Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/dKsN1qGwEKIQpUTURYKT2umZW2w.roa
File:                     dKsN1qGwEKIQpUTURYKT2umZW2w.roa (raw, json)
Hash identifier:          tA8mIaQttFCg4VHXuxLgiMZWDalN45RLcJgG64coFpw=
Subject key identifier:   74:AB:0D:D6:A1:B0:10:A2:10:A5:44:D4:45:82:93:DA:E9:99:5B:6C
Certificate issuer:       /CN=b3c51b0c063cfc16943fc9a47e2c805990f6eaae
Certificate serial:       019580A82CE91BC75CE54659B0B6E64FD596
Authority key identifier: B3:C5:1B:0C:06:3C:FC:16:94:3F:C9:A4:7E:2C:80:59:90:F6:EA:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/dKsN1qGwEKIQpUTURYKT2umZW2w.roa
Signing time:             Mon 10 Mar 2025 15:24:19 +0000
ROA not before:           Mon 10 Mar 2025 15:24:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211677
IP address blocks:        195.35.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 02:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:80:a8:2c:e9:1b:c7:5c:e5:46:59:b0:b6:e6:4f:d5:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3c51b0c063cfc16943fc9a47e2c805990f6eaae
        Validity
            Not Before: Mar 10 15:24:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74ab0dd6a1b010a210a544d4458293dae9995b6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b6:90:0b:5a:9e:69:b4:9b:61:88:e5:d3:87:
                    8d:4f:96:fa:c4:10:c4:99:1d:92:0a:0e:bb:30:56:
                    77:50:32:3d:f8:a5:52:b0:03:3e:e4:f4:48:b9:a0:
                    67:1d:29:9a:73:e4:f3:c1:20:3b:33:38:51:62:1d:
                    6f:9e:37:3f:85:eb:6b:8a:1a:7f:77:06:b2:3c:18:
                    05:e1:ec:de:c5:0e:79:f7:04:d0:2b:3c:3c:93:fb:
                    d0:fd:50:0f:a7:2c:85:36:81:1b:8c:0a:38:a0:f8:
                    76:99:96:de:76:a9:eb:c4:3f:68:f0:3b:b1:c5:77:
                    f2:56:60:b8:3f:f2:2b:c7:f5:e1:bd:ba:d3:7a:69:
                    a1:5a:48:16:73:63:68:b5:8d:e7:17:22:be:c9:68:
                    25:fb:e1:2f:17:26:e1:2c:7a:90:ac:d7:fd:7a:e7:
                    3c:57:2a:f0:e8:31:25:cb:bd:36:f7:3a:d1:08:06:
                    bf:9d:18:10:e4:bc:fe:1f:c7:6a:e2:58:bb:72:ad:
                    25:42:d2:08:d8:c1:4d:e3:6f:a7:6c:f6:06:b5:13:
                    dd:f0:41:6f:2d:17:9a:db:db:52:9f:4e:15:55:72:
                    de:a2:cb:f1:82:8b:13:ed:58:ae:58:fb:65:b4:da:
                    94:e7:4a:7d:3b:7f:72:f9:f4:ac:78:09:2b:66:03:
                    17:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:AB:0D:D6:A1:B0:10:A2:10:A5:44:D4:45:82:93:DA:E9:99:5B:6C
            X509v3 Authority Key Identifier:
                keyid:B3:C5:1B:0C:06:3C:FC:16:94:3F:C9:A4:7E:2C:80:59:90:F6:EA:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/dKsN1qGwEKIQpUTURYKT2umZW2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.35.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:50:5f:d2:e9:b9:cd:81:be:f6:95:26:70:d8:6f:e3:d5:59:
         aa:c5:c2:b6:c4:3a:0b:d8:76:0c:ab:7b:b7:e4:6d:f6:7c:a2:
         5d:37:d1:1f:4a:1c:41:79:22:ca:8a:ce:fe:51:59:14:2a:62:
         4d:7a:2e:6f:56:b5:02:b7:07:03:82:c5:ae:07:c1:67:f8:36:
         9b:3d:57:a4:9a:cd:43:1e:a0:64:95:7a:a7:e0:8b:f4:d2:bd:
         65:e1:4a:ca:da:ab:f3:8e:9e:78:01:a3:df:75:67:a4:17:a1:
         4b:bd:76:26:1d:85:72:48:44:59:c8:81:75:10:3a:50:52:06:
         95:44:96:8b:6e:ff:51:94:6e:3d:49:e7:8d:48:44:b3:4a:a0:
         be:10:56:02:79:08:39:a9:0d:6f:dd:4a:14:ab:8f:4a:18:a9:
         5e:a0:4e:50:0d:95:8d:18:65:b5:99:75:b4:ab:43:69:54:d7:
         fe:2f:aa:0c:20:9a:33:d3:1e:a5:da:c2:07:2d:f6:13:b6:2b:
         be:f4:b9:dd:3a:d1:60:a4:0f:2a:aa:d7:10:fb:ae:4b:00:fb:
         41:ff:97:23:e1:f7:ca:58:8f:2f:2b:20:56:84:a4:89:42:13:
         10:05:8a:c1:1d:01:bc:b9:85:5e:99:07:fb:e7:1e:e1:28:dd:
         a7:3e:4e:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWAqCzpG8dc5UZZsLbmT9WWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYzUxYjBjMDYzY2ZjMTY5NDNmYzlhNDdlMmM4MDU5OTBm
NmVhYWUwHhcNMjUwMzEwMTUyNDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGFiMGRkNmExYjAxMGEyMTBhNTQ0ZDQ0NTgyOTNkYWU5OTk1YjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlraQC1qeabSbYYjl04eNT5b6xBDE
mR2SCg67MFZ3UDI9+KVSsAM+5PRIuaBnHSmac+TzwSA7MzhRYh1vnjc/hetrihp/
dwayPBgF4ezexQ559wTQKzw8k/vQ/VAPpyyFNoEbjAo4oPh2mZbedqnrxD9o8Dux
xXfyVmC4P/Irx/XhvbrTemmhWkgWc2NotY3nFyK+yWgl++EvFybhLHqQrNf9euc8
Vyrw6DEly7029zrRCAa/nRgQ5Lz+H8dq4li7cq0lQtII2MFN42+nbPYGtRPd8EFv
LRea29tSn04VVXLeosvxgosT7ViuWPtltNqU50p9O39y+fSseAkrZgMXiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHSrDdahsBCiEKVE1EWCk9rpmVtsMB8GA1UdIwQY
MBaAFLPFGwwGPPwWlD/JpH4sgFmQ9uquMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczhVYkRBWThfQmFVUDhta2ZpeUFXWkQyNnE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi81ODc3OTItYmFlOS00MTgzLWE0YjEt
ZmY1ZjFhZDY5MjY2LzEvZEtzTjFxR3dFS0lRcFVUVVJZS1QydW1aVzJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi81ODc3OTItYmFlOS00MTgzLWE0YjEtZmY1ZjFhZDY5MjY2
LzEvczhVYkRBWThfQmFVUDhta2ZpeUFXWkQyNnE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyNdMA0G
CSqGSIb3DQEBCwUAA4IBAQBrUF/S6bnNgb72lSZw2G/j1VmqxcK2xDoL2HYMq3u3
5G32fKJdN9EfShxBeSLKis7+UVkUKmJNei5vVrUCtwcDgsWuB8Fn+DabPVekms1D
HqBklXqn4Iv00r1l4UrK2qvzjp54AaPfdWekF6FLvXYmHYVySERZyIF1EDpQUgaV
RJaLbv9RlG49SeeNSESzSqC+EFYCeQg5qQ1v3UoUq49KGKleoE5QDZWNGGW1mXW0
q0NpVNf+L6oMIJoz0x6l2sIHLfYTtiu+9LndOtFgpA8qqtcQ+65LAPtB/5cj4ffK
WI8vKyBWhKSJQhMQBYrBHQG8uYVemQf75x7hKN2nPk7Q
-----END CERTIFICATE-----