Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/80c387-b20b-430a-a5e6-6e3074c6c663/1/QVRWqhYUwIkNvJnwNn5ilovQsG0.roa
File:                     QVRWqhYUwIkNvJnwNn5ilovQsG0.roa (raw, json)
Hash identifier:          ECIpmtTYGjYR3kRGmh6WnnV42XGn8NJAMdwXjOT27zA=
Subject key identifier:   41:54:56:AA:16:14:C0:89:0D:BC:99:F0:36:7E:62:96:8B:D0:B0:6D
Certificate issuer:       /CN=4722aea0ef4c0667db819f5d5a3daea6399f038c
Certificate serial:       0196A47379E3623FCA6D98E56804A0580CD9
Authority key identifier: 47:22:AE:A0:EF:4C:06:67:DB:81:9F:5D:5A:3D:AE:A6:39:9F:03:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RyKuoO9MBmfbgZ9dWj2upjmfA4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/80c387-b20b-430a-a5e6-6e3074c6c663/1/QVRWqhYUwIkNvJnwNn5ilovQsG0.roa
Signing time:             Tue 06 May 2025 07:15:53 +0000
ROA not before:           Tue 06 May 2025 07:15:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41075
IP address blocks:        95.140.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/80c387-b20b-430a-a5e6-6e3074c6c663/1/RyKuoO9MBmfbgZ9dWj2upjmfA4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/80c387-b20b-430a-a5e6-6e3074c6c663/1/RyKuoO9MBmfbgZ9dWj2upjmfA4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RyKuoO9MBmfbgZ9dWj2upjmfA4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a4:73:79:e3:62:3f:ca:6d:98:e5:68:04:a0:58:0c:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4722aea0ef4c0667db819f5d5a3daea6399f038c
        Validity
            Not Before: May  6 07:15:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=415456aa1614c0890dbc99f0367e62968bd0b06d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:61:cb:c0:ff:c1:98:dd:bf:9c:9b:c1:55:de:
                    35:cf:89:a3:5e:fa:36:6e:a8:d7:10:57:dd:ae:93:
                    c2:e1:02:a6:b7:c1:d8:a4:ae:82:ec:21:5c:6a:aa:
                    39:a6:77:2f:f7:14:c5:50:79:ab:d2:31:a5:c6:30:
                    7f:8e:3b:16:bb:a5:a8:1f:e6:c7:92:86:da:72:1c:
                    ac:de:78:73:72:3b:f0:3c:d6:bc:4e:82:3e:ee:e5:
                    96:0a:e6:e7:fc:8e:94:98:dc:db:1c:2f:00:59:d1:
                    7c:24:0d:4e:60:d7:4c:47:3b:ad:f3:de:a5:15:69:
                    c4:6e:ab:20:2f:6c:1e:6f:84:e7:3d:43:f9:74:fd:
                    d7:99:c8:de:a7:06:e5:a7:ea:36:ef:bf:d7:0d:e7:
                    b9:d1:92:0f:51:68:83:ca:6c:31:a7:64:b2:d3:aa:
                    8e:3f:80:2b:f1:68:7b:58:13:02:be:56:89:5f:90:
                    10:36:19:11:36:8b:2d:1d:dc:a9:e5:b5:06:5a:7a:
                    27:36:ab:0a:12:f9:70:f7:25:d2:b3:5d:84:50:8b:
                    d4:d8:3a:46:d4:bf:40:49:21:c9:9f:5d:d3:84:ca:
                    81:68:af:4e:08:e9:ca:df:a7:a0:1f:92:e7:43:92:
                    81:31:a3:85:bb:0c:52:20:15:dd:93:ea:6b:d2:a7:
                    f2:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:54:56:AA:16:14:C0:89:0D:BC:99:F0:36:7E:62:96:8B:D0:B0:6D
            X509v3 Authority Key Identifier:
                keyid:47:22:AE:A0:EF:4C:06:67:DB:81:9F:5D:5A:3D:AE:A6:39:9F:03:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RyKuoO9MBmfbgZ9dWj2upjmfA4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/80c387-b20b-430a-a5e6-6e3074c6c663/1/QVRWqhYUwIkNvJnwNn5ilovQsG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/80c387-b20b-430a-a5e6-6e3074c6c663/1/RyKuoO9MBmfbgZ9dWj2upjmfA4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.140.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:5e:8a:cf:f2:d7:a5:ec:38:63:51:5c:0c:eb:b0:2c:40:e5:
         cd:3c:5c:21:94:85:41:f2:cf:7a:17:4b:e3:0c:e6:19:56:10:
         55:fd:ed:45:d2:9f:f2:4d:7c:e8:52:ca:5b:1c:b2:bf:4d:37:
         e4:b8:f5:5b:05:c9:e5:e1:cb:39:03:b1:ff:5f:19:8b:dc:52:
         0c:aa:66:6a:b4:71:fb:0d:b3:f6:ec:99:37:87:c3:ac:76:df:
         79:7c:0e:40:1d:32:50:31:d1:22:a2:ef:48:5e:44:8f:a7:b7:
         c7:5a:5d:84:1a:d1:a2:69:3f:89:1d:33:0c:fe:25:fe:1e:c1:
         e9:21:3b:2d:69:aa:da:ee:05:d4:db:ac:e9:47:3c:22:5b:03:
         2a:a9:e7:c9:8f:62:ce:95:25:fc:13:c2:9f:38:fe:50:4f:9f:
         28:87:00:6f:43:5a:66:f2:1f:d0:40:f4:54:23:82:5b:79:8e:
         e6:e8:85:59:d4:76:ea:b6:bd:ff:e5:ba:74:f7:0a:c7:24:77:
         ae:e4:58:0a:08:c6:cd:bf:d7:02:70:f3:a8:e0:a0:70:5c:60:
         b5:fa:65:f8:bf:49:6e:c3:e1:64:6c:35:d5:08:1e:65:fc:2c:
         48:e8:f0:76:fd:a6:b4:39:0a:66:83:29:74:ac:16:bc:99:c7:
         27:72:f6:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZakc3njYj/KbZjlaASgWAzZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MjJhZWEwZWY0YzA2NjdkYjgxOWY1ZDVhM2RhZWE2Mzk5
ZjAzOGMwHhcNMjUwNTA2MDcxNTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTU0NTZhYTE2MTRjMDg5MGRiYzk5ZjAzNjdlNjI5NjhiZDBiMDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGHLwP/BmN2/nJvBVd41z4mjXvo2
bqjXEFfdrpPC4QKmt8HYpK6C7CFcaqo5pncv9xTFUHmr0jGlxjB/jjsWu6WoH+bH
kobachys3nhzcjvwPNa8ToI+7uWWCubn/I6UmNzbHC8AWdF8JA1OYNdMRzut896l
FWnEbqsgL2web4TnPUP5dP3Xmcjepwblp+o277/XDee50ZIPUWiDymwxp2Sy06qO
P4Ar8Wh7WBMCvlaJX5AQNhkRNostHdyp5bUGWnonNqsKEvlw9yXSs12EUIvU2DpG
1L9ASSHJn13ThMqBaK9OCOnK36egH5LnQ5KBMaOFuwxSIBXdk+pr0qfyEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEFUVqoWFMCJDbyZ8DZ+YpaL0LBtMB8GA1UdIwQY
MBaAFEcirqDvTAZn24GfXVo9rqY5nwOMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnlLdW9POU1CbWZiZ1o5ZFdqMnVwam1mQTR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi84MGMzODctYjIwYi00MzBhLWE1ZTYt
NmUzMDc0YzZjNjYzLzEvUVZSV3FoWVV3SWtOdkpud05uNWlsb3ZRc0cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi84MGMzODctYjIwYi00MzBhLWE1ZTYtNmUzMDc0YzZjNjYz
LzEvUnlLdW9POU1CbWZiZ1o5ZFdqMnVwam1mQTR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4whMA0G
CSqGSIb3DQEBCwUAA4IBAQCDXorP8tel7DhjUVwM67AsQOXNPFwhlIVB8s96F0vj
DOYZVhBV/e1F0p/yTXzoUspbHLK/TTfkuPVbBcnl4cs5A7H/XxmL3FIMqmZqtHH7
DbP27Jk3h8Osdt95fA5AHTJQMdEiou9IXkSPp7fHWl2EGtGiaT+JHTMM/iX+HsHp
ITstaara7gXU26zpRzwiWwMqqefJj2LOlSX8E8KfOP5QT58ohwBvQ1pm8h/QQPRU
I4JbeY7m6IVZ1Hbqtr3/5bp09wrHJHeu5FgKCMbNv9cCcPOo4KBwXGC1+mX4v0lu
w+FkbDXVCB5l/CxI6PB2/aa0OQpmgyl0rBa8mccncvZ5
-----END CERTIFICATE-----