Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/mQ8EWcQUR62mYiKooxZwctCHayg.roa
File:                     mQ8EWcQUR62mYiKooxZwctCHayg.roa (raw, json)
Hash identifier:          SLS2UcLvk1MQ2//HQMy6W/8v0351+i+VZptNP4xMFuI=
Subject key identifier:   99:0F:04:59:C4:14:47:AD:A6:62:22:A8:A3:16:70:72:D0:87:6B:28
Certificate issuer:       /CN=b55800300fa4017f970c95d767d812fd10d0dcbc
Certificate serial:       019425FD3ABDFE59650EF49EF477AAB69AFF
Authority key identifier: B5:58:00:30:0F:A4:01:7F:97:0C:95:D7:67:D8:12:FD:10:D0:DC:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/mQ8EWcQUR62mYiKooxZwctCHayg.roa
Signing time:             Thu 02 Jan 2025 07:49:00 +0000
ROA not before:           Thu 02 Jan 2025 07:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3356
IP address blocks:        95.130.110.0/24 maxlen: 24
                          195.93.196.0/24 maxlen: 24
                          195.93.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 10:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:3a:bd:fe:59:65:0e:f4:9e:f4:77:aa:b6:9a:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55800300fa4017f970c95d767d812fd10d0dcbc
        Validity
            Not Before: Jan  2 07:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=990f0459c41447ada66222a8a3167072d0876b28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:23:63:58:9e:09:54:2d:ec:de:d7:9d:2f:b7:
                    ff:c8:31:a5:c0:f0:fc:03:6e:3a:8c:32:17:22:f1:
                    9d:81:ba:2f:01:b0:3f:4f:74:2a:27:76:62:71:dc:
                    21:36:b8:42:e8:45:98:d1:49:ec:b6:ab:2e:d1:2f:
                    ec:34:54:7e:e4:81:6f:71:e5:66:8e:b0:df:66:8d:
                    6b:bb:93:5e:8e:8c:47:66:ac:fd:22:30:fe:1e:47:
                    9d:3f:cf:08:cd:98:24:06:2c:aa:9e:92:2c:d0:b8:
                    9b:38:08:12:bc:20:f8:b3:07:bb:4a:2c:cf:6e:ad:
                    21:d2:46:eb:1c:3f:c5:76:42:10:b8:ed:51:64:a6:
                    e2:73:70:c4:a1:cb:4e:4c:6f:d6:77:ec:5e:94:9e:
                    25:ae:3f:b5:0a:e3:df:98:04:a8:be:fe:bf:37:55:
                    6e:c6:04:5a:74:b2:f5:c5:04:ea:95:12:5e:51:d8:
                    0d:6a:00:ba:f8:a8:5d:4e:b2:8c:2d:c2:33:21:6e:
                    38:ad:ae:b1:d2:3f:2f:93:11:6a:71:db:2a:01:e5:
                    e2:7f:78:66:42:85:8b:c9:d2:24:04:64:99:bc:49:
                    8e:85:8a:2e:ad:f6:fb:dc:c6:62:ef:3a:d9:f3:25:
                    2a:54:f8:a4:ab:a6:c6:cc:16:5a:7a:37:2b:62:bf:
                    64:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:0F:04:59:C4:14:47:AD:A6:62:22:A8:A3:16:70:72:D0:87:6B:28
            X509v3 Authority Key Identifier:
                keyid:B5:58:00:30:0F:A4:01:7F:97:0C:95:D7:67:D8:12:FD:10:D0:DC:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/mQ8EWcQUR62mYiKooxZwctCHayg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/8a8487-931a-42fb-b664-c52df4aa521d/1/tVgAMA-kAX-XDJXXZ9gS_RDQ3Lw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.130.110.0/24
