Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/9SjejDTjZj0BtNF2Kp675mfLhag.roa
File:                     9SjejDTjZj0BtNF2Kp675mfLhag.roa (raw, json)
Hash identifier:          RSM260xjwGf3+M4q8hzyY6CZ3UIIUis4qXJ8wDFcbHo=
Subject key identifier:   F5:28:DE:8C:34:E3:66:3D:01:B4:D1:76:2A:9E:BB:E6:67:CB:85:A8
Certificate issuer:       /CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
Certificate serial:       01961089370FB86DCD8ECE2575FE15A6FE87
Authority key identifier: 2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/9SjejDTjZj0BtNF2Kp675mfLhag.roa
Signing time:             Mon 07 Apr 2025 13:55:49 +0000
ROA not before:           Mon 07 Apr 2025 13:55:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212384
IP address blocks:        195.95.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:10:89:37:0f:b8:6d:cd:8e:ce:25:75:fe:15:a6:fe:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e82963ff1aa70ab10d1d33e86b1d6d494d6ce51
        Validity
            Not Before: Apr  7 13:55:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f528de8c34e3663d01b4d1762a9ebbe667cb85a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:48:54:b1:c8:08:41:80:d1:fa:9d:01:a8:37:
                    e0:04:3f:b1:da:8e:6a:0f:f4:c4:9b:ff:b7:57:88:
                    b6:8d:74:e0:bf:b5:4c:01:16:b7:64:18:6e:15:bd:
                    02:c2:6d:a1:a0:1c:d6:5d:16:25:5e:f6:72:88:58:
                    4e:df:d8:b9:77:53:1f:c2:d6:30:52:41:07:c9:ca:
                    db:66:2e:8e:e7:5c:cb:f7:63:d1:e9:95:6f:d9:99:
                    7b:95:0d:26:53:18:a7:89:93:08:99:07:e5:c3:fb:
                    a2:df:c3:6f:19:37:3b:e9:e2:98:9b:01:7b:a2:db:
                    51:8c:88:f8:9a:12:06:53:f5:f4:2c:54:78:71:b8:
                    d4:7d:2b:08:ef:2e:b2:53:56:52:31:7d:6e:a2:6d:
                    b4:b1:6c:b9:9a:ed:09:ad:28:91:21:e3:43:af:dd:
                    c7:19:2c:ec:5b:32:00:f5:a3:d4:6b:7e:90:56:82:
                    af:b1:23:8e:99:14:7a:e6:2d:cc:34:a1:fa:a7:82:
                    c5:8a:18:ae:d7:f2:0d:8c:61:b4:20:b7:9c:08:88:
                    ca:33:8d:61:17:a0:6e:57:f7:b2:0a:32:51:7f:0a:
                    d3:88:5a:6e:90:0b:9e:bf:04:f2:f6:44:a5:88:dc:
                    9b:39:a2:11:13:7f:9e:47:ee:e1:32:1e:25:8c:48:
                    05:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:28:DE:8C:34:E3:66:3D:01:B4:D1:76:2A:9E:BB:E6:67:CB:85:A8
            X509v3 Authority Key Identifier:
