Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/53e496-0097-462a-a989-d67a61d5416d/1/IVrRWFI1ry1_t1jTghjesJBZcQ0.roa
File:                     IVrRWFI1ry1_t1jTghjesJBZcQ0.roa (raw, json)
Hash identifier:          Gd14w4+1RfDgCwueX1ZHqk/dUawCUFDofpaoy6972KE=
Subject key identifier:   21:5A:D1:58:52:35:AF:2D:7F:B7:58:D3:82:18:DE:B0:90:59:71:0D
Certificate issuer:       /CN=f416539e74934d23a0572f6625dbfdb54e820873
Certificate serial:       0194266B1669B0A311CDB64D082BBDBC41C2
Authority key identifier: F4:16:53:9E:74:93:4D:23:A0:57:2F:66:25:DB:FD:B5:4E:82:08:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9BZTnnSTTSOgVy9mJdv9tU6CCHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/53e496-0097-462a-a989-d67a61d5416d/1/IVrRWFI1ry1_t1jTghjesJBZcQ0.roa
Signing time:             Thu 02 Jan 2025 09:48:59 +0000
ROA not before:           Thu 02 Jan 2025 09:48:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29286
IP address blocks:        95.107.150.0/24 maxlen: 24
                          95.107.151.0/24 maxlen: 24
                          95.107.152.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/53e496-0097-462a-a989-d67a61d5416d/1/9BZTnnSTTSOgVy9mJdv9tU6CCHM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/53e496-0097-462a-a989-d67a61d5416d/1/9BZTnnSTTSOgVy9mJdv9tU6CCHM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9BZTnnSTTSOgVy9mJdv9tU6CCHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:16:69:b0:a3:11:cd:b6:4d:08:2b:bd:bc:41:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f416539e74934d23a0572f6625dbfdb54e820873
        Validity
            Not Before: Jan  2 09:48:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=215ad1585235af2d7fb758d38218deb09059710d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:0f:fc:93:45:d7:75:4a:f8:eb:36:19:a9:1c:
                    31:83:b1:93:74:75:4b:48:bb:41:eb:46:e4:23:f0:
                    b0:dd:a9:03:3a:0d:29:19:70:c7:7d:63:0d:40:97:
                    e7:76:5d:ad:44:5a:e7:06:57:99:45:71:c6:cd:cc:
                    1f:46:15:57:9a:99:c4:b8:2b:ac:23:ae:bf:60:1c:
                    ed:b3:79:01:79:84:bf:28:cf:e1:46:f6:33:32:10:
                    b7:92:bf:c9:eb:74:2f:16:15:26:f8:a9:64:5b:b5:
                    1c:f9:56:3b:bc:d0:40:9a:f8:36:f7:11:20:08:8a:
                    a3:73:88:5c:52:1a:e9:4d:77:45:fc:96:c5:7d:19:
                    5a:d9:4a:fa:93:a3:96:81:bc:af:b9:e6:ff:ee:50:
                    4f:f8:88:8e:85:99:e9:e7:97:ac:14:bf:0c:cd:b6:
                    1f:55:73:a0:40:67:5b:df:26:63:a4:26:b6:e1:86:
                    54:4e:0a:31:39:3b:a2:55:79:d1:f4:84:5e:bf:4a:
                    50:31:23:04:0a:39:d5:a5:04:52:15:9e:d7:0f:cb:
                    a6:a3:b0:42:22:44:82:42:00:4e:49:ba:f3:5b:f3:
                    0f:26:69:bb:d1:17:af:fe:21:10:40:06:ef:19:cd:
                    05:ce:87:3b:90:00:ec:f2:9c:95:48:66:5d:f4:43:
                    7c:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:5A:D1:58:52:35:AF:2D:7F:B7:58:D3:82:18:DE:B0:90:59:71:0D
            X509v3 Authority Key Identifier:
                keyid:F4:16:53:9E:74:93:4D:23:A0:57:2F:66:25:DB:FD:B5:4E:82:08:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9BZTnnSTTSOgVy9mJdv9tU6CCHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/53e496-0097-462a-a989-d67a61d5416d/1/IVrRWFI1ry1_t1jTghjesJBZcQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/53e496-0097-462a-a989-d67a61d5416d/1/9BZTnnSTTSOgVy9mJdv9tU6CCHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.107.150.0-95.107.155.255

    Signature Algorithm: sha256WithRSAEncryption
         69:6a:1e:b2:52:87:4a:14:ea:23:dc:3a:ae:00:84:f5:ff:91:
         9f:2e:a4:f4:1c:32:fe:b1:0f:8c:9d:dd:88:f1:7d:df:79:af:
         96:ce:97:85:a4:57:0b:46:b7:56:92:28:d9:b6:6a:2a:9b:69:
         e2:fa:c2:89:4b:38:69:09:51:39:b4:0c:ee:31:8b:33:e4:92:
         b8:88:c7:60:a6:64:7f:00:98:a8:a4:fc:07:df:41:4d:4d:b2:
         bd:1e:d7:9b:56:e9:93:be:ea:6e:c3:88:10:a8:7e:06:98:ac:
         d3:ff:89:b7:f7:23:13:0d:0e:65:4e:69:e9:f3:a6:7a:8f:5f:
         08:68:4c:57:fb:54:17:44:33:f9:df:1e:7d:d8:4f:43:f5:44:
         1f:e8:71:d1:b1:9e:eb:d5:d6:7a:92:51:b4:9c:08:fe:fc:cc:
         b3:27:da:5a:46:c4:c9:59:8a:90:c2:23:86:a9:17:2e:d3:88:
         fd:85:8b:f9:e7:fa:75:81:0f:6f:2b:94:95:7d:96:06:3a:f9:
         ce:9b:0f:0b:89:50:29:46:70:52:14:0c:15:1e:37:4b:4d:25:
         0a:7a:98:f2:58:07:67:35:a1:a6:1c:38:1d:83:d5:ab:44:73:
         a2:3a:b0:bf:91:7d:1a:66:42:4c:f9:06:9e:d4:d2:49:44:ad:
         e8:56:42:40
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQmaxZpsKMRzbZNCCu9vEHCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0MTY1MzllNzQ5MzRkMjNhMDU3MmY2NjI1ZGJmZGI1NGU4
MjA4NzMwHhcNMjUwMTAyMDk0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTVhZDE1ODUyMzVhZjJkN2ZiNzU4ZDM4MjE4ZGViMDkwNTk3MTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxA/8k0XXdUr46zYZqRwxg7GTdHVL
SLtB60bkI/Cw3akDOg0pGXDHfWMNQJfndl2tRFrnBleZRXHGzcwfRhVXmpnEuCus
I66/YBzts3kBeYS/KM/hRvYzMhC3kr/J63QvFhUm+KlkW7Uc+VY7vNBAmvg29xEg
CIqjc4hcUhrpTXdF/JbFfRla2Ur6k6OWgbyvueb/7lBP+IiOhZnp55esFL8MzbYf
VXOgQGdb3yZjpCa24YZUTgoxOTuiVXnR9IRev0pQMSMECjnVpQRSFZ7XD8umo7BC
IkSCQgBOSbrzW/MPJmm70Rev/iEQQAbvGc0Fzoc7kADs8pyVSGZd9EN8XQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCFa0VhSNa8tf7dY04IY3rCQWXENMB8GA1UdIwQY
MBaAFPQWU550k00joFcvZiXb/bVOgghzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUJaVG5uU1RUU09nVnk5bUpkdjl0VTZDQ0hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy81M2U0OTYtMDA5Ny00NjJhLWE5ODkt
ZDY3YTYxZDU0MTZkLzEvSVZyUldGSTFyeTFfdDFqVGdoamVzSkJaY1EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy81M2U0OTYtMDA5Ny00NjJhLWE5ODktZDY3YTYxZDU0MTZk
LzEvOUJaVG5uU1RUU09nVnk5bUpkdjl0VTZDQ0hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAFfa5YD
BAJfa5gwDQYJKoZIhvcNAQELBQADggEBAGlqHrJSh0oU6iPcOq4AhPX/kZ8upPQc
Mv6xD4yd3Yjxfd95r5bOl4WkVwtGt1aSKNm2aiqbaeL6wolLOGkJUTm0DO4xizPk
kriIx2CmZH8AmKik/AffQU1Nsr0e15tW6ZO+6m7DiBCofgaYrNP/ibf3IxMNDmVO
aenzpnqPXwhoTFf7VBdEM/nfHn3YT0P1RB/ocdGxnuvV1nqSUbScCP78zLMn2lpG
xMlZipDCI4apFy7TiP2Fi/nn+nWBD28rlJV9lgY6+c6bDwuJUClGcFIUDBUeN0tN
JQp6mPJYB2c1oaYcOB2D1atEc6I6sL+RfRpmQkz5Bp7U0klErehWQkA=
-----END CERTIFICATE-----