Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/fQ9CAdmGh8PVMwKzMUPdKPUrnwY.roa
File:                     fQ9CAdmGh8PVMwKzMUPdKPUrnwY.roa (raw, json)
Hash identifier:          pIIB8MOFmW82oxrTaW29LQWRpAreQ8kiX3bpbS9eqjw=
Subject key identifier:   7D:0F:42:01:D9:86:87:C3:D5:33:02:B3:31:43:DD:28:F5:2B:9F:06
Certificate issuer:       /CN=e292c8c779b6ed6ede72a8cf11490ef6d7a9e921
Certificate serial:       01967375ECDEE6C01593B30E932A3B19F19C
Authority key identifier: E2:92:C8:C7:79:B6:ED:6E:DE:72:A8:CF:11:49:0E:F6:D7:A9:E9:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4pLIx3m27W7ecqjPEUkO9tep6SE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/fQ9CAdmGh8PVMwKzMUPdKPUrnwY.roa
Signing time:             Sat 26 Apr 2025 18:57:10 +0000
ROA not before:           Sat 26 Apr 2025 18:57:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215304
IP address blocks:        95.128.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/4pLIx3m27W7ecqjPEUkO9tep6SE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/4pLIx3m27W7ecqjPEUkO9tep6SE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4pLIx3m27W7ecqjPEUkO9tep6SE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 May 2025 06:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:73:75:ec:de:e6:c0:15:93:b3:0e:93:2a:3b:19:f1:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e292c8c779b6ed6ede72a8cf11490ef6d7a9e921
        Validity
            Not Before: Apr 26 18:57:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7d0f4201d98687c3d53302b33143dd28f52b9f06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:50:10:0e:c7:ed:ae:ad:43:4b:05:a4:19:e0:
                    e1:3d:e7:02:5d:0d:c1:f0:c1:b2:b5:6a:d8:b8:31:
                    df:e4:de:e0:11:fe:5f:78:47:4b:b7:12:3d:c5:ad:
                    ce:de:3c:95:78:cd:ee:e9:da:b8:11:04:fd:0e:a6:
                    32:10:80:ae:46:b4:a3:db:e6:77:93:ed:93:4c:d6:
                    a2:76:4a:f7:46:f9:47:4a:d5:77:c2:b4:79:64:7c:
                    a0:21:11:c9:cf:a5:bf:51:0e:23:8e:b0:05:03:71:
                    39:3b:ed:e0:cb:6e:b0:76:14:25:ea:d0:4e:5c:b8:
                    cf:88:88:ee:ab:c8:4f:0a:35:0c:a3:49:8f:70:d8:
                    df:2b:66:ee:f2:a8:26:cc:da:45:d8:e9:ad:83:2d:
                    bf:a3:74:0c:e6:7f:e8:64:81:c3:a4:c2:36:d2:6f:
                    82:21:47:c0:db:9f:37:75:92:79:8e:f7:f5:c7:dc:
                    52:db:92:12:4f:f5:aa:d7:7b:96:fa:8a:d6:8e:40:
                    08:ad:ae:38:21:e1:d6:5e:23:48:69:43:bc:f0:63:
                    8e:a6:0e:7e:24:cf:17:30:b5:9a:1c:b8:df:22:18:
                    92:ab:98:58:45:d2:5d:08:cd:c6:0a:20:9e:97:b0:
                    89:ac:e0:2f:5c:a4:85:3b:43:27:3c:8f:3d:b0:cf:
                    5f:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:0F:42:01:D9:86:87:C3:D5:33:02:B3:31:43:DD:28:F5:2B:9F:06
            X509v3 Authority Key Identifier:
