Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/4c3160-de12-4929-a483-7c65a852f092/1/9T6vBYcsoKUn-R9cdzldyxGgHWM.roa
File:                     9T6vBYcsoKUn-R9cdzldyxGgHWM.roa (raw, json)
Hash identifier:          0ZHVPooYjEnANwVNoXwkqmIvZvnTskWkej+YHMUhiEI=
Subject key identifier:   F5:3E:AF:05:87:2C:A0:A5:27:F9:1F:5C:77:39:5D:CB:11:A0:1D:63
Certificate issuer:       /CN=d38cd9440552e7dab9cd5631d4ab872451535b7a
Certificate serial:       01970D334AE890A7BDFF0F5534E4455FA764
Authority key identifier: D3:8C:D9:44:05:52:E7:DA:B9:CD:56:31:D4:AB:87:24:51:53:5B:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/04zZRAVS59q5zVYx1KuHJFFTW3o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/4c3160-de12-4929-a483-7c65a852f092/1/9T6vBYcsoKUn-R9cdzldyxGgHWM.roa
Signing time:             Mon 26 May 2025 15:25:54 +0000
ROA not before:           Mon 26 May 2025 15:25:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43641
IP address blocks:        95.128.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/4c3160-de12-4929-a483-7c65a852f092/1/04zZRAVS59q5zVYx1KuHJFFTW3o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/4c3160-de12-4929-a483-7c65a852f092/1/04zZRAVS59q5zVYx1KuHJFFTW3o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/04zZRAVS59q5zVYx1KuHJFFTW3o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 00:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0d:33:4a:e8:90:a7:bd:ff:0f:55:34:e4:45:5f:a7:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d38cd9440552e7dab9cd5631d4ab872451535b7a
        Validity
            Not Before: May 26 15:25:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f53eaf05872ca0a527f91f5c77395dcb11a01d63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:ca:89:b6:94:33:65:3b:73:ef:5d:aa:3e:62:
                    99:df:f9:1d:42:41:fb:72:b9:6a:73:6d:4c:b6:ec:
                    5c:ce:1b:49:b6:4c:23:d4:fc:16:ea:76:db:24:25:
                    60:bd:05:98:cf:c9:e9:13:b2:81:87:df:ea:a3:cf:
                    07:22:eb:5c:9f:17:ad:96:3a:99:8a:3d:e4:2b:41:
                    94:6b:58:7f:1d:98:60:01:40:54:ed:b0:f8:33:34:
                    f7:25:d5:43:9d:42:21:ed:33:41:cd:db:6a:80:3c:
                    b6:03:2b:b4:ee:47:2b:21:8b:cc:f3:16:16:fa:30:
                    44:5f:a7:2c:89:ea:33:08:68:ce:19:fa:69:02:9d:
                    c6:f3:dd:d3:a3:45:80:cc:87:ab:2d:8d:5d:49:8e:
                    4e:0e:18:74:6b:1f:04:82:16:f0:40:f6:eb:64:1d:
                    16:60:19:e9:f4:1c:4b:b0:7c:35:c9:8f:68:35:6a:
                    52:9c:ec:b7:23:5d:31:15:72:e6:ed:3b:41:54:25:
                    5d:0c:5c:4c:93:81:20:f5:62:90:b9:9c:c6:f0:83:
                    f9:df:75:d0:11:11:0a:29:2f:99:40:fd:19:0f:e4:
                    1e:24:ed:68:42:78:14:77:ec:09:8b:c2:06:7a:e6:
                    f2:9b:ea:e5:4c:eb:4a:35:06:2e:af:85:9a:01:68:
                    12:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:3E:AF:05:87:2C:A0:A5:27:F9:1F:5C:77:39:5D:CB:11:A0:1D:63
            X509v3 Authority Key Identifier:
