Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/6766fa-4dc7-47b2-a64f-ef34dd4de572/1/2mKN6eYxCZSzg1HkhTBmFH-Muzs.roa
File:                     2mKN6eYxCZSzg1HkhTBmFH-Muzs.roa (raw, json)
Hash identifier:          vCnqByRm0RvU7dzU3TpA6IT8qwABaBJlH4t+NDPI9V0=
Subject key identifier:   DA:62:8D:E9:E6:31:09:94:B3:83:51:E4:85:30:66:14:7F:8C:BB:3B
Certificate issuer:       /CN=597455ebcb03bff2a2d975ad4081f9419bacaf35
Certificate serial:       019685BFEEEE28E7029A8B775EBB07233C34
Authority key identifier: 59:74:55:EB:CB:03:BF:F2:A2:D9:75:AD:40:81:F9:41:9B:AC:AF:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WXRV68sDv_Ki2XWtQIH5QZusrzU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/6766fa-4dc7-47b2-a64f-ef34dd4de572/1/2mKN6eYxCZSzg1HkhTBmFH-Muzs.roa
Signing time:             Wed 30 Apr 2025 08:11:10 +0000
ROA not before:           Wed 30 Apr 2025 08:11:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13030
IP address blocks:        195.95.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/6766fa-4dc7-47b2-a64f-ef34dd4de572/1/WXRV68sDv_Ki2XWtQIH5QZusrzU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/6766fa-4dc7-47b2-a64f-ef34dd4de572/1/WXRV68sDv_Ki2XWtQIH5QZusrzU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WXRV68sDv_Ki2XWtQIH5QZusrzU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 14:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:85:bf:ee:ee:28:e7:02:9a:8b:77:5e:bb:07:23:3c:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=597455ebcb03bff2a2d975ad4081f9419bacaf35
        Validity
            Not Before: Apr 30 08:11:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da628de9e6310994b38351e4853066147f8cbb3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:8a:ad:31:c0:2d:82:cf:14:a1:ba:16:e4:b6:
                    08:4b:cc:8d:16:9d:ed:af:a0:ac:2c:6c:5b:9d:50:
                    39:10:48:2a:ab:7b:96:cb:6e:d5:df:7f:4d:d9:80:
                    cd:67:4b:aa:76:28:f7:f5:37:7e:4d:fa:7d:9c:f2:
                    3c:14:a8:94:e1:dc:80:43:6b:83:64:0d:9b:88:15:
                    52:17:5c:ab:2e:51:f0:31:31:50:34:11:e7:fe:1c:
                    4c:da:d6:f1:94:5d:df:2f:12:29:82:3a:d8:33:74:
                    da:cd:53:ee:2f:fc:69:df:c6:8b:d6:e9:56:45:e2:
                    6c:46:b1:e0:7b:05:fe:8c:67:58:65:5a:d3:c3:a7:
                    f5:f4:1b:52:b0:fe:de:79:82:69:6b:58:5f:bb:10:
                    7d:d2:84:da:c0:38:66:13:16:7f:41:21:17:1c:b6:
                    03:be:6c:ca:2f:f6:53:f4:ca:09:a1:c3:6f:5e:de:
                    b9:fe:21:29:c9:1f:16:96:57:1c:c6:30:61:12:70:
                    86:d4:7a:72:1c:83:96:17:d9:d2:7d:09:77:09:c8:
                    09:5d:91:2e:4c:93:80:f6:83:76:d3:9c:5f:7d:89:
                    06:d4:1e:12:82:9b:8d:e0:1f:31:b0:f1:3e:c5:4a:
                    54:b6:cb:71:c6:65:0a:fa:c5:29:19:e5:7e:d3:33:
                    b1:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:62:8D:E9:E6:31:09:94:B3:83:51:E4:85:30:66:14:7F:8C:BB:3B
            X509v3 Authority Key Identifier:
                keyid:59:74:55:EB:CB:03:BF:F2:A2:D9:75:AD:40:81:F9:41:9B:AC:AF:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WXRV68sDv_Ki2XWtQIH5QZusrzU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6766fa-4dc7-47b2-a64f-ef34dd4de572/1/2mKN6eYxCZSzg1HkhTBmFH-Muzs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6766fa-4dc7-47b2-a64f-ef34dd4de572/1/WXRV68sDv_Ki2XWtQIH5QZusrzU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:cd:5d:ec:f1:40:be:e5:67:a0:b5:c7:dc:85:e2:32:dc:a7:
         c6:59:78:66:dc:28:7c:ca:0c:49:70:3f:73:e5:e1:47:66:3e:
         42:96:f6:5c:4b:44:65:b0:b3:11:37:93:18:d4:e2:2d:34:c6:
         b8:93:d9:9f:62:c2:ae:8e:4a:6a:15:1f:cc:e3:d7:4f:38:07:
         fb:e9:cd:42:b9:45:f6:33:14:89:ca:ba:fc:e0:d5:96:8f:79:
         0e:21:67:85:6c:48:ef:a3:aa:e8:f6:0d:78:8e:af:74:fd:a7:
         db:7c:b9:21:3f:18:77:61:4b:97:c5:3a:67:26:53:93:c9:34:
         4d:ee:64:eb:38:f6:c1:4e:bc:c0:c2:cd:ff:b6:bf:63:67:3f:
         09:8a:9b:0e:9e:57:85:e7:c3:34:6b:6c:23:be:24:b8:f9:4e:
         2b:b4:fb:99:d3:36:26:d9:e0:82:fc:0b:98:40:ba:88:3f:6c:
         bf:1f:16:50:9b:ec:16:a2:3e:ab:cf:fd:0d:e9:64:1d:cc:e2:
         f1:95:f1:78:ed:e1:1c:4b:ce:7d:eb:be:e0:ea:a9:6e:dc:a1:
         cb:0d:9b:91:9f:d0:06:94:4c:59:d1:78:80:91:df:84:c8:27:
         7c:c8:0e:0e:98:ee:3b:8f:bd:5e:92:4c:f9:f9:41:95:ce:72:
         46:2d:2e:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaFv+7uKOcCmot3XrsHIzw0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NzQ1NWViY2IwM2JmZjJhMmQ5NzVhZDQwODFmOTQxOWJh
Y2FmMzUwHhcNMjUwNDMwMDgxMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTYyOGRlOWU2MzEwOTk0YjM4MzUxZTQ4NTMwNjYxNDdmOGNiYjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIqtMcAtgs8UoboW5LYIS8yNFp3t
r6CsLGxbnVA5EEgqq3uWy27V339N2YDNZ0uqdij39Td+Tfp9nPI8FKiU4dyAQ2uD
ZA2biBVSF1yrLlHwMTFQNBHn/hxM2tbxlF3fLxIpgjrYM3TazVPuL/xp38aL1ulW
ReJsRrHgewX+jGdYZVrTw6f19BtSsP7eeYJpa1hfuxB90oTawDhmExZ/QSEXHLYD
vmzKL/ZT9MoJocNvXt65/iEpyR8WllccxjBhEnCG1HpyHIOWF9nSfQl3CcgJXZEu
TJOA9oN205xffYkG1B4SgpuN4B8xsPE+xUpUtstxxmUK+sUpGeV+0zOxkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNpijenmMQmUs4NR5IUwZhR/jLs7MB8GA1UdIwQY
MBaAFFl0VevLA7/yotl1rUCB+UGbrK81MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1hSVjY4c0R2X0tpMlhXdFFJSDVRWnVzcnpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS82NzY2ZmEtNGRjNy00N2IyLWE2NGYt
ZWYzNGRkNGRlNTcyLzEvMm1LTjZlWXhDWlN6ZzFIa2hUQm1GSC1NdXpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS82NzY2ZmEtNGRjNy00N2IyLWE2NGYtZWYzNGRkNGRlNTcy
LzEvV1hSVjY4c0R2X0tpMlhXdFFJSDVRWnVzcnpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1/5MA0G
CSqGSIb3DQEBCwUAA4IBAQAczV3s8UC+5WegtcfcheIy3KfGWXhm3Ch8ygxJcD9z
5eFHZj5ClvZcS0RlsLMRN5MY1OItNMa4k9mfYsKujkpqFR/M49dPOAf76c1CuUX2
MxSJyrr84NWWj3kOIWeFbEjvo6ro9g14jq90/afbfLkhPxh3YUuXxTpnJlOTyTRN
7mTrOPbBTrzAws3/tr9jZz8JipsOnleF58M0a2wjviS4+U4rtPuZ0zYm2eCC/AuY
QLqIP2y/HxZQm+wWoj6rz/0N6WQdzOLxlfF47eEcS859677g6qlu3KHLDZuRn9AG
lExZ0XiAkd+EyCd8yA4OmO47j71ekkz5+UGVznJGLS5o
-----END CERTIFICATE-----