Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/9398b0-2fbb-4bd3-b9bc-1e89f9695d1b/1/khPPmPdFt5NSW2cXj9IsrNyyMNA.roa
File:                     khPPmPdFt5NSW2cXj9IsrNyyMNA.roa (raw, json)
Hash identifier:          YSUlml94r6G6gJB4NeI+X3NQi5Phdn1YlU4xpfbkY7I=
Subject key identifier:   92:13:CF:98:F7:45:B7:93:52:5B:67:17:8F:D2:2C:AC:DC:B2:30:D0
Certificate issuer:       /CN=54041941b1450d6b95b58ca3f077ce208dfdfb4b
Certificate serial:       019427B54CC22167B2801ECE01F8F29FE0A5
Authority key identifier: 54:04:19:41:B1:45:0D:6B:95:B5:8C:A3:F0:77:CE:20:8D:FD:FB:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VAQZQbFFDWuVtYyj8HfOII39-0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/9398b0-2fbb-4bd3-b9bc-1e89f9695d1b/1/khPPmPdFt5NSW2cXj9IsrNyyMNA.roa
Signing time:             Thu 02 Jan 2025 15:49:40 +0000
ROA not before:           Thu 02 Jan 2025 15:49:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3356
IP address blocks:        195.20.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/9398b0-2fbb-4bd3-b9bc-1e89f9695d1b/1/VAQZQbFFDWuVtYyj8HfOII39-0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/9398b0-2fbb-4bd3-b9bc-1e89f9695d1b/1/VAQZQbFFDWuVtYyj8HfOII39-0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VAQZQbFFDWuVtYyj8HfOII39-0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:4c:c2:21:67:b2:80:1e:ce:01:f8:f2:9f:e0:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54041941b1450d6b95b58ca3f077ce208dfdfb4b
        Validity
            Not Before: Jan  2 15:49:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9213cf98f745b793525b67178fd22cacdcb230d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:be:a7:35:22:65:9f:18:9a:47:98:5d:6e:df:
                    54:9f:6e:86:58:00:10:a7:f5:04:d6:8b:54:f0:86:
                    44:5b:93:cf:5f:93:48:b8:25:0f:04:6b:33:06:49:
                    96:de:45:3a:54:54:bb:de:a1:99:75:51:31:d1:60:
                    9e:6d:4d:df:ad:67:c3:bf:e2:73:9f:e2:51:7a:d2:
                    01:51:90:c9:95:5f:08:3a:a8:97:3a:35:91:66:a9:
                    97:96:22:bf:2f:77:36:d4:22:0b:e5:bd:89:8f:16:
                    d7:fe:e1:f7:8e:af:00:4d:ad:58:03:90:57:d5:a8:
                    c5:5b:40:9c:3c:79:91:44:48:8b:93:50:46:c6:20:
                    c8:94:e0:e5:fb:b0:6a:d0:ac:53:ea:5f:4f:74:27:
                    ce:f1:33:89:e5:68:de:69:68:79:d2:74:63:40:bd:
                    73:f6:ec:95:c8:d0:f3:23:85:08:ac:5e:2f:db:0b:
                    bb:fe:f5:ef:5b:b5:c9:a9:05:31:53:c8:64:9d:46:
                    65:55:2d:9b:c6:da:00:5a:83:76:5b:77:1e:25:37:
                    8a:fd:78:6c:f1:85:5a:b2:7f:ec:e8:50:2e:fd:ea:
                    85:28:bc:12:ad:67:a7:20:c7:2d:c2:1c:e7:24:f1:
                    8e:e2:53:1d:d9:42:59:77:2f:cb:c2:0f:50:04:b0:
                    9d:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:13:CF:98:F7:45:B7:93:52:5B:67:17:8F:D2:2C:AC:DC:B2:30:D0
            X509v3 Authority Key Identifier:
                keyid:54:04:19:41:B1:45:0D:6B:95:B5:8C:A3:F0:77:CE:20:8D:FD:FB:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VAQZQbFFDWuVtYyj8HfOII39-0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/9398b0-2fbb-4bd3-b9bc-1e89f9695d1b/1/khPPmPdFt5NSW2cXj9IsrNyyMNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/9398b0-2fbb-4bd3-b9bc-1e89f9695d1b/1/VAQZQbFFDWuVtYyj8HfOII39-0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.20.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:42:67:32:34:26:5a:60:a4:d3:2e:8a:09:5d:99:17:e9:83:
         7a:d2:c4:29:68:53:1f:bf:6f:2e:47:f0:ba:0a:b7:3d:17:7c:
         60:22:8f:fc:ef:50:7b:00:8f:a6:df:92:91:00:22:d5:0e:54:
         fc:f1:f0:64:a9:13:8a:20:70:eb:f3:e9:35:67:e2:e4:e7:91:
         58:cd:1b:af:f4:fa:6c:0e:fa:a5:8b:96:5f:de:65:d6:7b:1f:
         e9:07:ea:0d:57:15:77:3f:0a:21:83:5f:f1:b1:a7:15:0e:5a:
         ac:79:0a:46:02:71:da:f0:6a:8b:0c:8d:7a:13:f0:1b:9b:46:
         06:a0:66:42:28:bf:e8:9a:3f:83:a8:c8:0c:ae:d5:68:7b:5c:
         1e:40:15:a6:e0:90:b9:cb:b0:b9:e9:9f:23:15:91:4d:95:f9:
         88:e2:79:aa:81:93:47:2b:7b:24:8c:85:c3:ba:ad:4c:4c:8f:
         bf:7e:ba:6b:c1:c4:0d:69:2f:f0:66:ba:cd:5b:d4:25:f8:b1:
         2a:d4:e4:8d:6b:64:69:05:63:8d:1d:b0:e5:29:42:62:ab:de:
         48:2f:9f:10:51:94:28:9f:01:c0:b4:18:80:0b:f6:f8:81:50:
         7b:58:8f:9b:5b:2b:70:11:af:d2:d7:7d:40:10:fa:84:98:c0:
         8e:91:96:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntUzCIWeygB7OAfjyn+ClMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MDQxOTQxYjE0NTBkNmI5NWI1OGNhM2YwNzdjZTIwOGRm
ZGZiNGIwHhcNMjUwMTAyMTU0OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjEzY2Y5OGY3NDViNzkzNTI1YjY3MTc4ZmQyMmNhY2RjYjIzMGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi76nNSJlnxiaR5hdbt9Un26GWAAQ
p/UE1otU8IZEW5PPX5NIuCUPBGszBkmW3kU6VFS73qGZdVEx0WCebU3frWfDv+Jz
n+JRetIBUZDJlV8IOqiXOjWRZqmXliK/L3c21CIL5b2JjxbX/uH3jq8ATa1YA5BX
1ajFW0CcPHmRREiLk1BGxiDIlODl+7Bq0KxT6l9PdCfO8TOJ5WjeaWh50nRjQL1z
9uyVyNDzI4UIrF4v2wu7/vXvW7XJqQUxU8hknUZlVS2bxtoAWoN2W3ceJTeK/Xhs
8YVasn/s6FAu/eqFKLwSrWenIMctwhznJPGO4lMd2UJZdy/Lwg9QBLCd2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJITz5j3RbeTUltnF4/SLKzcsjDQMB8GA1UdIwQY
MBaAFFQEGUGxRQ1rlbWMo/B3ziCN/ftLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkFRWlFiRkZEV3VWdFl5ajhIZk9JSTM5LTBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi85Mzk4YjAtMmZiYi00YmQzLWI5YmMt
MWU4OWY5Njk1ZDFiLzEva2hQUG1QZEZ0NU5TVzJjWGo5SXNyTnl5TU5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi85Mzk4YjAtMmZiYi00YmQzLWI5YmMtMWU4OWY5Njk1ZDFi
LzEvVkFRWlFiRkZEV3VWdFl5ajhIZk9JSTM5LTBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxRzMA0G
CSqGSIb3DQEBCwUAA4IBAQAYQmcyNCZaYKTTLooJXZkX6YN60sQpaFMfv28uR/C6
Crc9F3xgIo/871B7AI+m35KRACLVDlT88fBkqROKIHDr8+k1Z+Lk55FYzRuv9Pps
Dvqli5Zf3mXWex/pB+oNVxV3Pwohg1/xsacVDlqseQpGAnHa8GqLDI16E/Abm0YG
oGZCKL/omj+DqMgMrtVoe1weQBWm4JC5y7C56Z8jFZFNlfmI4nmqgZNHK3skjIXD
uq1MTI+/frprwcQNaS/wZrrNW9Ql+LEq1OSNa2RpBWONHbDlKUJiq95IL58QUZQo
nwHAtBiAC/b4gVB7WI+bWytwEa/S131AEPqEmMCOkZYR
-----END CERTIFICATE-----