Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/Kgg5jo-ZHMePjqrwzOBAq70kMpU.roa
File:                     Kgg5jo-ZHMePjqrwzOBAq70kMpU.roa (raw, json)
Hash identifier:          Pdigo/CDBUGlde0d/p/u6fs7fg8pKXauoazcHuV0ERw=
Subject key identifier:   2A:08:39:8E:8F:99:1C:C7:8F:8E:AA:F0:CC:E0:40:AB:BD:24:32:95
Certificate issuer:       /CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
Certificate serial:       0190F04A12F2FCFB0FD0A632DADCFB2ED700
Authority key identifier: 28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/Kgg5jo-ZHMePjqrwzOBAq70kMpU.roa
Signing time:             Fri 26 Jul 2024 18:25:04 +0000
ROA not before:           Fri 26 Jul 2024 18:25:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21859
IP address blocks:        95.214.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:f0:4a:12:f2:fc:fb:0f:d0:a6:32:da:dc:fb:2e:d7:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
        Validity
            Not Before: Jul 26 18:25:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a08398e8f991cc78f8eaaf0cce040abbd243295
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:4e:d9:f5:3b:74:ea:80:79:3e:9c:4d:e6:f4:
                    43:8e:3e:e5:a6:7a:26:43:85:4c:59:b9:ba:16:b3:
                    8d:63:85:10:07:8e:8e:d5:31:d1:f4:84:91:63:ce:
                    60:14:e5:14:df:63:e8:97:53:26:9e:5a:fb:ea:13:
                    7f:d6:49:3a:e9:4c:49:8e:b9:9e:9f:7f:90:6c:69:
                    a8:9f:86:91:2e:50:cc:92:7d:1d:71:19:87:20:b3:
                    47:62:07:f0:f5:32:81:b3:78:a5:b7:64:3d:64:33:
                    e7:4a:8f:d5:02:01:4a:f3:27:ce:df:3a:b5:c5:62:
                    10:3d:d1:8c:a4:9b:ff:d9:23:67:ce:57:f9:9b:e1:
                    79:80:3e:09:f0:fa:5c:3a:9d:1c:fa:59:2e:f1:98:
                    ce:83:3c:71:a5:8d:57:8d:dc:52:a9:5e:35:dd:f6:
                    95:df:6d:2c:15:ee:7a:f9:fd:bb:7e:9f:a1:75:63:
                    3e:9b:55:e7:85:91:e4:ff:bc:e1:cc:5d:fd:a1:be:
                    da:7d:52:e8:8e:a5:c8:64:3c:a1:e6:d0:32:50:24:
                    91:b7:01:60:9d:df:e5:ba:01:0f:c3:14:44:ae:70:
                    4c:d0:df:f5:67:a9:f9:e2:e1:4f:80:fe:c5:26:eb:
                    6b:e8:db:e6:ab:99:fb:d3:a1:4d:42:1a:70:4a:7a:
                    19:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:08:39:8E:8F:99:1C:C7:8F:8E:AA:F0:CC:E0:40:AB:BD:24:32:95
            X509v3 Authority Key Identifier:
                keyid:28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/Kgg5jo-ZHMePjqrwzOBAq70kMpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.214.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:cc:e7:e8:14:f9:2d:1c:95:93:98:fd:38:85:51:90:ff:8d:
         90:86:89:23:ef:9b:fe:e4:5e:ee:c7:b7:e5:51:da:7d:12:9f:
         af:4b:22:88:35:5b:94:53:0c:cb:4e:bc:81:66:d9:d9:ab:f9:
         32:b0:c0:22:be:d3:3e:14:9a:97:8e:03:73:b4:ae:c2:5d:2d:
         d1:0b:2f:0b:11:8b:34:91:c7:a2:85:bb:7f:93:15:7a:e7:53:
         3e:d2:16:dc:eb:b7:91:b9:2a:c0:e1:d2:a4:69:8b:b9:a1:75:
         92:52:e4:98:db:f3:26:11:dc:96:57:32:de:45:c7:81:ec:47:
         e0:f4:9c:7c:78:c8:cd:31:02:25:9a:2f:41:4c:e7:30:15:07:
         72:3c:b7:c6:fa:f9:c4:d7:72:ac:76:e5:ce:1d:11:27:32:02:
         28:0b:12:47:e8:aa:32:e2:9c:37:a8:64:1e:30:93:f8:53:ea:
         75:b3:57:a3:3b:40:96:35:98:89:93:af:e0:b0:9e:24:21:11:
         22:6c:36:23:56:6c:23:7b:7c:bd:9c:61:f1:26:b1:42:65:37:
         ec:5f:58:cc:bb:c0:8f:a6:03:25:74:f2:af:d3:07:b4:95:fc:
         32:63:31:30:11:65:69:87:45:e0:c8:f6:e3:0d:8b:fb:23:f3:
         40:ce:83:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDwShLy/PsP0KYy2tz7LtcAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MTA3YWI2OTIxZWY4Y2IyZGVjYTNlYjc2NjQ3OGNmZjNl
NWZjNmQwHhcNMjQwNzI2MTgyNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTA4Mzk4ZThmOTkxY2M3OGY4ZWFhZjBjY2UwNDBhYmJkMjQzMjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoU7Z9Tt06oB5PpxN5vRDjj7lpnom
Q4VMWbm6FrONY4UQB46O1THR9ISRY85gFOUU32Pol1Mmnlr76hN/1kk66UxJjrme
n3+QbGmon4aRLlDMkn0dcRmHILNHYgfw9TKBs3ilt2Q9ZDPnSo/VAgFK8yfO3zq1
xWIQPdGMpJv/2SNnzlf5m+F5gD4J8PpcOp0c+lku8ZjOgzxxpY1XjdxSqV413faV
320sFe56+f27fp+hdWM+m1XnhZHk/7zhzF39ob7afVLojqXIZDyh5tAyUCSRtwFg
nd/lugEPwxRErnBM0N/1Z6n54uFPgP7FJutr6Nvmq5n706FNQhpwSnoZFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCoIOY6PmRzHj46q8MzgQKu9JDKVMB8GA1UdIwQY
MBaAFCgQeraSHvjLLeyj63ZkeM/z5fxtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzIt
YzBmYjNlZjc2NDBlLzEvS2dnNWpvLVpITWVQanFyd3pPQkFxNzBrTXBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzItYzBmYjNlZjc2NDBl
LzEvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX9avMA0G
CSqGSIb3DQEBCwUAA4IBAQCIzOfoFPktHJWTmP04hVGQ/42Qhokj75v+5F7ux7fl
Udp9Ep+vSyKINVuUUwzLTryBZtnZq/kysMAivtM+FJqXjgNztK7CXS3RCy8LEYs0
kceihbt/kxV651M+0hbc67eRuSrA4dKkaYu5oXWSUuSY2/MmEdyWVzLeRceB7Efg
9Jx8eMjNMQIlmi9BTOcwFQdyPLfG+vnE13KsduXOHREnMgIoCxJH6Koy4pw3qGQe
MJP4U+p1s1ejO0CWNZiJk6/gsJ4kIREibDYjVmwje3y9nGHxJrFCZTfsX1jMu8CP
pgMldPKv0we0lfwyYzEwEWVph0XgyPbjDYv7I/NAzoPI
-----END CERTIFICATE-----