Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/kN-GBCc12Ggp4V30uGC2WdsZGBg.roa
File:                     kN-GBCc12Ggp4V30uGC2WdsZGBg.roa (raw, json)
Hash identifier:          jMACQRtQaq5bgDi3odEVzwvhAu6LZ6fYSZGcu6sjPTQ=
Subject key identifier:   90:DF:86:04:27:35:D8:68:29:E1:5D:F4:B8:60:B6:59:DB:19:18:18
Certificate issuer:       /CN=9374b853dfd9973f2cd994b2e3b75461d9a3fc44
Certificate serial:       01975DA2C5CB5414A4DF9E5C911C02ECFFAC
Authority key identifier: 93:74:B8:53:DF:D9:97:3F:2C:D9:94:B2:E3:B7:54:61:D9:A3:FC:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/kN-GBCc12Ggp4V30uGC2WdsZGBg.roa
Signing time:             Wed 11 Jun 2025 06:17:17 +0000
ROA not before:           Wed 11 Jun 2025 06:17:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208485
IP address blocks:        95.128.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5d:a2:c5:cb:54:14:a4:df:9e:5c:91:1c:02:ec:ff:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9374b853dfd9973f2cd994b2e3b75461d9a3fc44
        Validity
            Not Before: Jun 11 06:17:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90df86042735d86829e15df4b860b659db191818
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:88:f2:3d:06:86:b1:ed:62:e3:18:aa:14:86:
                    78:a1:88:3c:24:66:d4:d7:46:2e:ec:a2:2b:f8:cb:
                    82:23:27:86:33:95:31:84:ed:56:59:65:00:51:00:
                    21:9d:19:9d:fd:4c:87:34:6f:ef:ec:21:ee:34:f4:
                    40:28:bd:fa:eb:a3:3a:c0:96:e9:40:8c:a9:ab:6b:
                    62:d4:1e:cf:33:26:aa:ff:10:34:b3:15:22:e2:37:
                    57:bd:e0:a4:6f:e9:af:14:42:8e:20:b2:0a:db:b5:
                    95:61:a6:9f:59:d6:90:a6:06:ab:b7:ff:73:f5:6d:
                    b1:40:27:b7:c1:d5:fb:bd:bf:d0:eb:c1:fe:4c:c2:
                    16:a3:50:03:7d:83:4f:7d:c9:5d:9f:7c:e0:d8:76:
                    f3:4c:6d:d4:bf:29:20:a7:23:3c:3d:78:0f:5f:77:
                    d5:f6:d0:f0:73:de:c6:3f:3b:90:18:21:12:dc:4c:
                    e7:dc:23:d3:a3:e2:6c:e1:7a:aa:2d:1e:fc:b1:20:
                    a2:72:e5:86:da:93:f8:af:ff:0c:de:84:4d:3c:1a:
                    2a:16:63:5e:97:6a:b6:fb:86:7f:dd:5c:81:6d:db:
                    ce:c0:c5:4b:28:0c:d6:f9:68:d8:a3:c8:39:8c:c7:
                    c6:81:31:28:bd:2e:5b:5c:79:f3:02:56:31:84:87:
                    e2:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:DF:86:04:27:35:D8:68:29:E1:5D:F4:B8:60:B6:59:DB:19:18:18
            X509v3 Authority Key Identifier:
                keyid:93:74:B8:53:DF:D9:97:3F:2C:D9:94:B2:E3:B7:54:61:D9:A3:FC:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/kN-GBCc12Ggp4V30uGC2WdsZGBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:19:83:9c:50:f3:41:bf:e4:e5:7a:ba:98:86:9a:6c:ba:f2:
         86:2c:23:07:89:98:5c:76:c4:3a:49:71:d8:6e:91:5d:22:99:
         65:df:62:6a:27:c5:08:33:74:4e:57:92:79:19:df:86:a2:6e:
         7c:ba:a2:b3:34:b5:12:10:b7:be:99:28:7d:d2:db:de:b4:70:
         5c:60:a2:5c:43:50:0d:43:ad:08:81:4e:12:10:17:5f:b4:1e:
         39:51:6f:be:4e:1d:1a:7a:0b:2d:65:60:31:67:85:e0:37:e1:
         51:85:66:51:cf:ad:16:b3:ae:d3:41:74:22:45:f2:28:e5:88:
         10:d1:b4:57:ce:8f:0f:2c:8e:32:b8:fe:67:1f:b5:07:e5:5b:
         21:e9:65:35:57:fc:06:0d:3a:4d:99:ee:82:ad:68:fb:2b:dc:
         33:fc:f4:23:fe:1f:09:de:7f:5f:d6:33:fb:17:ec:12:92:6a:
         99:b5:69:96:b1:b7:3f:82:4e:9c:5a:c5:d7:c3:4b:b6:1b:a2:
         d4:1f:b7:59:ca:dd:b6:75:75:6a:c0:29:09:6f:68:e8:df:c5:
         a7:68:88:4c:1f:9e:3b:ec:64:c9:01:33:98:a0:90:fc:03:91:
         4f:b3:f6:4d:d1:ab:ca:ac:37:6a:9a:0b:e0:2f:7f:f5:fc:00:
         bd:4e:51:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZddosXLVBSk355ckRwC7P+sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNzRiODUzZGZkOTk3M2YyY2Q5OTRiMmUzYjc1NDYxZDlh
M2ZjNDQwHhcNMjUwNjExMDYxNzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGRmODYwNDI3MzVkODY4MjllMTVkZjRiODYwYjY1OWRiMTkxODE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4jyPQaGse1i4xiqFIZ4oYg8JGbU
10Yu7KIr+MuCIyeGM5UxhO1WWWUAUQAhnRmd/UyHNG/v7CHuNPRAKL3666M6wJbp
QIypq2ti1B7PMyaq/xA0sxUi4jdXveCkb+mvFEKOILIK27WVYaafWdaQpgart/9z
9W2xQCe3wdX7vb/Q68H+TMIWo1ADfYNPfcldn3zg2HbzTG3UvykgpyM8PXgPX3fV
9tDwc97GPzuQGCES3Ezn3CPTo+Js4XqqLR78sSCicuWG2pP4r/8M3oRNPBoqFmNe
l2q2+4Z/3VyBbdvOwMVLKAzW+WjYo8g5jMfGgTEovS5bXHnzAlYxhIfioQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJDfhgQnNdhoKeFd9LhgtlnbGRgYMB8GA1UdIwQY
MBaAFJN0uFPf2Zc/LNmUsuO3VGHZo/xEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazNTNFU5X1psejhzMlpTeTQ3ZFVZZG1qX0VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9iYTdiMzMtNWNkOC00MDRmLWJmZmQt
NjViY2M4Y2VmZGQyLzEva04tR0JDYzEyR2dwNFYzMHVHQzJXZHNaR0JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9iYTdiMzMtNWNkOC00MDRmLWJmZmQtNjViY2M4Y2VmZGQy
LzEvazNTNFU5X1psejhzMlpTeTQ3ZFVZZG1qX0VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4DGMA0G
CSqGSIb3DQEBCwUAA4IBAQAmGYOcUPNBv+TlerqYhppsuvKGLCMHiZhcdsQ6SXHY
bpFdIpll32JqJ8UIM3ROV5J5Gd+Gom58uqKzNLUSELe+mSh90tvetHBcYKJcQ1AN
Q60IgU4SEBdftB45UW++Th0aegstZWAxZ4XgN+FRhWZRz60Ws67TQXQiRfIo5YgQ
0bRXzo8PLI4yuP5nH7UH5Vsh6WU1V/wGDTpNme6CrWj7K9wz/PQj/h8J3n9f1jP7
F+wSkmqZtWmWsbc/gk6cWsXXw0u2G6LUH7dZyt22dXVqwCkJb2jo38WnaIhMH547
7GTJATOYoJD8A5FPs/ZN0avKrDdqmgvgL3/1/AC9TlFw
-----END CERTIFICATE-----