                keyid:2E:82:96:3F:F1:AA:70:AB:10:D1:D3:3E:86:B1:D6:D4:94:D6:CE:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/9SjejDTjZj0BtNF2Kp675mfLhag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/957c68-6f27-40ed-abed-df64f0e82360/1/LoKWP_GqcKsQ0dM-hrHW1JTWzlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:6e:0c:c6:c7:1b:7a:ab:23:88:62:69:d8:ba:6f:a0:f9:19:
         d0:45:7f:2c:f3:6e:80:c1:44:cd:f5:31:6e:ba:a3:ec:27:1c:
         d3:72:b3:e9:a9:fd:6b:32:0f:d3:79:d5:99:92:86:bf:e0:8f:
         36:8a:78:9f:8a:a9:a5:71:a3:a0:b4:8b:74:b6:38:d9:81:f7:
         c3:fa:8d:6a:36:e8:e5:b0:93:3a:43:ac:aa:23:b1:9f:f4:c5:
         6e:0e:8a:e6:60:12:f8:1b:68:88:1b:8e:d3:67:6a:bf:21:2a:
         fc:e8:dc:95:35:32:3a:1d:16:22:b1:db:09:b5:cc:75:9c:d0:
         55:ef:b8:a9:2d:08:13:da:7b:d0:67:9f:d4:cc:d9:ba:c4:22:
         0f:8d:21:44:83:0f:a4:52:eb:16:c4:4b:5b:86:66:72:a4:a1:
         51:87:a2:5b:c7:92:5e:dc:53:c1:2a:64:a7:b0:74:53:d2:ea:
         96:db:d9:e3:c5:19:0f:f5:bb:2f:d2:82:80:97:39:20:c1:39:
         eb:74:91:e1:1a:29:ba:4e:e0:d7:7a:d9:e7:f5:dd:6d:14:2f:
         56:2d:2b:b4:9a:08:85:a5:0c:34:e4:59:c8:fc:dc:31:3a:fc:
         a7:32:6e:8e:34:d0:7e:0a:27:7e:35:e8:f7:ac:7d:5f:c5:31:
         fe:c8:fc:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYQiTcPuG3Njs4ldf4Vpv6HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODI5NjNmZjFhYTcwYWIxMGQxZDMzZTg2YjFkNmQ0OTRk
NmNlNTEwHhcNMjUwNDA3MTM1NTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTI4ZGU4YzM0ZTM2NjNkMDFiNGQxNzYyYTllYmJlNjY3Y2I4NWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0hUscgIQYDR+p0BqDfgBD+x2o5q
D/TEm/+3V4i2jXTgv7VMARa3ZBhuFb0Cwm2hoBzWXRYlXvZyiFhO39i5d1MfwtYw
UkEHycrbZi6O51zL92PR6ZVv2Zl7lQ0mUxiniZMImQflw/ui38NvGTc76eKYmwF7
ottRjIj4mhIGU/X0LFR4cbjUfSsI7y6yU1ZSMX1uom20sWy5mu0JrSiRIeNDr93H
GSzsWzIA9aPUa36QVoKvsSOOmRR65i3MNKH6p4LFihiu1/INjGG0ILecCIjKM41h
F6BuV/eyCjJRfwrTiFpukAuevwTy9kSliNybOaIRE3+eR+7hMh4ljEgFXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPUo3ow042Y9AbTRdiqeu+Zny4WoMB8GA1UdIwQY
MBaAFC6Clj/xqnCrENHTPoax1tSU1s5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQt
ZGY2NGYwZTgyMzYwLzEvOVNqZWpEVGpaajBCdE5GMktwNjc1bWZMaGFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85NTdjNjgtNmYyNy00MGVkLWFiZWQtZGY2NGYwZTgyMzYw
LzEvTG9LV1BfR3FjS3NRMGRNLWhySFcxSlRXemxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1/NMA0G
CSqGSIb3DQEBCwUAA4IBAQChbgzGxxt6qyOIYmnYum+g+RnQRX8s826AwUTN9TFu
uqPsJxzTcrPpqf1rMg/TedWZkoa/4I82inifiqmlcaOgtIt0tjjZgffD+o1qNujl
sJM6Q6yqI7Gf9MVuDormYBL4G2iIG47TZ2q/ISr86NyVNTI6HRYisdsJtcx1nNBV
77ipLQgT2nvQZ5/UzNm6xCIPjSFEgw+kUusWxEtbhmZypKFRh6Jbx5Je3FPBKmSn
sHRT0uqW29njxRkP9bsv0oKAlzkgwTnrdJHhGim6TuDXetnn9d1tFC9WLSu0mgiF
pQw05FnI/NwxOvynMm6ONNB+Cid+Nej3rH1fxTH+yPxO
-----END CERTIFICATE-----