Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/86717f-ff1f-4b95-ae81-61a6d72ac49c/1/cr95DzEVhWtLA_b8PXKOtJAUld0.roa
File:                     cr95DzEVhWtLA_b8PXKOtJAUld0.roa (raw, json)
Hash identifier:          hVWUfMq7GUDS1WFoj/BlW6uwrsRcoF2yZGnDVDwJpMc=
Subject key identifier:   72:BF:79:0F:31:15:85:6B:4B:03:F6:FC:3D:72:8E:B4:90:14:95:DD
Certificate issuer:       /CN=35cecbf8651a5624f2281dc356a77cd34bd5ba96
Certificate serial:       01944E49ADA22F027EA02C6B0381ADCBBA02
Authority key identifier: 35:CE:CB:F8:65:1A:56:24:F2:28:1D:C3:56:A7:7C:D3:4B:D5:BA:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nc7L-GUaViTyKB3DVqd800vVupY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/86717f-ff1f-4b95-ae81-61a6d72ac49c/1/cr95DzEVhWtLA_b8PXKOtJAUld0.roa
Signing time:             Fri 10 Jan 2025 03:37:18 +0000
ROA not before:           Fri 10 Jan 2025 03:37:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215232
IP address blocks:        195.62.48.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/86717f-ff1f-4b95-ae81-61a6d72ac49c/1/Nc7L-GUaViTyKB3DVqd800vVupY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/86717f-ff1f-4b95-ae81-61a6d72ac49c/1/Nc7L-GUaViTyKB3DVqd800vVupY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nc7L-GUaViTyKB3DVqd800vVupY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4e:49:ad:a2:2f:02:7e:a0:2c:6b:03:81:ad:cb:ba:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35cecbf8651a5624f2281dc356a77cd34bd5ba96
        Validity
            Not Before: Jan 10 03:37:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=72bf790f3115856b4b03f6fc3d728eb4901495dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:f9:33:69:c7:eb:4a:63:2c:d7:6f:ad:0f:c3:
                    9a:d5:e8:65:ab:d3:92:63:cd:94:bf:6f:3f:2a:de:
                    e9:eb:70:fe:c2:65:cf:72:2f:84:dd:41:44:14:00:
                    69:b0:b7:bd:2f:be:35:c6:ee:08:62:0c:84:30:2b:
                    7f:47:31:6f:fe:4e:45:a4:65:f7:3c:94:68:ed:0d:
                    53:20:fe:ef:45:f3:41:32:6e:21:36:c0:81:c3:4a:
                    58:f1:9b:ae:34:e3:49:31:b5:6a:e5:e1:ff:e4:69:
                    e3:30:b9:4e:0e:26:1f:a3:1b:2c:b1:cb:57:e3:46:
                    d8:8e:8f:87:64:9c:c0:fd:72:c8:85:3b:14:2f:ce:
                    92:32:6d:56:88:bf:b2:1f:bd:d9:ce:b7:38:e1:36:
                    60:9e:4d:d3:c5:dc:bc:04:2f:9f:32:db:f7:6f:24:
                    3b:cb:20:a9:a4:1b:88:9a:f9:9a:cf:0a:1e:11:d2:
                    e6:ad:77:ab:da:a1:4d:3d:d1:8b:59:29:b3:ce:b8:
                    9e:07:0c:eb:48:75:25:7a:f2:ea:b4:1a:e2:0e:af:
                    6b:50:bd:02:de:0d:20:29:9c:9b:0f:58:7d:96:97:
                    ea:87:e0:e2:e3:25:0e:dd:a5:ad:ff:17:a6:dc:73:
                    2d:e3:57:fc:33:24:ba:cb:1b:93:40:0d:27:95:f9:
                    d5:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:BF:79:0F:31:15:85:6B:4B:03:F6:FC:3D:72:8E:B4:90:14:95:DD
            X509v3 Authority Key Identifier:
