Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/qiq4lHzWMEzrZSdOazDM-vLTXbw.roa
File:                     qiq4lHzWMEzrZSdOazDM-vLTXbw.roa (raw, json)
Hash identifier:          xlyv2U2zn5kmXMwTOObtgWC0+eOvTyqFjN2rhysl2z8=
Subject key identifier:   AA:2A:B8:94:7C:D6:30:4C:EB:65:27:4E:6B:30:CC:FA:F2:D3:5D:BC
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       0195FAE81A34CCB815F8311741D4AB6CBF50
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/qiq4lHzWMEzrZSdOazDM-vLTXbw.roa
Signing time:             Thu 03 Apr 2025 09:07:49 +0000
ROA not before:           Thu 03 Apr 2025 09:07:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33842
IP address blocks:        95.181.212.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:fa:e8:1a:34:cc:b8:15:f8:31:17:41:d4:ab:6c:bf:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Apr  3 09:07:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa2ab8947cd6304ceb65274e6b30ccfaf2d35dbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:fd:50:9d:17:3c:15:56:5e:82:65:d8:41:4f:
                    fb:3e:61:2d:8b:db:b8:35:ec:fe:14:45:3c:a7:7c:
                    65:89:8f:f5:e9:8a:52:60:8a:60:9e:71:c1:de:29:
                    88:82:e8:dd:d6:b2:6b:57:94:c7:24:61:36:22:0d:
                    7a:6c:63:c9:9d:21:04:c4:32:e7:a8:de:2b:02:20:
                    87:03:08:73:49:3d:14:42:ce:f5:30:1b:e8:0a:d5:
                    a8:c4:9b:ed:74:4b:f6:ea:0e:33:99:03:a9:19:b6:
                    41:ec:41:b5:6a:b6:f7:ec:92:1a:0f:06:c6:45:3c:
                    e0:24:4c:97:7b:29:26:b1:83:10:1c:93:a8:72:61:
                    86:c1:6b:cb:00:25:a7:46:6f:05:e2:fd:da:f2:4c:
                    4a:1e:0a:f4:88:a0:8e:b7:80:84:6a:d3:34:c7:12:
                    7a:93:bd:9e:60:38:ea:69:d7:bf:2f:2b:00:9a:3a:
                    ae:1c:d7:c4:ac:f8:6c:7e:81:35:a0:4a:3e:8a:a8:
                    48:58:bf:b3:b3:2b:8c:3f:d9:3c:dc:83:72:f0:5b:
                    d1:85:5e:1e:81:93:26:5e:1d:ef:22:72:e8:56:24:
                    31:4c:49:2e:ae:09:e2:0b:93:83:7b:27:82:17:36:
                    45:89:ae:4e:9d:86:58:56:7d:73:02:29:57:9c:9c:
                    ec:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:2A:B8:94:7C:D6:30:4C:EB:65:27:4E:6B:30:CC:FA:F2:D3:5D:BC
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/qiq4lHzWMEzrZSdOazDM-vLTXbw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.181.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6f:9e:9a:80:11:66:00:1a:28:2d:e3:36:78:b8:34:f0:ef:b5:
         4d:ef:b2:16:28:b3:d9:88:b0:ff:f5:ca:51:52:c9:10:b1:7e:
         6a:df:aa:33:27:83:92:d2:c2:29:f4:9f:33:8c:1e:37:a5:c3:
         99:c6:c7:b0:2f:06:99:e6:28:2f:ae:99:0e:bb:cf:b5:bd:8e:
         61:10:58:aa:35:09:8d:8b:ba:7e:f3:37:fe:d8:e9:ee:64:17:
         6b:86:f3:87:14:eb:80:ce:7a:e5:0b:88:15:32:50:b2:52:2e:
         ec:b5:a6:34:8d:97:0d:28:1e:c1:58:eb:c9:ae:b2:62:76:e4:
         b2:48:c9:f2:b9:25:d0:b7:c1:55:78:d4:d9:63:e6:b6:eb:87:
         9a:4c:c0:fe:da:85:49:c0:01:e8:8e:09:f4:52:ac:8c:4a:b4:
         97:fc:85:f0:b0:a8:d2:bd:b0:5d:af:1d:75:a7:61:d7:88:1c:
         e6:00:73:af:4d:4c:3f:50:96:36:fc:ab:1e:f1:e7:9e:fe:a3:
         6d:37:c1:ad:7b:36:40:17:b0:be:f3:05:f6:42:a1:84:68:f7:
         b5:3d:c8:1a:d2:39:80:f9:85:bc:46:e0:4b:f3:1b:53:06:9f:
         29:d4:fd:cd:65:30:63:5d:63:cb:14:7b:a7:26:ee:e0:4b:53:
         37:55:34:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZX66Bo0zLgV+DEXQdSrbL9QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjUwNDAzMDkwNzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTJhYjg5NDdjZDYzMDRjZWI2NTI3NGU2YjMwY2NmYWYyZDM1ZGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/1QnRc8FVZegmXYQU/7PmEti9u4
Nez+FEU8p3xliY/16YpSYIpgnnHB3imIgujd1rJrV5THJGE2Ig16bGPJnSEExDLn
qN4rAiCHAwhzST0UQs71MBvoCtWoxJvtdEv26g4zmQOpGbZB7EG1arb37JIaDwbG
RTzgJEyXeykmsYMQHJOocmGGwWvLACWnRm8F4v3a8kxKHgr0iKCOt4CEatM0xxJ6
k72eYDjqade/LysAmjquHNfErPhsfoE1oEo+iqhIWL+zsyuMP9k83INy8FvRhV4e
gZMmXh3vInLoViQxTEkurgniC5ODeyeCFzZFia5OnYZYVn1zAilXnJzsyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKoquJR81jBM62UnTmswzPry0128MB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvcWlxNGxIeldNRXpyWlNkT2F6RE0tdkxUWGJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBX7XUMA0G
CSqGSIb3DQEBCwUAA4IBAQBvnpqAEWYAGigt4zZ4uDTw77VN77IWKLPZiLD/9cpR
UskQsX5q36ozJ4OS0sIp9J8zjB43pcOZxsewLwaZ5igvrpkOu8+1vY5hEFiqNQmN
i7p+8zf+2OnuZBdrhvOHFOuAznrlC4gVMlCyUi7staY0jZcNKB7BWOvJrrJiduSy
SMnyuSXQt8FVeNTZY+a264eaTMD+2oVJwAHojgn0UqyMSrSX/IXwsKjSvbBdrx11
p2HXiBzmAHOvTUw/UJY2/Kse8eee/qNtN8GtezZAF7C+8wX2QqGEaPe1Pcga0jmA
+YW8RuBL8xtTBp8p1P3NZTBjXWPLFHunJu7gS1M3VTQM
-----END CERTIFICATE-----