Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/63ff81-6460-4c05-852d-262eb39bbe76/1/pSYXiKXGXABhmANIG0Y2vhGLRUA.roa
File:                     pSYXiKXGXABhmANIG0Y2vhGLRUA.roa (raw, json)
Hash identifier:          kjXcWabBcy+Nz9B+eKiIbdHIvrnXu/XwD/9ZftdegXw=
Subject key identifier:   A5:26:17:88:A5:C6:5C:00:61:98:03:48:1B:46:36:BE:11:8B:45:40
Certificate issuer:       /CN=435416b2282b4533c3509c18e957ce0c836bc837
Certificate serial:       019421B17D54899649C047AFEB79EB5E33A4
Authority key identifier: 43:54:16:B2:28:2B:45:33:C3:50:9C:18:E9:57:CE:0C:83:6B:C8:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q1QWsigrRTPDUJwY6VfODINryDc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/63ff81-6460-4c05-852d-262eb39bbe76/1/pSYXiKXGXABhmANIG0Y2vhGLRUA.roa
Signing time:             Wed 01 Jan 2025 11:47:47 +0000
ROA not before:           Wed 01 Jan 2025 11:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        95.175.68.0/22 maxlen: 22
                          95.175.72.0/22 maxlen: 22
                          95.175.76.0/22 maxlen: 22
                          195.66.218.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/63ff81-6460-4c05-852d-262eb39bbe76/1/Q1QWsigrRTPDUJwY6VfODINryDc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/63ff81-6460-4c05-852d-262eb39bbe76/1/Q1QWsigrRTPDUJwY6VfODINryDc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q1QWsigrRTPDUJwY6VfODINryDc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:7d:54:89:96:49:c0:47:af:eb:79:eb:5e:33:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=435416b2282b4533c3509c18e957ce0c836bc837
        Validity
            Not Before: Jan  1 11:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a5261788a5c65c00619803481b4636be118b4540
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:2d:ca:ce:08:9d:0f:62:54:27:1a:e8:fa:c7:
                    22:d6:2b:a9:6f:be:75:df:11:7d:b9:ce:5e:38:94:
                    6c:41:97:f9:06:0d:13:b6:c6:48:bc:dc:b5:11:01:
                    ae:9f:70:7e:be:9e:ab:79:a1:d0:d5:c9:d5:b2:ac:
                    1f:a0:d0:ff:2d:e7:c7:23:91:88:cb:b6:0c:7d:61:
                    ed:e9:d1:53:1a:ec:72:db:67:25:d3:92:96:11:90:
                    22:70:22:3d:7d:32:26:bd:a0:b3:82:0e:0c:49:2e:
                    41:a6:28:f7:3d:47:87:53:84:87:d5:01:f5:31:74:
                    ad:20:88:88:8b:8d:7e:31:46:0d:07:9b:c5:d4:22:
                    07:63:5d:2b:80:9e:ff:79:f7:d3:5e:30:c5:57:c2:
                    58:9c:89:7a:dc:a4:ca:cd:db:df:cc:d3:19:79:58:
                    f4:79:39:70:57:c4:a0:46:7b:01:63:d4:ee:38:a9:
                    71:50:b0:1f:8c:79:c7:d4:e4:8f:cc:f3:1e:bd:4e:
                    54:fe:30:2d:7c:35:fb:e9:d5:69:1b:b6:82:c3:c0:
                    22:98:af:a1:1a:6c:b9:2f:b0:a8:57:0b:7d:60:8a:
                    9a:ec:41:6b:5c:36:da:75:dc:c3:3f:a4:69:41:06:
                    ff:e8:8e:d8:8c:3a:84:37:86:a2:74:80:8a:a1:0e:
                    e1:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:26:17:88:A5:C6:5C:00:61:98:03:48:1B:46:36:BE:11:8B:45:40
            X509v3 Authority Key Identifier:
                keyid:43:54:16:B2:28:2B:45:33:C3:50:9C:18:E9:57:CE:0C:83:6B:C8:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q1QWsigrRTPDUJwY6VfODINryDc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/63ff81-6460-4c05-852d-262eb39bbe76/1/pSYXiKXGXABhmANIG0Y2vhGLRUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/63ff81-6460-4c05-852d-262eb39bbe76/1/Q1QWsigrRTPDUJwY6VfODINryDc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.175.68.0-95.175.79.255
                  195.66.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         49:6c:bf:41:ca:a5:76:43:8f:34:9c:b5:2c:3a:07:3e:69:34:
         41:49:f5:92:b8:08:30:79:95:0e:11:d4:3d:7b:2d:c6:22:0a:
         2b:49:fc:17:6c:02:cb:9e:24:09:26:24:e2:46:3b:3e:ad:dc:
         b0:08:2c:6f:6a:3e:04:8b:99:88:35:4e:fa:58:10:07:76:bf:
         bf:ee:1c:1b:12:08:01:6d:a9:f4:02:82:f1:c2:e9:72:45:87:
         d5:ef:e5:04:10:ce:cb:f9:2e:0a:f5:cf:6c:96:e5:f9:a7:69:
         53:b3:a0:ca:f2:db:32:1d:a7:2e:59:2a:29:82:d1:bc:87:23:
         69:1f:1e:99:b8:79:d4:59:31:19:64:2f:b0:21:26:59:88:8c:
         04:f8:1c:21:05:34:22:d4:a7:8a:93:aa:34:cf:67:2e:1f:60:
         24:3a:20:ff:a7:0b:54:65:05:bd:ed:17:fe:8b:58:a5:c5:69:
         e7:78:d9:24:e7:77:23:6f:27:c5:64:08:c7:d7:e9:ab:b4:6c:
         c9:41:0a:7c:fe:dd:b2:1a:f4:c8:ef:3d:27:e0:af:17:73:80:
         43:9c:b7:34:97:9a:d5:9b:6f:e1:98:3f:58:15:36:46:ba:c0:
         d7:ec:af:2e:c5:b7:76:24:38:fa:c8:b1:98:5e:a7:cd:a8:6a:
         82:11:50:0b
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQhsX1UiZZJwEev63nrXjOkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNTQxNmIyMjgyYjQ1MzNjMzUwOWMxOGU5NTdjZTBjODM2
YmM4MzcwHhcNMjUwMTAxMTE0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTI2MTc4OGE1YzY1YzAwNjE5ODAzNDgxYjQ2MzZiZTExOGI0NTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmS3KzgidD2JUJxro+sci1iupb751
3xF9uc5eOJRsQZf5Bg0TtsZIvNy1EQGun3B+vp6reaHQ1cnVsqwfoND/LefHI5GI
y7YMfWHt6dFTGuxy22cl05KWEZAicCI9fTImvaCzgg4MSS5Bpij3PUeHU4SH1QH1
MXStIIiIi41+MUYNB5vF1CIHY10rgJ7/effTXjDFV8JYnIl63KTKzdvfzNMZeVj0
eTlwV8SgRnsBY9TuOKlxULAfjHnH1OSPzPMevU5U/jAtfDX76dVpG7aCw8AimK+h
Gmy5L7CoVwt9YIqa7EFrXDbaddzDP6RpQQb/6I7YjDqEN4aidICKoQ7h4wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFKUmF4ilxlwAYZgDSBtGNr4Ri0VAMB8GA1UdIwQY
MBaAFENUFrIoK0Uzw1CcGOlXzgyDa8g3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTFRV3NpZ3JSVFBEVUp3WTZWZk9ESU5yeURjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy82M2ZmODEtNjQ2MC00YzA1LTg1MmQt
MjYyZWIzOWJiZTc2LzEvcFNZWGlLWEdYQUJobUFOSUcwWTJ2aEdMUlVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy82M2ZmODEtNjQ2MC00YzA1LTg1MmQtMjYyZWIzOWJiZTc2
LzEvUTFRV3NpZ3JSVFBEVUp3WTZWZk9ESU5yeURjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAJfr0QD
BARfr0ADBAHDQtowDQYJKoZIhvcNAQELBQADggEBAElsv0HKpXZDjzSctSw6Bz5p
NEFJ9ZK4CDB5lQ4R1D17LcYiCitJ/BdsAsueJAkmJOJGOz6t3LAILG9qPgSLmYg1
TvpYEAd2v7/uHBsSCAFtqfQCgvHC6XJFh9Xv5QQQzsv5Lgr1z2yW5fmnaVOzoMry
2zIdpy5ZKimC0byHI2kfHpm4edRZMRlkL7AhJlmIjAT4HCEFNCLUp4qTqjTPZy4f
YCQ6IP+nC1RlBb3tF/6LWKXFaed42STndyNvJ8VkCMfX6au0bMlBCnz+3bIa9Mjv
PSfgrxdzgEOctzSXmtWbb+GYP1gVNka6wNfsry7Ft3YkOPrIsZhep82oaoIRUAs=
-----END CERTIFICATE-----