Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/5KCmcBzgBtGKXXIdhXDGwgQX-Nc.roa
File:                     5KCmcBzgBtGKXXIdhXDGwgQX-Nc.roa (raw, json)
Hash identifier:          3MBj03+qouTWcvDDud6sW23ZkQ0DtRDfsHdVwPfcmzA=
Subject key identifier:   E4:A0:A6:70:1C:E0:06:D1:8A:5D:72:1D:85:70:C6:C2:04:17:F8:D7
Certificate issuer:       /CN=6991c56f11a7171c6153239769f557beba10182d
Certificate serial:       0197F43D55C379430D6FBD368D699B53971D
Authority key identifier: 69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/5KCmcBzgBtGKXXIdhXDGwgQX-Nc.roa
Signing time:             Thu 10 Jul 2025 12:09:09 +0000
ROA not before:           Thu 10 Jul 2025 12:09:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204300
IP address blocks:        95.164.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 11:55:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f4:3d:55:c3:79:43:0d:6f:bd:36:8d:69:9b:53:97:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6991c56f11a7171c6153239769f557beba10182d
        Validity
            Not Before: Jul 10 12:09:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e4a0a6701ce006d18a5d721d8570c6c20417f8d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:9d:f3:7a:83:9a:0a:84:57:b0:90:8d:50:35:
                    69:6c:d0:26:17:15:e3:30:23:02:4e:0f:9e:e4:84:
                    ba:78:e3:df:03:49:5f:ab:83:50:e9:4d:a4:91:9f:
                    12:c7:a5:2f:50:d4:64:88:52:a9:85:96:8b:ab:7f:
                    50:22:71:56:53:39:4a:63:10:b5:56:ed:3d:d4:d0:
                    1d:96:47:14:89:8f:06:12:05:ca:a2:35:5f:40:a3:
                    b8:8f:5d:9b:9a:d5:13:51:da:ab:e6:80:15:2d:73:
                    fb:c2:7e:9f:da:d3:00:38:41:52:5c:b7:2a:69:3d:
                    e4:94:02:be:c8:82:53:12:79:9e:a4:ab:39:85:49:
                    2f:84:5e:00:8c:8f:e6:76:08:7f:9d:97:70:b9:52:
                    8e:c9:29:97:cf:f2:03:90:7d:e2:75:7a:69:02:ef:
                    37:b2:fb:0b:71:e8:53:b8:b3:05:38:9b:4a:05:02:
                    22:59:c2:e6:d8:9b:2a:17:62:25:9b:7f:d4:29:5c:
                    f3:95:fc:df:e7:03:a6:7e:7c:34:02:5e:82:c2:31:
                    57:60:1f:1d:5c:e8:31:ef:06:57:5b:4d:c0:bd:85:
                    28:29:03:9d:64:70:0b:20:fc:d6:e2:1e:2c:07:c6:
                    61:5e:3b:54:37:25:e8:d2:8c:e5:49:2c:50:fc:d3:
                    93:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:A0:A6:70:1C:E0:06:D1:8A:5D:72:1D:85:70:C6:C2:04:17:F8:D7
            X509v3 Authority Key Identifier:
                keyid:69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/5KCmcBzgBtGKXXIdhXDGwgQX-Nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:1b:b2:be:d5:f7:d6:d3:de:d6:b3:11:71:7a:9a:65:bb:af:
         d6:3b:03:ba:dc:9d:b1:03:cf:37:80:38:2b:5c:5d:67:3d:fb:
         59:db:ed:17:d3:76:56:6a:66:f8:6c:7f:eb:d8:97:ad:d0:f3:
         b1:f8:5f:1f:e0:37:53:c7:43:df:f0:32:e1:ff:43:b4:87:fd:
         12:c5:dc:5a:a7:46:40:26:1d:ce:0a:b6:34:86:88:87:32:67:
         fa:82:7c:e0:e4:d6:c3:04:83:78:61:2b:e3:9e:f4:68:45:3e:
         0b:cc:8a:c5:ab:d5:72:5d:94:de:ea:83:3e:a7:9e:03:d5:31:
         90:1d:be:09:65:0a:44:1b:51:32:e9:9c:b6:e0:2d:31:0c:89:
         87:e7:ad:bb:56:f0:d0:41:3f:61:2b:cb:e2:21:cc:11:d8:0e:
         ae:54:f4:b6:36:28:5e:9e:58:a7:c6:a2:da:d0:8c:02:f3:84:
         f1:fb:58:5b:e1:da:1f:b2:f6:3c:c4:04:4f:44:4e:7b:1f:72:
         ef:fe:81:af:b5:68:82:43:9f:84:f4:93:fe:97:92:0f:6b:b4:
         a6:b6:d2:77:d4:83:e6:89:de:eb:58:fa:a5:4a:ae:60:87:26:
         dd:06:7e:e0:fb:51:4d:dd:17:a5:c1:79:95:30:51:95:e3:08:
         73:9a:55:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf0PVXDeUMNb702jWmbU5cdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTFjNTZmMTFhNzE3MWM2MTUzMjM5NzY5ZjU1N2JlYmEx
MDE4MmQwHhcNMjUwNzEwMTIwOTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGEwYTY3MDFjZTAwNmQxOGE1ZDcyMWQ4NTcwYzZjMjA0MTdmOGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZ3zeoOaCoRXsJCNUDVpbNAmFxXj
MCMCTg+e5IS6eOPfA0lfq4NQ6U2kkZ8Sx6UvUNRkiFKphZaLq39QInFWUzlKYxC1
Vu091NAdlkcUiY8GEgXKojVfQKO4j12bmtUTUdqr5oAVLXP7wn6f2tMAOEFSXLcq
aT3klAK+yIJTEnmepKs5hUkvhF4AjI/mdgh/nZdwuVKOySmXz/IDkH3idXppAu83
svsLcehTuLMFOJtKBQIiWcLm2JsqF2Ilm3/UKVzzlfzf5wOmfnw0Al6CwjFXYB8d
XOgx7wZXW03AvYUoKQOdZHALIPzW4h4sB8ZhXjtUNyXo0ozlSSxQ/NOTvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOSgpnAc4AbRil1yHYVwxsIEF/jXMB8GA1UdIwQY
MBaAFGmRxW8RpxccYVMjl2n1V766EBgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYt
NjVkMTU2NzM0MGZkLzEvNUtDbWNCemdCdEdLWFhJZGhYREd3Z1FYLU5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYtNjVkMTU2NzM0MGZk
LzEvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX6TEMA0G
CSqGSIb3DQEBCwUAA4IBAQCHG7K+1ffW097WsxFxepplu6/WOwO63J2xA883gDgr
XF1nPftZ2+0X03ZWamb4bH/r2Jet0POx+F8f4DdTx0Pf8DLh/0O0h/0Sxdxap0ZA
Jh3OCrY0hoiHMmf6gnzg5NbDBIN4YSvjnvRoRT4LzIrFq9VyXZTe6oM+p54D1TGQ
Hb4JZQpEG1Ey6Zy24C0xDImH5627VvDQQT9hK8viIcwR2A6uVPS2NihenlinxqLa
0IwC84Tx+1hb4dofsvY8xARPRE57H3Lv/oGvtWiCQ5+E9JP+l5IPa7SmttJ31IPm
id7rWPqlSq5ghybdBn7g+1FN3RelwXmVMFGV4whzmlU2
-----END CERTIFICATE-----