b:f4:24:2f:df:fe:b1:
                    72:ea:cb:2e:18:ad:be:63:7a:47:cc:c4:d0:bd:22:
                    d6:9a:da:40:84:4e:07:dd:bf:d9:6e:71:9a:3b:8e:
                    e8:0b:bc:7e:8b:f5:df:16:71:6a:ea:5a:55:ff:0a:
                    45:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:56:3F:14:62:03:86:51:1F:EA:FB:3B:31:28:4C:01:50:4D:95:09
            X509v3 Authority Key Identifier:
                keyid:36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/pVY_FGIDhlEf6vs7MShMAVBNlQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.181.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:34:09:5d:36:15:38:fc:87:69:ec:f7:1f:33:bc:d5:2a:ba:
         d7:f6:59:64:cc:40:35:32:60:ae:9b:7b:c9:fc:75:68:e2:57:
         91:b5:08:34:ec:13:82:9c:f5:9f:c4:9c:3d:5e:2f:fe:f6:f0:
         b7:8e:f0:db:ab:0f:62:cb:80:65:fb:ad:6f:0d:05:1b:09:4f:
         59:df:3e:1a:e4:02:04:c1:c6:c7:f6:36:bc:d6:fb:99:18:59:
         62:27:62:64:35:1a:05:64:a3:bc:86:e7:1d:91:55:01:f7:71:
         d3:97:90:fa:df:1c:18:0d:b9:36:79:a7:72:c5:16:01:bb:84:
         e5:1a:fd:85:23:9b:18:c6:6e:09:a6:8f:6e:d9:67:bc:2b:7d:
         cc:c2:53:b3:0e:38:a5:68:a8:de:9d:bc:f6:90:a4:c1:8e:92:
         eb:29:67:34:64:f2:28:9a:3a:c7:7c:67:e6:cd:80:d1:ab:06:
         5a:b8:7d:26:d8:a2:5f:3b:22:4a:46:7e:4a:a8:a9:16:9f:1e:
         f7:f0:f8:0f:f6:6b:2e:b6:20:c1:e4:f7:b5:3e:68:5e:ae:45:
         f6:37:14:e0:93:d8:4c:de:87:42:87:35:dd:55:cb:f4:18:d6:
         eb:48:16:b5:2f:6a:ff:a6:36:fa:8c:ab:f4:82:fb:d5:d1:21:
         6b:ca:55:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsg3I4g3ot8yI4DqQp5wfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2Mzc2OWY4NjQ0YTVhNzE4YWU2MmIwNThkZDFmYjYyY2I1
YTNjMjAwHhcNMjUwMTAxMTE0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTU2M2YxNDYyMDM4NjUxMWZlYWZiM2IzMTI4NGMwMTUwNGQ5NTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzdgplTe5ARYnrzEZLSg4k005Jqa
6b+tKjSyYY26eGZDV2l/8fOi59aVRtFJt/ox3lva/2lRRkOwIMmepgcmAZmq6FNN
N/HXWWp1Omkm6vZI4Pytn/Msr9Tmts2G4vJaKPidAFqBu8uvaNShQLWrPwd/1Mad
V3M8kCiN0XxcEjU40nYlwa9ELUiblSYeNXlK4QdFPD31UdPvh9CpTlla06W8xWkE
qjpLrzQ6eqcYiGJbQRSghLt8tun7zk7qjwzkd6UfkYNgX3TaeDv0JC/f/rFy6ssu
GK2+Y3pHzMTQvSLWmtpAhE4H3b/ZbnGaO47oC7x+i/XfFnFq6lpV/wpFKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKVWPxRiA4ZRH+r7OzEoTAFQTZUJMB8GA1UdIwQY
MBaAFDY3afhkSlpxiuYrBY3R+2LLWjwgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYt
Mzk5ZmM5NjkzYjIyLzEvcFZZX0ZHSURobEVmNnZzN01TaE1BVkJObFFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYtMzk5ZmM5NjkzYjIy
LzEvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX7WWMA0G
CSqGSIb3DQEBCwUAA4IBAQAcNAldNhU4/Idp7PcfM7zVKrrX9llkzEA1MmCum3vJ
/HVo4leRtQg07BOCnPWfxJw9Xi/+9vC3jvDbqw9iy4Bl+61vDQUbCU9Z3z4a5AIE
wcbH9ja81vuZGFliJ2JkNRoFZKO8hucdkVUB93HTl5D63xwYDbk2eadyxRYBu4Tl
Gv2FI5sYxm4Jpo9u2We8K33MwlOzDjilaKjenbz2kKTBjpLrKWc0ZPIomjrHfGfm
zYDRqwZauH0m2KJfOyJKRn5KqKkWnx738PgP9msutiDB5Pe1PmherkX2NxTgk9hM
3odChzXdVcv0GNbrSBa1L2r/pjb6jKv0gvvV0SFrylVI
-----END CERTIFICATE-----