Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/9ba940-0078-4fd0-afde-537a2b0b4dda/1/aFtgicTtP5TQ2xvmPhZkgfQfMmE.roa
File:                     aFtgicTtP5TQ2xvmPhZkgfQfMmE.roa (raw, json)
Hash identifier:          XOi5YDN2Wfonsac/Qx8Uho2A7mZbabtT5+5wbH9JkHA=
Subject key identifier:   68:5B:60:89:C4:ED:3F:94:D0:DB:1B:E6:3E:16:64:81:F4:1F:32:61
Certificate issuer:       /CN=e1e8f41f6b02b93f85d1a7b48b48cfa322f088f8
Certificate serial:       01954D5DAD99314ED5BC5C07AB765CFFF148
Authority key identifier: E1:E8:F4:1F:6B:02:B9:3F:85:D1:A7:B4:8B:48:CF:A3:22:F0:88:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4ej0H2sCuT-F0ae0i0jPoyLwiPg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/9ba940-0078-4fd0-afde-537a2b0b4dda/1/aFtgicTtP5TQ2xvmPhZkgfQfMmE.roa
Signing time:             Fri 28 Feb 2025 16:22:19 +0000
ROA not before:           Fri 28 Feb 2025 16:22:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62214
IP address blocks:        195.90.98.0/24 maxlen: 24
                          195.90.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/9ba940-0078-4fd0-afde-537a2b0b4dda/1/4ej0H2sCuT-F0ae0i0jPoyLwiPg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/9ba940-0078-4fd0-afde-537a2b0b4dda/1/4ej0H2sCuT-F0ae0i0jPoyLwiPg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4ej0H2sCuT-F0ae0i0jPoyLwiPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 22:02:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:4d:5d:ad:99:31:4e:d5:bc:5c:07:ab:76:5c:ff:f1:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1e8f41f6b02b93f85d1a7b48b48cfa322f088f8
        Validity
            Not Before: Feb 28 16:22:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=685b6089c4ed3f94d0db1be63e166481f41f3261
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:f4:61:27:bd:d9:92:80:46:3d:17:b0:7f:ac:
                    2d:86:21:a4:46:68:24:99:4a:dc:79:e6:0d:98:82:
                    16:7e:84:02:8c:db:c7:53:cd:f0:4f:02:e7:ed:e6:
                    87:81:7c:18:9d:92:d1:f6:61:65:b3:db:15:6d:50:
                    5d:a6:88:85:f5:ac:5e:8f:2f:7b:d9:5e:df:cb:bd:
                    f7:05:42:b0:2e:36:4c:f9:56:7c:eb:52:3e:6e:da:
                    53:79:2d:9b:a6:6d:be:1c:ad:ad:2c:1e:13:a8:ba:
                    2e:f7:11:ca:99:ad:59:f4:bd:0b:36:8d:1b:db:ec:
                    77:94:b3:8d:a4:fb:d0:c8:06:1e:e2:d7:2b:fc:05:
                    2b:17:d8:e5:67:2b:1c:3e:92:b7:09:12:3a:dd:ce:
                    16:58:ac:a1:21:0d:65:44:85:02:ab:1b:49:1b:66:
                    37:68:8b:69:2e:3c:72:20:46:fc:21:05:48:e2:e2:
                    ce:e7:42:7e:3d:3f:b4:ab:40:a5:39:f9:8e:44:b4:
                    d6:31:3d:e3:11:87:81:e9:e5:6c:99:bc:70:c4:bb:
                    15:b8:78:3b:0e:c5:3c:a9:99:71:f3:b9:c2:c9:20:
                    c8:93:66:7d:0c:85:30:74:95:b5:37:d5:da:db:c1:
                    8a:f0:bd:24:21:c9:52:70:3f:dc:ed:44:0d:31:79:
                    91:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:5B:60:89:C4:ED:3F:94:D0:DB:1B:E6:3E:16:64:81:F4:1F:32:61
            X509v3 Authority Key Identifier:
