Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/0da847-1ae9-496c-89fa-9245a9ab978b/1/lhPT8Z32dm5HBnSDBqDW1qERmiA.roa
File:                     lhPT8Z32dm5HBnSDBqDW1qERmiA.roa (raw, json)
Hash identifier:          0NqD/8/FwQf4n6Nk71zoiew6bzyeCyV72ogP7Shiesg=
Subject key identifier:   96:13:D3:F1:9D:F6:76:6E:47:06:74:83:06:A0:D6:D6:A1:11:9A:20
Certificate issuer:       /CN=af030d3b4c589e94a3ef61ddd5401a8f3ff79b6d
Certificate serial:       019427B5433B16A50FE2A01187F4A85C4090
Authority key identifier: AF:03:0D:3B:4C:58:9E:94:A3:EF:61:DD:D5:40:1A:8F:3F:F7:9B:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rwMNO0xYnpSj72Hd1UAajz_3m20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/0da847-1ae9-496c-89fa-9245a9ab978b/1/lhPT8Z32dm5HBnSDBqDW1qERmiA.roa
Signing time:             Thu 02 Jan 2025 15:49:38 +0000
ROA not before:           Thu 02 Jan 2025 15:49:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62119
IP address blocks:        95.131.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/0da847-1ae9-496c-89fa-9245a9ab978b/1/rwMNO0xYnpSj72Hd1UAajz_3m20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/0da847-1ae9-496c-89fa-9245a9ab978b/1/rwMNO0xYnpSj72Hd1UAajz_3m20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rwMNO0xYnpSj72Hd1UAajz_3m20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:43:3b:16:a5:0f:e2:a0:11:87:f4:a8:5c:40:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af030d3b4c589e94a3ef61ddd5401a8f3ff79b6d
        Validity
            Not Before: Jan  2 15:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9613d3f19df6766e4706748306a0d6d6a1119a20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:4d:cc:1a:85:89:46:36:e6:64:ed:c6:3c:62:
                    f4:76:a5:04:54:0a:0d:af:25:dc:f9:b1:2b:bb:d9:
                    04:b2:66:f3:76:58:0b:84:43:cd:a7:a4:f5:88:b3:
                    a5:b9:b7:19:75:65:7d:c5:b8:16:37:5b:d8:16:60:
                    0e:13:1c:3f:d6:04:70:bf:8e:0c:09:93:41:32:0a:
                    2b:8d:f3:f8:6c:f2:c9:9b:c5:17:47:aa:1f:b5:3c:
                    b2:91:b3:57:8e:f9:d5:23:b8:9e:4c:30:72:d8:af:
                    af:06:a9:c3:2c:d2:98:ac:60:ef:40:b9:e9:c5:93:
                    75:13:e3:bf:cd:7b:70:bd:d9:23:61:21:b6:0b:7f:
                    a6:b5:63:d7:71:03:3a:bf:e6:3d:bb:7a:d0:0f:34:
                    4f:03:8a:74:9c:fd:4b:ad:92:5f:94:6c:c6:08:17:
                    51:83:14:b9:4b:7a:0b:18:d3:cd:3f:f1:c0:1f:22:
                    00:1c:2f:b2:0e:05:7e:bf:01:4b:82:b0:ba:44:ed:
                    c4:47:1f:0d:08:0a:87:b1:11:b5:3c:63:1f:ca:37:
                    0e:72:94:5e:53:1c:cf:69:81:f1:7a:a5:98:29:1e:
                    f2:3d:22:77:36:ac:bc:c1:65:ad:38:ae:d3:af:3d:
                    cc:7a:d7:e8:9f:3c:e0:76:3b:49:57:f4:0f:0b:ed:
                    7a:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:13:D3:F1:9D:F6:76:6E:47:06:74:83:06:A0:D6:D6:A1:11:9A:20
            X509v3 Authority Key Identifier:
                keyid:AF:03:0D:3B:4C:58:9E:94:A3:EF:61:DD:D5:40:1A:8F:3F:F7:9B:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rwMNO0xYnpSj72Hd1UAajz_3m20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/0da847-1ae9-496c-89fa-9245a9ab978b/1/lhPT8Z32dm5HBnSDBqDW1qERmiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/0da847-1ae9-496c-89fa-9245a9ab978b/1/rwMNO0xYnpSj72Hd1UAajz_3m20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.131.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:72:c4:86:7e:dd:7b:0d:ad:33:ce:3a:9c:d7:2e:4b:b1:94:
         23:18:db:27:96:0e:f6:d1:aa:9e:69:e6:03:a3:6b:fc:31:c0:
         25:47:23:35:8e:bc:65:1b:80:4c:fe:11:9a:4e:97:c9:21:5f:
         cf:41:b3:73:57:8f:9f:b8:c0:26:e5:73:e5:a7:e3:60:3e:1f:
         8b:ce:97:54:99:fb:2a:e8:e2:d9:d3:fb:bf:b6:09:ff:84:ad:
         47:94:4a:a8:66:0b:ac:25:ae:c4:d3:c4:8d:36:a6:c6:77:e9:
         a2:75:60:59:57:28:bf:2d:e1:1b:ed:17:da:33:a2:d7:b4:f9:
         b7:a0:40:0d:ed:a3:4d:b5:0c:d2:3a:56:ef:96:53:0a:17:6e:
         4a:78:64:af:2f:9f:78:4c:fd:e6:ab:55:97:e7:e0:fa:5e:c5:
         9a:af:71:ef:48:28:20:7f:db:3d:d2:d4:3d:fc:0a:9b:05:29:
         04:45:8d:cd:b9:03:2a:c5:87:f7:76:55:74:f6:05:86:4b:34:
         fe:b4:a8:93:b5:01:51:cc:46:3b:4e:b1:69:d1:1b:6e:56:4a:
         3e:e7:f5:fe:40:51:4a:0f:0d:f5:00:03:4a:47:56:22:3a:9e:
         9a:4b:23:63:44:b7:e4:b7:be:93:e3:b6:5d:5e:8c:16:89:b8:
         98:c3:c5:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntUM7FqUP4qARh/SoXECQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMDMwZDNiNGM1ODllOTRhM2VmNjFkZGQ1NDAxYThmM2Zm
NzliNmQwHhcNMjUwMTAyMTU0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjEzZDNmMTlkZjY3NjZlNDcwNjc0ODMwNmEwZDZkNmExMTE5YTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv03MGoWJRjbmZO3GPGL0dqUEVAoN
ryXc+bEru9kEsmbzdlgLhEPNp6T1iLOlubcZdWV9xbgWN1vYFmAOExw/1gRwv44M
CZNBMgorjfP4bPLJm8UXR6oftTyykbNXjvnVI7ieTDBy2K+vBqnDLNKYrGDvQLnp
xZN1E+O/zXtwvdkjYSG2C3+mtWPXcQM6v+Y9u3rQDzRPA4p0nP1LrZJflGzGCBdR
gxS5S3oLGNPNP/HAHyIAHC+yDgV+vwFLgrC6RO3ERx8NCAqHsRG1PGMfyjcOcpRe
UxzPaYHxeqWYKR7yPSJ3Nqy8wWWtOK7Trz3MetfonzzgdjtJV/QPC+16SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJYT0/Gd9nZuRwZ0gwag1tahEZogMB8GA1UdIwQY
MBaAFK8DDTtMWJ6Uo+9h3dVAGo8/95ttMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcndNTk8weFlucFNqNzJIZDFVQWFqel8zbTIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8wZGE4NDctMWFlOS00OTZjLTg5ZmEt
OTI0NWE5YWI5NzhiLzEvbGhQVDhaMzJkbTVIQm5TREJxRFcxcUVSbWlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8wZGE4NDctMWFlOS00OTZjLTg5ZmEtOTI0NWE5YWI5Nzhi
LzEvcndNTk8weFlucFNqNzJIZDFVQWFqel8zbTIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4PNMA0G
CSqGSIb3DQEBCwUAA4IBAQCHcsSGft17Da0zzjqc1y5LsZQjGNsnlg720aqeaeYD
o2v8McAlRyM1jrxlG4BM/hGaTpfJIV/PQbNzV4+fuMAm5XPlp+NgPh+LzpdUmfsq
6OLZ0/u/tgn/hK1HlEqoZgusJa7E08SNNqbGd+midWBZVyi/LeEb7RfaM6LXtPm3
oEAN7aNNtQzSOlbvllMKF25KeGSvL594TP3mq1WX5+D6XsWar3HvSCggf9s90tQ9
/AqbBSkERY3NuQMqxYf3dlV09gWGSzT+tKiTtQFRzEY7TrFp0RtuVko+5/X+QFFK
Dw31AANKR1YiOp6aSyNjRLfkt76T47ZdXowWibiYw8Wp
-----END CERTIFICATE-----