Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/vy2Tim2DO-ewqTW5JiC-wljnBqc.roa
File:                     vy2Tim2DO-ewqTW5JiC-wljnBqc.roa (raw, json)
Hash identifier:          kUL4TPorWNhT03Pu7RvQiDQUgMW7VI5SJDKSj38x+BY=
Subject key identifier:   BF:2D:93:8A:6D:83:3B:E7:B0:A9:35:B9:26:20:BE:C2:58:E7:06:A7
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       019759497E33BC6B66AB91CF13FDD22CA5BC
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/vy2Tim2DO-ewqTW5JiC-wljnBqc.roa
Signing time:             Tue 10 Jun 2025 10:01:18 +0000
ROA not before:           Tue 10 Jun 2025 10:01:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53356
IP address blocks:        95.173.34.0/23 maxlen: 23
                          95.173.36.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:59:49:7e:33:bc:6b:66:ab:91:cf:13:fd:d2:2c:a5:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Jun 10 10:01:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf2d938a6d833be7b0a935b92620bec258e706a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:e3:0f:b9:81:51:07:46:d5:9a:ba:19:8c:f9:
                    5a:f3:15:b8:dd:f1:35:48:ac:09:16:a5:d4:01:3a:
                    88:9c:14:bf:0d:38:92:90:89:0e:83:9e:dc:a1:87:
                    77:dd:70:73:33:0d:3e:14:d0:2c:84:36:73:ec:f3:
                    24:da:da:32:d3:b8:22:4e:55:a5:48:04:16:f5:14:
                    2a:40:7a:f4:28:3c:82:f4:93:5c:23:05:bc:e0:a0:
                    d0:66:cf:9e:a2:8c:06:7b:60:d6:b1:fe:c5:18:1e:
                    96:b4:b2:a0:c4:d9:54:64:b0:42:49:9c:4f:20:55:
                    67:0d:49:98:ea:3a:a4:8e:99:a7:0b:6f:f4:57:40:
                    80:fa:45:cf:d4:87:37:76:de:a2:84:4a:b4:fb:c4:
                    47:92:bf:9e:58:6c:ed:de:d2:5a:f6:65:3f:33:90:
                    3d:5e:09:94:e3:ef:3a:3b:d3:96:e8:a4:22:11:cb:
                    98:94:3e:c1:4d:41:4e:26:f1:32:8d:14:04:09:c9:
                    00:ae:ca:06:59:77:7d:2d:f5:1f:db:82:9b:4d:a9:
                    8d:9b:6f:c4:08:6e:9d:3a:ce:e6:0f:a6:b0:8d:49:
                    0e:47:d8:44:12:d3:7c:08:b2:a3:9e:8e:cc:9d:25:
                    3d:76:a1:f6:cb:8a:d6:af:3a:50:0a:2b:01:e3:5e:
                    cb:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:2D:93:8A:6D:83:3B:E7:B0:A9:35:B9:26:20:BE:C2:58:E7:06:A7
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/vy2Tim2DO-ewqTW5JiC-wljnBqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.173.34.0-95.173.39.255

    Signature Algorithm: sha256WithRSAEncryption
         00:6e:92:cf:00:91:a1:92:94:74:bd:12:9a:a9:cc:9a:c0:19:
         1e:e4:79:84:93:1d:8f:9a:5b:30:6c:f8:50:01:ed:a2:6d:d4:
         19:85:43:88:a1:e8:fb:1f:2f:27:22:61:e5:ad:55:0b:b7:4c:
         d9:92:96:34:07:fa:58:a8:ef:9b:7e:4d:ef:83:9e:06:13:a3:
         8d:90:30:ca:3d:10:35:b3:94:71:bc:b6:f9:15:a7:23:69:2b:
         b4:d1:ae:87:1a:b3:f1:4e:a1:3b:34:68:54:7a:85:41:ff:de:
         82:36:b9:6d:6d:68:4d:ab:fd:8d:4f:38:77:68:92:1d:62:b4:
         3f:24:8e:26:ce:cc:d5:62:af:c9:dc:08:eb:c4:73:47:58:b5:
         1b:9b:1a:79:fd:88:63:71:2c:94:04:b6:5c:6b:31:57:22:ef:
         83:d2:05:e6:01:b0:26:16:72:33:bc:69:f2:02:42:ee:9d:33:
         3d:ce:42:2f:8a:fb:af:cc:c4:aa:73:53:bd:b7:99:3b:97:75:
         b8:00:72:49:26:85:d7:ff:2a:08:5c:56:6a:ba:88:99:d3:f7:
         db:03:a7:20:62:01:64:da:2a:16:1b:2b:f0:cf:2a:7d:a1:94:
         4f:fe:1e:29:3e:1a:a6:40:fe:19:7c:da:2c:21:69:2d:3d:4a:
         0f:59:c0:47
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZdZSX4zvGtmq5HPE/3SLKW8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjUwNjEwMTAwMTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjJkOTM4YTZkODMzYmU3YjBhOTM1YjkyNjIwYmVjMjU4ZTcwNmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+MPuYFRB0bVmroZjPla8xW43fE1
SKwJFqXUATqInBS/DTiSkIkOg57coYd33XBzMw0+FNAshDZz7PMk2toy07giTlWl
SAQW9RQqQHr0KDyC9JNcIwW84KDQZs+eoowGe2DWsf7FGB6WtLKgxNlUZLBCSZxP
IFVnDUmY6jqkjpmnC2/0V0CA+kXP1Ic3dt6ihEq0+8RHkr+eWGzt3tJa9mU/M5A9
XgmU4+86O9OW6KQiEcuYlD7BTUFOJvEyjRQECckArsoGWXd9LfUf24KbTamNm2/E
CG6dOs7mD6awjUkOR9hEEtN8CLKjno7MnSU9dqH2y4rWrzpQCisB417LZwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFL8tk4ptgzvnsKk1uSYgvsJY5wanMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvdnkyVGltMkRPLWV3cVRXNUppQy13bGpuQnFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAFfrSID
BANfrSAwDQYJKoZIhvcNAQELBQADggEBAABuks8AkaGSlHS9EpqpzJrAGR7keYST
HY+aWzBs+FAB7aJt1BmFQ4ih6PsfLyciYeWtVQu3TNmSljQH+lio75t+Te+DngYT
o42QMMo9EDWzlHG8tvkVpyNpK7TRrocas/FOoTs0aFR6hUH/3oI2uW1taE2r/Y1P
OHdokh1itD8kjibOzNVir8ncCOvEc0dYtRubGnn9iGNxLJQEtlxrMVci74PSBeYB
sCYWcjO8afICQu6dMz3OQi+K+6/MxKpzU723mTuXdbgAckkmhdf/KghcVmq6iJnT
99sDpyBiAWTaKhYbK/DPKn2hlE/+Hik+GqZA/hl82iwhaS09Sg9ZwEc=
-----END CERTIFICATE-----