Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/5618a8-0b64-41e7-9b73-038918eb720f/1/_kNyIo0elab0AX-AZl6-Wfa7Vf4.roa
File:                     _kNyIo0elab0AX-AZl6-Wfa7Vf4.roa (raw, json)
Hash identifier:          wDY0OVb6O20WgRVNC3x/4ucGS15YyhNH0PrMxdCX/4c=
Subject key identifier:   FE:43:72:22:8D:1E:95:A6:F4:01:7F:80:66:5E:BE:59:F6:BB:55:FE
Certificate issuer:       /CN=5cde8e8139f2c8f62f8482d01b0adb86b2a1d195
Certificate serial:       019426D9496542F9C54098E9321046339A7B
Authority key identifier: 5C:DE:8E:81:39:F2:C8:F6:2F:84:82:D0:1B:0A:DB:86:B2:A1:D1:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XN6OgTnyyPYvhILQGwrbhrKh0ZU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/5618a8-0b64-41e7-9b73-038918eb720f/1/_kNyIo0elab0AX-AZl6-Wfa7Vf4.roa
Signing time:             Thu 02 Jan 2025 11:49:21 +0000
ROA not before:           Thu 02 Jan 2025 11:49:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50415
IP address blocks:        95.215.80.0/22 maxlen: 24
                          2a0c:7840::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/5618a8-0b64-41e7-9b73-038918eb720f/1/XN6OgTnyyPYvhILQGwrbhrKh0ZU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/5618a8-0b64-41e7-9b73-038918eb720f/1/XN6OgTnyyPYvhILQGwrbhrKh0ZU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XN6OgTnyyPYvhILQGwrbhrKh0ZU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:49:65:42:f9:c5:40:98:e9:32:10:46:33:9a:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5cde8e8139f2c8f62f8482d01b0adb86b2a1d195
        Validity
            Not Before: Jan  2 11:49:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fe4372228d1e95a6f4017f80665ebe59f6bb55fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:28:a4:4f:6d:f6:80:63:4a:ff:4f:f2:56:38:
                    7d:30:3d:97:68:6a:cb:2c:5c:d1:b9:0d:0e:19:62:
                    92:35:81:a4:b2:98:94:18:53:03:11:75:7c:de:fb:
                    82:fd:6a:23:0b:00:34:e6:b4:6a:c5:67:27:f8:82:
                    00:14:34:58:b8:cd:f8:92:d4:8e:c4:60:4e:3f:19:
                    da:4e:b0:5c:63:ac:27:d1:ad:b8:55:ce:2e:e2:fd:
                    ec:1a:ab:b2:a5:c6:ae:61:a8:16:db:9c:fe:76:df:
                    d9:a9:4f:df:05:a9:1b:34:7e:a7:e2:1d:ff:51:d8:
                    1e:77:82:5a:af:31:c7:dc:c0:f2:37:38:51:a9:fa:
                    76:9b:c0:43:aa:2c:49:bc:1d:6f:23:f2:af:ec:f0:
                    ce:c7:01:60:fc:7e:fe:77:37:aa:67:5a:3c:35:79:
                    c6:b2:27:91:c0:82:c2:5e:a3:57:83:81:0b:b7:f2:
                    ae:67:0d:2f:ec:9a:36:92:a9:15:83:29:26:2c:71:
                    df:28:d9:0e:4a:76:2f:48:a9:77:11:e9:61:4f:7f:
                    ec:b1:2d:f2:9d:5d:90:df:b2:26:24:35:9f:22:3c:
                    dc:e7:cd:6e:3f:82:85:2e:85:03:85:29:23:61:3b:
                    71:a3:a7:24:da:df:d6:f1:58:b0:67:45:21:f0:4b:
                    e4:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:43:72:22:8D:1E:95:A6:F4:01:7F:80:66:5E:BE:59:F6:BB:55:FE
            X509v3 Authority Key Identifier:
                keyid:5C:DE:8E:81:39:F2:C8:F6:2F:84:82:D0:1B:0A:DB:86:B2:A1:D1:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XN6OgTnyyPYvhILQGwrbhrKh0ZU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/5618a8-0b64-41e7-9b73-038918eb720f/1/_kNyIo0elab0AX-AZl6-Wfa7Vf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/5618a8-0b64-41e7-9b73-038918eb720f/1/XN6OgTnyyPYvhILQGwrbhrKh0ZU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.215.80.0/22
                IPv6:
                  2a0c:7840::/29

    Signature Algorithm: sha256WithRSAEncryption
         b6:bb:c3:cf:4e:0a:18:da:74:2e:a3:b0:22:7e:ff:0c:e2:b8:
         e6:bd:61:da:1f:a7:c5:77:a8:d0:9b:91:f1:3f:4c:c9:c6:b0:
         69:fd:db:7f:f5:8f:10:fc:fe:c9:79:e7:77:52:10:8e:ff:db:
         3c:08:51:b0:f7:c0:87:3e:67:f7:6f:30:12:51:df:50:92:d3:
         99:b4:d5:54:67:e0:d2:99:57:c8:10:81:30:56:17:ff:7d:3d:
         b8:42:87:85:84:23:49:84:5f:6f:3f:5f:e6:7c:ca:f2:40:41:
         6a:e3:60:10:c0:67:16:7e:60:f4:25:34:73:ac:94:0d:ad:19:
         e4:ac:86:dc:77:18:e3:37:a2:d2:96:31:86:50:26:3f:38:e7:
         11:47:c6:3e:8d:53:f0:3f:41:ed:76:a6:83:64:21:9c:27:8f:
         f8:97:33:c2:53:60:e6:3d:85:11:73:ba:5e:2c:fb:6d:69:2f:
         1b:99:ac:f3:91:bc:94:3d:99:66:1b:6e:02:27:e6:6d:19:95:
         87:78:03:8d:47:00:b1:3e:ae:bf:2b:a9:90:b0:5b:55:c2:02:
         78:0a:cc:b6:71:88:c8:e7:1d:52:46:20:16:3a:a0:32:d2:38:
         4a:d6:97:55:54:6d:59:32:94:b6:1e:1c:9b:2c:9e:10:c2:a5:
         4c:c4:70:87
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQm2UllQvnFQJjpMhBGM5p7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZGU4ZTgxMzlmMmM4ZjYyZjg0ODJkMDFiMGFkYjg2YjJh
MWQxOTUwHhcNMjUwMTAyMTE0OTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTQzNzIyMjhkMWU5NWE2ZjQwMTdmODA2NjVlYmU1OWY2YmI1NWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCikT232gGNK/0/yVjh9MD2XaGrL
LFzRuQ0OGWKSNYGkspiUGFMDEXV83vuC/WojCwA05rRqxWcn+IIAFDRYuM34ktSO
xGBOPxnaTrBcY6wn0a24Vc4u4v3sGquypcauYagW25z+dt/ZqU/fBakbNH6n4h3/
Udged4JarzHH3MDyNzhRqfp2m8BDqixJvB1vI/Kv7PDOxwFg/H7+dzeqZ1o8NXnG
sieRwILCXqNXg4ELt/KuZw0v7Jo2kqkVgykmLHHfKNkOSnYvSKl3EelhT3/ssS3y
nV2Q37ImJDWfIjzc581uP4KFLoUDhSkjYTtxo6ck2t/W8ViwZ0Uh8EvkZQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFP5DciKNHpWm9AF/gGZevln2u1X+MB8GA1UdIwQY
MBaAFFzejoE58sj2L4SC0BsK24ayodGVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWE42T2dUbnl5UFl2aElMUUd3cmJocktoMFpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy81NjE4YTgtMGI2NC00MWU3LTliNzMt
MDM4OTE4ZWI3MjBmLzEvX2tOeUlvMGVsYWIwQVgtQVpsNi1XZmE3VmY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy81NjE4YTgtMGI2NC00MWU3LTliNzMtMDM4OTE4ZWI3MjBm
LzEvWE42T2dUbnl5UFl2aElMUUd3cmJocktoMFpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCX9dQMA0E
AgACMAcDBQMqDHhAMA0GCSqGSIb3DQEBCwUAA4IBAQC2u8PPTgoY2nQuo7Aifv8M
4rjmvWHaH6fFd6jQm5HxP0zJxrBp/dt/9Y8Q/P7Jeed3UhCO/9s8CFGw98CHPmf3
bzASUd9QktOZtNVUZ+DSmVfIEIEwVhf/fT24QoeFhCNJhF9vP1/mfMryQEFq42AQ
wGcWfmD0JTRzrJQNrRnkrIbcdxjjN6LSljGGUCY/OOcRR8Y+jVPwP0HtdqaDZCGc
J4/4lzPCU2DmPYURc7peLPttaS8bmazzkbyUPZlmG24CJ+ZtGZWHeAONRwCxPq6/
K6mQsFtVwgJ4Csy2cYjI5x1SRiAWOqAy0jhK1pdVVG1ZMpS2HhybLJ4QwqVMxHCH
-----END CERTIFICATE-----