Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/xPIGMiV2okLp1GMGo2CjJaK8aHE.roa
File:                     xPIGMiV2okLp1GMGo2CjJaK8aHE.roa (raw, json)
Hash identifier:          pmf/hAJy/HOUC2rn2+666TF2/HDevcnUllLIluZ52Pc=
Subject key identifier:   C4:F2:06:32:25:76:A2:42:E9:D4:63:06:A3:60:A3:25:A2:BC:68:71
Certificate issuer:       /CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
Certificate serial:       018CC8DE1586D3084B764349B3B774882667
Authority key identifier: 28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/xPIGMiV2okLp1GMGo2CjJaK8aHE.roa
Signing time:             Tue 02 Jan 2024 06:30:46 +0000
ROA not before:           Tue 02 Jan 2024 06:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        95.214.173.0/24 maxlen: 24
                          193.239.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:15:86:d3:08:4b:76:43:49:b3:b7:74:88:26:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
        Validity
            Not Before: Jan  2 06:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4f206322576a242e9d46306a360a325a2bc6871
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:a5:81:30:84:62:63:83:d3:36:d0:aa:73:b4:
                    ec:5a:46:9a:11:18:9d:f6:32:8c:b2:ff:70:08:05:
                    e0:d5:bc:de:77:99:86:43:1c:6c:e8:2b:b3:6b:2b:
                    c4:77:56:c5:a3:79:ba:c5:d0:6f:86:25:8e:07:4f:
                    f4:ce:f7:ec:f8:bc:02:fd:c4:e3:9f:be:e7:76:cc:
                    4f:1a:25:4d:25:e0:46:54:0d:18:44:42:63:22:26:
                    c1:61:a9:3d:b1:7b:01:df:6f:85:98:50:0c:0e:7a:
                    5f:02:34:2f:8a:b3:c0:c9:a7:d9:15:6a:ea:57:89:
                    32:dc:7e:27:2d:79:25:6a:b1:ce:69:fc:35:fa:23:
                    db:33:6c:04:7f:c3:f2:79:d7:f1:2c:93:86:25:7a:
                    22:77:0c:91:37:f6:46:7d:db:4c:03:15:e6:99:e8:
                    af:d5:23:1d:d0:0a:34:94:62:b8:54:cc:30:28:36:
                    2f:4f:6c:50:75:fa:4b:ab:8a:f4:c7:e6:1b:65:f9:
                    c7:05:00:71:ab:8f:cd:dd:e9:60:8f:bc:b0:6c:31:
                    04:5c:a0:d1:fe:99:a1:cb:a3:82:6f:6a:ae:f2:1f:
                    d0:79:94:03:4b:a8:ab:74:35:52:98:1d:17:d7:37:
                    06:ba:1e:95:43:70:0e:e4:ac:0d:68:92:87:63:d8:
                    94:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:F2:06:32:25:76:A2:42:E9:D4:63:06:A3:60:A3:25:A2:BC:68:71
            X509v3 Authority Key Identifier:
                keyid:28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/xPIGMiV2okLp1GMGo2CjJaK8aHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.214.173.0/24
                  193.239.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:23:70:f8:f0:2b:d5:4d:40:7c:c2:64:28:79:86:55:e9:60:
         bc:79:ec:f5:2e:d3:69:12:19:51:55:ca:19:87:4a:57:a1:a0:
         b4:f9:0c:86:70:5c:83:cc:d6:a1:b1:c5:d1:63:5d:5e:73:d6:
         d1:d9:ca:47:ef:44:4d:b0:50:9c:bc:cd:0b:1a:f6:b4:2e:60:
         2c:a3:72:e4:e9:f0:f8:7f:01:94:c5:2b:98:43:a6:38:d7:10:
         1b:55:c3:b6:4a:75:52:a9:c8:0a:db:9d:5d:4c:a1:e3:30:9b:
         22:7e:d0:e5:25:f5:0e:c2:61:00:c9:dc:2e:82:e8:4f:22:ea:
         6b:57:b4:70:1d:35:24:4e:ed:ad:c6:b8:47:d8:ae:17:7c:21:
         f4:7c:2a:8e:3c:e7:47:45:44:3b:be:97:6d:d2:0d:e9:ef:f5:
         ab:3e:1b:42:5d:83:15:03:7d:8e:db:94:03:83:b4:cf:51:6b:
         b8:75:e8:ec:ad:d1:2b:0f:da:49:5a:e5:52:97:81:39:ad:6e:
         55:17:49:e3:8d:e6:05:cd:1b:a1:59:24:db:26:bf:f5:ce:fe:
         40:c9:6c:24:23:f2:cb:86:20:3a:1a:c1:c4:83:7c:6f:56:aa:
         2b:1e:12:9b:f2:36:11:99:5c:43:c5:94:6f:c2:a0:f2:95:d7:
         c1:d5:f3:ca
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3hWG0whLdkNJs7d0iCZnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MTA3YWI2OTIxZWY4Y2IyZGVjYTNlYjc2NjQ3OGNmZjNl
NWZjNmQwHhcNMjQwMTAyMDYzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGYyMDYzMjI1NzZhMjQyZTlkNDYzMDZhMzYwYTMyNWEyYmM2ODcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0qWBMIRiY4PTNtCqc7TsWkaaERid
9jKMsv9wCAXg1bzed5mGQxxs6CuzayvEd1bFo3m6xdBvhiWOB0/0zvfs+LwC/cTj
n77ndsxPGiVNJeBGVA0YREJjIibBYak9sXsB32+FmFAMDnpfAjQvirPAyafZFWrq
V4ky3H4nLXklarHOafw1+iPbM2wEf8PyedfxLJOGJXoidwyRN/ZGfdtMAxXmmeiv
1SMd0Ao0lGK4VMwwKDYvT2xQdfpLq4r0x+YbZfnHBQBxq4/N3elgj7ywbDEEXKDR
/pmhy6OCb2qu8h/QeZQDS6irdDVSmB0X1zcGuh6VQ3AO5KwNaJKHY9iUjQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMTyBjIldqJC6dRjBqNgoyWivGhxMB8GA1UdIwQY
MBaAFCgQeraSHvjLLeyj63ZkeM/z5fxtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzIt
YzBmYjNlZjc2NDBlLzEveFBJR01pVjJva0xwMUdNR28yQ2pKYUs4YUhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzItYzBmYjNlZjc2NDBl
LzEvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX9atAwQA
we/EMA0GCSqGSIb3DQEBCwUAA4IBAQAwI3D48CvVTUB8wmQoeYZV6WC8eez1LtNp
EhlRVcoZh0pXoaC0+QyGcFyDzNahscXRY11ec9bR2cpH70RNsFCcvM0LGva0LmAs
o3Lk6fD4fwGUxSuYQ6Y41xAbVcO2SnVSqcgK251dTKHjMJsiftDlJfUOwmEAydwu
guhPIuprV7RwHTUkTu2txrhH2K4XfCH0fCqOPOdHRUQ7vpdt0g3p7/WrPhtCXYMV
A32O25QDg7TPUWu4dejsrdErD9pJWuVSl4E5rW5VF0njjeYFzRuhWSTbJr/1zv5A
yWwkI/LLhiA6GsHEg3xvVqorHhKb8jYRmVxDxZRvwqDyldfB1fPK
-----END CERTIFICATE-----