Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/aiv64u07PchOe65vpwbcTDpdKTo.roa
File:                     aiv64u07PchOe65vpwbcTDpdKTo.roa (raw, json)
Hash identifier:          m+dbLAvwYStdf+TyseB0+SXeq/xX+nSgOBfPC/RS8Nw=
Subject key identifier:   6A:2B:FA:E2:ED:3B:3D:C8:4E:7B:AE:6F:A7:06:DC:4C:3A:5D:29:3A
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019423D72E8094837DFF5D3F277AA61F09B9
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/aiv64u07PchOe65vpwbcTDpdKTo.roa
Signing time:             Wed 01 Jan 2025 21:48:12 +0000
ROA not before:           Wed 01 Jan 2025 21:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214804
IP address blocks:        185.106.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:2e:80:94:83:7d:ff:5d:3f:27:7a:a6:1f:09:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  1 21:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a2bfae2ed3b3dc84e7bae6fa706dc4c3a5d293a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:16:88:b7:d4:f3:94:16:39:91:16:9a:98:04:
                    ed:b8:37:52:5e:80:2e:20:af:45:4a:cd:19:ad:08:
                    ef:12:c1:98:83:43:57:7f:20:7c:1a:d6:7d:d8:a6:
                    6a:b9:71:c3:ba:07:f3:f4:a1:9e:1a:a3:d2:99:a3:
                    fa:8c:dc:3a:5a:33:08:21:87:20:c3:7e:11:fd:7f:
                    d2:8f:7c:35:c9:e8:e8:f6:6c:ba:5b:43:d2:67:8e:
                    1f:ee:09:82:7c:66:32:a1:b6:97:e7:a0:1e:3a:86:
                    7a:6c:9f:af:0f:55:66:31:66:97:ef:2a:07:f3:4f:
                    ff:ed:0b:24:81:9a:ec:1e:a3:08:68:24:33:16:4a:
                    89:fd:f0:b3:28:c8:30:cb:51:dc:37:14:91:e9:b8:
                    c7:6b:74:13:21:de:c9:d3:b1:6c:2a:bb:54:00:1d:
                    b2:3e:de:8e:27:1d:8e:11:15:8e:38:24:f2:3e:f9:
                    96:77:2f:2a:08:97:8b:cf:c8:99:88:89:41:a1:ee:
                    6d:a2:b1:e1:6e:d4:a7:72:05:8d:46:1f:07:b6:d0:
                    57:40:5e:07:38:5d:27:45:bd:c4:13:03:5e:eb:38:
                    3a:7f:5d:75:98:d8:c4:c5:20:13:bd:df:2b:d1:bd:
                    78:6d:8b:b5:f0:f1:6a:27:48:d3:a7:0f:02:fe:78:
                    c0:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:2B:FA:E2:ED:3B:3D:C8:4E:7B:AE:6F:A7:06:DC:4C:3A:5D:29:3A
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/aiv64u07PchOe65vpwbcTDpdKTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.106.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:60:1f:69:9b:95:85:4e:ec:93:c7:85:d9:6a:81:0d:2d:5c:
         f7:3a:36:0f:b1:b7:6c:f7:38:ef:73:02:ed:99:bc:a2:a1:d2:
         e4:11:aa:82:2c:f4:5a:e4:7d:44:c7:a2:d3:98:e1:17:e5:72:
         b4:4c:c1:71:a2:52:bd:de:88:29:22:ee:44:7f:34:d8:46:21:
         58:9e:47:51:43:49:57:be:5b:3e:c4:a6:65:8f:40:8d:30:2b:
         73:ed:0e:39:bc:cd:4d:b9:4b:b4:a0:bf:ef:9a:d9:a0:d2:1b:
         bd:fe:f8:8a:d5:db:54:13:09:f7:b2:37:93:eb:71:76:5f:dd:
         5e:c2:4a:2b:6b:cf:4d:66:0e:b3:16:35:79:c2:bd:04:b8:d2:
         c6:4d:e2:2c:96:2a:22:c7:c5:c7:69:36:fe:16:d2:e6:ee:12:
         a7:7c:a7:32:b0:2d:de:23:2f:54:69:98:b3:83:13:63:6d:77:
         61:e8:c2:d8:24:f1:bf:b9:12:b4:f1:1b:14:20:e1:59:32:a0:
         14:61:dc:8e:31:54:f3:42:c8:17:1a:29:72:29:86:2d:d9:26:
         ac:ce:41:23:db:36:f5:a2:ca:82:37:10:96:0a:69:16:20:ba:
         ce:49:a7:c4:4a:4e:72:bd:83:77:77:19:ce:da:48:2c:06:d8:
         8c:3b:59:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1y6AlIN9/10/J3qmHwm5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTAxMjE0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTJiZmFlMmVkM2IzZGM4NGU3YmFlNmZhNzA2ZGM0YzNhNWQyOTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0xaIt9TzlBY5kRaamATtuDdSXoAu
IK9FSs0ZrQjvEsGYg0NXfyB8GtZ92KZquXHDugfz9KGeGqPSmaP6jNw6WjMIIYcg
w34R/X/Sj3w1yejo9my6W0PSZ44f7gmCfGYyobaX56AeOoZ6bJ+vD1VmMWaX7yoH
80//7QskgZrsHqMIaCQzFkqJ/fCzKMgwy1HcNxSR6bjHa3QTId7J07FsKrtUAB2y
Pt6OJx2OERWOOCTyPvmWdy8qCJeLz8iZiIlBoe5torHhbtSncgWNRh8HttBXQF4H
OF0nRb3EEwNe6zg6f111mNjExSATvd8r0b14bYu18PFqJ0jTpw8C/njA9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGor+uLtOz3ITnuub6cG3Ew6XSk6MB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvYWl2NjR1MDdQY2hPZTY1dnB3YmNURHBkS1RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWpfMA0G
CSqGSIb3DQEBCwUAA4IBAQA+YB9pm5WFTuyTx4XZaoENLVz3OjYPsbds9zjvcwLt
mbyiodLkEaqCLPRa5H1Ex6LTmOEX5XK0TMFxolK93ogpIu5EfzTYRiFYnkdRQ0lX
vls+xKZlj0CNMCtz7Q45vM1NuUu0oL/vmtmg0hu9/viK1dtUEwn3sjeT63F2X91e
wkora89NZg6zFjV5wr0EuNLGTeIslioix8XHaTb+FtLm7hKnfKcysC3eIy9UaZiz
gxNjbXdh6MLYJPG/uRK08RsUIOFZMqAUYdyOMVTzQsgXGilyKYYt2SaszkEj2zb1
osqCNxCWCmkWILrOSafESk5yvYN3dxnO2kgsBtiMO1ni
-----END CERTIFICATE-----