Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/pvwfGfIGO0NkgGvmujHM737V_EY.roa
File:                     pvwfGfIGO0NkgGvmujHM737V_EY.roa (raw, json)
Hash identifier:          8/XbrvFS8MorMNpio1PdeXOcDn2Zh23ItADh06c9qJQ=
Subject key identifier:   A6:FC:1F:19:F2:06:3B:43:64:80:6B:E6:BA:31:CC:EF:7E:D5:FC:46
Certificate issuer:       /CN=99fee7cbd8e78d1f14a453a04b916f7c1581d204
Certificate serial:       0197322161F7DF48CA218BF4DBB4236848CB
Authority key identifier: 99:FE:E7:CB:D8:E7:8D:1F:14:A4:53:A0:4B:91:6F:7C:15:81:D2:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/pvwfGfIGO0NkgGvmujHM737V_EY.roa
Signing time:             Mon 02 Jun 2025 19:32:17 +0000
ROA not before:           Mon 02 Jun 2025 19:32:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        45.95.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:32:21:61:f7:df:48:ca:21:8b:f4:db:b4:23:68:48:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99fee7cbd8e78d1f14a453a04b916f7c1581d204
        Validity
            Not Before: Jun  2 19:32:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6fc1f19f2063b4364806be6ba31ccef7ed5fc46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:43:fd:81:94:6f:f1:58:44:35:a1:bd:41:dc:
                    20:da:3a:74:c2:bb:ee:92:8e:0a:55:d8:a9:84:2b:
                    54:9f:7a:a7:f5:62:a8:f3:16:83:28:76:81:dd:46:
                    4c:0f:7f:1f:fd:58:74:66:7a:91:d5:1e:f5:51:66:
                    2a:9f:40:2e:a6:b7:9b:8c:3a:19:2a:be:ec:93:e8:
                    20:b8:23:ef:52:0b:b7:ee:0d:48:07:a8:12:ec:3a:
                    46:87:8e:9b:71:89:fa:55:30:26:d8:1c:b4:ab:9f:
                    bf:c2:9d:cb:62:1b:36:44:9d:9a:19:6c:94:2d:06:
                    3f:c1:1d:5e:09:62:00:2f:76:39:f6:13:6e:1c:dd:
                    d9:ca:74:b7:71:a3:bb:cb:00:d5:23:8d:a4:09:fc:
                    73:59:48:f5:bd:e4:7f:7a:c6:02:63:12:07:e6:89:
                    b8:d9:21:2b:c5:b5:52:3b:85:65:a6:6a:ac:e0:f5:
                    03:79:76:ba:ef:a3:ca:3b:10:94:35:f2:3b:69:33:
                    c6:42:68:d0:32:90:42:29:13:1b:38:a1:f1:90:dc:
                    f5:54:5e:76:d5:23:de:89:b1:37:ce:b6:7a:06:21:
                    45:fb:dc:b7:ae:d3:38:a1:7a:9f:6e:7f:b9:ed:56:
                    ac:92:91:14:87:c4:a2:f8:e5:22:21:0a:87:4c:16:
                    a9:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:FC:1F:19:F2:06:3B:43:64:80:6B:E6:BA:31:CC:EF:7E:D5:FC:46
            X509v3 Authority Key Identifier:
                keyid:99:FE:E7:CB:D8:E7:8D:1F:14:A4:53:A0:4B:91:6F:7C:15:81:D2:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/pvwfGfIGO0NkgGvmujHM737V_EY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:7e:07:e8:81:78:85:67:97:cc:2b:01:05:80:4f:b3:98:b0:
