Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/fc5766-aebf-4529-8e3f-4105f8a3bb9c/1/qHrO8lQhK3GafyUc6jw1PxQPaXs.roa
File:                     qHrO8lQhK3GafyUc6jw1PxQPaXs.roa (raw, json)
Hash identifier:          tPnDIOggIIc+29booONquHAPxQns3cD0Gn6JnfE+V54=
Subject key identifier:   A8:7A:CE:F2:54:21:2B:71:9A:7F:25:1C:EA:3C:35:3F:14:0F:69:7B
Certificate issuer:       /CN=df77662f60b5c41032e0535ee727184e3adb7b77
Certificate serial:       01942067D9F66CD600588C699D54B8D96346
Authority key identifier: DF:77:66:2F:60:B5:C4:10:32:E0:53:5E:E7:27:18:4E:3A:DB:7B:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/33dmL2C1xBAy4FNe5ycYTjrbe3c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/fc5766-aebf-4529-8e3f-4105f8a3bb9c/1/qHrO8lQhK3GafyUc6jw1PxQPaXs.roa
Signing time:             Wed 01 Jan 2025 05:47:44 +0000
ROA not before:           Wed 01 Jan 2025 05:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213314
IP address blocks:        95.214.168.0/22 maxlen: 24
                          2a09:ea80::/29 maxlen: 56
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/fc5766-aebf-4529-8e3f-4105f8a3bb9c/1/33dmL2C1xBAy4FNe5ycYTjrbe3c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/fc5766-aebf-4529-8e3f-4105f8a3bb9c/1/33dmL2C1xBAy4FNe5ycYTjrbe3c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/33dmL2C1xBAy4FNe5ycYTjrbe3c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:d9:f6:6c:d6:00:58:8c:69:9d:54:b8:d9:63:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df77662f60b5c41032e0535ee727184e3adb7b77
        Validity
            Not Before: Jan  1 05:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a87acef254212b719a7f251cea3c353f140f697b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:b3:d3:1f:dc:dc:6d:fa:cd:48:66:f9:0f:17:
                    ce:ee:72:27:0d:62:ae:36:66:c8:f1:5b:fa:fd:36:
                    0d:d6:fc:43:f4:63:31:03:61:c6:17:e8:28:41:07:
                    a5:bd:30:ea:af:14:04:ae:e9:cb:68:a2:b3:48:a7:
                    6c:e6:49:78:65:9f:88:5d:2b:71:2f:8c:85:84:51:
                    3b:56:3e:15:f2:de:49:ab:14:31:22:58:b5:59:a3:
                    26:3e:a6:e6:20:81:e1:e7:d4:27:80:0f:21:5c:04:
                    62:7d:09:cf:8f:c1:59:b9:f6:81:b9:f3:1a:a7:33:
                    87:0c:1b:f4:4c:e7:e8:73:c7:4e:cb:f2:c5:91:c2:
                    20:ed:4c:af:5d:1e:dc:c1:a3:e1:23:c8:bd:4a:11:
                    ad:c3:27:d0:1c:09:ab:a3:e9:84:bb:d1:20:53:aa:
                    7d:64:a2:fc:42:47:2e:9b:e6:c6:1b:95:86:e2:eb:
                    e3:65:6a:bf:e2:ed:92:2e:d5:fc:ef:53:e6:a2:30:
                    66:f7:95:56:94:db:17:a4:d0:48:c6:01:f0:93:b9:
                    6d:b3:53:92:2f:e6:11:5b:0a:23:5b:10:7f:48:cb:
                    56:b9:de:f5:09:76:a0:05:62:e2:64:87:67:6a:51:
                    8c:c6:dd:9c:20:fb:71:36:c0:e6:8a:cd:1b:15:2b:
                    c9:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:7A:CE:F2:54:21:2B:71:9A:7F:25:1C:EA:3C:35:3F:14:0F:69:7B
            X509v3 Authority Key Identifier:
                keyid:DF:77:66:2F:60:B5:C4:10:32:E0:53:5E:E7:27:18:4E:3A:DB:7B:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33dmL2C1xBAy4FNe5ycYTjrbe3c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/fc5766-aebf-4529-8e3f-4105f8a3bb9c/1/qHrO8lQhK3GafyUc6jw1PxQPaXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/fc5766-aebf-4529-8e3f-4105f8a3bb9c/1/33dmL2C1xBAy4FNe5ycYTjrbe3c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.214.168.0/22
                IPv6:
                  2a09:ea80::/29

    Signature Algorithm: sha256WithRSAEncryption
         d0:51:9c:2e:c6:60:d4:92:75:ed:a7:22:d3:5e:f2:9c:fd:c6:
         fb:e1:22:81:22:6d:69:b8:7a:a8:28:77:84:0c:3a:83:3b:bc:
         70:bf:13:8d:51:97:3b:c2:22:83:c2:4a:18:62:aa:87:34:a6:
         68:85:64:0a:ba:7b:30:8c:d6:eb:e4:06:3c:7f:ab:a6:de:98:
         c2:bd:4f:48:d9:33:89:1c:68:8f:99:6f:6b:26:76:5f:8c:12:
         72:31:27:30:75:38:7e:3f:1e:6c:f8:d4:ca:d3:55:5e:bc:c0:
         0b:24:89:3f:3f:c4:3b:a6:5e:33:b2:57:de:7b:09:23:f8:4a:
         f5:5f:bb:5e:1d:71:83:14:4e:7c:37:41:06:dc:f9:38:e4:81:
         02:30:88:f1:8f:c9:1a:71:f7:10:07:c0:5a:2b:08:58:ad:23:
         24:1a:54:09:08:a3:71:5e:e6:48:c1:85:83:28:3a:ef:72:bf:
         48:75:ad:53:0c:4d:c2:d6:98:6c:96:c2:ce:60:0b:1f:9b:2e:
         3a:c1:f9:98:4d:6b:43:d2:0d:eb:92:2d:83:38:6f:ef:f9:59:
         ef:7f:83:b6:ac:05:4b:c8:d9:71:8c:21:90:31:92:c1:b2:aa:
         a6:77:fb:42:c7:ed:57:fb:fb:fc:b5:61:0c:80:32:26:5b:50:
         9f:1b:65:00
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgZ9n2bNYAWIxpnVS42WNGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmNzc2NjJmNjBiNWM0MTAzMmUwNTM1ZWU3MjcxODRlM2Fk
YjdiNzcwHhcNMjUwMTAxMDU0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODdhY2VmMjU0MjEyYjcxOWE3ZjI1MWNlYTNjMzUzZjE0MGY2OTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbPTH9zcbfrNSGb5DxfO7nInDWKu
NmbI8Vv6/TYN1vxD9GMxA2HGF+goQQelvTDqrxQErunLaKKzSKds5kl4ZZ+IXStx
L4yFhFE7Vj4V8t5JqxQxIli1WaMmPqbmIIHh59QngA8hXARifQnPj8FZufaBufMa
pzOHDBv0TOfoc8dOy/LFkcIg7UyvXR7cwaPhI8i9ShGtwyfQHAmro+mEu9EgU6p9
ZKL8Qkcum+bGG5WG4uvjZWq/4u2SLtX871PmojBm95VWlNsXpNBIxgHwk7lts1OS
L+YRWwojWxB/SMtWud71CXagBWLiZIdnalGMxt2cIPtxNsDmis0bFSvJJQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKh6zvJUIStxmn8lHOo8NT8UD2l7MB8GA1UdIwQY
MBaAFN93Zi9gtcQQMuBTXucnGE4623t3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzNkbUwyQzF4QkF5NEZOZTV5Y1lUanJiZTNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9mYzU3NjYtYWViZi00NTI5LThlM2Yt
NDEwNWY4YTNiYjljLzEvcUhyTzhsUWhLM0dhZnlVYzZqdzFQeFFQYVhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9mYzU3NjYtYWViZi00NTI5LThlM2YtNDEwNWY4YTNiYjlj
LzEvMzNkbUwyQzF4QkF5NEZOZTV5Y1lUanJiZTNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCX9aoMA0E
AgACMAcDBQMqCeqAMA0GCSqGSIb3DQEBCwUAA4IBAQDQUZwuxmDUknXtpyLTXvKc
/cb74SKBIm1puHqoKHeEDDqDO7xwvxONUZc7wiKDwkoYYqqHNKZohWQKunswjNbr
5AY8f6um3pjCvU9I2TOJHGiPmW9rJnZfjBJyMScwdTh+Px5s+NTK01VevMALJIk/
P8Q7pl4zslfeewkj+Er1X7teHXGDFE58N0EG3Pk45IECMIjxj8kacfcQB8BaKwhY
rSMkGlQJCKNxXuZIwYWDKDrvcr9Ida1TDE3C1phslsLOYAsfmy46wfmYTWtD0g3r
ki2DOG/v+Vnvf4O2rAVLyNlxjCGQMZLBsqqmd/tCx+1X+/v8tWEMgDImW1CfG2UA
-----END CERTIFICATE-----