Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/316c8f-5e36-471f-9555-f6297a77a37b/1/jypSqMvt2NprsB0DoEFG-cYXk3g.roa
File:                     jypSqMvt2NprsB0DoEFG-cYXk3g.roa (raw, json)
Hash identifier:          20GE86V+BpBjF8cWsWZrxYRlzb0k0GNnTKWyu1nZsto=
Subject key identifier:   8F:2A:52:A8:CB:ED:D8:DA:6B:B0:1D:03:A0:41:46:F9:C6:17:93:78
Certificate issuer:       /CN=6ddd8f1e38c91f5b17c3d1a7234e49c9c70dc324
Certificate serial:       01942144333DEAEAB1B8347F7EC841D85E6D
Authority key identifier: 6D:DD:8F:1E:38:C9:1F:5B:17:C3:D1:A7:23:4E:49:C9:C7:0D:C3:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bd2PHjjJH1sXw9GnI05JyccNwyQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/316c8f-5e36-471f-9555-f6297a77a37b/1/jypSqMvt2NprsB0DoEFG-cYXk3g.roa
Signing time:             Wed 01 Jan 2025 09:48:25 +0000
ROA not before:           Wed 01 Jan 2025 09:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198455
IP address blocks:        95.128.24.0/21 maxlen: 24
                          2001:87f::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/316c8f-5e36-471f-9555-f6297a77a37b/1/bd2PHjjJH1sXw9GnI05JyccNwyQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/316c8f-5e36-471f-9555-f6297a77a37b/1/bd2PHjjJH1sXw9GnI05JyccNwyQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bd2PHjjJH1sXw9GnI05JyccNwyQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:33:3d:ea:ea:b1:b8:34:7f:7e:c8:41:d8:5e:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddd8f1e38c91f5b17c3d1a7234e49c9c70dc324
        Validity
            Not Before: Jan  1 09:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f2a52a8cbedd8da6bb01d03a04146f9c6179378
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:47:82:7b:09:42:6f:e1:e4:31:19:e5:51:21:
                    df:a4:14:02:f8:f2:92:e8:9a:c2:25:72:ba:f5:3f:
                    99:14:31:78:2d:db:dd:a7:ef:50:01:a7:ec:5d:88:
                    81:da:c8:eb:9a:87:aa:97:8b:58:0f:73:f0:6a:2c:
                    1a:dd:4e:ac:93:92:31:ef:51:64:91:54:bb:5f:f4:
                    bf:3f:a5:06:0f:1e:b1:e1:43:35:39:94:d8:6a:9c:
                    58:e1:94:64:6f:eb:ad:7c:05:d1:87:85:3f:a9:eb:
                    a6:60:dd:48:50:60:20:f7:35:d0:33:ff:5d:a0:47:
                    66:2c:a4:39:01:03:bc:15:d9:e7:a2:1e:61:71:2f:
                    90:9b:4e:e6:cd:0b:c8:6f:af:36:5d:b5:c1:60:89:
                    8f:df:ee:bb:b4:d7:34:c1:8e:a5:50:7d:a7:40:3b:
                    9c:15:68:e4:c0:0d:8b:54:fa:93:8f:65:f3:05:21:
                    7f:f2:c5:ad:70:f9:8d:46:a7:f3:57:6c:84:59:e6:
                    89:d4:d3:1f:b3:08:71:02:79:35:c9:c2:d6:81:4f:
                    11:79:8d:31:c7:94:c0:b6:4f:bf:06:00:6e:b4:d9:
                    70:40:70:4d:85:f2:6c:98:cf:94:b1:ca:c4:50:20:
                    07:00:44:70:c2:17:f9:06:35:95:77:b8:5c:5e:db:
                    ea:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:2A:52:A8:CB:ED:D8:DA:6B:B0:1D:03:A0:41:46:F9:C6:17:93:78
            X509v3 Authority Key Identifier:
                keyid:6D:DD:8F:1E:38:C9:1F:5B:17:C3:D1:A7:23:4E:49:C9:C7:0D:C3:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd2PHjjJH1sXw9GnI05JyccNwyQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/316c8f-5e36-471f-9555-f6297a77a37b/1/jypSqMvt2NprsB0DoEFG-cYXk3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/316c8f-5e36-471f-9555-f6297a77a37b/1/bd2PHjjJH1sXw9GnI05JyccNwyQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.24.0/21
                IPv6:
                  2001:87f::/32

    Signature Algorithm: sha256WithRSAEncryption
         08:c3:81:45:ba:79:b4:c3:2e:ef:9f:21:67:b0:e6:14:2d:bc:
         71:cb:36:d7:b8:62:07:8a:dc:49:80:f0:00:f1:27:74:42:4d:
         42:0e:f7:ba:ec:a5:48:8d:b4:6a:4e:e0:0f:fe:3b:33:4b:d3:
         0f:2b:b1:31:29:d3:88:da:d2:7c:ab:be:69:10:de:5b:cb:09:
         7c:6a:48:d5:f1:81:79:26:02:3b:07:1d:4d:6b:6a:59:88:20:
         58:f7:ee:81:c5:61:c2:63:95:13:9e:42:9b:e5:38:70:21:85:
         26:89:7b:4f:fa:08:b4:63:ea:9f:c8:56:2f:ef:26:cd:fe:58:
         da:01:6c:5b:e7:57:0c:8e:74:45:7a:87:2f:59:b0:b2:66:f7:
         a1:55:84:ae:4e:ce:44:1f:f9:06:95:66:75:cc:48:6e:c2:34:
         2d:2d:83:59:19:2a:17:14:a1:4d:0f:21:17:c0:e7:dc:94:c4:
         72:6a:2e:23:ee:0a:2d:cb:2c:08:d9:a6:52:c5:7d:b7:45:49:
         82:87:78:b1:7d:30:a5:e0:d8:24:8f:7b:3c:4b:ec:c9:ee:46:
         8c:28:10:89:75:0c:2d:09:69:b6:d0:cd:40:68:b1:09:02:ae:
         48:17:5a:98:3f:97:ee:f4:28:5c:95:ec:5a:fc:33:45:dc:42:
         ef:2c:ab:0d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhRDM96uqxuDR/fshB2F5tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGQ4ZjFlMzhjOTFmNWIxN2MzZDFhNzIzNGU0OWM5Yzcw
ZGMzMjQwHhcNMjUwMTAxMDk0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjJhNTJhOGNiZWRkOGRhNmJiMDFkMDNhMDQxNDZmOWM2MTc5Mzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0eCewlCb+HkMRnlUSHfpBQC+PKS
6JrCJXK69T+ZFDF4Ldvdp+9QAafsXYiB2sjrmoeql4tYD3Pwaiwa3U6sk5Ix71Fk
kVS7X/S/P6UGDx6x4UM1OZTYapxY4ZRkb+utfAXRh4U/qeumYN1IUGAg9zXQM/9d
oEdmLKQ5AQO8Fdnnoh5hcS+Qm07mzQvIb682XbXBYImP3+67tNc0wY6lUH2nQDuc
FWjkwA2LVPqTj2XzBSF/8sWtcPmNRqfzV2yEWeaJ1NMfswhxAnk1ycLWgU8ReY0x
x5TAtk+/BgButNlwQHBNhfJsmM+UscrEUCAHAERwwhf5BjWVd7hcXtvqwQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFI8qUqjL7djaa7AdA6BBRvnGF5N4MB8GA1UdIwQY
MBaAFG3djx44yR9bF8PRpyNOScnHDcMkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmQyUEhqakpIMXNYdzlHbkkwNUp5Y2NOd3lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8zMTZjOGYtNWUzNi00NzFmLTk1NTUt
ZjYyOTdhNzdhMzdiLzEvanlwU3FNdnQyTnByc0IwRG9FRkctY1lYazNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8zMTZjOGYtNWUzNi00NzFmLTk1NTUtZjYyOTdhNzdhMzdi
LzEvYmQyUEhqakpIMXNYdzlHbkkwNUp5Y2NOd3lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDX4AYMA0E
AgACMAcDBQAgAQh/MA0GCSqGSIb3DQEBCwUAA4IBAQAIw4FFunm0wy7vnyFnsOYU
LbxxyzbXuGIHitxJgPAA8Sd0Qk1CDve67KVIjbRqTuAP/jszS9MPK7ExKdOI2tJ8
q75pEN5bywl8akjV8YF5JgI7Bx1Na2pZiCBY9+6BxWHCY5UTnkKb5ThwIYUmiXtP
+gi0Y+qfyFYv7ybN/ljaAWxb51cMjnRFeocvWbCyZvehVYSuTs5EH/kGlWZ1zEhu
wjQtLYNZGSoXFKFNDyEXwOfclMRyai4j7gotyywI2aZSxX23RUmCh3ixfTCl4Ngk
j3s8S+zJ7kaMKBCJdQwtCWm20M1AaLEJAq5IF1qYP5fu9Chclexa/DNF3ELvLKsN
-----END CERTIFICATE-----