                keyid:35:CE:CB:F8:65:1A:56:24:F2:28:1D:C3:56:A7:7C:D3:4B:D5:BA:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nc7L-GUaViTyKB3DVqd800vVupY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/86717f-ff1f-4b95-ae81-61a6d72ac49c/1/cr95DzEVhWtLA_b8PXKOtJAUld0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/86717f-ff1f-4b95-ae81-61a6d72ac49c/1/Nc7L-GUaViTyKB3DVqd800vVupY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.62.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:88:9d:32:8e:2c:c7:a5:7c:e7:8b:4e:ad:64:6c:fb:ae:ca:
         eb:17:63:8f:68:e0:05:16:62:0d:45:fc:29:8b:a5:45:8c:3d:
         b9:ad:20:68:a7:0c:79:e0:52:7f:45:83:e2:be:0c:4c:04:e8:
         fa:85:67:a6:9c:2b:2a:23:e6:05:c3:27:57:73:45:10:a1:a8:
         b1:44:e5:dc:0f:17:c0:ca:68:ad:dd:7d:51:43:1c:fe:bd:7a:
         ec:ae:09:27:d7:5c:c8:14:5c:c6:34:9a:ba:9c:5e:da:a5:eb:
         46:3e:fd:3f:2d:fd:34:8e:b7:b0:de:0a:5a:61:69:50:19:1a:
         f8:1d:90:d7:83:a5:41:4e:db:f8:b9:cb:fc:cc:88:b2:1f:6d:
         85:04:bb:08:eb:c0:e5:01:c3:06:e1:9b:a8:a2:37:c1:a7:72:
         12:5c:14:2a:5d:63:f9:da:8e:24:fc:ea:d9:5e:08:9b:2a:ee:
         f8:e7:fa:f3:2a:d2:40:47:b4:87:55:d3:f2:55:a3:4f:82:6a:
         11:fd:fe:71:35:ff:b0:bf:49:25:c1:17:ca:36:14:cb:2e:ce:
         a9:ef:28:28:f3:ed:34:e1:1d:e2:c0:6b:74:2a:d0:89:3f:ee:
         d7:01:8c:df:39:b1:e3:65:ad:6e:52:99:90:fd:3a:c3:9d:b8:
         d1:9a:ad:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZROSa2iLwJ+oCxrA4Gty7oCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1Y2VjYmY4NjUxYTU2MjRmMjI4MWRjMzU2YTc3Y2QzNGJk
NWJhOTYwHhcNMjUwMTEwMDMzNzE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmJmNzkwZjMxMTU4NTZiNGIwM2Y2ZmMzZDcyOGViNDkwMTQ5NWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/kzacfrSmMs12+tD8Oa1ehlq9OS
Y82Uv28/Kt7p63D+wmXPci+E3UFEFABpsLe9L741xu4IYgyEMCt/RzFv/k5FpGX3
PJRo7Q1TIP7vRfNBMm4hNsCBw0pY8ZuuNONJMbVq5eH/5GnjMLlODiYfoxsssctX
40bYjo+HZJzA/XLIhTsUL86SMm1WiL+yH73Zzrc44TZgnk3Txdy8BC+fMtv3byQ7
yyCppBuImvmazwoeEdLmrXer2qFNPdGLWSmzzrieBwzrSHUlevLqtBriDq9rUL0C
3g0gKZybD1h9lpfqh+Di4yUO3aWt/xem3HMt41f8MyS6yxuTQA0nlfnV3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHK/eQ8xFYVrSwP2/D1yjrSQFJXdMB8GA1UdIwQY
MBaAFDXOy/hlGlYk8igdw1anfNNL1bqWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmM3TC1HVWFWaVR5S0IzRFZxZDgwMHZWdXBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS84NjcxN2YtZmYxZi00Yjk1LWFlODEt
NjFhNmQ3MmFjNDljLzEvY3I5NUR6RVZoV3RMQV9iOFBYS090SkFVbGQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS84NjcxN2YtZmYxZi00Yjk1LWFlODEtNjFhNmQ3MmFjNDlj
LzEvTmM3TC1HVWFWaVR5S0IzRFZxZDgwMHZWdXBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwz4wMA0G
CSqGSIb3DQEBCwUAA4IBAQBciJ0yjizHpXzni06tZGz7rsrrF2OPaOAFFmINRfwp
i6VFjD25rSBopwx54FJ/RYPivgxMBOj6hWemnCsqI+YFwydXc0UQoaixROXcDxfA
ymit3X1RQxz+vXrsrgkn11zIFFzGNJq6nF7apetGPv0/Lf00jrew3gpaYWlQGRr4
HZDXg6VBTtv4ucv8zIiyH22FBLsI68DlAcMG4ZuoojfBp3ISXBQqXWP52o4k/OrZ
XgibKu745/rzKtJAR7SHVdPyVaNPgmoR/f5xNf+wv0klwRfKNhTLLs6p7ygo8+00
4R3iwGt0KtCJP+7XAYzfObHjZa1uUpmQ/TrDnbjRmq1i
-----END CERTIFICATE-----