Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/4da5d5-3152-4f54-a0a9-a95aef9c91d9/1/1hVW1hVDzUMh4lZ8GR7cUAl7v8M.roa
File:                     1hVW1hVDzUMh4lZ8GR7cUAl7v8M.roa (raw, json)
Hash identifier:          /ppjOJyvYU9AU0zUdXonk4kTMm986gK2/zEUEbCwwMQ=
Subject key identifier:   D6:15:56:D6:15:43:CD:43:21:E2:56:7C:19:1E:DC:50:09:7B:BF:C3
Certificate issuer:       /CN=745e643d021ec6d21b475ae460ddedcf7e6b3f66
Certificate serial:       01966C19C5C98ACA6A30103454289094E332
Authority key identifier: 74:5E:64:3D:02:1E:C6:D2:1B:47:5A:E4:60:DD:ED:CF:7E:6B:3F:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dF5kPQIextIbR1rkYN3tz35rP2Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/4da5d5-3152-4f54-a0a9-a95aef9c91d9/1/1hVW1hVDzUMh4lZ8GR7cUAl7v8M.roa
Signing time:             Fri 25 Apr 2025 08:39:10 +0000
ROA not before:           Fri 25 Apr 2025 08:39:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     395793
IP address blocks:        95.128.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/4da5d5-3152-4f54-a0a9-a95aef9c91d9/1/dF5kPQIextIbR1rkYN3tz35rP2Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/4da5d5-3152-4f54-a0a9-a95aef9c91d9/1/dF5kPQIextIbR1rkYN3tz35rP2Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dF5kPQIextIbR1rkYN3tz35rP2Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6c:19:c5:c9:8a:ca:6a:30:10:34:54:28:90:94:e3:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=745e643d021ec6d21b475ae460ddedcf7e6b3f66
        Validity
            Not Before: Apr 25 08:39:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d61556d61543cd4321e2567c191edc50097bbfc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:93:8a:b1:0c:f0:f2:db:aa:93:ca:b8:cb:3d:
                    11:dc:81:46:be:3a:0a:65:18:3c:7a:1c:90:e0:3c:
                    22:1f:a6:5d:3f:9d:69:a1:55:65:22:16:91:04:b2:
                    1b:02:37:e4:21:d7:35:00:7c:14:2c:83:8e:11:25:
                    43:35:05:2d:a9:62:e1:37:47:4b:8d:d3:9d:47:92:
                    a3:90:78:85:da:8b:33:a7:c1:d4:b6:86:b8:6b:9a:
                    12:49:74:4d:b9:bb:01:33:b3:b9:82:00:a6:a9:2d:
                    63:79:7e:44:f4:70:24:9e:14:fe:92:bf:bf:7d:d5:
                    8f:ea:57:ab:8d:29:ac:9a:3f:c6:a0:81:0b:1f:e7:
                    17:11:fb:52:ef:2a:7c:06:ac:83:bf:5a:bf:07:8e:
                    06:df:c1:a6:a7:6b:f0:25:ed:1d:a0:2e:59:0f:cc:
                    71:83:24:4d:79:7e:44:44:6f:44:eb:14:93:cc:68:
                    ae:55:5f:53:0b:0b:58:71:65:13:a2:65:15:3a:6c:
                    5f:f1:f5:e5:39:f1:14:bc:c0:9b:f8:68:e2:90:ad:
                    cc:27:bc:99:7a:71:a7:84:f1:58:ab:3b:c2:e0:24:
                    47:9b:6c:cb:d8:e7:be:22:a8:dd:ca:59:2b:ee:95:
                    a3:43:c3:3d:7d:7b:89:e6:dc:1d:63:7f:f7:8a:f4:
                    55:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:15:56:D6:15:43:CD:43:21:E2:56:7C:19:1E:DC:50:09:7B:BF:C3
            X509v3 Authority Key Identifier:
