Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/_o5Rss_yDpUxcYGzV8srSXNGTS4.roa
File:                     _o5Rss_yDpUxcYGzV8srSXNGTS4.roa (raw, json)
Hash identifier:          Rj5BhOkZq/neBI9iU70OSCs459uioPZ0m7nXb8mO0Lk=
Subject key identifier:   FE:8E:51:B2:CF:F2:0E:95:31:71:81:B3:57:CB:2B:49:73:46:4D:2E
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       01970DD64278254DCB23F396845D1CD2D1C4
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/_o5Rss_yDpUxcYGzV8srSXNGTS4.roa
Signing time:             Mon 26 May 2025 18:23:54 +0000
ROA not before:           Mon 26 May 2025 18:23:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43991
IP address blocks:        95.215.57.0/24 maxlen: 24
                          193.19.190.0/24 maxlen: 24
                          193.187.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0d:d6:42:78:25:4d:cb:23:f3:96:84:5d:1c:d2:d1:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: May 26 18:23:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fe8e51b2cff20e95317181b357cb2b4973464d2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:c0:83:a2:72:69:f9:8e:8a:5c:90:23:f9:74:
                    6b:13:3b:f7:5b:08:90:f3:97:92:e7:02:9d:3a:78:
                    2f:bb:ff:2f:98:c7:7b:60:d5:56:4d:66:b5:bf:0a:
                    6f:ef:05:95:23:e7:f3:44:e4:f5:2b:5b:9e:c8:d2:
                    17:48:e8:2d:bf:04:f7:8e:04:33:20:fd:e4:d7:03:
                    d5:bd:2d:16:09:7c:b4:d6:fc:10:3b:a0:48:0f:c4:
                    4b:74:6d:cd:f9:af:51:db:89:eb:f7:6c:3b:27:b7:
                    40:56:f6:0a:2d:d2:0f:cb:ee:20:f4:8d:15:2b:62:
                    a6:f2:c1:65:f5:c8:51:0f:fc:1f:bb:12:b7:85:3a:
                    dc:d0:f4:e6:4a:9f:87:d8:3a:9b:3b:2f:44:0e:18:
                    03:84:a2:b3:b4:fa:53:77:8e:9b:39:a2:13:c0:1f:
                    c8:f3:b4:a7:17:6d:79:2f:cd:66:45:18:6a:d6:a8:
                    11:50:35:fe:6b:41:91:e2:eb:58:c0:51:aa:21:c7:
                    f7:55:eb:34:06:97:8c:a1:bd:37:08:e2:e9:9e:1b:
                    d6:a8:e0:d9:2e:af:fe:e2:a3:17:3a:b3:35:dc:2f:
                    a8:6f:7d:f4:c9:bc:59:85:6b:8d:1a:43:f6:a1:c6:
                    bd:48:ca:43:55:43:94:a9:47:10:25:e8:3c:f0:74:
                    05:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:8E:51:B2:CF:F2:0E:95:31:71:81:B3:57:CB:2B:49:73:46:4D:2E
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/_o5Rss_yDpUxcYGzV8srSXNGTS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.215.57.0/24
                  193.19.190.0/24
                  193.187.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:12:72:6f:cb:95:f7:4e:04:d5:ed:05:56:b7:03:b6:62:d7:
         78:3c:1d:02:bd:b7:26:4a:28:8d:62:ee:fb:83:15:33:51:d7:
         fd:0e:7a:44:fb:b1:32:15:31:cd:df:39:ea:88:02:c4:22:55:
         43:54:4b:2c:53:95:80:31:2e:13:d9:6b:32:bb:bb:59:26:78:
         21:dd:7d:5b:92:49:f3:ae:e9:19:26:e8:d9:5c:6a:c1:d4:13:
         fd:4c:b8:2f:57:5a:85:44:ba:e2:d4:ce:ac:85:93:2e:48:39:
         ff:a9:b0:6b:a3:bf:f2:36:0a:cd:34:e0:00:84:73:4a:f4:4c:
         17:e2:ce:a2:60:4a:97:ad:0f:b9:4d:82:8a:d0:b3:b3:41:3a:
         3c:2d:87:11:97:85:e3:4e:2b:dd:b5:3d:01:f9:65:ea:ea:0d:
         73:18:e3:71:e6:9b:4f:aa:70:d1:92:54:3f:51:53:17:06:89:
         53:cd:90:d9:39:a2:8d:bd:e6:ea:c0:f4:ce:67:f7:0a:7f:51:
         63:ff:1d:4a:00:ae:d1:f2:00:32:e1:ab:41:4b:ca:15:ad:83:
         f9:3e:a6:bb:43:4e:fc:a3:55:45:47:e4:25:7b:3a:8e:dc:87:
         38:9b:5a:6d:59:ae:0d:ea:79:ca:64:bc:9b:94:ad:ec:79:48:
         d2:b3:b2:8f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZcN1kJ4JU3LI/OWhF0c0tHEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwNTI2MTgyMzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZThlNTFiMmNmZjIwZTk1MzE3MTgxYjM1N2NiMmI0OTczNDY0ZDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAycCDonJp+Y6KXJAj+XRrEzv3WwiQ
85eS5wKdOngvu/8vmMd7YNVWTWa1vwpv7wWVI+fzROT1K1ueyNIXSOgtvwT3jgQz
IP3k1wPVvS0WCXy01vwQO6BID8RLdG3N+a9R24nr92w7J7dAVvYKLdIPy+4g9I0V
K2Km8sFl9chRD/wfuxK3hTrc0PTmSp+H2DqbOy9EDhgDhKKztPpTd46bOaITwB/I
87SnF215L81mRRhq1qgRUDX+a0GR4utYwFGqIcf3Ves0BpeMob03COLpnhvWqODZ
Lq/+4qMXOrM13C+ob330ybxZhWuNGkP2oca9SMpDVUOUqUcQJeg88HQFSwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFP6OUbLP8g6VMXGBs1fLK0lzRk0uMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvX281UnNzX3lEcFV4Y1lHelY4c3JTWE5HVFM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAX9c5AwQA
wRO+AwQAwbtrMA0GCSqGSIb3DQEBCwUAA4IBAQAiEnJvy5X3TgTV7QVWtwO2Ytd4
PB0CvbcmSiiNYu77gxUzUdf9DnpE+7EyFTHN3znqiALEIlVDVEssU5WAMS4T2Wsy
u7tZJngh3X1bkknzrukZJujZXGrB1BP9TLgvV1qFRLri1M6shZMuSDn/qbBro7/y
NgrNNOAAhHNK9EwX4s6iYEqXrQ+5TYKK0LOzQTo8LYcRl4XjTivdtT0B+WXq6g1z
GONx5ptPqnDRklQ/UVMXBolTzZDZOaKNvebqwPTOZ/cKf1Fj/x1KAK7R8gAy4atB
S8oVrYP5Pqa7Q078o1VFR+QlezqO3Ic4m1ptWa4N6nnKZLyblK3seUjSs7KP
-----END CERTIFICATE-----