                keyid:E1:E8:F4:1F:6B:02:B9:3F:85:D1:A7:B4:8B:48:CF:A3:22:F0:88:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4ej0H2sCuT-F0ae0i0jPoyLwiPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9ba940-0078-4fd0-afde-537a2b0b4dda/1/aFtgicTtP5TQ2xvmPhZkgfQfMmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9ba940-0078-4fd0-afde-537a2b0b4dda/1/4ej0H2sCuT-F0ae0i0jPoyLwiPg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.90.98.0/24
                  195.90.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:0f:d7:23:74:c1:30:49:66:01:1c:21:6c:bc:90:53:34:b3:
         78:ab:97:d2:b9:d9:25:2a:66:95:dc:4a:d6:ba:de:88:ee:5f:
         40:1c:10:d8:9a:c7:42:77:fb:d7:b1:72:8e:42:88:14:cd:55:
         bb:f7:8d:82:98:7b:a5:ca:8a:fb:3c:57:63:c0:70:99:40:2f:
         22:7d:5e:ae:3c:cd:2e:58:d7:aa:66:c5:76:e6:39:f7:90:76:
         53:96:ef:2f:21:36:a1:cc:24:a0:4a:36:e7:8d:d2:bd:f0:11:
         18:cb:53:ec:5c:fd:42:ae:ab:15:74:08:ee:65:f2:bf:d2:19:
         e1:2e:cc:57:a6:eb:14:c8:ed:d9:97:72:6d:84:25:2a:71:6c:
         cd:8c:f7:7d:fa:1f:1b:49:bc:46:0b:0a:b9:1e:86:d5:c2:b0:
         99:1a:c9:55:11:0b:ec:5c:0a:52:b2:b3:13:05:52:0d:ff:f4:
         68:98:e3:2e:e2:d1:fc:2e:ae:95:c7:c7:8a:7d:5f:38:5a:ed:
         24:17:5d:43:58:43:9a:16:69:19:4c:c8:0c:55:ce:be:72:f0:
         7a:47:5c:30:ac:32:da:b3:32:1e:b4:2d:99:62:3e:ed:fd:44:
         77:e0:0c:5e:a8:af:a6:4e:b4:7e:33:fd:6b:9b:e7:b6:06:46:
         b1:fc:bb:95
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZVNXa2ZMU7VvFwHq3Zc//FIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZThmNDFmNmIwMmI5M2Y4NWQxYTdiNDhiNDhjZmEzMjJm
MDg4ZjgwHhcNMjUwMjI4MTYyMjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODViNjA4OWM0ZWQzZjk0ZDBkYjFiZTYzZTE2NjQ4MWY0MWYzMjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvRhJ73ZkoBGPRewf6wthiGkRmgk
mUrceeYNmIIWfoQCjNvHU83wTwLn7eaHgXwYnZLR9mFls9sVbVBdpoiF9axejy97
2V7fy733BUKwLjZM+VZ861I+btpTeS2bpm2+HK2tLB4TqLou9xHKma1Z9L0LNo0b
2+x3lLONpPvQyAYe4tcr/AUrF9jlZyscPpK3CRI63c4WWKyhIQ1lRIUCqxtJG2Y3
aItpLjxyIEb8IQVI4uLO50J+PT+0q0ClOfmORLTWMT3jEYeB6eVsmbxwxLsVuHg7
DsU8qZlx87nCySDIk2Z9DIUwdJW1N9Xa28GK8L0kIclScD/c7UQNMXmRywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGhbYInE7T+U0Nsb5j4WZIH0HzJhMB8GA1UdIwQY
MBaAFOHo9B9rArk/hdGntItIz6Mi8Ij4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGVqMEgyc0N1VC1GMGFlMGkwalBveUx3aVBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS85YmE5NDAtMDA3OC00ZmQwLWFmZGUt
NTM3YTJiMGI0ZGRhLzEvYUZ0Z2ljVHRQNVRRMnh2bVBoWmtnZlFmTW1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS85YmE5NDAtMDA3OC00ZmQwLWFmZGUtNTM3YTJiMGI0ZGRh
LzEvNGVqMEgyc0N1VC1GMGFlMGkwalBveUx3aVBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw1piAwQA
w1pzMA0GCSqGSIb3DQEBCwUAA4IBAQDBD9cjdMEwSWYBHCFsvJBTNLN4q5fSudkl
KmaV3ErWut6I7l9AHBDYmsdCd/vXsXKOQogUzVW7942CmHulyor7PFdjwHCZQC8i
fV6uPM0uWNeqZsV25jn3kHZTlu8vITahzCSgSjbnjdK98BEYy1PsXP1CrqsVdAju
ZfK/0hnhLsxXpusUyO3Zl3JthCUqcWzNjPd9+h8bSbxGCwq5HobVwrCZGslVEQvs
XApSsrMTBVIN//RomOMu4tH8Lq6Vx8eKfV84Wu0kF11DWEOaFmkZTMgMVc6+cvB6
R1wwrDLaszIetC2ZYj7t/UR34AxeqK+mTrR+M/1rm+e2Bkax/LuV
-----END CERTIFICATE-----