Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/1-jVAuwl23O0NOs1-bK6yeNscKls.roa
File:                     1-jVAuwl23O0NOs1-bK6yeNscKls.roa (raw, json)
Hash identifier:          Uvxs615yu+WEWoRFMHOzorsioWG8H9U4nAbzC8roX+c=
Subject key identifier:   FA:35:40:BB:09:76:DC:ED:0D:3A:CD:7E:6C:AE:B2:78:DB:1C:2A:5B
Certificate issuer:       /CN=f0c104041691dc384f3b1a8cdf95c96628ea6daf
Certificate serial:       019670A47E17AE517D1412EBC931A7C31355
Authority key identifier: F0:C1:04:04:16:91:DC:38:4F:3B:1A:8C:DF:95:C9:66:28:EA:6D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/1-jVAuwl23O0NOs1-bK6yeNscKls.roa
Signing time:             Sat 26 Apr 2025 05:49:10 +0000
ROA not before:           Sat 26 Apr 2025 05:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61036
IP address blocks:        95.38.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/8MEEBBaR3DhPOxqM35XJZijqba8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/8MEEBBaR3DhPOxqM35XJZijqba8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 May 2025 14:24:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:70:a4:7e:17:ae:51:7d:14:12:eb:c9:31:a7:c3:13:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0c104041691dc384f3b1a8cdf95c96628ea6daf
        Validity
            Not Before: Apr 26 05:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa3540bb0976dced0d3acd7e6caeb278db1c2a5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ce:9f:a3:d1:7a:fb:ca:ec:95:92:65:0d:da:
                    f0:be:11:4f:1c:3d:fe:5b:b7:47:2f:b2:9b:eb:36:
                    78:c5:25:8b:c2:1e:75:78:45:0d:40:a1:9a:a1:83:
                    b2:53:4c:a2:c7:20:21:ba:20:ba:f2:30:ad:ed:de:
                    19:07:d9:31:d4:ad:c3:3c:4c:f3:2c:33:b8:fb:53:
                    65:a1:85:21:41:d4:16:61:0f:66:10:24:55:36:1f:
                    fd:ee:f6:32:cd:9a:53:bd:40:7e:71:cf:4f:1e:b2:
                    64:c9:3c:94:f6:41:a5:58:7f:1f:9f:60:1a:62:c8:
                    8e:32:3f:e2:f7:f7:21:e8:a0:66:d2:5f:19:0c:ca:
                    f1:bc:1e:a7:77:b6:e9:a7:9b:83:80:e9:e5:31:04:
                    ae:fa:98:84:9d:55:56:82:12:f2:f0:61:8e:70:b1:
                    8e:e0:62:cc:75:ec:b4:01:8d:f2:6f:b6:1f:b2:b4:
                    09:d7:82:8d:45:6d:fd:e6:cb:a8:57:dc:2f:f3:d6:
                    15:be:e9:1c:4a:6e:6d:90:72:a4:ce:45:9c:a1:17:
                    9f:5a:94:6e:09:b8:11:14:ac:73:c2:de:a6:01:ec:
                    8f:48:dc:87:4f:a6:47:24:76:8a:2a:c7:cb:d3:fa:
                    19:f0:ac:0a:ca:6c:9b:f4:7e:5c:03:af:6f:20:42:
                    65:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:35:40:BB:09:76:DC:ED:0D:3A:CD:7E:6C:AE:B2:78:DB:1C:2A:5B
            X509v3 Authority Key Identifier:
                keyid:F0:C1:04:04:16:91:DC:38:4F:3B:1A:8C:DF:95:C9:66:28:EA:6D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/1-jVAuwl23O0NOs1-bK6yeNscKls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/8MEEBBaR3DhPOxqM35XJZijqba8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.38.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:59:84:44:22:ba:47:10:d8:7b:6e:3e:0f:c7:9f:bc:b1:c7:
         80:81:0a:8a:e7:52:36:ab:6b:6c:d6:1d:13:84:18:4d:db:51:
         19:76:36:d3:a7:d3:fb:05:5f:42:c2:45:40:f6:65:88:71:ab:
         e9:72:aa:c5:fb:83:49:1c:76:4b:63:30:dc:87:ef:19:e6:60:
         db:75:12:77:71:2e:85:ca:5c:42:af:ad:36:50:15:91:ed:21:
         6d:36:6f:f6:4f:94:49:77:da:4c:52:f8:18:75:6b:ef:78:f3:
         07:df:19:83:1f:83:72:5d:d1:74:f3:3c:65:77:e4:06:f6:78:
         4d:5e:d5:1e:18:95:8d:81:68:f2:d3:ea:af:1d:5d:a2:65:de:
         4b:11:9c:2c:bf:5b:f6:f6:48:ac:b4:d7:2e:4f:96:c2:d5:8e:
         50:e9:08:c4:80:97:6c:b7:b5:87:e4:9a:28:7c:9e:fa:cf:91:
         9b:0c:cb:df:a8:84:50:0e:17:49:04:3f:08:56:8b:23:46:7d:
         ad:6a:06:6b:20:6b:2d:e8:43:5b:fa:3a:b8:d7:16:a9:62:24:
         ef:51:b1:47:3d:36:97:1c:2b:e9:a1:79:1b:50:a8:34:ae:03:
         00:9a:2a:82:b5:bc:17:b8:10:5d:34:63:31:4f:03:55:fd:00:
         64:15:d7:e8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZZwpH4XrlF9FBLryTGnwxNVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwYzEwNDA0MTY5MWRjMzg0ZjNiMWE4Y2RmOTVjOTY2Mjhl
YTZkYWYwHhcNMjUwNDI2MDU0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTM1NDBiYjA5NzZkY2VkMGQzYWNkN2U2Y2FlYjI3OGRiMWMyYTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns6fo9F6+8rslZJlDdrwvhFPHD3+
W7dHL7Kb6zZ4xSWLwh51eEUNQKGaoYOyU0yixyAhuiC68jCt7d4ZB9kx1K3DPEzz
LDO4+1NloYUhQdQWYQ9mECRVNh/97vYyzZpTvUB+cc9PHrJkyTyU9kGlWH8fn2Aa
YsiOMj/i9/ch6KBm0l8ZDMrxvB6nd7bpp5uDgOnlMQSu+piEnVVWghLy8GGOcLGO
4GLMdey0AY3yb7YfsrQJ14KNRW395suoV9wv89YVvukcSm5tkHKkzkWcoRefWpRu
CbgRFKxzwt6mAeyPSNyHT6ZHJHaKKsfL0/oZ8KwKymyb9H5cA69vIEJlywIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPo1QLsJdtztDTrNfmyusnjbHCpbMB8GA1UdIwQY
MBaAFPDBBAQWkdw4TzsajN+VyWYo6m2vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE1FRUJCYVIzRGhQT3hxTTM1WEpaaWpxYmE4LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS83ODljYWYtYzhkMi00MTllLWFlMDQt
NjkxNDIyMzExNzI5LzEvMS1qVkF1d2wyM08wTk9zMS1iSzZ5ZU5zY0tscy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDEvNzg5Y2FmLWM4ZDItNDE5ZS1hZTA0LTY5MTQyMjMxMTcy
OS8xLzhNRUVCQmFSM0RoUE94cU0zNVhKWmlqcWJhOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAF8m/zAN
BgkqhkiG9w0BAQsFAAOCAQEAL1mERCK6RxDYe24+D8efvLHHgIEKiudSNqtrbNYd
E4QYTdtRGXY206fT+wVfQsJFQPZliHGr6XKqxfuDSRx2S2Mw3IfvGeZg23USd3Eu
hcpcQq+tNlAVke0hbTZv9k+USXfaTFL4GHVr73jzB98Zgx+Dcl3RdPM8ZXfkBvZ4
TV7VHhiVjYFo8tPqrx1domXeSxGcLL9b9vZIrLTXLk+WwtWOUOkIxICXbLe1h+Sa
KHye+s+RmwzL36iEUA4XSQQ/CFaLI0Z9rWoGayBrLehDW/o6uNcWqWIk71GxRz02
lxwr6aF5G1CoNK4DAJoqgrW8F7gQXTRjMU8DVf0AZBXX6A==
-----END CERTIFICATE-----