Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/7bff3e-03aa-4e0a-b2fc-4a7ddf2d86bd/1/3pGMf2uelis93d-cWIqOvjIte_8.roa
File:                     3pGMf2uelis93d-cWIqOvjIte_8.roa (raw, json)
Hash identifier:          hCA0m5958CMIXlTPuOx73BRCeRHxrLBc3i7kaHRRzvM=
Subject key identifier:   DE:91:8C:7F:6B:9E:96:2B:3D:DD:DF:9C:58:8A:8E:BE:32:2D:7B:FF
Certificate issuer:       /CN=5e95fdfd28cdc03d89d214e4ad3a6c5fb3ebacbf
Certificate serial:       0197A6EB2FAB85E3C3DB369318D19B31CF92
Authority key identifier: 5E:95:FD:FD:28:CD:C0:3D:89:D2:14:E4:AD:3A:6C:5F:B3:EB:AC:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XpX9_SjNwD2J0hTkrTpsX7PrrL8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/7bff3e-03aa-4e0a-b2fc-4a7ddf2d86bd/1/3pGMf2uelis93d-cWIqOvjIte_8.roa
Signing time:             Wed 25 Jun 2025 11:48:40 +0000
ROA not before:           Wed 25 Jun 2025 11:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1680
IP address blocks:        95.175.60.0/24 maxlen: 24
                          95.175.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/7bff3e-03aa-4e0a-b2fc-4a7ddf2d86bd/1/XpX9_SjNwD2J0hTkrTpsX7PrrL8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/7bff3e-03aa-4e0a-b2fc-4a7ddf2d86bd/1/XpX9_SjNwD2J0hTkrTpsX7PrrL8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XpX9_SjNwD2J0hTkrTpsX7PrrL8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a6:eb:2f:ab:85:e3:c3:db:36:93:18:d1:9b:31:cf:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e95fdfd28cdc03d89d214e4ad3a6c5fb3ebacbf
        Validity
            Not Before: Jun 25 11:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de918c7f6b9e962b3ddddf9c588a8ebe322d7bff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:af:91:51:dd:e8:25:24:fe:af:6d:57:90:5f:
                    fe:a3:b9:31:58:60:dc:71:77:5c:fd:68:77:4c:af:
                    7e:00:30:74:e6:00:3e:04:f4:f0:81:8d:49:13:31:
                    73:a8:fd:8f:6e:5e:d0:55:13:1d:e1:8e:9c:0b:04:
                    12:99:18:d1:ab:43:c7:1d:b5:4e:13:93:27:a1:b4:
                    ef:36:60:a3:6f:4a:ef:30:ea:e8:c2:ea:f5:78:1f:
                    b3:ec:de:2f:34:64:ce:3a:a7:90:fe:ab:aa:6c:28:
                    43:57:ac:ca:bf:06:46:3c:a4:5f:8d:53:36:6a:2c:
                    30:60:87:e5:8f:7c:c5:b6:66:9b:fe:e1:08:25:c1:
                    f6:38:b9:7a:17:b2:88:50:71:9a:4a:f8:cf:b5:7a:
                    e7:15:f2:99:cb:7c:ce:34:7e:14:04:c3:29:3b:80:
                    74:d9:86:7c:b0:d3:61:0f:c7:34:b9:a6:51:62:d7:
                    22:b8:7d:68:fd:0a:fb:80:8b:89:ac:de:dc:f8:ba:
                    bd:89:33:6e:b8:57:1f:19:94:cc:58:08:4e:6a:75:
                    20:9b:d7:5a:15:9a:8c:b6:aa:2d:5c:ff:0f:8d:df:
                    c3:fb:13:c0:ab:c4:22:7e:af:65:d9:38:c1:fa:38:
                    44:64:86:4d:22:41:17:fc:e7:e8:7a:f3:a8:22:33:
                    86:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:91:8C:7F:6B:9E:96:2B:3D:DD:DF:9C:58:8A:8E:BE:32:2D:7B:FF
            X509v3 Authority Key Identifier:
