Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/KeGOh-2gcusv29keikRHiEVKS4s.roa
File:                     KeGOh-2gcusv29keikRHiEVKS4s.roa (raw, json)
Hash identifier:          QrPYIqt13xYHx5UZtiEmzISVzXSCi7pxjFZqjccXxgI=
Subject key identifier:   29:E1:8E:87:ED:A0:72:EB:2F:DB:D9:1E:8A:44:47:88:45:4A:4B:8B
Certificate issuer:       /CN=f0c104041691dc384f3b1a8cdf95c96628ea6daf
Certificate serial:       019652F01ED39C054899529B65F9A0A5963A
Authority key identifier: F0:C1:04:04:16:91:DC:38:4F:3B:1A:8C:DF:95:C9:66:28:EA:6D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/KeGOh-2gcusv29keikRHiEVKS4s.roa
Signing time:             Sun 20 Apr 2025 11:23:10 +0000
ROA not before:           Sun 20 Apr 2025 11:23:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62442
IP address blocks:        95.38.45.0/24 maxlen: 24
                          95.38.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/8MEEBBaR3DhPOxqM35XJZijqba8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/8MEEBBaR3DhPOxqM35XJZijqba8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:52:f0:1e:d3:9c:05:48:99:52:9b:65:f9:a0:a5:96:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0c104041691dc384f3b1a8cdf95c96628ea6daf
        Validity
            Not Before: Apr 20 11:23:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29e18e87eda072eb2fdbd91e8a444788454a4b8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:27:6c:fb:5f:95:4e:ae:4a:21:b3:03:19:9d:
                    55:9d:20:81:b4:40:26:40:f7:91:91:a9:7d:d4:db:
                    d2:07:e7:1f:cc:52:b4:52:30:ee:ac:c7:36:ee:3e:
                    3c:0e:68:d8:33:da:5e:bf:aa:d6:a7:70:20:34:c5:
                    e8:9f:79:68:d6:27:59:8c:d7:4f:05:4a:38:18:c8:
                    f6:77:ad:f8:bb:7d:1a:ee:b9:74:ec:17:0b:3c:06:
                    2f:96:5b:3e:d7:c5:69:e2:a3:75:a4:ad:01:0b:31:
                    f2:62:79:02:55:56:d6:30:41:3f:d6:b1:3e:a0:1d:
                    1f:a1:29:82:22:1a:a6:18:9d:0c:56:01:c9:ab:b1:
                    22:46:eb:c1:bd:5c:f3:61:94:27:41:29:fe:9c:ab:
                    a8:1f:95:33:9f:83:2a:eb:12:d6:cd:74:02:19:38:
                    47:2d:88:ae:50:d9:51:18:9f:bf:b0:3c:98:d6:eb:
                    5a:f0:15:a2:ec:24:e3:0f:cb:07:2f:81:de:b2:4e:
                    21:3c:b1:ef:79:6a:62:f7:82:ac:7c:76:14:1a:8c:
                    55:52:f6:61:3a:9a:42:5a:35:d7:59:d7:b8:3d:02:
                    f1:41:96:6c:40:ed:4a:3e:3a:df:19:5e:a9:06:02:
                    d7:c9:5d:67:e4:6f:1f:68:30:cb:7b:38:d3:b6:e3:
                    21:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:E1:8E:87:ED:A0:72:EB:2F:DB:D9:1E:8A:44:47:88:45:4A:4B:8B
            X509v3 Authority Key Identifier:
                keyid:F0:C1:04:04:16:91:DC:38:4F:3B:1A:8C:DF:95:C9:66:28:EA:6D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/KeGOh-2gcusv29keikRHiEVKS4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/8MEEBBaR3DhPOxqM35XJZijqba8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.38.45.0/24
                  95.38.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:97:68:07:67:95:62:21:be:80:a0:2c:b5:dc:fc:6a:cd:03:
         81:b9:eb:4e:fd:1b:14:ea:ce:fa:6f:35:67:5a:7d:3e:f0:a7:
         d2:79:33:75:e4:0a:4a:d2:17:2e:29:29:c5:a6:dc:fb:2f:b9:
         f6:f4:d9:2f:2f:7c:fd:3b:6d:63:76:0e:34:2d:c7:1f:b0:6c:
         54:02:56:45:ba:54:8d:c2:6a:52:89:c1:ee:e0:9f:89:83:ae:
         34:c3:32:59:99:d5:21:56:e9:49:27:39:29:a4:72:06:13:6d:
         ac:47:a1:de:1f:e7:3e:9e:70:7c:d5:66:58:f2:96:b6:ce:e5:
         d9:91:93:af:b7:56:9d:f4:97:df:3a:ed:a3:1e:d0:69:f8:6e:
         26:f6:4e:5b:82:0b:a4:d0:c8:29:ca:54:16:08:c9:56:c3:90:
         1d:37:25:2e:bc:44:5c:8c:4b:f3:ef:6f:47:84:ef:30:1d:10:
         2f:a1:84:47:cb:79:d0:eb:ea:99:41:78:54:66:40:c4:14:e3:
         3f:79:ab:c7:cd:f1:d1:fc:68:6a:90:86:78:34:29:17:06:72:
         54:d8:8e:ac:84:92:fa:86:77:02:4e:ab:1f:85:ae:65:c5:b4:
         bc:e9:cb:25:70:f2:b0:78:1a:54:7a:51:39:5a:13:b3:55:fc:
         f5:c0:94:78
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZS8B7TnAVImVKbZfmgpZY6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwYzEwNDA0MTY5MWRjMzg0ZjNiMWE4Y2RmOTVjOTY2Mjhl
YTZkYWYwHhcNMjUwNDIwMTEyMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWUxOGU4N2VkYTA3MmViMmZkYmQ5MWU4YTQ0NDc4ODQ1NGE0YjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCds+1+VTq5KIbMDGZ1VnSCBtEAm
QPeRkal91NvSB+cfzFK0UjDurMc27j48DmjYM9pev6rWp3AgNMXon3lo1idZjNdP
BUo4GMj2d634u30a7rl07BcLPAYvlls+18Vp4qN1pK0BCzHyYnkCVVbWMEE/1rE+
oB0foSmCIhqmGJ0MVgHJq7EiRuvBvVzzYZQnQSn+nKuoH5Uzn4Mq6xLWzXQCGThH
LYiuUNlRGJ+/sDyY1uta8BWi7CTjD8sHL4Hesk4hPLHveWpi94KsfHYUGoxVUvZh
OppCWjXXWde4PQLxQZZsQO1KPjrfGV6pBgLXyV1n5G8faDDLezjTtuMhCwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCnhjoftoHLrL9vZHopER4hFSkuLMB8GA1UdIwQY
MBaAFPDBBAQWkdw4TzsajN+VyWYo6m2vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE1FRUJCYVIzRGhQT3hxTTM1WEpaaWpxYmE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS83ODljYWYtYzhkMi00MTllLWFlMDQt
NjkxNDIyMzExNzI5LzEvS2VHT2gtMmdjdXN2MjlrZWlrUkhpRVZLUzRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS83ODljYWYtYzhkMi00MTllLWFlMDQtNjkxNDIyMzExNzI5
LzEvOE1FRUJCYVIzRGhQT3hxTTM1WEpaaWpxYmE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXyYtAwQA
XybGMA0GCSqGSIb3DQEBCwUAA4IBAQAGl2gHZ5ViIb6AoCy13PxqzQOBuetO/RsU
6s76bzVnWn0+8KfSeTN15ApK0hcuKSnFptz7L7n29NkvL3z9O21jdg40LccfsGxU
AlZFulSNwmpSicHu4J+Jg640wzJZmdUhVulJJzkppHIGE22sR6HeH+c+nnB81WZY
8pa2zuXZkZOvt1ad9JffOu2jHtBp+G4m9k5bgguk0MgpylQWCMlWw5AdNyUuvERc
jEvz729HhO8wHRAvoYRHy3nQ6+qZQXhUZkDEFOM/eavHzfHR/GhqkIZ4NCkXBnJU
2I6shJL6hncCTqsfha5lxbS86cslcPKweBpUelE5WhOzVfz1wJR4
-----END CERTIFICATE-----