Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/avHlBbIO39DV-vrh6l56XgsJENo.roa
File:                     avHlBbIO39DV-vrh6l56XgsJENo.roa (raw, json)
Hash identifier:          jNzkORiJarL5Nnl4H69kbWLkfTZV+gRuoK2Wd8YefMA=
Subject key identifier:   6A:F1:E5:05:B2:0E:DF:D0:D5:FA:FA:E1:EA:5E:7A:5E:0B:09:10:DA
Certificate issuer:       /CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
Certificate serial:       01942067DE6D469ECF93859812365768F8C8
Authority key identifier: 28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/avHlBbIO39DV-vrh6l56XgsJENo.roa
Signing time:             Wed 01 Jan 2025 05:47:45 +0000
ROA not before:           Wed 01 Jan 2025 05:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209181
IP address blocks:        95.214.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:de:6d:46:9e:cf:93:85:98:12:36:57:68:f8:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
        Validity
            Not Before: Jan  1 05:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6af1e505b20edfd0d5fafae1ea5e7a5e0b0910da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:57:85:fa:cf:2b:f4:4a:e9:8c:bc:fd:d6:31:
                    5f:d6:71:8a:d9:d7:31:7f:7e:75:8c:b5:f6:7c:96:
                    7e:41:7f:44:a9:1e:06:15:36:dd:af:21:e4:ae:13:
                    57:b6:d7:bf:1c:6f:45:d2:03:e1:b2:79:8d:48:4c:
                    0b:3e:ed:61:a1:3f:9b:94:5c:ef:00:70:6c:fa:1a:
                    33:09:d9:4e:79:08:16:af:53:0a:ee:6a:b8:1a:fe:
                    b9:de:c5:78:f3:72:cb:b1:3b:ca:7d:32:1e:4a:76:
                    dd:88:7c:79:14:78:71:46:3e:49:45:a4:af:4f:27:
                    85:d1:89:38:2b:16:39:6e:75:b8:ac:aa:ab:fb:39:
                    20:d8:ed:8a:f8:b6:81:89:b9:e6:61:a1:43:51:98:
                    56:7c:03:ed:70:59:d8:32:fe:ed:50:11:6b:d4:af:
                    ec:87:b8:a1:5b:f7:d8:fe:c9:e0:57:09:1f:fa:93:
                    4c:b3:f2:d9:6f:14:bb:f7:82:ec:76:de:d5:ab:a1:
                    be:1e:26:f3:c7:32:63:f0:36:99:14:21:45:e5:9e:
                    e9:9d:bb:9e:dc:7c:3a:ea:17:9b:e9:8c:04:a9:81:
                    ad:d3:a9:a8:52:da:16:a1:2c:68:f6:f8:78:c5:10:
                    74:d0:1c:6b:25:65:9e:c6:e7:f8:da:65:08:0e:5e:
                    3d:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:F1:E5:05:B2:0E:DF:D0:D5:FA:FA:E1:EA:5E:7A:5E:0B:09:10:DA
            X509v3 Authority Key Identifier:
                keyid:28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/avHlBbIO39DV-vrh6l56XgsJENo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.214.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:9c:fe:97:36:70:7f:ff:4e:21:b9:cc:7f:64:95:1c:aa:e7:
         8f:c2:ef:5a:e2:21:dc:38:ca:9a:b1:e3:f1:7a:34:fd:30:a6:
         d0:5a:36:73:df:1b:75:6e:3f:b6:6a:eb:11:5b:6f:5d:bd:00:
         b7:1a:d9:71:05:14:be:25:09:71:8b:9b:c8:68:04:e3:41:c0:
         28:8e:1f:89:23:86:a3:d1:f7:f5:27:0f:86:20:46:62:5a:50:
         db:87:c2:a4:d1:6e:60:13:2b:e5:c7:75:87:4e:89:b0:ac:c9:
         69:05:4f:f0:1d:73:7e:c7:e6:be:36:47:b7:76:74:13:92:ee:
         81:70:03:fd:c4:83:59:13:34:4f:6b:c3:53:a9:67:d7:03:aa:
         55:a4:b8:64:8e:c5:79:33:31:05:2f:8b:6e:84:6d:d8:bc:7d:
         95:93:33:e0:a7:53:4f:47:4c:a9:72:ca:aa:d4:fe:1e:0a:21:
         f5:8e:45:17:27:eb:61:9f:16:7d:6b:2c:55:e4:03:aa:95:d2:
         0d:10:26:c2:e2:c2:48:f3:6c:92:49:8c:f0:a5:c9:40:b9:4a:
         5c:73:a9:41:d7:ba:b0:0f:f5:21:4a:ed:9a:fa:64:4a:71:5d:
         45:bc:5d:88:43:6d:0f:66:32:60:2c:48:84:9f:e8:7d:b1:9a:
         25:fe:1f:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ95tRp7Pk4WYEjZXaPjIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MTA3YWI2OTIxZWY4Y2IyZGVjYTNlYjc2NjQ3OGNmZjNl
NWZjNmQwHhcNMjUwMTAxMDU0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWYxZTUwNWIyMGVkZmQwZDVmYWZhZTFlYTVlN2E1ZTBiMDkxMGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFeF+s8r9ErpjLz91jFf1nGK2dcx
f351jLX2fJZ+QX9EqR4GFTbdryHkrhNXtte/HG9F0gPhsnmNSEwLPu1hoT+blFzv
AHBs+hozCdlOeQgWr1MK7mq4Gv653sV483LLsTvKfTIeSnbdiHx5FHhxRj5JRaSv
TyeF0Yk4KxY5bnW4rKqr+zkg2O2K+LaBibnmYaFDUZhWfAPtcFnYMv7tUBFr1K/s
h7ihW/fY/sngVwkf+pNMs/LZbxS794Lsdt7Vq6G+HibzxzJj8DaZFCFF5Z7pnbue
3Hw66heb6YwEqYGt06moUtoWoSxo9vh4xRB00BxrJWWexuf42mUIDl49LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGrx5QWyDt/Q1fr64epeel4LCRDaMB8GA1UdIwQY
MBaAFCgQeraSHvjLLeyj63ZkeM/z5fxtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzIt
YzBmYjNlZjc2NDBlLzEvYXZIbEJiSU8zOURWLXZyaDZsNTZYZ3NKRU5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzItYzBmYjNlZjc2NDBl
LzEvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX9a3MA0G
CSqGSIb3DQEBCwUAA4IBAQCHnP6XNnB//04hucx/ZJUcquePwu9a4iHcOMqasePx
ejT9MKbQWjZz3xt1bj+2ausRW29dvQC3GtlxBRS+JQlxi5vIaATjQcAojh+JI4aj
0ff1Jw+GIEZiWlDbh8Kk0W5gEyvlx3WHTomwrMlpBU/wHXN+x+a+Nke3dnQTku6B
cAP9xINZEzRPa8NTqWfXA6pVpLhkjsV5MzEFL4tuhG3YvH2VkzPgp1NPR0ypcsqq
1P4eCiH1jkUXJ+thnxZ9ayxV5AOqldINECbC4sJI82ySSYzwpclAuUpcc6lB17qw
D/UhSu2a+mRKcV1FvF2IQ20PZjJgLEiEn+h9sZol/h/R
-----END CERTIFICATE-----