Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/0466f8-330d-4ac9-ac18-920b52a9f6a5/1/95gvF9PQMIrb-BKphnns2uDXNiw.roa
File:                     95gvF9PQMIrb-BKphnns2uDXNiw.roa (raw, json)
Hash identifier:          MBJ0PohSRVPGJ57dBumqXOfbyvugttOgIAsIwTytItw=
Subject key identifier:   F7:98:2F:17:D3:D0:30:8A:DB:F8:12:A9:86:79:EC:DA:E0:D7:36:2C
Certificate issuer:       /CN=faa16909ca4da39935eab9af038b58a5233122b3
Certificate serial:       0194258ED59196B97E49E2D5DE47572F0DF1
Authority key identifier: FA:A1:69:09:CA:4D:A3:99:35:EA:B9:AF:03:8B:58:A5:23:31:22:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-qFpCcpNo5k16rmvA4tYpSMxIrM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/0466f8-330d-4ac9-ac18-920b52a9f6a5/1/95gvF9PQMIrb-BKphnns2uDXNiw.roa
Signing time:             Thu 02 Jan 2025 05:48:25 +0000
ROA not before:           Thu 02 Jan 2025 05:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2852
IP address blocks:        160.216.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/0466f8-330d-4ac9-ac18-920b52a9f6a5/1/1-qFpCcpNo5k16rmvA4tYpSMxIrM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/0466f8-330d-4ac9-ac18-920b52a9f6a5/1/1-qFpCcpNo5k16rmvA4tYpSMxIrM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-qFpCcpNo5k16rmvA4tYpSMxIrM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 09:59:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:d5:91:96:b9:7e:49:e2:d5:de:47:57:2f:0d:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=faa16909ca4da39935eab9af038b58a5233122b3
        Validity
            Not Before: Jan  2 05:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f7982f17d3d0308adbf812a98679ecdae0d7362c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:91:cd:48:9a:af:92:1b:ba:71:73:9c:9b:39:
                    a8:d9:59:50:81:73:6a:2e:1f:95:5d:3f:ee:57:05:
                    22:0e:c7:1c:c9:fa:f7:c4:77:07:8a:10:87:5d:55:
                    8c:90:a3:4f:11:24:6d:e7:e3:8d:e5:d3:3f:6f:ef:
                    d9:7d:1d:24:48:b4:25:f8:0a:37:c3:ba:0f:da:72:
                    27:a0:3a:0b:cb:c3:b4:e4:64:4a:6a:d6:b8:ab:bb:
                    1f:70:8f:70:b2:85:cf:0a:2e:45:88:3b:62:d3:bb:
                    1f:ad:2b:cb:ce:bb:ad:8b:1d:10:cf:a8:5a:ee:12:
                    2c:ad:cd:ae:ad:78:c7:f3:35:56:2c:32:a4:55:71:
                    80:37:28:da:d3:15:35:93:bb:41:57:66:19:e5:25:
                    00:8a:fb:69:1f:a9:43:ea:fe:ff:9e:3c:ef:e8:6e:
                    07:02:40:98:4a:85:c5:3b:1e:a8:18:75:11:7f:01:
                    69:18:cc:f7:54:b9:13:8c:d5:0a:4b:1c:e6:2e:2e:
                    d5:00:cb:6f:a6:8f:3e:89:76:9c:34:55:59:be:46:
                    a7:d7:95:cb:6e:67:69:08:ec:1a:71:0b:2b:bb:81:
                    a8:c5:7e:da:b9:75:11:ab:97:26:46:db:8a:e6:d5:
                    d6:33:e5:74:36:1f:f6:d5:24:12:f5:92:dd:1e:ad:
                    2e:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:98:2F:17:D3:D0:30:8A:DB:F8:12:A9:86:79:EC:DA:E0:D7:36:2C
            X509v3 Authority Key Identifier:
                keyid:FA:A1:69:09:CA:4D:A3:99:35:EA:B9:AF:03:8B:58:A5:23:31:22:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-qFpCcpNo5k16rmvA4tYpSMxIrM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/0466f8-330d-4ac9-ac18-920b52a9f6a5/1/95gvF9PQMIrb-BKphnns2uDXNiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/0466f8-330d-4ac9-ac18-920b52a9f6a5/1/1-qFpCcpNo5k16rmvA4tYpSMxIrM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.216.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         28:5c:8b:20:d5:90:d7:3e:b6:2a:36:19:65:10:18:01:40:8a:
         44:8e:bc:9f:4a:11:74:7d:28:b3:ce:b6:76:60:8e:7c:6d:0a:
         71:22:49:df:07:2e:e2:88:bd:81:37:ee:ba:cd:df:ba:82:1c:
         dc:88:9f:61:3d:64:ea:7c:3f:59:85:98:e1:7f:e7:b0:91:37:
         e6:f6:33:68:45:3b:c2:fb:8c:4a:38:87:b4:1c:e8:93:a0:63:
         c5:21:6b:32:39:96:18:eb:45:3d:a9:0d:fe:3e:1e:64:9f:e0:
         b6:b1:9a:6d:74:45:ac:fb:63:89:34:de:32:74:25:ee:6f:df:
         33:53:3d:c2:62:4e:4e:9f:d6:1d:f9:35:f5:0f:5e:85:98:7a:
         c1:85:04:01:c9:80:d1:dd:12:30:44:20:64:c4:7a:63:23:7c:
         3e:2e:f9:7e:59:23:86:35:af:a5:7e:85:c8:34:c4:c8:38:4a:
         b8:4d:0b:80:2a:2d:02:00:ca:f7:1b:7a:57:41:c9:8b:13:1b:
         d0:55:0b:f6:e2:1b:05:27:68:5c:8c:cb:8a:ed:2c:a5:c8:7e:
         41:1f:7b:cf:15:56:bb:fb:4c:65:76:ef:bb:91:9d:47:c7:24:
         e6:a5:ec:48:72:68:cc:fb:c2:09:96:35:b3:71:76:b9:13:be:
         ce:bb:3d:b9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQljtWRlrl+SeLV3kdXLw3xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhYTE2OTA5Y2E0ZGEzOTkzNWVhYjlhZjAzOGI1OGE1MjMz
MTIyYjMwHhcNMjUwMTAyMDU0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzk4MmYxN2QzZDAzMDhhZGJmODEyYTk4Njc5ZWNkYWUwZDczNjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZHNSJqvkhu6cXOcmzmo2VlQgXNq
Lh+VXT/uVwUiDsccyfr3xHcHihCHXVWMkKNPESRt5+ON5dM/b+/ZfR0kSLQl+Ao3
w7oP2nInoDoLy8O05GRKata4q7sfcI9wsoXPCi5FiDti07sfrSvLzrutix0Qz6ha
7hIsrc2urXjH8zVWLDKkVXGANyja0xU1k7tBV2YZ5SUAivtpH6lD6v7/njzv6G4H
AkCYSoXFOx6oGHURfwFpGMz3VLkTjNUKSxzmLi7VAMtvpo8+iXacNFVZvkan15XL
bmdpCOwacQsru4GoxX7auXURq5cmRtuK5tXWM+V0Nh/21SQS9ZLdHq0uCwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPeYLxfT0DCK2/gSqYZ57Nrg1zYsMB8GA1UdIwQY
MBaAFPqhaQnKTaOZNeq5rwOLWKUjMSKzMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1xRnBDY3BObzVrMTZybXZBNHRZcFNNeElyTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDIvMDQ2NmY4LTMzMGQtNGFjOS1hYzE4
LTkyMGI1MmE5ZjZhNS8xLzk1Z3ZGOVBRTUlyYi1CS3Bobm5zMnVEWE5pdy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDIvMDQ2NmY4LTMzMGQtNGFjOS1hYzE4LTkyMGI1MmE5ZjZh
NS8xLzEtcUZwQ2NwTm81azE2cm12QTR0WXBTTXhJck0uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUDAwCg2DAN
BgkqhkiG9w0BAQsFAAOCAQEAKFyLINWQ1z62KjYZZRAYAUCKRI68n0oRdH0os862
dmCOfG0KcSJJ3wcu4oi9gTfuus3fuoIc3IifYT1k6nw/WYWY4X/nsJE35vYzaEU7
wvuMSjiHtBzok6BjxSFrMjmWGOtFPakN/j4eZJ/gtrGabXRFrPtjiTTeMnQl7m/f
M1M9wmJOTp/WHfk19Q9ehZh6wYUEAcmA0d0SMEQgZMR6YyN8Pi75flkjhjWvpX6F
yDTEyDhKuE0LgCotAgDK9xt6V0HJixMb0FUL9uIbBSdoXIzLiu0spch+QR97zxVW
u/tMZXbvu5GdR8ck5qXsSHJozPvCCZY1s3F2uRO+zrs9uQ==
-----END CERTIFICATE-----