Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/95jWS9jKpRrroELAnGEuEqeiVuk.roa
File:                     95jWS9jKpRrroELAnGEuEqeiVuk.roa (raw, json)
Hash identifier:          9oQPUKrBIIejm5soFm9BOrvY+R8e49uut81KixCREME=
Subject key identifier:   F7:98:D6:4B:D8:CA:A5:1A:EB:A0:42:C0:9C:61:2E:12:A7:A2:56:E9
Certificate issuer:       /CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
Certificate serial:       019472B36340AA9DD696CCEEC6B5160EC692
Authority key identifier: 30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/95jWS9jKpRrroELAnGEuEqeiVuk.roa
Signing time:             Fri 17 Jan 2025 05:19:06 +0000
ROA not before:           Fri 17 Jan 2025 05:19:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208635
IP address blocks:        195.53.68.0/24 maxlen: 24
                          195.53.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:72:b3:63:40:aa:9d:d6:96:cc:ee:c6:b5:16:0e:c6:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
        Validity
            Not Before: Jan 17 05:19:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f798d64bd8caa51aeba042c09c612e12a7a256e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:dd:1b:69:21:16:58:2e:12:69:e8:f9:69:4d:
                    51:40:fa:a5:a6:a7:e3:90:8a:1c:6a:34:a1:eb:90:
                    b7:69:5b:f9:37:e5:06:f8:19:e4:77:99:ed:70:e2:
                    87:ff:a2:a8:69:83:f9:13:25:2a:4c:f0:39:ef:ed:
                    0c:3e:7e:71:38:71:9f:2c:d8:dd:0f:2a:ff:4d:ee:
                    da:d9:fd:7b:fa:26:24:e7:f4:a8:88:d3:b8:ec:6d:
                    75:6e:59:3d:6a:26:6d:61:85:01:78:15:37:e0:4a:
                    af:7a:2e:80:48:83:c5:a5:5d:aa:4d:8e:72:70:7a:
                    ae:b2:0a:c5:7b:c7:20:27:b3:9a:ad:76:95:d8:5d:
                    f8:79:6f:bb:71:a5:7f:22:19:4a:34:f4:e6:26:c7:
                    4c:4a:2b:ee:38:87:ad:94:df:72:7f:4a:34:d0:b7:
                    60:1a:70:ed:32:fc:3f:f8:54:38:58:b6:0c:a3:0c:
                    fb:0e:b7:d2:b3:9e:67:4a:24:08:52:2b:18:5d:b9:
                    ec:af:49:34:41:9a:a8:e5:fb:3f:25:a9:50:06:71:
                    1b:47:f0:f5:cd:4f:94:13:50:5a:b0:3b:38:b2:8a:
                    0b:b3:5a:a5:3b:96:00:78:76:bb:ca:01:94:ae:3d:
                    09:50:b9:35:ab:ed:93:bb:3a:b8:fb:1c:03:26:c8:
                    d6:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:98:D6:4B:D8:CA:A5:1A:EB:A0:42:C0:9C:61:2E:12:A7:A2:56:E9
            X509v3 Authority Key Identifier:
                keyid:30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/95jWS9jKpRrroELAnGEuEqeiVuk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.53.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c0:ae:7a:dd:7c:88:dd:ef:96:1c:22:8d:a9:07:15:92:09:c0:
         0d:98:a2:07:be:32:6f:ca:c5:3e:ec:07:b9:d4:87:5a:da:2c:
         e4:5b:1b:38:93:fb:59:45:ad:8e:de:35:51:96:32:01:21:70:
         f8:ae:f8:cb:d2:d6:d9:4e:84:12:da:e6:ce:69:d7:d6:45:e3:
         0d:c3:7d:50:9d:5a:33:93:f5:88:56:d2:78:a8:92:57:e4:2e:
         e0:97:b0:37:c2:ca:b3:a7:79:4a:d9:2f:c6:fb:cd:ed:a9:c7:
         eb:bb:33:96:6e:85:e2:31:ac:f9:4a:e0:03:14:71:b2:11:63:
         90:3b:44:57:8c:97:24:34:03:ac:d6:03:2b:2c:d8:6b:d0:e3:
         1d:59:e6:7d:7b:d4:8a:43:67:9c:cf:f3:ce:8b:d4:ed:a0:b1:
         40:7d:94:8f:b0:89:cf:f4:a7:b1:03:dd:31:c2:63:e4:73:b6:
         97:a7:65:76:a4:29:66:1e:1d:16:f0:ca:0a:c7:51:a3:ac:d0:
         e2:3b:ba:ea:28:60:e3:64:a4:8f:7f:ed:50:dc:52:b3:fc:ce:
         07:80:a9:00:a8:56:36:69:94:77:72:82:7a:ba:ff:be:eb:a7:
         54:68:30:1f:15:31:65:61:08:55:25:12:e0:7d:56:a3:e7:6a:
         36:91:05:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRys2NAqp3WlszuxrUWDsaSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Y1ZmUyNzQwYTJiNmRlNGMzNzA5ZDI5NjQxMTViM2M5
NjdkYTEwHhcNMjUwMTE3MDUxOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzk4ZDY0YmQ4Y2FhNTFhZWJhMDQyYzA5YzYxMmUxMmE3YTI1NmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk90baSEWWC4Saej5aU1RQPqlpqfj
kIocajSh65C3aVv5N+UG+Bnkd5ntcOKH/6KoaYP5EyUqTPA57+0MPn5xOHGfLNjd
Dyr/Te7a2f17+iYk5/SoiNO47G11blk9aiZtYYUBeBU34Eqvei6ASIPFpV2qTY5y
cHqusgrFe8cgJ7OarXaV2F34eW+7caV/IhlKNPTmJsdMSivuOIetlN9yf0o00Ldg
GnDtMvw/+FQ4WLYMowz7DrfSs55nSiQIUisYXbnsr0k0QZqo5fs/JalQBnEbR/D1
zU+UE1BasDs4sooLs1qlO5YAeHa7ygGUrj0JULk1q+2Tuzq4+xwDJsjW5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPeY1kvYyqUa66BCwJxhLhKnolbpMB8GA1UdIwQY
MBaAFDB/X+J0Citt5MNwnSlkEVs8ln2hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQt
NGJhMmY4ZjFmODNiLzEvOTVqV1M5aktwUnJyb0VMQW5HRXVFcWVpVnVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQtNGJhMmY4ZjFmODNi
LzEvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwzVEMA0G
CSqGSIb3DQEBCwUAA4IBAQDArnrdfIjd75YcIo2pBxWSCcANmKIHvjJvysU+7Ae5
1Ida2izkWxs4k/tZRa2O3jVRljIBIXD4rvjL0tbZToQS2ubOadfWReMNw31QnVoz
k/WIVtJ4qJJX5C7gl7A3wsqzp3lK2S/G+83tqcfruzOWboXiMaz5SuADFHGyEWOQ
O0RXjJckNAOs1gMrLNhr0OMdWeZ9e9SKQ2ecz/POi9TtoLFAfZSPsInP9KexA90x
wmPkc7aXp2V2pClmHh0W8MoKx1GjrNDiO7rqKGDjZKSPf+1Q3FKz/M4HgKkAqFY2
aZR3coJ6uv++66dUaDAfFTFlYQhVJRLgfVaj52o2kQWY
-----END CERTIFICATE-----