Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/KXPczm1nS64dvcv4u7CYJ1l5AHI.roa
File:                     KXPczm1nS64dvcv4u7CYJ1l5AHI.roa (raw, json)
Hash identifier:          IT1fLQDPUweWTezSJLi2UFJ5fUaIjncEdmdwkryAQWo=
Subject key identifier:   29:73:DC:CE:6D:67:4B:AE:1D:BD:CB:F8:BB:B0:98:27:59:79:00:72
Certificate issuer:       /CN=3ad734cf90c773428806b968209515b914831a9d
Certificate serial:       0195A3A27CB0CC0F957508FDAD0BD38A63C9
Authority key identifier: 3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/KXPczm1nS64dvcv4u7CYJ1l5AHI.roa
Signing time:             Mon 17 Mar 2025 10:24:49 +0000
ROA not before:           Mon 17 Mar 2025 10:24:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        188.95.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a3:a2:7c:b0:cc:0f:95:75:08:fd:ad:0b:d3:8a:63:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ad734cf90c773428806b968209515b914831a9d
        Validity
            Not Before: Mar 17 10:24:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2973dcce6d674bae1dbdcbf8bbb0982759790072
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:76:95:83:8b:b0:a8:92:b0:77:63:99:7f:ec:
                    4f:94:bd:90:87:9f:72:67:07:53:6a:70:bf:8e:13:
                    60:0c:5e:34:75:08:59:12:43:2c:98:a6:65:03:ef:
                    8a:d1:94:d9:3a:b6:6e:bd:52:de:ae:92:fa:bc:3f:
                    de:8a:39:60:cb:04:23:87:bb:06:d2:7a:88:00:39:
                    dd:76:02:12:4e:17:7d:a5:77:1e:9e:ea:aa:78:3f:
                    47:ee:91:b6:1a:3a:8e:64:98:28:17:e4:0a:33:46:
                    76:90:0d:15:18:fe:a3:fa:57:ce:7d:6d:2d:a6:39:
                    35:4f:d1:c4:7b:2a:a6:19:6c:65:e9:13:40:72:58:
                    19:28:ed:ed:68:4c:0b:ae:6b:0d:50:ed:b7:ff:e9:
                    2f:b2:54:0b:af:b2:d3:e0:3f:fa:a0:87:26:69:ac:
                    fc:89:c5:d4:85:f2:9f:b3:40:1a:f6:1f:6c:93:4a:
                    d9:7c:93:db:d4:ce:a5:d4:52:6d:b3:e1:2e:b1:f2:
                    51:e1:74:dd:ec:01:04:04:52:69:cd:e2:cb:c3:85:
                    55:c5:db:44:7f:0a:52:9b:e3:d3:8d:eb:b1:9a:5e:
                    63:14:f6:78:40:4e:bb:23:9d:29:f7:ff:eb:d5:46:
                    3a:7c:ea:b5:cf:20:d4:eb:cb:60:88:51:df:0a:ce:
                    58:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:73:DC:CE:6D:67:4B:AE:1D:BD:CB:F8:BB:B0:98:27:59:79:00:72
            X509v3 Authority Key Identifier:
                keyid:3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/KXPczm1nS64dvcv4u7CYJ1l5AHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.95.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:cc:69:49:dc:a4:36:b0:c0:56:10:09:e3:42:b5:8e:18:df:
         e5:5d:ca:ff:c3:be:89:a2:40:92:2a:fb:14:0c:b8:fe:85:8a:
         0b:ce:6e:03:21:0b:92:28:5c:43:7c:d3:36:90:5f:e2:01:61:
         02:21:e0:f4:9c:23:86:26:c1:ef:0a:ae:c7:5e:0b:28:6d:29:
         4b:27:1a:7d:b4:5b:ab:20:5e:a0:4e:ba:df:f9:43:e0:49:4a:
         99:4d:e3:a7:45:94:38:96:a6:d0:dd:8a:3b:68:72:c4:97:b7:
         a6:41:0f:7c:60:4e:5a:5a:51:ca:98:2c:0b:54:7a:a2:95:e4:
         bc:96:7d:ae:7c:e8:fd:30:bb:9f:ca:6e:1e:51:87:7d:5f:4b:
         1e:76:28:1c:03:f3:b9:1a:d4:9b:29:74:3a:a4:cb:af:df:60:
         fb:4e:fa:9d:fe:00:ee:2f:2e:b3:b8:e3:d7:02:92:c4:5b:13:
         d3:c6:15:b5:be:0e:48:d7:86:be:47:2d:04:a7:8b:af:85:79:
         07:f7:e5:e6:05:06:8f:a3:6f:29:81:ce:6c:5f:1a:3d:ff:6d:
         f7:7c:8e:7c:03:6c:68:fb:b4:e7:b4:62:fa:eb:f8:c2:a4:21:
         f6:35:6a:9f:ee:a9:19:7c:e4:ce:c5:20:1f:36:cd:38:c8:93:
         c6:f5:6c:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWjonywzA+VdQj9rQvTimPJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZDczNGNmOTBjNzczNDI4ODA2Yjk2ODIwOTUxNWI5MTQ4
MzFhOWQwHhcNMjUwMzE3MTAyNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTczZGNjZTZkNjc0YmFlMWRiZGNiZjhiYmIwOTgyNzU5NzkwMDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3aVg4uwqJKwd2OZf+xPlL2Qh59y
ZwdTanC/jhNgDF40dQhZEkMsmKZlA++K0ZTZOrZuvVLerpL6vD/eijlgywQjh7sG
0nqIADnddgISThd9pXcenuqqeD9H7pG2GjqOZJgoF+QKM0Z2kA0VGP6j+lfOfW0t
pjk1T9HEeyqmGWxl6RNAclgZKO3taEwLrmsNUO23/+kvslQLr7LT4D/6oIcmaaz8
icXUhfKfs0Aa9h9sk0rZfJPb1M6l1FJts+EusfJR4XTd7AEEBFJpzeLLw4VVxdtE
fwpSm+PTjeuxml5jFPZ4QE67I50p9//r1UY6fOq1zyDU68tgiFHfCs5YNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFClz3M5tZ0uuHb3L+LuwmCdZeQByMB8GA1UdIwQY
MBaAFDrXNM+Qx3NCiAa5aCCVFbkUgxqdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMt
NzZhMWQ0ZDgzMTk3LzEvS1hQY3ptMW5TNjRkdmN2NHU3Q1lKMWw1QUhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMtNzZhMWQ0ZDgzMTk3
LzEvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvF9FMA0G
CSqGSIb3DQEBCwUAA4IBAQBlzGlJ3KQ2sMBWEAnjQrWOGN/lXcr/w76JokCSKvsU
DLj+hYoLzm4DIQuSKFxDfNM2kF/iAWECIeD0nCOGJsHvCq7HXgsobSlLJxp9tFur
IF6gTrrf+UPgSUqZTeOnRZQ4lqbQ3Yo7aHLEl7emQQ98YE5aWlHKmCwLVHqileS8
ln2ufOj9MLufym4eUYd9X0sedigcA/O5GtSbKXQ6pMuv32D7Tvqd/gDuLy6zuOPX
ApLEWxPTxhW1vg5I14a+Ry0Ep4uvhXkH9+XmBQaPo28pgc5sXxo9/233fI58A2xo
+7TntGL66/jCpCH2NWqf7qkZfOTOxSAfNs04yJPG9Wwz
-----END CERTIFICATE-----