Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/7fea5a-ed78-4ba9-9a17-fdbc7c4cf49e/1/TwlfNDSczGUl34rteJgSuHXTO94.roa
File:                     TwlfNDSczGUl34rteJgSuHXTO94.roa (raw, json)
Hash identifier:          gBwK3ZQY+snmvfWIA0VgAvr4/MBSK9FpiTLSXZrUgpg=
Subject key identifier:   4F:09:5F:34:34:9C:CC:65:25:DF:8A:ED:78:98:12:B8:75:D3:3B:DE
Certificate issuer:       /CN=874aa16fd2a2c936c0aa4fb5624f62bc56a54df8
Certificate serial:       019421446F92DF22D83E48A3A241B818A061
Authority key identifier: 87:4A:A1:6F:D2:A2:C9:36:C0:AA:4F:B5:62:4F:62:BC:56:A5:4D:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h0qhb9KiyTbAqk-1Yk9ivFalTfg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/7fea5a-ed78-4ba9-9a17-fdbc7c4cf49e/1/TwlfNDSczGUl34rteJgSuHXTO94.roa
Signing time:             Wed 01 Jan 2025 09:48:40 +0000
ROA not before:           Wed 01 Jan 2025 09:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8412
IP address blocks:        195.95.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/7fea5a-ed78-4ba9-9a17-fdbc7c4cf49e/1/h0qhb9KiyTbAqk-1Yk9ivFalTfg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/7fea5a-ed78-4ba9-9a17-fdbc7c4cf49e/1/h0qhb9KiyTbAqk-1Yk9ivFalTfg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h0qhb9KiyTbAqk-1Yk9ivFalTfg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 15:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:6f:92:df:22:d8:3e:48:a3:a2:41:b8:18:a0:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=874aa16fd2a2c936c0aa4fb5624f62bc56a54df8
        Validity
            Not Before: Jan  1 09:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f095f34349ccc6525df8aed789812b875d33bde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:51:a1:b3:9f:0d:e7:6a:73:36:bd:f1:a4:16:
                    83:43:09:42:4d:9f:a1:e0:5c:59:db:75:00:6e:e8:
                    ee:d2:9d:cb:77:6a:1e:a1:1f:5a:7c:bb:23:e9:57:
                    0c:b3:e5:32:84:f8:1d:9d:7e:9e:a7:3b:22:43:26:
                    4a:37:30:c2:c1:b8:42:0d:6a:90:bf:c0:88:67:c6:
                    e5:0c:f6:c6:10:be:73:c7:c5:ad:62:a7:c2:7c:05:
                    6a:37:44:82:7d:5c:fa:64:62:53:d9:fd:87:ca:b9:
                    d9:4c:9e:1c:3c:dd:eb:33:a4:ab:7d:dc:eb:e6:eb:
                    0a:df:1f:72:e9:76:f7:91:f3:b0:74:83:c3:35:c7:
                    8f:46:09:f0:d3:61:78:b8:1b:a7:ab:ff:51:f1:90:
                    62:e6:c3:53:7d:77:ab:a1:9e:db:4f:57:77:62:81:
                    26:76:be:80:18:e8:e7:5b:1a:7e:c3:2c:a8:32:95:
                    57:7d:22:2a:71:b1:36:e6:99:c5:f6:de:5e:46:67:
                    7c:99:c6:13:b2:7d:dd:af:29:a4:2e:92:5e:3b:04:
                    e0:bc:bb:19:85:f6:f7:ab:66:9c:d0:54:30:78:a1:
                    d2:34:1c:3f:96:7f:c6:e4:a0:d1:4c:6b:47:2b:07:
                    b8:18:33:f2:04:df:ac:93:b2:91:fe:a0:5a:db:ea:
                    80:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:09:5F:34:34:9C:CC:65:25:DF:8A:ED:78:98:12:B8:75:D3:3B:DE
            X509v3 Authority Key Identifier:
                keyid:87:4A:A1:6F:D2:A2:C9:36:C0:AA:4F:B5:62:4F:62:BC:56:A5:4D:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h0qhb9KiyTbAqk-1Yk9ivFalTfg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/7fea5a-ed78-4ba9-9a17-fdbc7c4cf49e/1/TwlfNDSczGUl34rteJgSuHXTO94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/7fea5a-ed78-4ba9-9a17-fdbc7c4cf49e/1/h0qhb9KiyTbAqk-1Yk9ivFalTfg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:d8:22:63:fe:f2:04:4c:99:19:f1:02:ea:67:b2:bc:67:94:
         f2:8b:02:7e:17:2d:93:54:d6:4c:ba:0c:cc:d3:42:78:04:30:
         79:68:c7:9d:6d:49:5b:d2:ac:20:48:85:d2:bd:a4:c9:8f:c0:
         eb:a8:41:e5:e3:84:56:4a:3d:46:50:26:e6:57:ea:5f:74:8f:
         a3:84:8f:78:c1:43:7a:5a:b0:e7:1f:cd:3d:b1:f7:c7:c3:69:
         fe:dc:c4:3b:cf:33:e0:38:4f:b6:42:3a:a8:70:50:c2:b8:dd:
         82:f5:ab:31:1f:f7:98:4a:b5:5a:96:bb:90:ed:bb:17:28:f7:
         a4:26:cd:b2:f1:03:75:e6:48:84:b8:73:98:0b:61:fa:74:6c:
         bb:27:8e:cb:ec:f9:8b:8d:e5:c1:b9:39:c6:d0:27:ec:a6:74:
         9c:d6:7f:10:d6:7f:e4:f0:e1:26:a4:06:88:50:fc:54:38:09:
         2b:b4:12:92:f9:bc:7b:aa:df:e7:75:29:d7:b7:b9:3f:00:63:
         38:6f:a4:46:7d:52:1b:7e:32:43:b4:cb:a5:76:0a:8d:53:e6:
         fc:b7:5d:af:75:e9:70:c3:05:50:5f:62:2e:6d:b3:a7:76:3d:
         11:0c:24:37:c2:b6:f7:a3:da:1f:aa:10:f8:dc:11:2c:8b:50:
         ce:73:dc:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRG+S3yLYPkijokG4GKBhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NGFhMTZmZDJhMmM5MzZjMGFhNGZiNTYyNGY2MmJjNTZh
NTRkZjgwHhcNMjUwMTAxMDk0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjA5NWYzNDM0OWNjYzY1MjVkZjhhZWQ3ODk4MTJiODc1ZDMzYmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVGhs58N52pzNr3xpBaDQwlCTZ+h
4FxZ23UAbuju0p3Ld2oeoR9afLsj6VcMs+UyhPgdnX6epzsiQyZKNzDCwbhCDWqQ
v8CIZ8blDPbGEL5zx8WtYqfCfAVqN0SCfVz6ZGJT2f2HyrnZTJ4cPN3rM6Srfdzr
5usK3x9y6Xb3kfOwdIPDNcePRgnw02F4uBunq/9R8ZBi5sNTfXeroZ7bT1d3YoEm
dr6AGOjnWxp+wyyoMpVXfSIqcbE25pnF9t5eRmd8mcYTsn3drymkLpJeOwTgvLsZ
hfb3q2ac0FQweKHSNBw/ln/G5KDRTGtHKwe4GDPyBN+sk7KR/qBa2+qAfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE8JXzQ0nMxlJd+K7XiYErh10zveMB8GA1UdIwQY
MBaAFIdKoW/Sosk2wKpPtWJPYrxWpU34MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDBxaGI5S2l5VGJBcWstMVlrOWl2RmFsVGZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC83ZmVhNWEtZWQ3OC00YmE5LTlhMTct
ZmRiYzdjNGNmNDllLzEvVHdsZk5EU2N6R1VsMzRydGVKZ1N1SFhUTzk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC83ZmVhNWEtZWQ3OC00YmE5LTlhMTctZmRiYzdjNGNmNDll
LzEvaDBxaGI5S2l5VGJBcWstMVlrOWl2RmFsVGZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1+iMA0G
CSqGSIb3DQEBCwUAA4IBAQBx2CJj/vIETJkZ8QLqZ7K8Z5TyiwJ+Fy2TVNZMugzM
00J4BDB5aMedbUlb0qwgSIXSvaTJj8DrqEHl44RWSj1GUCbmV+pfdI+jhI94wUN6
WrDnH809sffHw2n+3MQ7zzPgOE+2QjqocFDCuN2C9asxH/eYSrValruQ7bsXKPek
Js2y8QN15kiEuHOYC2H6dGy7J47L7PmLjeXBuTnG0CfspnSc1n8Q1n/k8OEmpAaI
UPxUOAkrtBKS+bx7qt/ndSnXt7k/AGM4b6RGfVIbfjJDtMuldgqNU+b8t12vdelw
wwVQX2IubbOndj0RDCQ3wrb3o9ofqhD43BEsi1DOc9zX
-----END CERTIFICATE-----