                keyid:E2:92:C8:C7:79:B6:ED:6E:DE:72:A8:CF:11:49:0E:F6:D7:A9:E9:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4pLIx3m27W7ecqjPEUkO9tep6SE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/fQ9CAdmGh8PVMwKzMUPdKPUrnwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/4a2e97-2570-478b-b9bc-5ebb6378009e/1/4pLIx3m27W7ecqjPEUkO9tep6SE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:93:26:b9:25:d5:8e:e7:fe:00:71:bb:1d:ab:a9:65:f9:19:
         e0:5b:e5:a8:69:92:89:c0:08:75:b1:ef:be:eb:e0:8e:4b:a0:
         79:32:30:12:0b:70:d6:da:f0:db:41:6b:fb:fe:49:aa:64:bf:
         28:3d:bb:a8:01:39:42:dc:00:e7:29:d9:64:56:61:8a:a9:7c:
         21:07:f4:19:59:73:7a:e3:64:b8:c2:ad:21:06:fd:73:09:ad:
         13:15:3f:8c:9d:ca:80:b5:73:ac:fa:a8:43:fb:90:21:4f:09:
         27:94:00:bd:94:8d:ba:71:f5:70:fa:66:cb:e9:b2:dd:19:4d:
         78:c7:a3:48:8b:d8:9b:ba:93:bb:56:6c:3c:64:b5:6d:35:26:
         aa:5c:ca:6f:da:18:f7:e4:6b:be:14:75:58:eb:4d:6d:58:cf:
         ca:d8:8e:4c:48:fe:88:6e:0a:4a:30:28:c9:3c:6b:8f:6c:22:
         53:1b:2c:40:b8:11:2b:bf:a9:7b:0b:bb:e7:4f:01:ea:2b:e8:
         ed:e5:6e:88:65:a5:4d:3f:a5:70:5d:7d:b7:27:85:bb:bb:b3:
         17:78:ae:ac:e5:55:2d:40:88:2d:18:f8:95:b2:23:80:2f:63:
         e8:fc:e0:49:93:5b:f7:d0:0d:92:f5:0a:ae:63:9d:4f:7e:28:
         b5:a4:18:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZzdeze5sAVk7MOkyo7GfGcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyOTJjOGM3NzliNmVkNmVkZTcyYThjZjExNDkwZWY2ZDdh
OWU5MjEwHhcNMjUwNDI2MTg1NzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDBmNDIwMWQ5ODY4N2MzZDUzMzAyYjMzMTQzZGQyOGY1MmI5ZjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFAQDsftrq1DSwWkGeDhPecCXQ3B
8MGytWrYuDHf5N7gEf5feEdLtxI9xa3O3jyVeM3u6dq4EQT9DqYyEICuRrSj2+Z3
k+2TTNaidkr3RvlHStV3wrR5ZHygIRHJz6W/UQ4jjrAFA3E5O+3gy26wdhQl6tBO
XLjPiIjuq8hPCjUMo0mPcNjfK2bu8qgmzNpF2Omtgy2/o3QM5n/oZIHDpMI20m+C
IUfA2583dZJ5jvf1x9xS25IST/Wq13uW+orWjkAIra44IeHWXiNIaUO88GOOpg5+
JM8XMLWaHLjfIhiSq5hYRdJdCM3GCiCel7CJrOAvXKSFO0MnPI89sM9f1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH0PQgHZhofD1TMCszFD3Sj1K58GMB8GA1UdIwQY
MBaAFOKSyMd5tu1u3nKozxFJDvbXqekhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHBMSXgzbTI3VzdlY3FqUEVVa085dGVwNlNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC80YTJlOTctMjU3MC00NzhiLWI5YmMt
NWViYjYzNzgwMDllLzEvZlE5Q0FkbUdoOFBWTXdLek1VUGRLUFVybndZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC80YTJlOTctMjU3MC00NzhiLWI5YmMtNWViYjYzNzgwMDll
LzEvNHBMSXgzbTI3VzdlY3FqUEVVa085dGVwNlNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4DDMA0G
CSqGSIb3DQEBCwUAA4IBAQBdkya5JdWO5/4Acbsdq6ll+RngW+WoaZKJwAh1se++
6+COS6B5MjASC3DW2vDbQWv7/kmqZL8oPbuoATlC3ADnKdlkVmGKqXwhB/QZWXN6
42S4wq0hBv1zCa0TFT+MncqAtXOs+qhD+5AhTwknlAC9lI26cfVw+mbL6bLdGU14
x6NIi9ibupO7Vmw8ZLVtNSaqXMpv2hj35Gu+FHVY601tWM/K2I5MSP6IbgpKMCjJ
PGuPbCJTGyxAuBErv6l7C7vnTwHqK+jt5W6IZaVNP6VwXX23J4W7u7MXeK6s5VUt
QIgtGPiVsiOAL2Po/OBJk1v30A2S9QquY51Pfii1pBiM
-----END CERTIFICATE-----