Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/cG7_wfsakBmyctpOoPE_qHS49E4.roa
File:                     cG7_wfsakBmyctpOoPE_qHS49E4.roa (raw, json)
Hash identifier:          mSuDbhxIa4I4Ml2s2/BDm98rCr3yNT2h8gR1W7fngK4=
Subject key identifier:   70:6E:FF:C1:FB:1A:90:19:B2:72:DA:4E:A0:F1:3F:A8:74:B8:F4:4E
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       019421B1D51E7FCDDA7CD36B8869C6B5C3BA
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/cG7_wfsakBmyctpOoPE_qHS49E4.roa
Signing time:             Wed 01 Jan 2025 11:48:10 +0000
ROA not before:           Wed 01 Jan 2025 11:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201389
IP address blocks:        95.85.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:d5:1e:7f:cd:da:7c:d3:6b:88:69:c6:b5:c3:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan  1 11:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=706effc1fb1a9019b272da4ea0f13fa874b8f44e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:ad:64:fb:ff:57:a2:47:f1:0c:48:76:db:bb:
                    62:a5:98:10:aa:b0:5e:ef:25:59:15:74:ce:e8:2c:
                    a5:be:fa:52:05:3c:f9:8a:ae:4c:ec:3e:d7:86:63:
                    c7:06:7e:8d:6c:56:4f:12:aa:70:85:7a:17:ee:ff:
                    a5:88:11:b0:fc:cf:73:8a:9e:5b:f0:c6:68:36:83:
                    32:f6:f7:68:12:8d:7a:12:b0:ad:8c:b8:60:61:2f:
                    e6:85:16:45:49:a8:08:03:68:9b:6f:75:d4:6f:cb:
                    bc:38:3c:84:5d:d9:74:d0:d0:67:63:79:41:7a:a5:
                    a9:f9:b2:b2:d3:82:22:af:e8:8f:da:ef:db:a8:e6:
                    fb:65:df:14:dc:1e:fb:1e:02:59:9f:5f:5e:dc:25:
                    65:bc:57:9e:14:04:85:e2:b0:a7:fe:d5:90:ab:a1:
                    4c:d1:a7:2d:a8:13:27:5b:f7:a5:cf:53:27:a1:f0:
                    d4:2c:13:d1:dc:da:42:af:f3:97:62:45:61:1f:d3:
                    01:c6:88:28:59:aa:40:f2:c6:8a:84:03:f1:1b:ed:
                    0b:2f:d0:ad:8d:32:56:dc:4a:16:da:a9:33:f0:bc:
                    02:e3:6a:cc:1b:33:b9:e1:c7:9a:25:33:af:0d:1b:
                    cb:66:a6:11:c7:c2:73:6f:d2:91:30:a4:f2:d5:9b:
                    61:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:6E:FF:C1:FB:1A:90:19:B2:72:DA:4E:A0:F1:3F:A8:74:B8:F4:4E
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/cG7_wfsakBmyctpOoPE_qHS49E4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.85.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:4c:d7:77:77:2f:49:df:d3:c1:bf:0d:9b:f3:c2:7a:67:fc:
         94:6a:36:eb:f8:c2:2c:e6:5c:ad:ae:ad:00:aa:89:ae:d0:fb:
         97:e4:47:59:9f:b0:43:5a:f2:c5:83:5e:dc:ab:32:be:07:c7:
         93:2a:2c:8c:b3:e5:b5:23:bb:6c:0f:24:a8:60:f2:66:ae:91:
         eb:88:8e:c0:2c:a6:71:21:b3:27:20:56:35:59:98:42:29:ee:
         af:50:9c:5f:dd:3d:bb:ff:c4:f6:3b:1d:87:f2:93:1f:e8:31:
         9e:8c:ef:46:a8:ea:22:1d:fb:ab:bf:8f:a5:87:89:16:54:36:
         01:c4:7c:79:9b:60:76:77:ce:3a:59:96:64:06:f1:88:52:63:
         fa:c0:35:5d:0c:00:0d:04:78:4b:3b:52:23:77:cc:03:9c:f3:
         b3:c7:ed:7b:b9:8f:fc:39:cc:ab:9f:91:c8:92:4c:fd:01:c3:
         96:75:44:d5:3b:1d:54:63:22:82:b4:51:90:ba:31:4e:79:b7:
         92:38:75:44:4f:af:77:04:4c:a6:c7:04:44:c9:09:7c:33:6e:
         71:bb:67:23:2a:0a:a2:14:e8:2f:d1:3c:da:b8:7b:78:a6:25:
         9c:91:e4:79:99:ae:c4:72:7f:b4:2f:71:3f:6b:b6:0c:1e:39:
         aa:6a:2e:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsdUef83afNNriGnGtcO6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjUwMTAxMTE0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDZlZmZjMWZiMWE5MDE5YjI3MmRhNGVhMGYxM2ZhODc0YjhmNDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0K1k+/9XokfxDEh227tipZgQqrBe
7yVZFXTO6CylvvpSBTz5iq5M7D7XhmPHBn6NbFZPEqpwhXoX7v+liBGw/M9zip5b
8MZoNoMy9vdoEo16ErCtjLhgYS/mhRZFSagIA2ibb3XUb8u8ODyEXdl00NBnY3lB
eqWp+bKy04Iir+iP2u/bqOb7Zd8U3B77HgJZn19e3CVlvFeeFASF4rCn/tWQq6FM
0actqBMnW/elz1MnofDULBPR3NpCr/OXYkVhH9MBxogoWapA8saKhAPxG+0LL9Ct
jTJW3EoW2qkz8LwC42rMGzO54ceaJTOvDRvLZqYRx8Jzb9KRMKTy1ZthpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHBu/8H7GpAZsnLaTqDxP6h0uPROMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvY0c3X3dmc2FrQm15Y3RwT29QRV9xSFM0OUU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX1VVMA0G
CSqGSIb3DQEBCwUAA4IBAQAATNd3dy9J39PBvw2b88J6Z/yUajbr+MIs5lytrq0A
qomu0PuX5EdZn7BDWvLFg17cqzK+B8eTKiyMs+W1I7tsDySoYPJmrpHriI7ALKZx
IbMnIFY1WZhCKe6vUJxf3T27/8T2Ox2H8pMf6DGejO9GqOoiHfurv4+lh4kWVDYB
xHx5m2B2d846WZZkBvGIUmP6wDVdDAANBHhLO1Ijd8wDnPOzx+17uY/8Ocyrn5HI
kkz9AcOWdUTVOx1UYyKCtFGQujFOebeSOHVET693BEymxwREyQl8M25xu2cjKgqi
FOgv0TzauHt4piWckeR5ma7Ecn+0L3E/a7YMHjmqai6W
-----END CERTIFICATE-----