                keyid:5E:95:FD:FD:28:CD:C0:3D:89:D2:14:E4:AD:3A:6C:5F:B3:EB:AC:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XpX9_SjNwD2J0hTkrTpsX7PrrL8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/7bff3e-03aa-4e0a-b2fc-4a7ddf2d86bd/1/3pGMf2uelis93d-cWIqOvjIte_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/7bff3e-03aa-4e0a-b2fc-4a7ddf2d86bd/1/XpX9_SjNwD2J0hTkrTpsX7PrrL8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.175.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:0a:2a:65:3f:f4:ae:0e:cc:46:b4:e5:39:bb:64:b4:f1:a7:
         48:01:d2:dd:3b:58:4e:34:23:48:4e:17:ce:fd:08:3b:93:a7:
         57:e4:60:76:e5:22:1b:20:27:68:18:f3:24:fd:03:03:b0:e1:
         a2:81:90:4c:ce:8d:b1:84:45:8a:f5:0e:26:6b:c0:d7:63:2b:
         40:bf:30:10:d9:6d:e5:50:52:20:58:8c:51:75:88:02:c3:8f:
         32:c3:07:e3:cc:d5:35:b9:03:7e:ea:7a:27:8b:2d:ca:9c:35:
         39:13:14:0f:23:bd:08:71:91:56:2f:38:26:7f:9a:50:b2:e4:
         4f:75:97:96:25:5d:a4:0a:b3:e5:ab:14:d9:da:87:a8:9c:7f:
         07:1b:de:8c:56:f7:10:78:c0:66:25:c1:0f:ac:67:07:61:26:
         11:74:48:fa:c7:5f:f3:e6:04:ee:dc:29:af:17:fb:aa:2f:68:
         2a:b5:86:86:ba:3a:5e:8e:56:c2:da:62:38:3c:da:6e:09:4e:
         8b:dd:7d:d8:56:ac:be:af:55:77:d5:6e:e5:9c:34:b2:a0:5b:
         29:d8:7a:2b:75:b5:48:22:1c:14:70:ed:5a:54:0c:88:b8:01:
         35:db:10:c2:e7:57:ec:c7:68:45:55:21:cf:61:7a:3f:78:33:
         1f:47:f5:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZem6y+rhePD2zaTGNGbMc+SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlOTVmZGZkMjhjZGMwM2Q4OWQyMTRlNGFkM2E2YzVmYjNl
YmFjYmYwHhcNMjUwNjI1MTE0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTkxOGM3ZjZiOWU5NjJiM2RkZGRmOWM1ODhhOGViZTMyMmQ3YmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6+RUd3oJST+r21XkF/+o7kxWGDc
cXdc/Wh3TK9+ADB05gA+BPTwgY1JEzFzqP2Pbl7QVRMd4Y6cCwQSmRjRq0PHHbVO
E5MnobTvNmCjb0rvMOrowur1eB+z7N4vNGTOOqeQ/quqbChDV6zKvwZGPKRfjVM2
aiwwYIflj3zFtmab/uEIJcH2OLl6F7KIUHGaSvjPtXrnFfKZy3zONH4UBMMpO4B0
2YZ8sNNhD8c0uaZRYtciuH1o/Qr7gIuJrN7c+Lq9iTNuuFcfGZTMWAhOanUgm9da
FZqMtqotXP8Pjd/D+xPAq8Qifq9l2TjB+jhEZIZNIkEX/OfoevOoIjOGRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN6RjH9rnpYrPd3fnFiKjr4yLXv/MB8GA1UdIwQY
MBaAFF6V/f0ozcA9idIU5K06bF+z66y/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHBYOV9Tak53RDJKMGhUa3JUcHNYN1Byckw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni83YmZmM2UtMDNhYS00ZTBhLWIyZmMt
NGE3ZGRmMmQ4NmJkLzEvM3BHTWYydWVsaXM5M2QtY1dJcU92akl0ZV84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni83YmZmM2UtMDNhYS00ZTBhLWIyZmMtNGE3ZGRmMmQ4NmJk
LzEvWHBYOV9Tak53RDJKMGhUa3JUcHNYN1Byckw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBX688MA0G
CSqGSIb3DQEBCwUAA4IBAQBhCiplP/SuDsxGtOU5u2S08adIAdLdO1hONCNIThfO
/Qg7k6dX5GB25SIbICdoGPMk/QMDsOGigZBMzo2xhEWK9Q4ma8DXYytAvzAQ2W3l
UFIgWIxRdYgCw48ywwfjzNU1uQN+6noniy3KnDU5ExQPI70IcZFWLzgmf5pQsuRP
dZeWJV2kCrPlqxTZ2oeonH8HG96MVvcQeMBmJcEPrGcHYSYRdEj6x1/z5gTu3Cmv
F/uqL2gqtYaGujpejlbC2mI4PNpuCU6L3X3YVqy+r1V31W7lnDSyoFsp2HordbVI
IhwUcO1aVAyIuAE12xDC51fsx2hFVSHPYXo/eDMfR/Vd
-----END CERTIFICATE-----