Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/796f8c-bdb7-441f-bdbb-03541d231574/1/eBTbPsjV8Iac9Fj-9vOQH-ERQ2w.roa
File:                     eBTbPsjV8Iac9Fj-9vOQH-ERQ2w.roa (raw, json)
Hash identifier:          iez1H7XNs3tkU5sUoydCWQiAyCLsYR+kgbtLIrffu48=
Subject key identifier:   78:14:DB:3E:C8:D5:F0:86:9C:F4:58:FE:F6:F3:90:1F:E1:11:43:6C
Certificate issuer:       /CN=680e20ccfb2d5898c2162900d1468070a7024956
Certificate serial:       01941F8C4DD32E769C2F9BAD952468257A56
Authority key identifier: 68:0E:20:CC:FB:2D:58:98:C2:16:29:00:D1:46:80:70:A7:02:49:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aA4gzPstWJjCFikA0UaAcKcCSVY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/796f8c-bdb7-441f-bdbb-03541d231574/1/eBTbPsjV8Iac9Fj-9vOQH-ERQ2w.roa
Signing time:             Wed 01 Jan 2025 01:47:56 +0000
ROA not before:           Wed 01 Jan 2025 01:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25459
IP address blocks:        185.95.44.0/22 maxlen: 22
                          2a01:4520::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/796f8c-bdb7-441f-bdbb-03541d231574/1/aA4gzPstWJjCFikA0UaAcKcCSVY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/796f8c-bdb7-441f-bdbb-03541d231574/1/aA4gzPstWJjCFikA0UaAcKcCSVY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aA4gzPstWJjCFikA0UaAcKcCSVY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:4d:d3:2e:76:9c:2f:9b:ad:95:24:68:25:7a:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=680e20ccfb2d5898c2162900d1468070a7024956
        Validity
            Not Before: Jan  1 01:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7814db3ec8d5f0869cf458fef6f3901fe111436c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:09:f3:4c:e2:0a:cc:b7:65:ff:62:04:21:22:
                    3d:0f:bb:40:0a:6c:f6:f7:05:0a:67:37:77:57:03:
                    c2:20:b8:33:32:12:1e:b5:4b:e9:ef:83:55:29:a1:
                    aa:98:4f:c6:45:79:16:43:48:ca:ac:7d:d3:87:07:
                    c2:cf:0d:8e:c3:b8:fd:b0:35:68:5f:4b:3e:bd:a4:
                    3d:97:2d:7b:c7:b9:ae:c8:53:b1:5f:a1:ff:8b:35:
                    1a:1a:c2:58:86:ef:65:d5:51:d7:67:2f:b6:e0:06:
                    f0:3c:e0:70:73:a5:56:23:fa:a9:fc:f8:79:fa:0f:
                    fa:03:fc:7e:e6:45:e2:f1:40:56:74:35:2c:93:67:
                    1b:1c:57:bb:ef:41:c0:c8:1b:d1:ad:7f:5d:b9:2c:
                    d3:73:79:e3:c4:c3:39:51:a5:c2:84:6b:20:ab:2a:
                    23:ad:7d:83:91:6f:8d:e1:e4:a2:52:c4:55:26:da:
                    cb:b3:32:85:6d:fe:fa:85:92:3a:5a:87:11:8c:e4:
                    53:0a:35:2c:4a:6f:d0:ea:2e:e6:00:42:d9:41:41:
                    24:6b:c4:a1:ea:03:69:ab:c8:94:6f:f1:44:9f:af:
                    fe:30:bd:ae:fa:19:ec:c9:4a:bf:8b:84:e7:c0:06:
                    75:a3:16:ec:bc:2b:10:05:a5:40:95:75:f2:36:17:
                    16:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:14:DB:3E:C8:D5:F0:86:9C:F4:58:FE:F6:F3:90:1F:E1:11:43:6C
            X509v3 Authority Key Identifier:
                keyid:68:0E:20:CC:FB:2D:58:98:C2:16:29:00:D1:46:80:70:A7:02:49:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aA4gzPstWJjCFikA0UaAcKcCSVY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/796f8c-bdb7-441f-bdbb-03541d231574/1/eBTbPsjV8Iac9Fj-9vOQH-ERQ2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/796f8c-bdb7-441f-bdbb-03541d231574/1/aA4gzPstWJjCFikA0UaAcKcCSVY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.95.44.0/22
                IPv6:
                  2a01:4520::/32

    Signature Algorithm: sha256WithRSAEncryption
         76:ca:06:ae:5f:6a:a4:a6:93:9d:75:49:a1:d4:ec:ce:a3:cb:
         b2:62:16:1d:62:44:61:87:99:47:27:b2:38:96:e8:e6:be:99:
         5c:82:c0:33:1a:c7:5c:29:d6:6b:df:32:8d:a7:2e:92:02:22:
         b4:cd:4f:6b:a5:ae:a8:ce:9f:97:36:23:b5:0b:96:08:b7:c2:
         7a:20:e7:b4:00:82:f9:b5:f6:61:e6:7a:ad:f4:19:1a:f1:db:
         6f:d1:90:12:91:42:dd:a1:06:6b:6c:8d:61:fc:ea:2b:b3:86:
         23:52:e2:11:1a:13:37:54:3d:a8:d8:51:4a:6e:32:2b:d7:f7:
         1c:5a:06:7c:01:95:ee:4b:2a:69:fc:73:26:ab:ac:49:84:e1:
         bb:95:ca:90:ee:43:98:a3:ca:d6:b0:22:b9:ae:2b:15:1d:93:
         e9:11:7e:3a:09:0f:88:58:45:39:bb:9a:81:c1:9b:fd:ce:1a:
         54:62:54:83:25:f1:4d:b2:43:00:b7:a7:18:7f:65:a2:1f:43:
         2b:cf:7c:e2:8d:cd:fd:b6:d4:fc:24:a6:b5:f1:de:bb:5c:b3:
         4d:b5:99:62:99:1c:f8:27:67:7c:bd:7d:92:ca:26:62:60:31:
         94:65:44:76:48:69:ec:87:7c:f9:c6:36:64:2e:ae:8a:29:ce:
         a6:18:3a:f8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQfjE3TLnacL5utlSRoJXpWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MGUyMGNjZmIyZDU4OThjMjE2MjkwMGQxNDY4MDcwYTcw
MjQ5NTYwHhcNMjUwMTAxMDE0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODE0ZGIzZWM4ZDVmMDg2OWNmNDU4ZmVmNmYzOTAxZmUxMTE0MzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQnzTOIKzLdl/2IEISI9D7tACmz2
9wUKZzd3VwPCILgzMhIetUvp74NVKaGqmE/GRXkWQ0jKrH3ThwfCzw2Ow7j9sDVo
X0s+vaQ9ly17x7muyFOxX6H/izUaGsJYhu9l1VHXZy+24AbwPOBwc6VWI/qp/Ph5
+g/6A/x+5kXi8UBWdDUsk2cbHFe770HAyBvRrX9duSzTc3njxMM5UaXChGsgqyoj
rX2DkW+N4eSiUsRVJtrLszKFbf76hZI6WocRjORTCjUsSm/Q6i7mAELZQUEka8Sh
6gNpq8iUb/FEn6/+ML2u+hnsyUq/i4TnwAZ1oxbsvCsQBaVAlXXyNhcWSQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHgU2z7I1fCGnPRY/vbzkB/hEUNsMB8GA1UdIwQY
MBaAFGgOIMz7LViYwhYpANFGgHCnAklWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUE0Z3pQc3RXSmpDRmlrQTBVYUFjS2NDU1ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny83OTZmOGMtYmRiNy00NDFmLWJkYmIt
MDM1NDFkMjMxNTc0LzEvZUJUYlBzalY4SWFjOUZqLTl2T1FILUVSUTJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny83OTZmOGMtYmRiNy00NDFmLWJkYmItMDM1NDFkMjMxNTc0
LzEvYUE0Z3pQc3RXSmpDRmlrQTBVYUFjS2NDU1ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuV8sMA0E
AgACMAcDBQAqAUUgMA0GCSqGSIb3DQEBCwUAA4IBAQB2ygauX2qkppOddUmh1OzO
o8uyYhYdYkRhh5lHJ7I4lujmvplcgsAzGsdcKdZr3zKNpy6SAiK0zU9rpa6ozp+X
NiO1C5YIt8J6IOe0AIL5tfZh5nqt9Bka8dtv0ZASkULdoQZrbI1h/Oors4YjUuIR
GhM3VD2o2FFKbjIr1/ccWgZ8AZXuSypp/HMmq6xJhOG7lcqQ7kOYo8rWsCK5risV
HZPpEX46CQ+IWEU5u5qBwZv9zhpUYlSDJfFNskMAt6cYf2WiH0Mrz3zijc39ttT8
JKa18d67XLNNtZlimRz4J2d8vX2SyiZiYDGUZUR2SGnsh3z5xjZkLq6KKc6mGDr4
-----END CERTIFICATE-----