Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/praewBGKObVyHJrk-EW3SR6etDM.roa
File:                     praewBGKObVyHJrk-EW3SR6etDM.roa (raw, json)
Hash identifier:          SH0U3WS8ZCn7PM3WLsz5WjDkQUu5ZhLAkIQAfKgw1ew=
Subject key identifier:   A6:B6:9E:C0:11:8A:39:B5:72:1C:9A:E4:F8:45:B7:49:1E:9E:B4:33
Certificate issuer:       /CN=8f2824c61357dc344bbdf35b83577459b9d3fc44
Certificate serial:       019425FD9EFFBA763DB55C848AE66FAE776A
Authority key identifier: 8F:28:24:C6:13:57:DC:34:4B:BD:F3:5B:83:57:74:59:B9:D3:FC:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jygkxhNX3DRLvfNbg1d0WbnT_EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/praewBGKObVyHJrk-EW3SR6etDM.roa
Signing time:             Thu 02 Jan 2025 07:49:25 +0000
ROA not before:           Thu 02 Jan 2025 07:49:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48263
IP address blocks:        185.95.65.0/24 maxlen: 24
                          2a00:4bc0:600::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/jygkxhNX3DRLvfNbg1d0WbnT_EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/jygkxhNX3DRLvfNbg1d0WbnT_EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jygkxhNX3DRLvfNbg1d0WbnT_EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:9e:ff:ba:76:3d:b5:5c:84:8a:e6:6f:ae:77:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f2824c61357dc344bbdf35b83577459b9d3fc44
        Validity
            Not Before: Jan  2 07:49:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6b69ec0118a39b5721c9ae4f845b7491e9eb433
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c5:f7:b2:0e:ea:da:2c:53:5b:2f:47:6f:21:
                    98:45:72:90:33:73:76:4d:c6:5c:7c:fc:5f:1d:f2:
                    97:e9:9a:76:64:a3:74:33:c3:61:f3:87:4b:a9:5c:
                    23:d3:08:d9:b0:f4:0d:a4:a3:13:1e:4b:51:75:4f:
                    e7:c5:0b:a1:a2:51:07:f8:f8:c9:93:0d:27:ef:a9:
                    fd:b0:af:3e:5d:61:94:83:c0:5f:3e:72:2d:5c:ab:
                    7c:39:cf:3b:47:a4:c9:71:83:8d:22:d6:b1:0f:93:
                    9e:e3:1f:53:c5:3c:25:3d:14:81:37:3e:62:4b:6f:
                    71:be:70:22:58:f1:73:03:9f:36:8e:02:1a:00:b1:
                    75:e3:c6:21:dc:ea:e4:2b:c0:59:c2:3a:ae:32:bd:
                    1f:70:e5:fe:01:81:be:94:9d:43:c5:94:d1:b5:e0:
                    2f:90:5e:3f:07:30:eb:94:fe:8c:cb:c3:55:02:b8:
                    1c:17:c2:22:13:51:d2:01:57:fa:00:c5:9e:b3:92:
                    65:06:6a:ba:1a:df:fb:ad:f0:c7:1a:91:b3:4f:db:
                    68:97:e1:f1:2d:ba:92:5a:16:03:12:8d:1b:16:cd:
                    82:c4:e1:b9:07:75:df:96:d8:86:f5:84:f6:0c:3d:
                    65:0f:27:14:07:d0:31:15:ff:be:c7:50:4e:35:ad:
                    d8:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:B6:9E:C0:11:8A:39:B5:72:1C:9A:E4:F8:45:B7:49:1E:9E:B4:33
            X509v3 Authority Key Identifier:
                keyid:8F:28:24:C6:13:57:DC:34:4B:BD:F3:5B:83:57:74:59:B9:D3:FC:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jygkxhNX3DRLvfNbg1d0WbnT_EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/praewBGKObVyHJrk-EW3SR6etDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/652eb4-321c-48c0-9272-3ae711af034b/1/jygkxhNX3DRLvfNbg1d0WbnT_EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.95.65.0/24
                IPv6:
                  2a00:4bc0:600::/40

    Signature Algorithm: sha256WithRSAEncryption
         83:4c:74:29:d3:c6:72:11:0e:8a:8c:0c:30:11:cf:68:0f:81:
         54:ab:68:59:29:33:1a:04:8a:8f:d8:bd:0c:55:4b:5e:55:7f:
         c5:02:eb:53:6c:22:84:09:b6:c0:ef:02:72:3e:c1:df:98:af:
         7f:76:e7:00:3e:5a:92:53:04:d7:29:e3:64:4c:f1:33:bf:3a:
         10:80:d5:26:c9:db:53:65:cf:f3:ec:44:d4:25:05:01:d8:a0:
         b7:bb:ac:ff:88:4b:64:5d:51:a7:9c:71:6d:19:e7:75:ba:b8:
         cf:20:23:5f:f2:0b:9f:ff:00:15:cd:c7:84:d0:1c:92:1e:8f:
         07:50:c6:08:68:83:f0:66:20:ab:05:b3:fe:b3:21:b9:bf:69:
         f8:ee:11:92:4b:6f:db:b6:08:5f:a9:6a:e3:50:ee:58:40:7c:
         29:4b:f2:8c:10:11:34:7d:14:11:90:3d:57:e0:b6:f6:d2:d5:
         d6:d5:b0:ad:dc:64:2d:2e:ee:1f:13:ba:57:9b:24:b1:32:9d:
         93:08:da:63:bf:1a:ef:b4:02:22:24:b7:be:6e:0c:94:f8:9b:
         e9:1d:22:46:88:76:16:e7:3a:ea:4d:e8:e2:be:00:1b:18:a5:
         c6:43:10:2b:f9:84:5c:07:8a:c1:a1:35:ee:6c:27:e4:1c:76:
         1a:b3:82:e3
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQl/Z7/unY9tVyEiuZvrndqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMjgyNGM2MTM1N2RjMzQ0YmJkZjM1YjgzNTc3NDU5Yjlk
M2ZjNDQwHhcNMjUwMTAyMDc0OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmI2OWVjMDExOGEzOWI1NzIxYzlhZTRmODQ1Yjc0OTFlOWViNDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocX3sg7q2ixTWy9HbyGYRXKQM3N2
TcZcfPxfHfKX6Zp2ZKN0M8Nh84dLqVwj0wjZsPQNpKMTHktRdU/nxQuholEH+PjJ
kw0n76n9sK8+XWGUg8BfPnItXKt8Oc87R6TJcYONItaxD5Oe4x9TxTwlPRSBNz5i
S29xvnAiWPFzA582jgIaALF148Yh3OrkK8BZwjquMr0fcOX+AYG+lJ1DxZTRteAv
kF4/BzDrlP6My8NVArgcF8IiE1HSAVf6AMWes5JlBmq6Gt/7rfDHGpGzT9tol+Hx
LbqSWhYDEo0bFs2CxOG5B3XfltiG9YT2DD1lDycUB9AxFf++x1BONa3Y9QIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFKa2nsARijm1chya5PhFt0kenrQzMB8GA1UdIwQY
MBaAFI8oJMYTV9w0S73zW4NXdFm50/xEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanlna3hoTlgzRFJMdmZOYmcxZDBXYm5UX0VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS82NTJlYjQtMzIxYy00OGMwLTkyNzIt
M2FlNzExYWYwMzRiLzEvcHJhZXdCR0tPYlZ5SEpyay1FVzNTUjZldERNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS82NTJlYjQtMzIxYy00OGMwLTkyNzItM2FlNzExYWYwMzRi
LzEvanlna3hoTlgzRFJMdmZOYmcxZDBXYm5UX0VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAuV9BMA4E
AgACMAgDBgAqAEvABjANBgkqhkiG9w0BAQsFAAOCAQEAg0x0KdPGchEOiowMMBHP
aA+BVKtoWSkzGgSKj9i9DFVLXlV/xQLrU2wihAm2wO8Ccj7B35ivf3bnAD5aklME
1ynjZEzxM786EIDVJsnbU2XP8+xE1CUFAdigt7us/4hLZF1Rp5xxbRnndbq4zyAj
X/ILn/8AFc3HhNAckh6PB1DGCGiD8GYgqwWz/rMhub9p+O4Rkktv27YIX6lq41Du
WEB8KUvyjBARNH0UEZA9V+C29tLV1tWwrdxkLS7uHxO6V5sksTKdkwjaY78a77QC
IiS3vm4MlPib6R0iRoh2Fuc66k3o4r4AGxilxkMQK/mEXAeKwaE17mwn5Bx2GrOC
4w==
-----END CERTIFICATE-----