Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/46YYdTVbR7huvnOKwjFrFvHgEQY.roa
File:                     46YYdTVbR7huvnOKwjFrFvHgEQY.roa (raw, json)
Hash identifier:          CidH6NXVMml9gkfM64eceMw+e4jB8J+bw7i7nlwM28A=
Subject key identifier:   E3:A6:18:75:35:5B:47:B8:6E:BE:73:8A:C2:31:6B:16:F1:E0:11:06
Certificate issuer:       /CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
Certificate serial:       01942DF0BC34FED82F8F7F85CA21AF9E7885
Authority key identifier: 28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/46YYdTVbR7huvnOKwjFrFvHgEQY.roa
Signing time:             Fri 03 Jan 2025 20:52:18 +0000
ROA not before:           Fri 03 Jan 2025 20:52:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135391
IP address blocks:        95.214.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:2d:f0:bc:34:fe:d8:2f:8f:7f:85:ca:21:af:9e:78:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
        Validity
            Not Before: Jan  3 20:52:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e3a61875355b47b86ebe738ac2316b16f1e01106
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ef:ad:73:a1:65:34:83:52:e9:fc:17:cd:b7:
                    bc:29:71:dc:e6:5b:6f:75:4c:fb:0c:93:35:06:ce:
                    97:e5:73:2a:ee:d0:b4:ec:b9:fa:d7:e1:ab:a5:c3:
                    0f:79:16:c5:25:ac:9d:f8:89:88:71:6a:2f:e3:c4:
                    c7:24:6e:fd:39:47:27:dd:5c:8a:3e:74:f9:bf:dd:
                    41:c5:d7:34:54:08:41:3e:1e:51:07:9b:e4:20:01:
                    6a:5a:41:6e:49:10:72:a5:8c:48:c5:5f:4c:e6:29:
                    6f:17:42:9c:f0:52:dc:3a:c2:a8:83:9a:6e:17:53:
                    20:38:45:b9:34:fe:93:22:37:8e:f9:60:84:ef:c2:
                    68:73:e8:c6:fe:f5:bb:3a:8e:78:68:61:91:e1:24:
                    8d:45:44:86:52:cc:cf:bb:d5:41:cd:ae:c3:df:b0:
                    ea:1e:ab:72:ec:dd:40:dd:98:ce:c3:83:94:34:3e:
                    d0:d0:52:c2:13:72:c5:53:db:e2:f4:69:b0:05:b1:
                    b4:dd:c4:76:58:41:39:05:a3:58:51:39:0d:0c:64:
                    0e:17:97:8e:df:e5:09:bb:35:4f:1f:a1:c4:62:85:
                    9c:8e:f9:3b:5e:c8:40:61:55:5c:3f:a9:af:24:b7:
                    37:23:38:2f:a0:f7:67:57:36:fc:7a:e8:68:4f:66:
                    d2:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:A6:18:75:35:5B:47:B8:6E:BE:73:8A:C2:31:6B:16:F1:E0:11:06
            X509v3 Authority Key Identifier:
                keyid:28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/46YYdTVbR7huvnOKwjFrFvHgEQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.214.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:69:5b:96:b2:eb:ea:6b:d5:2b:20:2f:e6:31:75:9a:d4:18:
         63:ec:b1:29:ec:71:b5:e9:4b:11:eb:5b:e4:3a:2e:2f:61:2f:
         dd:6b:d5:fe:90:13:10:2c:bd:3d:a1:b0:b8:90:dc:83:5c:51:
         83:a0:fe:48:f7:0b:a4:9f:30:5e:a7:8d:99:13:0b:d8:c2:f3:
         5a:0d:d9:2d:b5:0a:b3:98:22:d7:0f:82:de:41:66:ec:ab:12:
         56:39:4b:36:fa:34:15:9c:31:44:86:ea:cd:95:55:b8:81:b9:
         30:77:c9:ed:5f:c0:b7:13:dc:55:69:56:eb:a0:66:16:3f:64:
         72:43:6d:e3:c1:27:3e:8e:da:ba:5e:b3:47:72:b5:02:63:07:
         18:f9:65:96:f7:21:26:3a:2c:c6:09:02:82:17:8b:8c:98:be:
         84:d9:de:5f:f6:e2:85:6a:1e:15:32:03:30:71:df:ab:5c:81:
         6b:d8:71:8d:06:88:1b:54:40:d1:ae:ac:ab:f6:cb:5d:f5:ae:
         ba:68:f7:f0:0e:2e:0f:26:c9:4f:eb:16:00:03:ed:ff:d5:2b:
         ee:04:c6:e8:4f:2f:e2:9b:af:0b:10:97:e5:8a:41:6a:20:7f:
         ac:ad:aa:17:8a:f9:7d:4f:bf:15:29:3f:90:46:a6:30:54:92:
         d6:e9:64:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQt8Lw0/tgvj3+FyiGvnniFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MTA3YWI2OTIxZWY4Y2IyZGVjYTNlYjc2NjQ3OGNmZjNl
NWZjNmQwHhcNMjUwMTAzMjA1MjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2E2MTg3NTM1NWI0N2I4NmViZTczOGFjMjMxNmIxNmYxZTAxMTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxe+tc6FlNINS6fwXzbe8KXHc5ltv
dUz7DJM1Bs6X5XMq7tC07Ln61+GrpcMPeRbFJayd+ImIcWov48THJG79OUcn3VyK
PnT5v91Bxdc0VAhBPh5RB5vkIAFqWkFuSRBypYxIxV9M5ilvF0Kc8FLcOsKog5pu
F1MgOEW5NP6TIjeO+WCE78Joc+jG/vW7Oo54aGGR4SSNRUSGUszPu9VBza7D37Dq
Hqty7N1A3ZjOw4OUND7Q0FLCE3LFU9vi9GmwBbG03cR2WEE5BaNYUTkNDGQOF5eO
3+UJuzVPH6HEYoWcjvk7XshAYVVcP6mvJLc3IzgvoPdnVzb8euhoT2bSDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOOmGHU1W0e4br5zisIxaxbx4BEGMB8GA1UdIwQY
MBaAFCgQeraSHvjLLeyj63ZkeM/z5fxtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzIt
YzBmYjNlZjc2NDBlLzEvNDZZWWRUVmJSN2h1dm5PS3dqRnJGdkhnRVFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzItYzBmYjNlZjc2NDBl
LzEvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX9avMA0G
CSqGSIb3DQEBCwUAA4IBAQA0aVuWsuvqa9UrIC/mMXWa1Bhj7LEp7HG16UsR61vk
Oi4vYS/da9X+kBMQLL09obC4kNyDXFGDoP5I9wuknzBep42ZEwvYwvNaDdkttQqz
mCLXD4LeQWbsqxJWOUs2+jQVnDFEhurNlVW4gbkwd8ntX8C3E9xVaVbroGYWP2Ry
Q23jwSc+jtq6XrNHcrUCYwcY+WWW9yEmOizGCQKCF4uMmL6E2d5f9uKFah4VMgMw
cd+rXIFr2HGNBogbVEDRrqyr9std9a66aPfwDi4PJslP6xYAA+3/1SvuBMboTy/i
m68LEJflikFqIH+sraoXivl9T78VKT+QRqYwVJLW6WTr
-----END CERTIFICATE-----