                  195.93.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         08:bd:d0:d9:21:29:69:26:82:f9:5c:19:06:7b:3b:e4:c0:7f:
         c4:09:20:4f:fc:89:6e:41:87:61:63:8b:22:0d:89:60:5d:4d:
         ef:a6:ab:42:71:58:6d:26:67:2f:25:ab:8b:43:95:90:96:37:
         05:3d:f6:0f:65:29:8b:95:12:cb:c1:bf:64:79:83:33:5c:12:
         1b:8a:fd:17:b3:10:b1:65:f9:17:3d:9a:f1:22:3c:26:19:2e:
         3f:6c:74:57:65:5a:16:4e:54:cc:c3:c2:d6:ef:0f:e0:e8:34:
         80:3e:12:13:1e:79:01:7e:b6:64:b2:06:07:e4:cc:79:52:9d:
         54:ee:bd:45:f9:67:e2:30:b3:df:0d:bb:a7:02:a6:39:25:64:
         9a:07:29:7c:57:bb:1d:de:75:6a:68:d4:6a:03:b2:30:ca:f6:
         a2:86:5a:5e:b2:9c:db:d0:fd:5c:1a:68:33:c8:e8:e7:c0:12:
         76:cd:5a:a5:1b:70:ee:ef:ee:29:c8:31:f6:16:93:05:04:39:
         51:6c:87:e4:20:e4:af:dd:6e:ac:8c:22:97:8c:af:00:53:00:
         e3:f0:80:82:89:80:42:d0:e0:47:78:27:dc:2a:e0:5f:c5:78:
         25:86:31:cd:73:6f:13:28:80:49:ad:0e:59:aa:7a:71:f3:dc:
         96:5d:b9:f2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/Tq9/lllDvSe9Heqtpr/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTgwMDMwMGZhNDAxN2Y5NzBjOTVkNzY3ZDgxMmZkMTBk
MGRjYmMwHhcNMjUwMTAyMDc0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTBmMDQ1OWM0MTQ0N2FkYTY2MjIyYThhMzE2NzA3MmQwODc2YjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3CNjWJ4JVC3s3tedL7f/yDGlwPD8
A246jDIXIvGdgbovAbA/T3QqJ3ZicdwhNrhC6EWY0Unstqsu0S/sNFR+5IFvceVm
jrDfZo1ru5NejoxHZqz9IjD+HkedP88IzZgkBiyqnpIs0LibOAgSvCD4swe7SizP
bq0h0kbrHD/FdkIQuO1RZKbic3DEoctOTG/Wd+xelJ4lrj+1CuPfmASovv6/N1Vu
xgRadLL1xQTqlRJeUdgNagC6+KhdTrKMLcIzIW44ra6x0j8vkxFqcdsqAeXif3hm
QoWLydIkBGSZvEmOhYourfb73MZi7zrZ8yUqVPikq6bGzBZaejcrYr9kMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJkPBFnEFEetpmIiqKMWcHLQh2soMB8GA1UdIwQY
MBaAFLVYADAPpAF/lwyV12fYEv0Q0Ny8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZnQU1BLWtBWC1YREpYWFo5Z1NfUkRRM0x3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC84YTg0ODctOTMxYS00MmZiLWI2NjQt
YzUyZGY0YWE1MjFkLzEvbVE4RVdjUVVSNjJtWWlLb294WndjdENIYXlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC84YTg0ODctOTMxYS00MmZiLWI2NjQtYzUyZGY0YWE1MjFk
LzEvdFZnQU1BLWtBWC1YREpYWFo5Z1NfUkRRM0x3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX4JuAwQB
w13EMA0GCSqGSIb3DQEBCwUAA4IBAQAIvdDZISlpJoL5XBkGezvkwH/ECSBP/Ilu
QYdhY4siDYlgXU3vpqtCcVhtJmcvJauLQ5WQljcFPfYPZSmLlRLLwb9keYMzXBIb
iv0XsxCxZfkXPZrxIjwmGS4/bHRXZVoWTlTMw8LW7w/g6DSAPhITHnkBfrZksgYH
5Mx5Up1U7r1F+WfiMLPfDbunAqY5JWSaByl8V7sd3nVqaNRqA7Iwyvaihlpespzb
0P1cGmgzyOjnwBJ2zVqlG3Du7+4pyDH2FpMFBDlRbIfkIOSv3W6sjCKXjK8AUwDj
8ICCiYBC0OBHeCfcKuBfxXglhjHNc28TKIBJrQ5Zqnpx89yWXbny
-----END CERTIFICATE-----