Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/oHg7GJ7EpOo3CRN-hvXqxWiWsKM.roa
File:                     oHg7GJ7EpOo3CRN-hvXqxWiWsKM.roa (raw, json)
Hash identifier:          zfjEfbFXYjgudAkImjczbeX9nuSTya4wd4lRYGHZTS8=
Subject key identifier:   A0:78:3B:18:9E:C4:A4:EA:37:09:13:7E:86:F5:EA:C5:68:96:B0:A3
Certificate issuer:       /CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
Certificate serial:       01942067DD16F99A898214282E6C449107D8
Authority key identifier: 28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/oHg7GJ7EpOo3CRN-hvXqxWiWsKM.roa
Signing time:             Wed 01 Jan 2025 05:47:45 +0000
ROA not before:           Wed 01 Jan 2025 05:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197477
IP address blocks:        95.214.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:dd:16:f9:9a:89:82:14:28:2e:6c:44:91:07:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
        Validity
            Not Before: Jan  1 05:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a0783b189ec4a4ea3709137e86f5eac56896b0a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:66:d7:b1:1f:8d:bd:08:c1:98:e7:3d:58:de:
                    ea:f2:97:8a:76:e5:e1:9a:d9:9c:4c:ed:d8:42:c2:
                    b5:23:d3:8c:50:9a:a7:a9:b4:af:04:43:3a:d5:c0:
                    3f:ed:d7:31:0d:7c:b0:2f:98:7f:36:4e:1a:32:e3:
                    3c:56:00:77:f4:bf:0d:09:72:e4:ba:b2:9f:ad:25:
                    84:f6:4c:a6:a1:4b:0b:7c:e9:eb:01:f4:21:ba:bc:
                    04:0f:d2:70:ae:6b:78:80:67:bc:f0:8b:e9:7c:b0:
                    57:77:2d:52:a0:6c:e9:76:70:a0:42:7f:65:0f:c6:
                    b7:7c:65:a0:2f:50:94:20:4e:ce:6a:3f:f9:d3:d0:
                    12:85:21:88:b2:b0:38:2a:a8:19:0d:da:1f:cb:3c:
                    0e:f7:cd:f6:7c:64:50:ba:0b:98:de:2f:34:25:32:
                    be:1a:89:c0:a9:de:bc:95:9d:d0:16:90:12:40:c3:
                    d0:57:1b:c8:71:e5:9c:b7:c6:77:56:48:35:b5:b4:
                    e1:80:94:7c:27:45:df:cd:c1:6b:c6:ee:37:33:01:
                    bd:7f:01:14:aa:34:c7:38:00:c8:d8:25:5b:ee:48:
                    fb:24:33:0b:c0:71:dd:59:d3:5d:c2:40:86:9d:aa:
                    88:16:6e:8e:5d:fb:63:06:6e:2d:dc:71:68:92:45:
                    46:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:78:3B:18:9E:C4:A4:EA:37:09:13:7E:86:F5:EA:C5:68:96:B0:A3
            X509v3 Authority Key Identifier:
                keyid:28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/oHg7GJ7EpOo3CRN-hvXqxWiWsKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.214.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:cc:6d:cb:93:59:da:91:37:28:79:ab:89:f7:f7:07:92:cb:
         14:d4:23:90:10:52:90:b9:85:ab:0a:91:a1:94:15:fd:59:d3:
         5d:09:1f:71:3b:84:64:ae:38:9a:fc:ea:90:1f:75:3c:97:4d:
         6a:98:0b:7a:46:59:8b:35:73:5f:15:cd:63:f2:7e:e2:35:cf:
         1e:4e:18:f8:de:4b:4b:49:57:ff:d3:53:f2:92:e3:47:3a:6c:
         9f:c5:c2:c1:ed:4b:46:a0:e4:0b:ab:b8:2b:35:13:0f:db:88:
         c3:6e:a9:09:87:bb:ed:56:9a:5c:f3:37:62:61:bd:2d:a0:ec:
         2c:c8:62:55:3b:c4:51:66:49:05:73:e6:43:7a:91:a4:12:6c:
         58:7e:a1:c5:b4:be:00:fa:0c:a8:58:2f:b2:46:5a:a7:42:d1:
         5c:af:c2:22:5d:21:1f:88:df:f3:e5:fa:1c:66:b4:7d:07:ae:
         f4:90:6c:f5:71:d8:b9:bb:db:bc:91:11:3c:cb:69:74:6e:16:
         fd:c9:b3:d0:9c:18:99:9b:9a:ef:e3:81:94:53:ef:82:90:94:
         4d:62:24:3a:42:f7:1e:f0:22:5b:4c:2b:56:f3:e1:fb:22:bb:
         65:49:33:c0:95:2d:ce:9e:d7:c0:99:0d:4c:2d:0d:ec:ee:94:
         01:9a:cd:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ90W+ZqJghQoLmxEkQfYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MTA3YWI2OTIxZWY4Y2IyZGVjYTNlYjc2NjQ3OGNmZjNl
NWZjNmQwHhcNMjUwMTAxMDU0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDc4M2IxODllYzRhNGVhMzcwOTEzN2U4NmY1ZWFjNTY4OTZiMGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2mbXsR+NvQjBmOc9WN7q8peKduXh
mtmcTO3YQsK1I9OMUJqnqbSvBEM61cA/7dcxDXywL5h/Nk4aMuM8VgB39L8NCXLk
urKfrSWE9kymoUsLfOnrAfQhurwED9Jwrmt4gGe88IvpfLBXdy1SoGzpdnCgQn9l
D8a3fGWgL1CUIE7Oaj/509AShSGIsrA4KqgZDdofyzwO9832fGRQuguY3i80JTK+
GonAqd68lZ3QFpASQMPQVxvIceWct8Z3Vkg1tbThgJR8J0XfzcFrxu43MwG9fwEU
qjTHOADI2CVb7kj7JDMLwHHdWdNdwkCGnaqIFm6OXftjBm4t3HFokkVGwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKB4OxiexKTqNwkTfob16sVolrCjMB8GA1UdIwQY
MBaAFCgQeraSHvjLLeyj63ZkeM/z5fxtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzIt
YzBmYjNlZjc2NDBlLzEvb0hnN0dKN0VwT28zQ1JOLWh2WHF4V2lXc0tNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzItYzBmYjNlZjc2NDBl
LzEvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX9asMA0G
CSqGSIb3DQEBCwUAA4IBAQBdzG3Lk1nakTcoeauJ9/cHkssU1COQEFKQuYWrCpGh
lBX9WdNdCR9xO4Rkrjia/OqQH3U8l01qmAt6RlmLNXNfFc1j8n7iNc8eThj43ktL
SVf/01PykuNHOmyfxcLB7UtGoOQLq7grNRMP24jDbqkJh7vtVppc8zdiYb0toOws
yGJVO8RRZkkFc+ZDepGkEmxYfqHFtL4A+gyoWC+yRlqnQtFcr8IiXSEfiN/z5foc
ZrR9B670kGz1cdi5u9u8kRE8y2l0bhb9ybPQnBiZm5rv44GUU++CkJRNYiQ6Qvce
8CJbTCtW8+H7IrtlSTPAlS3OntfAmQ1MLQ3s7pQBms2y
-----END CERTIFICATE-----