Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/IR0N93wyt194hpjTT9eshHBGwCY.roa
File:                     IR0N93wyt194hpjTT9eshHBGwCY.roa (raw, json)
Hash identifier:          hm8stnovqLivJRd1Zt72YsNy0Lv8colWOGD8fUtYhVw=
Subject key identifier:   21:1D:0D:F7:7C:32:B7:5F:78:86:98:D3:4F:D7:AC:84:70:46:C0:26
Certificate issuer:       /CN=6991c56f11a7171c6153239769f557beba10182d
Certificate serial:       0197F444A4ADB3E3F668762B88D179D31CD9
Authority key identifier: 69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/IR0N93wyt194hpjTT9eshHBGwCY.roa
Signing time:             Thu 10 Jul 2025 12:17:08 +0000
ROA not before:           Thu 10 Jul 2025 12:17:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39762
IP address blocks:        95.164.64.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 14:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f4:44:a4:ad:b3:e3:f6:68:76:2b:88:d1:79:d3:1c:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6991c56f11a7171c6153239769f557beba10182d
        Validity
            Not Before: Jul 10 12:17:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=211d0df77c32b75f788698d34fd7ac847046c026
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d6:8a:c4:1b:e4:cb:1e:28:0f:eb:58:8c:b3:
                    8f:66:02:49:25:e0:32:48:11:85:93:00:5f:66:e1:
                    78:77:89:1d:ca:87:d6:26:74:aa:d8:4a:54:68:08:
                    bb:6f:cb:39:be:86:ea:af:66:1b:2b:00:cb:e6:a3:
                    53:0e:b5:4d:1f:2e:f8:61:58:07:86:97:a3:82:7b:
                    c0:74:12:09:8f:0c:cb:99:13:76:71:ff:43:8a:9f:
                    10:08:02:14:d9:c6:10:b8:4e:88:c5:20:7b:8f:22:
                    d9:ba:96:78:63:33:0b:60:78:79:7f:0b:64:dd:99:
                    6f:f8:13:0f:7a:f0:97:0b:21:00:95:85:13:24:50:
                    dc:62:9b:0c:c8:14:3e:d4:8e:81:cc:82:71:6c:9b:
                    23:0e:bf:57:74:c7:31:8f:d2:b4:b0:5e:ae:48:31:
                    1e:83:20:87:14:53:e4:09:7d:0d:24:4b:3b:a1:d2:
                    95:af:8e:b4:9f:e4:a1:e2:e5:22:27:5d:2b:7a:a8:
                    d9:7a:0a:06:4a:d7:4f:86:38:f2:d6:43:56:39:f1:
                    f4:f1:ec:bd:2a:05:f5:8b:14:ef:77:44:c9:ff:c5:
                    bc:39:48:03:e0:84:ab:86:ae:fe:e1:49:c4:28:3f:
                    01:05:85:f7:ce:f8:a4:62:71:0d:6e:a7:02:90:d1:
                    fe:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:1D:0D:F7:7C:32:B7:5F:78:86:98:D3:4F:D7:AC:84:70:46:C0:26
            X509v3 Authority Key Identifier:
                keyid:69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/IR0N93wyt194hpjTT9eshHBGwCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:d4:9d:d6:4d:ea:c4:05:d5:c7:f1:f8:9c:80:8c:32:e4:0c:
         28:c0:38:be:9f:35:fb:f8:69:62:f2:ff:33:28:ec:c7:9f:7c:
         23:88:4c:68:fb:5e:5b:98:13:97:61:6b:c9:67:41:fa:75:da:
         85:c2:e8:64:4f:ed:3b:c3:dd:51:8e:4a:a7:04:64:51:c6:23:
         95:b9:ec:8a:79:93:11:84:6f:c8:30:31:a8:53:b4:37:af:ba:
         7a:12:e0:ea:51:eb:46:17:41:a6:d2:cf:02:62:b1:6c:d3:02:
         0d:fa:58:a9:d8:5a:fd:5b:0d:53:f2:10:93:50:09:dc:b2:90:
         d5:f0:d8:f4:9d:d5:c2:cc:99:7d:ba:e3:4e:85:1d:92:52:c9:
         a2:a1:38:20:f5:0c:4a:2b:b4:d1:11:34:0c:4c:92:10:42:a4:
         c4:05:96:4e:4a:53:b3:14:e5:99:fb:cb:ff:61:7a:5a:74:58:
         99:ef:f4:6a:f3:2c:87:89:be:39:a1:ee:b2:ea:c8:31:2e:7e:
         4b:3d:d4:9a:d4:cb:ae:33:fe:de:f5:b0:c2:b1:e5:1b:36:3f:
         9b:e6:e0:68:0e:38:aa:35:10:bf:b6:00:c2:dd:fa:4b:36:30:
         af:b4:33:09:6c:ed:1e:4d:a7:c9:46:58:8d:e6:d4:14:cf:cf:
         a8:14:75:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf0RKSts+P2aHYriNF50xzZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTFjNTZmMTFhNzE3MWM2MTUzMjM5NzY5ZjU1N2JlYmEx
MDE4MmQwHhcNMjUwNzEwMTIxNzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTFkMGRmNzdjMzJiNzVmNzg4Njk4ZDM0ZmQ3YWM4NDcwNDZjMDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNaKxBvkyx4oD+tYjLOPZgJJJeAy
SBGFkwBfZuF4d4kdyofWJnSq2EpUaAi7b8s5vobqr2YbKwDL5qNTDrVNHy74YVgH
hpejgnvAdBIJjwzLmRN2cf9Dip8QCAIU2cYQuE6IxSB7jyLZupZ4YzMLYHh5fwtk
3Zlv+BMPevCXCyEAlYUTJFDcYpsMyBQ+1I6BzIJxbJsjDr9XdMcxj9K0sF6uSDEe
gyCHFFPkCX0NJEs7odKVr460n+Sh4uUiJ10reqjZegoGStdPhjjy1kNWOfH08ey9
KgX1ixTvd0TJ/8W8OUgD4ISrhq7+4UnEKD8BBYX3zvikYnENbqcCkNH+6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCEdDfd8MrdfeIaY00/XrIRwRsAmMB8GA1UdIwQY
MBaAFGmRxW8RpxccYVMjl2n1V766EBgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYt
NjVkMTU2NzM0MGZkLzEvSVIwTjkzd3l0MTk0aHBqVFQ5ZXNoSEJHd0NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYtNjVkMTU2NzM0MGZk
LzEvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX6RAMA0G
CSqGSIb3DQEBCwUAA4IBAQBr1J3WTerEBdXH8ficgIwy5AwowDi+nzX7+Gli8v8z
KOzHn3wjiExo+15bmBOXYWvJZ0H6ddqFwuhkT+07w91RjkqnBGRRxiOVueyKeZMR
hG/IMDGoU7Q3r7p6EuDqUetGF0Gm0s8CYrFs0wIN+lip2Fr9Ww1T8hCTUAncspDV
8Nj0ndXCzJl9uuNOhR2SUsmioTgg9QxKK7TRETQMTJIQQqTEBZZOSlOzFOWZ+8v/
YXpadFiZ7/Rq8yyHib45oe6y6sgxLn5LPdSa1MuuM/7e9bDCseUbNj+b5uBoDjiq
NRC/tgDC3fpLNjCvtDMJbO0eTafJRliN5tQUz8+oFHXX
-----END CERTIFICATE-----