                keyid:74:5E:64:3D:02:1E:C6:D2:1B:47:5A:E4:60:DD:ED:CF:7E:6B:3F:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dF5kPQIextIbR1rkYN3tz35rP2Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/4da5d5-3152-4f54-a0a9-a95aef9c91d9/1/1hVW1hVDzUMh4lZ8GR7cUAl7v8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/4da5d5-3152-4f54-a0a9-a95aef9c91d9/1/dF5kPQIextIbR1rkYN3tz35rP2Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:0a:9e:81:36:26:f4:b7:07:30:ec:7d:4b:86:48:cf:7f:cf:
         51:2a:40:c7:99:ae:40:f2:ec:e7:2f:1d:21:c8:f9:b7:06:6e:
         f7:0d:f0:98:c1:62:10:ea:02:17:6f:e1:60:a2:c9:72:39:f5:
         4a:8b:28:08:ef:13:18:c6:2d:ef:71:f3:3b:c0:6a:51:a2:c6:
         fa:5c:d6:57:e8:1c:f8:3e:98:a4:b0:36:fc:c4:5e:fb:9a:36:
         40:de:6c:ac:06:f0:54:8d:ca:3b:86:33:a6:78:86:b3:72:cd:
         50:46:e4:2e:09:53:d2:92:cc:20:72:68:a2:92:11:1d:60:54:
         26:e7:d7:82:25:e3:0b:7b:59:fb:14:94:c9:71:07:fd:bc:04:
         63:a9:64:75:e9:23:bb:cb:77:58:51:19:2f:40:a3:6d:82:22:
         46:63:c0:3f:5d:72:14:c2:50:ea:f7:05:6b:59:03:7b:53:4a:
         5a:92:7a:22:ad:e1:02:81:eb:8d:1b:3e:20:08:f8:0f:e6:21:
         1c:0e:21:bd:3f:a4:42:83:17:f2:22:fe:71:9f:26:20:b7:47:
         24:5d:73:95:0d:6f:c7:ca:0b:fa:ee:2e:17:47:93:66:82:e8:
         8a:c8:0f:73:ab:37:df:0c:8d:c1:67:81:91:6c:4c:a3:35:62:
         4f:62:89:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZsGcXJispqMBA0VCiQlOMyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NWU2NDNkMDIxZWM2ZDIxYjQ3NWFlNDYwZGRlZGNmN2U2
YjNmNjYwHhcNMjUwNDI1MDgzOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjE1NTZkNjE1NDNjZDQzMjFlMjU2N2MxOTFlZGM1MDA5N2JiZmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpOKsQzw8tuqk8q4yz0R3IFGvjoK
ZRg8ehyQ4DwiH6ZdP51poVVlIhaRBLIbAjfkIdc1AHwULIOOESVDNQUtqWLhN0dL
jdOdR5KjkHiF2oszp8HUtoa4a5oSSXRNubsBM7O5ggCmqS1jeX5E9HAknhT+kr+/
fdWP6lerjSmsmj/GoIELH+cXEftS7yp8BqyDv1q/B44G38Gmp2vwJe0doC5ZD8xx
gyRNeX5ERG9E6xSTzGiuVV9TCwtYcWUTomUVOmxf8fXlOfEUvMCb+GjikK3MJ7yZ
enGnhPFYqzvC4CRHm2zL2Oe+Iqjdylkr7pWjQ8M9fXuJ5twdY3/3ivRVDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNYVVtYVQ81DIeJWfBke3FAJe7/DMB8GA1UdIwQY
MBaAFHReZD0CHsbSG0da5GDd7c9+az9mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEY1a1BRSWV4dEliUjFya1lOM3R6MzVyUDJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi80ZGE1ZDUtMzE1Mi00ZjU0LWEwYTkt
YTk1YWVmOWM5MWQ5LzEvMWhWVzFoVkR6VU1oNGxaOEdSN2NVQWw3djhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi80ZGE1ZDUtMzE1Mi00ZjU0LWEwYTktYTk1YWVmOWM5MWQ5
LzEvZEY1a1BRSWV4dEliUjFya1lOM3R6MzVyUDJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4DHMA0G
CSqGSIb3DQEBCwUAA4IBAQBjCp6BNib0twcw7H1LhkjPf89RKkDHma5A8uznLx0h
yPm3Bm73DfCYwWIQ6gIXb+FgoslyOfVKiygI7xMYxi3vcfM7wGpRosb6XNZX6Bz4
PpiksDb8xF77mjZA3mysBvBUjco7hjOmeIazcs1QRuQuCVPSkswgcmiikhEdYFQm
59eCJeMLe1n7FJTJcQf9vARjqWR16SO7y3dYURkvQKNtgiJGY8A/XXIUwlDq9wVr
WQN7U0paknoireECgeuNGz4gCPgP5iEcDiG9P6RCgxfyIv5xnyYgt0ckXXOVDW/H
ygv67i4XR5NmguiKyA9zqzffDI3BZ4GRbEyjNWJPYont
-----END CERTIFICATE-----