         0c:ba:46:cf:9b:a4:7d:ff:01:10:f9:e5:31:f9:82:86:0f:61:
         59:65:02:81:c8:43:f3:df:5e:ae:7b:ff:46:17:b9:4b:7f:cf:
         c0:5b:4c:76:56:1a:6f:4c:35:60:41:73:00:2f:23:2d:92:5f:
         ca:f4:32:19:f1:ec:b9:ea:e7:15:ff:24:c9:34:95:b1:8d:e7:
         29:53:e8:be:ab:cf:e9:97:41:8c:be:85:33:89:0d:c7:40:fe:
         b7:8a:b4:61:f7:60:f9:52:e4:f1:d8:f6:95:ab:a4:7c:9d:13:
         90:ff:26:0a:a5:e7:fe:37:eb:d5:4d:d8:69:b2:6f:f9:ac:28:
         cb:c9:b2:52:82:ce:ce:26:dd:90:9f:6a:78:87:09:02:b8:90:
         3f:8b:a8:cd:fa:33:88:c9:30:6d:c6:f9:b6:6f:cd:d3:55:4d:
         0b:da:38:07:0a:eb:81:f3:65:7b:31:1e:fd:68:44:62:8f:c1:
         69:f1:6a:12:31:57:26:41:cd:c7:fb:d8:fd:fa:a8:aa:2c:ff:
         b5:3d:91:39:ad:b1:c3:63:8b:77:92:b3:8f:a5:bc:0e:f1:5a:
         b3:22:59:8c:18:ca:45:9b:b1:66:6c:e6:36:f2:66:cc:f2:12:
         37:72:c5:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcyIWH330jKIYv027QjaEjLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZmVlN2NiZDhlNzhkMWYxNGE0NTNhMDRiOTE2ZjdjMTU4
MWQyMDQwHhcNMjUwNjAyMTkzMjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmZjMWYxOWYyMDYzYjQzNjQ4MDZiZTZiYTMxY2NlZjdlZDVmYzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukP9gZRv8VhENaG9Qdwg2jp0wrvu
ko4KVdiphCtUn3qn9WKo8xaDKHaB3UZMD38f/Vh0ZnqR1R71UWYqn0AuprebjDoZ
Kr7sk+gguCPvUgu37g1IB6gS7DpGh46bcYn6VTAm2By0q5+/wp3LYhs2RJ2aGWyU
LQY/wR1eCWIAL3Y59hNuHN3ZynS3caO7ywDVI42kCfxzWUj1veR/esYCYxIH5om4
2SErxbVSO4Vlpmqs4PUDeXa676PKOxCUNfI7aTPGQmjQMpBCKRMbOKHxkNz1VF52
1SPeibE3zrZ6BiFF+9y3rtM4oXqfbn+57VaskpEUh8Si+OUiIQqHTBapGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKb8HxnyBjtDZIBr5roxzO9+1fxGMB8GA1UdIwQY
MBaAFJn+58vY540fFKRToEuRb3wVgdIEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWY3bnk5am5qUjhVcEZPZ1M1RnZmQldCMGdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8wZGQ0Y2ItMWY3Mi00MGVkLWE2NTct
MWMyMmVmZjcyODE4LzEvcHZ3ZkdmSUdPME5rZ0d2bXVqSE03MzdWX0VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8wZGQ0Y2ItMWY3Mi00MGVkLWE2NTctMWMyMmVmZjcyODE4
LzEvbWY3bnk5am5qUjhVcEZPZ1M1RnZmQldCMGdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV9yMA0G
CSqGSIb3DQEBCwUAA4IBAQCjfgfogXiFZ5fMKwEFgE+zmLAMukbPm6R9/wEQ+eUx
+YKGD2FZZQKByEPz316ue/9GF7lLf8/AW0x2VhpvTDVgQXMALyMtkl/K9DIZ8ey5
6ucV/yTJNJWxjecpU+i+q8/pl0GMvoUziQ3HQP63irRh92D5UuTx2PaVq6R8nROQ
/yYKpef+N+vVTdhpsm/5rCjLybJSgs7OJt2Qn2p4hwkCuJA/i6jN+jOIyTBtxvm2
b83TVU0L2jgHCuuB82V7MR79aERij8Fp8WoSMVcmQc3H+9j9+qiqLP+1PZE5rbHD
Y4t3krOPpbwO8VqzIlmMGMpFm7FmbOY28mbM8hI3csWV
-----END CERTIFICATE-----