Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/rCp1o_nOqwsF2hOj4c5kBCN-sNQ.roa
File:                     rCp1o_nOqwsF2hOj4c5kBCN-sNQ.roa (raw, json)
Hash identifier:          hkXBdU7Mx+s+1UvYnZlcv2/hPwhLGz/FrQNM7+jLYxI=
Subject key identifier:   AC:2A:75:A3:F9:CE:AB:0B:05:DA:13:A3:E1:CE:64:04:23:7E:B0:D4
Certificate issuer:       /CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
Certificate serial:       019421B22C508B6D1ABCF1CBD2ACCDF08354
Authority key identifier: 55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/rCp1o_nOqwsF2hOj4c5kBCN-sNQ.roa
Signing time:             Wed 01 Jan 2025 11:48:32 +0000
ROA not before:           Wed 01 Jan 2025 11:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39251
IP address blocks:        95.169.199.0/24 maxlen: 24
                          95.169.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 11:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:2c:50:8b:6d:1a:bc:f1:cb:d2:ac:cd:f0:83:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
        Validity
            Not Before: Jan  1 11:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac2a75a3f9ceab0b05da13a3e1ce6404237eb0d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:32:64:6b:dd:d8:05:da:9d:e9:3a:0e:97:a4:
                    14:0b:26:94:5b:a0:24:42:56:f8:ac:44:35:b9:d9:
                    13:70:b4:2c:1e:cb:7c:c0:af:2b:c5:d0:c2:c3:4a:
                    77:71:98:e6:a0:3f:4d:22:2e:1d:d0:c0:b8:76:f6:
                    ab:76:59:54:5c:19:dd:3d:9a:92:88:e9:67:99:6e:
                    96:15:ad:92:72:34:22:9a:2e:41:80:74:e5:a3:2d:
                    4f:9a:f6:92:f9:e7:66:4f:75:65:1f:9a:45:fb:e9:
                    2d:1b:83:55:d2:e0:93:87:29:2e:00:57:6e:60:e3:
                    61:53:88:2f:74:bc:b5:f1:51:53:da:5a:72:1b:5c:
                    b3:dd:08:01:bf:1d:10:00:70:7c:fc:ff:14:c9:c6:
                    b6:c2:65:d1:5b:1d:4f:fb:e6:26:e4:fb:04:bc:45:
                    c5:81:d4:3b:ac:db:d9:ca:d9:00:aa:16:3d:af:96:
                    d2:17:94:94:0e:82:e0:98:a4:a7:56:84:db:e9:9c:
                    42:28:f9:8b:74:2d:07:92:40:03:c9:16:f4:80:73:
                    83:16:07:1f:67:91:34:69:d5:48:de:5c:31:0c:bc:
                    f7:be:4c:18:e6:00:1a:f4:73:56:1b:4a:48:30:48:
                    7b:e0:1d:b7:e1:76:37:6a:05:74:da:50:70:1e:30:
                    4f:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:2A:75:A3:F9:CE:AB:0B:05:DA:13:A3:E1:CE:64:04:23:7E:B0:D4
            X509v3 Authority Key Identifier:
                keyid:55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/rCp1o_nOqwsF2hOj4c5kBCN-sNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.169.199.0-95.169.200.255

    Signature Algorithm: sha256WithRSAEncryption
         89:94:61:a6:4c:5e:10:d1:ba:d9:b7:ff:bf:02:3d:01:53:2d:
         f5:6e:4c:ca:4d:ad:57:40:66:b1:52:01:9d:2a:3c:74:83:9d:
         6c:c2:35:fa:2c:c3:12:4c:0e:95:49:39:8e:a0:e3:58:71:c4:
         d9:2e:a7:c1:34:5b:63:59:b3:10:14:50:3b:26:e5:4a:97:8e:
         0b:8a:e5:7a:19:00:94:5a:4b:63:ef:0d:ee:bb:6e:a7:cc:3b:
         b9:56:e4:7c:43:d4:5b:e8:72:ec:a6:d2:78:4e:41:e1:0b:4a:
         e8:f6:8c:2a:bc:bb:b3:29:2e:82:c8:70:61:fe:d6:2f:8b:67:
         25:fc:5d:ca:85:7f:51:ba:5f:e0:e0:92:4c:22:be:6b:05:79:
         c8:05:3b:fd:75:34:bf:34:ee:5c:de:69:a2:5e:2a:ee:0a:d9:
         dc:71:1e:e1:0a:f7:3c:e3:3b:0f:ff:82:92:03:ed:46:e3:5d:
         df:da:58:6c:98:0f:4d:8b:55:6d:1a:7d:4b:62:7b:76:a9:4d:
         d0:bd:3a:92:95:4e:69:9e:3c:d2:d0:a5:e0:50:b1:22:be:6c:
         2d:db:53:d2:e5:30:dd:a0:b3:bc:61:f0:1c:31:e5:9b:f9:16:
         86:c5:af:47:44:66:5d:15:f6:ee:95:e3:76:ad:8b:7f:8c:62:
         aa:d0:31:46
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQhsixQi20avPHL0qzN8INUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1N2IwYWMxMGI4NjQyYTI3ZGQzZDc0ZWQ2Y2I1ZWUwNDVl
NjdiOTcwHhcNMjUwMTAxMTE0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzJhNzVhM2Y5Y2VhYjBiMDVkYTEzYTNlMWNlNjQwNDIzN2ViMGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzJka93YBdqd6ToOl6QUCyaUW6Ak
Qlb4rEQ1udkTcLQsHst8wK8rxdDCw0p3cZjmoD9NIi4d0MC4dvardllUXBndPZqS
iOlnmW6WFa2ScjQimi5BgHTloy1PmvaS+edmT3VlH5pF++ktG4NV0uCThykuAFdu
YONhU4gvdLy18VFT2lpyG1yz3QgBvx0QAHB8/P8Uyca2wmXRWx1P++Ym5PsEvEXF
gdQ7rNvZytkAqhY9r5bSF5SUDoLgmKSnVoTb6ZxCKPmLdC0HkkADyRb0gHODFgcf
Z5E0adVI3lwxDLz3vkwY5gAa9HNWG0pIMEh74B234XY3agV02lBwHjBPMwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKwqdaP5zqsLBdoTo+HOZAQjfrDUMB8GA1UdIwQY
MBaAFFV7CsELhkKifdPXTtbLXuBF5nuXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYt
ZmJlMWEwZDBhYTk4LzEvckNwMW9fbk9xd3NGMmhPajRjNWtCQ04tc05RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYtZmJlMWEwZDBhYTk4
LzEvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABfqccD
BABfqcgwDQYJKoZIhvcNAQELBQADggEBAImUYaZMXhDRutm3/78CPQFTLfVuTMpN
rVdAZrFSAZ0qPHSDnWzCNfoswxJMDpVJOY6g41hxxNkup8E0W2NZsxAUUDsm5UqX
jguK5XoZAJRaS2PvDe67bqfMO7lW5HxD1Fvocuym0nhOQeELSuj2jCq8u7MpLoLI
cGH+1i+LZyX8XcqFf1G6X+DgkkwivmsFecgFO/11NL807lzeaaJeKu4K2dxxHuEK
9zzjOw//gpID7UbjXd/aWGyYD02LVW0afUtie3apTdC9OpKVTmmePNLQpeBQsSK+
bC3bU9LlMN2gs7xh8Bwx5Zv5FobFr0dEZl0V9u6V43ati3+MYqrQMUY=
-----END CERTIFICATE-----