Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/O9qRcKSKQLm2iJGsMFXfqCO3fN4.roa
File:                     O9qRcKSKQLm2iJGsMFXfqCO3fN4.roa (raw, json)
Hash identifier:          fd3NQpIdo68XaCEw9j557Klos3jImZAbQBOnMW9vzHQ=
Subject key identifier:   3B:DA:91:70:A4:8A:40:B9:B6:88:91:AC:30:55:DF:A8:23:B7:7C:DE
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       019672D038333D6A2467688DCAD5AE30B3AD
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/O9qRcKSKQLm2iJGsMFXfqCO3fN4.roa
Signing time:             Sat 26 Apr 2025 15:56:10 +0000
ROA not before:           Sat 26 Apr 2025 15:56:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29014
IP address blocks:        188.95.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 17:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:72:d0:38:33:3d:6a:24:67:68:8d:ca:d5:ae:30:b3:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Apr 26 15:56:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3bda9170a48a40b9b68891ac3055dfa823b77cde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:9a:4e:84:e9:f5:e3:e0:ad:dd:ee:bc:0c:05:
                    13:42:42:7e:61:df:3b:7e:9d:00:e1:bb:f4:53:5b:
                    28:fe:47:fb:57:28:46:bf:7a:2e:9a:df:db:6f:ee:
                    09:1e:91:be:bc:49:b3:3b:30:27:f2:7d:0b:69:6c:
                    93:52:07:15:b1:73:29:20:c2:d6:c7:07:f8:3b:cc:
                    46:8c:fc:89:97:30:7d:04:4d:79:90:88:e5:5b:6c:
                    36:10:36:c7:26:25:02:46:28:95:b4:7d:df:a7:32:
                    c6:aa:75:5b:e4:b8:18:5e:20:de:b1:36:c3:d5:14:
                    db:a2:ea:54:2f:5f:39:54:08:a0:96:51:33:f3:51:
                    86:15:8b:15:35:25:62:ef:d3:4e:d7:02:ee:1f:c6:
                    13:d7:75:5e:12:6c:ff:61:07:20:42:55:cb:da:26:
                    b6:5c:e9:70:ba:45:b6:58:27:83:b2:ce:c3:ee:bb:
                    df:55:a6:55:be:c5:76:9d:48:ae:c5:6d:4b:97:93:
                    5b:9f:16:1d:21:16:df:21:b9:f4:0c:50:e2:6f:fa:
                    e3:18:96:de:63:7c:e1:92:e0:76:c2:5d:3c:75:58:
                    5f:7c:5f:0b:3e:bd:61:98:c7:c9:ec:10:fb:43:00:
                    2f:32:4c:9f:d4:59:5b:cf:fc:14:83:a0:5b:ea:c6:
                    7f:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:DA:91:70:A4:8A:40:B9:B6:88:91:AC:30:55:DF:A8:23:B7:7C:DE
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/O9qRcKSKQLm2iJGsMFXfqCO3fN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.95.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:68:a6:66:e1:80:01:b0:37:64:65:d8:b2:49:15:c4:1a:bc:
         33:06:e7:69:62:b1:59:b2:01:7b:1f:86:fd:44:85:75:cc:3c:
         65:ab:f0:6f:0e:fb:3e:3e:5c:0b:b7:fa:3f:d0:90:94:d0:c5:
         3a:bc:bd:b4:c9:b2:12:35:bc:2a:0a:3d:35:1f:f3:8c:85:bc:
         b5:23:00:da:12:d7:b6:61:2e:bb:40:46:f9:21:3b:07:a3:6a:
         4f:ea:5f:c8:bb:c3:6a:83:2b:e6:96:d4:03:55:32:e5:26:bf:
         d0:74:5d:ae:67:99:3f:5f:4e:5e:eb:8c:40:7f:87:51:ce:12:
         be:21:85:6b:9d:98:dd:96:70:46:39:db:86:26:bb:26:e7:44:
         e0:c1:cc:f8:b9:1c:d3:b6:fe:24:02:e5:c3:94:7e:f6:bb:9a:
         a3:f6:38:19:fb:97:51:b6:ad:94:e9:82:45:b1:e1:79:35:ca:
         49:9d:ca:3e:ea:ea:a3:a3:cd:42:bc:07:f7:cc:44:f9:b9:ff:
         22:b4:38:4e:34:3e:f0:ec:09:70:16:19:55:c5:9c:dd:dc:40:
         1e:d9:78:2e:bd:19:fc:b0:a4:f7:95:ec:05:60:76:a6:bc:45:
         93:7f:67:13:46:48:ca:d4:8d:6b:95:c4:68:76:dc:ac:43:7f:
         ee:d0:90:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZy0DgzPWokZ2iNytWuMLOtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjUwNDI2MTU1NjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmRhOTE3MGE0OGE0MGI5YjY4ODkxYWMzMDU1ZGZhODIzYjc3Y2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZpOhOn14+Ct3e68DAUTQkJ+Yd87
fp0A4bv0U1so/kf7VyhGv3oumt/bb+4JHpG+vEmzOzAn8n0LaWyTUgcVsXMpIMLW
xwf4O8xGjPyJlzB9BE15kIjlW2w2EDbHJiUCRiiVtH3fpzLGqnVb5LgYXiDesTbD
1RTboupUL185VAigllEz81GGFYsVNSVi79NO1wLuH8YT13VeEmz/YQcgQlXL2ia2
XOlwukW2WCeDss7D7rvfVaZVvsV2nUiuxW1Ll5NbnxYdIRbfIbn0DFDib/rjGJbe
Y3zhkuB2wl08dVhffF8LPr1hmMfJ7BD7QwAvMkyf1Flbz/wUg6Bb6sZ/1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDvakXCkikC5toiRrDBV36gjt3zeMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvTzlxUmNLU0tRTG0yaUpHc01GWGZxQ08zZk40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvF9GMA0G
CSqGSIb3DQEBCwUAA4IBAQAFaKZm4YABsDdkZdiySRXEGrwzBudpYrFZsgF7H4b9
RIV1zDxlq/BvDvs+PlwLt/o/0JCU0MU6vL20ybISNbwqCj01H/OMhby1IwDaEte2
YS67QEb5ITsHo2pP6l/Iu8NqgyvmltQDVTLlJr/QdF2uZ5k/X05e64xAf4dRzhK+
IYVrnZjdlnBGOduGJrsm50Tgwcz4uRzTtv4kAuXDlH72u5qj9jgZ+5dRtq2U6YJF
seF5NcpJnco+6uqjo81CvAf3zET5uf8itDhOND7w7AlwFhlVxZzd3EAe2XguvRn8
sKT3lewFYHamvEWTf2cTRkjK1I1rlcRodtysQ3/u0JAV
-----END CERTIFICATE-----