                keyid:D3:8C:D9:44:05:52:E7:DA:B9:CD:56:31:D4:AB:87:24:51:53:5B:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/04zZRAVS59q5zVYx1KuHJFFTW3o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/4c3160-de12-4929-a483-7c65a852f092/1/9T6vBYcsoKUn-R9cdzldyxGgHWM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/4c3160-de12-4929-a483-7c65a852f092/1/04zZRAVS59q5zVYx1KuHJFFTW3o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:c7:42:ac:86:51:05:65:a6:80:4a:de:ed:2d:90:b9:44:c1:
         6c:2e:b9:f2:76:c8:58:40:7e:f6:92:1c:96:59:2c:a0:c5:24:
         60:b6:ac:2a:c2:19:90:94:4b:fd:ed:ab:18:84:00:0b:5d:f8:
         c9:5f:ea:35:aa:82:30:d7:90:3c:51:3f:03:bb:55:a1:e9:f8:
         aa:e6:d2:2a:48:46:d0:f3:32:33:ed:22:4d:8a:fb:f1:9d:c9:
         93:4b:5f:e3:80:02:81:58:ae:78:87:cc:a9:82:d4:95:b1:23:
         37:2f:14:41:ce:84:84:ec:cd:d8:d7:23:8e:3b:a4:0a:77:a5:
         ac:d2:53:fa:19:0e:46:87:8f:fb:fb:4f:0a:48:da:c2:88:d0:
         a3:b9:4c:13:e9:70:d6:80:6b:9b:ea:bf:14:4c:7e:b8:88:de:
         46:4d:86:fd:ad:62:18:94:b9:11:82:ab:5a:63:f9:df:df:1b:
         dd:dc:ab:f4:c4:2a:66:ed:f1:93:41:2f:af:5d:78:6d:73:2f:
         d1:52:38:ea:89:bf:ed:99:6e:9e:21:c8:7e:b4:d3:5e:06:76:
         5a:0a:3e:5d:25:0a:91:7f:19:79:3f:e9:d8:b7:6b:9b:d6:fc:
         d8:f2:f6:2f:13:80:32:3a:af:d9:a2:e3:36:fe:5f:e3:f8:f0:
         78:88:a6:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcNM0rokKe9/w9VNORFX6dkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzOGNkOTQ0MDU1MmU3ZGFiOWNkNTYzMWQ0YWI4NzI0NTE1
MzViN2EwHhcNMjUwNTI2MTUyNTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTNlYWYwNTg3MmNhMGE1MjdmOTFmNWM3NzM5NWRjYjExYTAxZDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1MqJtpQzZTtz712qPmKZ3/kdQkH7
crlqc21MtuxczhtJtkwj1PwW6nbbJCVgvQWYz8npE7KBh9/qo88HIutcnxetljqZ
ij3kK0GUa1h/HZhgAUBU7bD4MzT3JdVDnUIh7TNBzdtqgDy2Ayu07kcrIYvM8xYW
+jBEX6csieozCGjOGfppAp3G893To0WAzIerLY1dSY5ODhh0ax8EghbwQPbrZB0W
YBnp9BxLsHw1yY9oNWpSnOy3I10xFXLm7TtBVCVdDFxMk4Eg9WKQuZzG8IP533XQ
EREKKS+ZQP0ZD+QeJO1oQngUd+wJi8IGeubym+rlTOtKNQYur4WaAWgS/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPU+rwWHLKClJ/kfXHc5XcsRoB1jMB8GA1UdIwQY
MBaAFNOM2UQFUufauc1WMdSrhyRRU1t6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDR6WlJBVlM1OXE1elZZeDFLdUhKRkZUVzNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi80YzMxNjAtZGUxMi00OTI5LWE0ODMt
N2M2NWE4NTJmMDkyLzEvOVQ2dkJZY3NvS1VuLVI5Y2R6bGR5eEdnSFdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi80YzMxNjAtZGUxMi00OTI5LWE0ODMtN2M2NWE4NTJmMDky
LzEvMDR6WlJBVlM1OXE1elZZeDFLdUhKRkZUVzNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4CcMA0G
CSqGSIb3DQEBCwUAA4IBAQAbx0KshlEFZaaASt7tLZC5RMFsLrnydshYQH72khyW
WSygxSRgtqwqwhmQlEv97asYhAALXfjJX+o1qoIw15A8UT8Du1Wh6fiq5tIqSEbQ
8zIz7SJNivvxncmTS1/jgAKBWK54h8ypgtSVsSM3LxRBzoSE7M3Y1yOOO6QKd6Ws
0lP6GQ5Gh4/7+08KSNrCiNCjuUwT6XDWgGub6r8UTH64iN5GTYb9rWIYlLkRgqta
Y/nf3xvd3Kv0xCpm7fGTQS+vXXhtcy/RUjjqib/tmW6eIch+tNNeBnZaCj5dJQqR
fxl5P+nYt2ub1vzY8vYvE4AyOq/ZouM2/l/j+PB4iKZw
-----END CERTIFICATE-----