Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/eac86b-6e91-4bbe-a203-67ac97118cac/1/7kBeMxQr55u4jzjtTCDEYGM6EEQ.roa
File:                     7kBeMxQr55u4jzjtTCDEYGM6EEQ.roa (raw, json)
Hash identifier:          3w7GhztTuWSS7ow4ABWJ4t+Vqt8iLOefb3FlbZATOr8=
Subject key identifier:   EE:40:5E:33:14:2B:E7:9B:B8:8F:38:ED:4C:20:C4:60:63:3A:10:44
Certificate issuer:       /CN=d8b92af44b79fc0acf64103eb5fb337a91eecd9a
Certificate serial:       01941F8C0491EB83D5252E02016E9FE3FDF9
Authority key identifier: D8:B9:2A:F4:4B:79:FC:0A:CF:64:10:3E:B5:FB:33:7A:91:EE:CD:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2Lkq9Et5_ArPZBA-tfszepHuzZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/eac86b-6e91-4bbe-a203-67ac97118cac/1/7kBeMxQr55u4jzjtTCDEYGM6EEQ.roa
Signing time:             Wed 01 Jan 2025 01:47:37 +0000
ROA not before:           Wed 01 Jan 2025 01:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3303
IP address blocks:        195.95.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/eac86b-6e91-4bbe-a203-67ac97118cac/1/2Lkq9Et5_ArPZBA-tfszepHuzZo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/eac86b-6e91-4bbe-a203-67ac97118cac/1/2Lkq9Et5_ArPZBA-tfszepHuzZo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2Lkq9Et5_ArPZBA-tfszepHuzZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:04:91:eb:83:d5:25:2e:02:01:6e:9f:e3:fd:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8b92af44b79fc0acf64103eb5fb337a91eecd9a
        Validity
            Not Before: Jan  1 01:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee405e33142be79bb88f38ed4c20c460633a1044
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:80:fe:ff:e4:79:4c:83:ee:6e:6b:b2:03:10:
                    35:7c:5b:e0:6f:c1:64:1c:df:40:56:76:18:fe:29:
                    8a:13:7f:42:eb:73:2e:20:1e:43:47:2d:fa:98:ea:
                    f6:b7:8a:15:1b:1f:bf:21:64:fa:8c:67:7c:61:1c:
                    16:30:fd:54:d3:a1:13:e2:b5:dc:3d:19:3f:dc:58:
                    c8:fe:80:ab:72:ba:6b:10:cf:b7:32:7b:2a:3c:27:
                    19:8d:e6:72:a8:24:b2:04:59:2a:e2:12:8b:0d:5b:
                    8b:21:64:f0:3d:57:6b:27:15:91:e8:9e:ca:4e:6b:
                    14:15:fe:29:bc:4b:d5:34:ba:24:df:15:3e:02:63:
                    1b:66:4b:fa:68:d5:fe:15:22:d2:3c:64:4b:2c:41:
                    72:7b:61:4a:ec:2a:0b:de:7d:cf:f6:4f:ac:12:6b:
                    7f:f4:8e:f6:45:6f:09:33:0c:ca:86:95:1b:ad:60:
                    08:08:70:45:05:ef:54:d4:83:2b:53:7d:70:57:28:
                    49:fd:3d:42:a9:f3:b0:1a:34:e1:c8:ca:ef:32:fa:
                    80:7b:dc:d8:b2:8d:94:d5:a7:a9:89:28:5b:c3:8f:
                    68:50:b4:a0:b9:12:fc:3b:21:11:bd:d8:4c:07:a7:
                    2c:c1:47:8a:bb:84:04:f0:2e:f3:b4:c9:16:bb:92:
                    ce:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:40:5E:33:14:2B:E7:9B:B8:8F:38:ED:4C:20:C4:60:63:3A:10:44
            X509v3 Authority Key Identifier:
                keyid:D8:B9:2A:F4:4B:79:FC:0A:CF:64:10:3E:B5:FB:33:7A:91:EE:CD:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2Lkq9Et5_ArPZBA-tfszepHuzZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/eac86b-6e91-4bbe-a203-67ac97118cac/1/7kBeMxQr55u4jzjtTCDEYGM6EEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/eac86b-6e91-4bbe-a203-67ac97118cac/1/2Lkq9Et5_ArPZBA-tfszepHuzZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:70:9b:2a:26:92:bf:57:77:d6:96:18:e3:34:bd:0c:ab:63:
         17:e5:fd:9b:9c:fe:1d:57:58:d1:39:04:10:6e:e0:97:81:0b:
         8c:9c:5c:7f:eb:cc:28:38:ea:92:92:02:07:18:9e:c2:53:86:
         0d:16:6a:1b:5f:2b:8a:e6:61:af:6e:2b:8a:9c:a4:a3:b6:a6:
         b6:42:12:7f:a3:a3:91:db:ea:6c:fb:48:a0:d7:81:7a:74:bf:
         e0:9c:8d:8e:95:58:a2:23:c4:f4:25:b0:0f:c3:31:8e:5f:96:
         b2:43:1f:ff:29:d2:fa:f0:50:3d:f7:bc:31:5a:18:37:86:ca:
         16:63:0c:a8:47:60:9a:7d:08:30:d6:a0:ad:10:eb:78:f0:9a:
         21:1c:47:23:45:04:f6:ca:c8:a8:f5:e4:3a:87:70:71:24:09:
         56:01:94:b1:dc:b8:85:b7:bb:5b:92:40:46:a8:e6:82:38:2b:
         14:66:4f:26:24:3d:f8:ad:d3:1d:28:cd:75:f4:db:3c:be:65:
         da:c4:02:66:2c:1b:74:06:bf:aa:2d:91:5b:c9:bb:84:25:d1:
         7b:ae:72:3f:e3:18:62:c8:b2:5c:40:0b:28:c9:2e:8a:32:37:
         b2:38:17:82:8f:23:e3:67:14:2c:87:40:9f:1b:b3:81:79:d0:
         0a:d1:c1:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjASR64PVJS4CAW6f4/35MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4YjkyYWY0NGI3OWZjMGFjZjY0MTAzZWI1ZmIzMzdhOTFl
ZWNkOWEwHhcNMjUwMTAxMDE0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTQwNWUzMzE0MmJlNzliYjg4ZjM4ZWQ0YzIwYzQ2MDYzM2ExMDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApID+/+R5TIPubmuyAxA1fFvgb8Fk
HN9AVnYY/imKE39C63MuIB5DRy36mOr2t4oVGx+/IWT6jGd8YRwWMP1U06ET4rXc
PRk/3FjI/oCrcrprEM+3MnsqPCcZjeZyqCSyBFkq4hKLDVuLIWTwPVdrJxWR6J7K
TmsUFf4pvEvVNLok3xU+AmMbZkv6aNX+FSLSPGRLLEFye2FK7CoL3n3P9k+sEmt/
9I72RW8JMwzKhpUbrWAICHBFBe9U1IMrU31wVyhJ/T1CqfOwGjThyMrvMvqAe9zY
so2U1aepiShbw49oULSguRL8OyERvdhMB6cswUeKu4QE8C7ztMkWu5LOwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO5AXjMUK+ebuI847UwgxGBjOhBEMB8GA1UdIwQY
MBaAFNi5KvRLefwKz2QQPrX7M3qR7s2aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkxrcTlFdDVfQXJQWkJBLXRmc3plcEh1elpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9lYWM4NmItNmU5MS00YmJlLWEyMDMt
NjdhYzk3MTE4Y2FjLzEvN2tCZU14UXI1NXU0anpqdFRDREVZR002RUVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9lYWM4NmItNmU5MS00YmJlLWEyMDMtNjdhYzk3MTE4Y2Fj
LzEvMkxrcTlFdDVfQXJQWkJBLXRmc3plcEh1elpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1+UMA0G
CSqGSIb3DQEBCwUAA4IBAQBWcJsqJpK/V3fWlhjjNL0Mq2MX5f2bnP4dV1jROQQQ
buCXgQuMnFx/68woOOqSkgIHGJ7CU4YNFmobXyuK5mGvbiuKnKSjtqa2QhJ/o6OR
2+ps+0ig14F6dL/gnI2OlViiI8T0JbAPwzGOX5ayQx//KdL68FA997wxWhg3hsoW
YwyoR2CafQgw1qCtEOt48JohHEcjRQT2ysio9eQ6h3BxJAlWAZSx3LiFt7tbkkBG
qOaCOCsUZk8mJD34rdMdKM119Ns8vmXaxAJmLBt0Br+qLZFbybuEJdF7rnI/4xhi
yLJcQAsoyS6KMjeyOBeCjyPjZxQsh0CfG7OBedAK0cG0
-----END CERTIFICATE-----