Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/4fa2d8-d71d-49b1-8eb0-a3589da16c85/1/DnTbZNQqyk7b1Kpp-h3yl2scJwY.roa
File:                     DnTbZNQqyk7b1Kpp-h3yl2scJwY.roa (raw, json)
Hash identifier:          TJ12NvtCptbjwY91XKfeBV5bJZ6ugQZ1nYOaUhjOlp4=
Subject key identifier:   0E:74:DB:64:D4:2A:CA:4E:DB:D4:AA:69:FA:1D:F2:97:6B:1C:27:06
Certificate issuer:       /CN=ce1f59ae34548132892fcc89b1595f9b0360198d
Certificate serial:       019423D6E80EF6AAB103CFCC104839B2371C
Authority key identifier: CE:1F:59:AE:34:54:81:32:89:2F:CC:89:B1:59:5F:9B:03:60:19:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zh9ZrjRUgTKJL8yJsVlfmwNgGY0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/4fa2d8-d71d-49b1-8eb0-a3589da16c85/1/DnTbZNQqyk7b1Kpp-h3yl2scJwY.roa
Signing time:             Wed 01 Jan 2025 21:47:54 +0000
ROA not before:           Wed 01 Jan 2025 21:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41104
IP address blocks:        195.95.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/4fa2d8-d71d-49b1-8eb0-a3589da16c85/1/zh9ZrjRUgTKJL8yJsVlfmwNgGY0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/4fa2d8-d71d-49b1-8eb0-a3589da16c85/1/zh9ZrjRUgTKJL8yJsVlfmwNgGY0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zh9ZrjRUgTKJL8yJsVlfmwNgGY0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 03:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:e8:0e:f6:aa:b1:03:cf:cc:10:48:39:b2:37:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce1f59ae34548132892fcc89b1595f9b0360198d
        Validity
            Not Before: Jan  1 21:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e74db64d42aca4edbd4aa69fa1df2976b1c2706
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:f5:07:2e:25:d5:42:cf:d0:7a:72:2a:32:44:
                    8e:41:56:43:26:1f:39:c1:74:5f:4c:fd:49:f2:ec:
                    ca:3d:31:59:09:93:7e:82:86:e2:87:82:51:6a:5b:
                    b1:66:49:b4:c1:e7:70:aa:f3:f3:00:21:29:e2:ff:
                    97:14:a6:b3:12:ff:c9:91:79:ce:e8:3f:e1:60:0f:
                    14:df:05:f4:f5:39:70:e1:8a:b8:10:10:5f:a7:f3:
                    46:5c:58:71:be:5d:b1:4f:1c:68:b3:2f:d7:31:28:
                    e2:75:6d:29:94:ee:6e:e2:e2:c9:6c:fb:b6:7e:0d:
                    33:56:f1:a7:52:87:f1:bb:e9:6d:7e:0b:d4:32:90:
                    ea:2d:1c:ff:04:65:fc:d2:2c:88:45:9f:ce:64:43:
                    b1:f8:ea:2c:5a:41:73:b4:21:4f:96:00:53:d2:01:
                    ae:d7:83:76:42:aa:25:21:7c:fd:e5:fb:fe:7a:72:
                    3a:30:5f:64:86:62:6e:04:31:0f:35:61:39:77:b2:
                    bc:ff:85:7a:21:81:98:05:f4:63:25:00:6b:49:47:
                    2b:5e:9b:38:3e:12:24:30:ab:5d:08:8f:e1:5a:37:
                    26:ec:65:67:0d:3e:63:5e:70:7d:ae:c3:4f:fc:02:
                    74:a5:e8:d9:69:bd:46:ee:41:8d:6b:32:e3:d2:13:
                    aa:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:74:DB:64:D4:2A:CA:4E:DB:D4:AA:69:FA:1D:F2:97:6B:1C:27:06
            X509v3 Authority Key Identifier:
                keyid:CE:1F:59:AE:34:54:81:32:89:2F:CC:89:B1:59:5F:9B:03:60:19:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zh9ZrjRUgTKJL8yJsVlfmwNgGY0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/4fa2d8-d71d-49b1-8eb0-a3589da16c85/1/DnTbZNQqyk7b1Kpp-h3yl2scJwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/4fa2d8-d71d-49b1-8eb0-a3589da16c85/1/zh9ZrjRUgTKJL8yJsVlfmwNgGY0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:a1:26:a1:64:52:d9:d1:23:9a:02:07:2d:4a:ed:f2:9d:f3:
         32:25:28:7d:44:09:ff:cd:33:4d:c9:a2:e4:05:62:04:89:cc:
         e5:95:f2:8e:88:84:b6:02:b3:33:10:46:8c:f9:56:a8:46:bf:
         fc:a5:94:66:e5:d1:a0:d1:90:2b:ff:cb:e2:57:cb:c5:8c:82:
         49:03:e1:fb:47:dd:66:dc:2b:24:9d:08:34:b3:67:3d:0f:f1:
         d9:28:d1:aa:20:97:32:9b:78:8c:6e:ba:7f:b5:ff:8b:80:a4:
         76:3c:0c:86:d9:b6:4c:87:d9:4c:16:ce:0d:40:21:d9:fa:97:
         78:39:d4:39:b8:31:e1:a9:d2:e0:21:e9:a2:95:e2:a8:2d:5e:
         c5:0f:8b:51:40:52:94:5d:64:b8:f1:03:0b:98:77:25:c6:c8:
         97:a7:6d:38:a3:09:2d:27:04:65:5d:42:e0:86:10:79:49:3f:
         92:d9:2b:fd:5c:b6:2f:df:dc:c1:a8:b0:30:00:82:b1:be:a2:
         93:c8:19:77:53:b4:07:51:e5:f1:7e:d6:d4:91:75:9d:05:fb:
         b0:be:03:ef:a3:5b:7c:7c:e6:fc:2a:8c:f5:2e:d0:a0:db:2c:
         73:0a:2e:d4:47:46:c4:b0:bc:2d:d8:9c:13:9b:90:90:ff:f5:
         04:39:29:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1ugO9qqxA8/MEEg5sjccMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlMWY1OWFlMzQ1NDgxMzI4OTJmY2M4OWIxNTk1ZjliMDM2
MDE5OGQwHhcNMjUwMTAxMjE0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTc0ZGI2NGQ0MmFjYTRlZGJkNGFhNjlmYTFkZjI5NzZiMWMyNzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6/UHLiXVQs/QenIqMkSOQVZDJh85
wXRfTP1J8uzKPTFZCZN+gobih4JRaluxZkm0wedwqvPzACEp4v+XFKazEv/JkXnO
6D/hYA8U3wX09Tlw4Yq4EBBfp/NGXFhxvl2xTxxosy/XMSjidW0plO5u4uLJbPu2
fg0zVvGnUofxu+ltfgvUMpDqLRz/BGX80iyIRZ/OZEOx+OosWkFztCFPlgBT0gGu
14N2QqolIXz95fv+enI6MF9khmJuBDEPNWE5d7K8/4V6IYGYBfRjJQBrSUcrXps4
PhIkMKtdCI/hWjcm7GVnDT5jXnB9rsNP/AJ0pejZab1G7kGNazLj0hOqHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA5022TUKspO29Sqafod8pdrHCcGMB8GA1UdIwQY
MBaAFM4fWa40VIEyiS/MibFZX5sDYBmNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemg5WnJqUlVnVEtKTDh5SnNWbGZtd05nR1kwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni80ZmEyZDgtZDcxZC00OWIxLThlYjAt
YTM1ODlkYTE2Yzg1LzEvRG5UYlpOUXF5azdiMUtwcC1oM3lsMnNjSndZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni80ZmEyZDgtZDcxZC00OWIxLThlYjAtYTM1ODlkYTE2Yzg1
LzEvemg5WnJqUlVnVEtKTDh5SnNWbGZtd05nR1kwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1+tMA0G
CSqGSIb3DQEBCwUAA4IBAQAsoSahZFLZ0SOaAgctSu3ynfMyJSh9RAn/zTNNyaLk
BWIEiczllfKOiIS2ArMzEEaM+VaoRr/8pZRm5dGg0ZAr/8viV8vFjIJJA+H7R91m
3CsknQg0s2c9D/HZKNGqIJcym3iMbrp/tf+LgKR2PAyG2bZMh9lMFs4NQCHZ+pd4
OdQ5uDHhqdLgIemileKoLV7FD4tRQFKUXWS48QMLmHclxsiXp204owktJwRlXULg
hhB5ST+S2Sv9XLYv39zBqLAwAIKxvqKTyBl3U7QHUeXxftbUkXWdBfuwvgPvo1t8
fOb8Koz1LtCg2yxzCi7UR0bEsLwt2JwTm5CQ//UEOSlM
-----END CERTIFICATE-----