Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/5NdSKf4us0g1wOY_YHQcb9vYz3w.roa
File:                     5NdSKf4us0g1wOY_YHQcb9vYz3w.roa (raw, json)
Hash identifier:          NjhhvxOe8S0u2hTUXQ/FOjKUe+nOi14izN4Tw7PLTm4=
Subject key identifier:   E4:D7:52:29:FE:2E:B3:48:35:C0:E6:3F:60:74:1C:6F:DB:D8:CF:7C
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0195A4B09305B78B1B972F21AEA433C8C3F3
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/5NdSKf4us0g1wOY_YHQcb9vYz3w.roa
Signing time:             Mon 17 Mar 2025 15:19:50 +0000
ROA not before:           Mon 17 Mar 2025 15:19:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35168
IP address blocks:        95.46.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a4:b0:93:05:b7:8b:1b:97:2f:21:ae:a4:33:c8:c3:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Mar 17 15:19:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e4d75229fe2eb34835c0e63f60741c6fdbd8cf7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:a5:47:db:e2:ab:37:f6:99:df:19:24:ab:4f:
                    d1:d9:c9:64:f9:c3:44:2c:91:af:dd:26:7a:4a:4a:
                    dc:a0:2e:ab:f0:11:c5:57:f7:d0:7c:20:e1:92:dc:
                    a3:ec:bd:96:f1:69:37:bf:74:93:76:db:ba:aa:74:
                    5c:73:a2:29:3c:83:29:53:7f:55:02:b5:02:f1:85:
                    cc:97:29:73:a6:e1:b4:e0:7f:b4:44:9d:a5:08:40:
                    3e:83:5d:8c:e1:f2:ef:8d:f8:e7:fc:d0:2c:06:40:
                    e3:77:31:5b:0b:9f:ed:9a:99:32:26:b7:46:22:78:
                    d4:d8:52:7e:6e:dc:c3:8f:76:75:b0:10:5f:9a:dc:
                    70:35:8d:7d:c5:ae:44:ec:ea:ab:27:c6:d4:70:b1:
                    3a:fe:ab:cd:e6:02:f0:05:5d:0f:a2:f5:9d:ad:38:
                    81:c8:89:eb:ca:11:15:57:fb:a0:6c:30:44:ad:ce:
                    53:84:e9:ce:e2:de:8f:da:23:3d:5a:62:97:38:ab:
                    1c:da:99:98:5f:8b:ec:60:d0:7c:61:bd:9d:5e:64:
                    71:91:89:98:48:6f:3f:a7:cd:88:0b:69:99:09:75:
                    3e:af:47:a0:99:ac:d8:55:8e:26:82:0e:93:b2:3c:
                    20:8a:36:00:b9:82:e2:6f:97:cb:1f:08:1c:aa:0c:
                    69:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:D7:52:29:FE:2E:B3:48:35:C0:E6:3F:60:74:1C:6F:DB:D8:CF:7C
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/5NdSKf4us0g1wOY_YHQcb9vYz3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.46.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:2a:2b:75:dc:4e:b0:ae:53:81:6f:c7:38:de:09:1e:ad:26:
         f3:26:c4:08:25:9c:1a:5f:f3:17:3a:b5:38:60:ab:43:3b:f8:
         74:32:e6:22:61:87:da:6a:40:79:84:6c:87:bd:48:24:ce:27:
         69:16:4c:14:57:c2:70:cb:cf:c3:c4:c9:da:14:94:60:c8:78:
         e2:4c:00:71:6f:8d:9d:6f:da:1b:23:a3:a6:fa:aa:ff:29:0b:
         59:84:be:24:ff:16:55:50:4c:ba:fa:04:2d:05:b1:b2:72:84:
         28:23:db:c9:1c:cb:f6:d5:a1:e6:5f:3c:07:b1:e4:16:88:59:
         32:e7:39:91:2c:fb:b8:4c:2d:4e:78:15:92:c7:6d:19:2f:e6:
         df:9e:a1:d9:b8:24:6f:39:10:11:db:e7:88:de:45:ae:6d:35:
         b9:65:73:d3:16:65:66:02:01:67:8e:19:9b:2d:d5:6e:bf:f7:
         b7:bd:60:be:b9:dd:06:87:46:64:54:23:f6:d5:5f:91:e3:dc:
         f5:59:8a:11:14:52:42:1a:35:ed:6f:59:4b:82:bb:bb:30:33:
         13:db:36:8f:38:8f:37:ed:40:99:7f:1c:24:41:a4:c1:86:3a:
         9f:a5:53:99:a4:78:5c:e8:71:cb:ae:55:23:06:e7:95:e6:63:
         a0:48:82:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWksJMFt4sbly8hrqQzyMPzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMzE3MTUxOTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGQ3NTIyOWZlMmViMzQ4MzVjMGU2M2Y2MDc0MWM2ZmRiZDhjZjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApKVH2+KrN/aZ3xkkq0/R2clk+cNE
LJGv3SZ6SkrcoC6r8BHFV/fQfCDhktyj7L2W8Wk3v3STdtu6qnRcc6IpPIMpU39V
ArUC8YXMlylzpuG04H+0RJ2lCEA+g12M4fLvjfjn/NAsBkDjdzFbC5/tmpkyJrdG
InjU2FJ+btzDj3Z1sBBfmtxwNY19xa5E7OqrJ8bUcLE6/qvN5gLwBV0PovWdrTiB
yInryhEVV/ugbDBErc5ThOnO4t6P2iM9WmKXOKsc2pmYX4vsYNB8Yb2dXmRxkYmY
SG8/p82IC2mZCXU+r0egmazYVY4mgg6TsjwgijYAuYLib5fLHwgcqgxpGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOTXUin+LrNINcDmP2B0HG/b2M98MB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvNU5kU0tmNHVzMGcxd09ZX1lIUWNiOXZZejN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXy6IMA0G
CSqGSIb3DQEBCwUAA4IBAQCDKit13E6wrlOBb8c43gkerSbzJsQIJZwaX/MXOrU4
YKtDO/h0MuYiYYfaakB5hGyHvUgkzidpFkwUV8Jwy8/DxMnaFJRgyHjiTABxb42d
b9obI6Om+qr/KQtZhL4k/xZVUEy6+gQtBbGycoQoI9vJHMv21aHmXzwHseQWiFky
5zmRLPu4TC1OeBWSx20ZL+bfnqHZuCRvORAR2+eI3kWubTW5ZXPTFmVmAgFnjhmb
LdVuv/e3vWC+ud0Gh0ZkVCP21V+R49z1WYoRFFJCGjXtb1lLgru7MDMT2zaPOI83
7UCZfxwkQaTBhjqfpVOZpHhc6HHLrlUjBueV5mOgSIJY
-----END CERTIFICATE-----