Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/xdLAkyAqpYsBCzlOa6IZgcgq7wk.roa
File:                     xdLAkyAqpYsBCzlOa6IZgcgq7wk.roa (raw, json)
Hash identifier:          7v0742zzBasBWYeUtdYMHo+geFBbYJxw5zgFNa5W/qc=
Subject key identifier:   C5:D2:C0:93:20:2A:A5:8B:01:0B:39:4E:6B:A2:19:81:C8:2A:EF:09
Certificate issuer:       /CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
Certificate serial:       019258BFAAD2450169881BF47A9F444E70AD
Authority key identifier: 28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/xdLAkyAqpYsBCzlOa6IZgcgq7wk.roa
Signing time:             Fri 04 Oct 2024 18:16:48 +0000
ROA not before:           Fri 04 Oct 2024 18:16:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        95.214.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:58:bf:aa:d2:45:01:69:88:1b:f4:7a:9f:44:4e:70:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
        Validity
            Not Before: Oct  4 18:16:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5d2c093202aa58b010b394e6ba21981c82aef09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:70:40:0b:4e:06:1c:ba:fd:fb:cd:e6:f7:2b:
                    48:80:52:59:05:d7:a1:e8:50:90:7e:fb:44:34:84:
                    aa:8d:74:ff:c0:4e:94:2e:9a:fa:03:a3:0d:5e:16:
                    81:0f:15:55:13:84:21:e6:0a:54:15:22:c0:2c:38:
                    22:0f:87:d2:66:4f:ec:d0:8e:01:b4:1b:de:7d:7f:
                    cf:af:f5:e2:ad:e1:11:b9:42:aa:e6:c7:c6:21:cc:
                    39:c1:27:d4:00:23:1c:3a:ca:91:06:b8:71:9a:f2:
                    53:03:50:07:83:d2:bd:f5:be:8c:ba:35:06:6f:03:
                    44:e0:76:ae:f7:83:e4:9f:74:ad:fa:ca:d8:a4:6a:
                    c4:2d:c7:4f:2b:95:3b:5f:6f:77:c0:dd:98:22:21:
                    7a:47:31:68:fc:a1:34:b0:a5:00:ba:ae:3e:47:90:
                    c9:3d:46:70:ff:d1:9f:f2:e3:b9:82:58:07:b9:5d:
                    21:e6:1d:eb:2c:27:27:3a:61:b3:ea:0e:a2:40:22:
                    da:b8:a2:3e:e8:34:ad:00:f0:53:d6:80:7d:be:9d:
                    f3:a0:24:1e:91:b5:a0:ac:6f:6c:43:35:7e:5c:55:
                    c9:0c:83:c1:c7:d2:46:63:08:f7:92:e0:32:4b:6c:
                    ea:1c:c5:55:77:36:78:ec:98:aa:77:74:4f:94:6e:
                    4e:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:D2:C0:93:20:2A:A5:8B:01:0B:39:4E:6B:A2:19:81:C8:2A:EF:09
            X509v3 Authority Key Identifier:
                keyid:28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/xdLAkyAqpYsBCzlOa6IZgcgq7wk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.214.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:9d:d0:c5:15:ed:c1:22:49:8f:e8:5d:a8:a1:56:bf:77:42:
         31:5c:e3:f4:0e:15:f2:f1:e7:c6:7b:ef:a3:34:d4:51:4f:f8:
         51:9b:dc:6b:b5:40:de:44:ed:0d:97:9d:ea:0f:d0:5f:58:d5:
         9c:46:fc:25:24:fb:aa:f8:56:ff:52:11:1e:58:b2:79:8f:e1:
         3d:3b:d3:c2:c3:40:88:0b:a4:c4:3b:be:2c:8d:2b:7e:32:0a:
         82:96:dd:3c:88:4d:ef:57:75:87:de:63:60:92:e4:3f:ba:5f:
         94:56:08:d2:19:6e:2e:94:16:3e:1e:ce:d0:b7:7a:98:a9:48:
         6e:0c:cf:98:08:4d:40:62:61:56:c2:44:85:8a:a0:07:d7:3c:
         5c:85:18:bc:6c:4d:d6:f7:9f:ab:dd:68:58:a3:3c:3f:f5:07:
         49:b7:24:0e:f0:9c:3c:ef:04:61:e3:54:49:eb:e1:c0:14:a5:
         29:29:42:1d:c0:8c:44:eb:9e:61:a2:20:44:57:c3:01:c1:67:
         c9:ef:a4:71:e5:3b:14:c1:4c:65:df:72:10:b8:58:dd:91:22:
         1c:cf:4e:10:ac:cc:da:19:61:28:72:41:25:df:99:6c:de:40:
         ac:d9:8d:30:80:da:2a:85:e1:4c:d9:73:79:12:07:9b:b7:c7:
         c9:18:26:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJYv6rSRQFpiBv0ep9ETnCtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MTA3YWI2OTIxZWY4Y2IyZGVjYTNlYjc2NjQ3OGNmZjNl
NWZjNmQwHhcNMjQxMDA0MTgxNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWQyYzA5MzIwMmFhNThiMDEwYjM5NGU2YmEyMTk4MWM4MmFlZjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA03BAC04GHLr9+83m9ytIgFJZBdeh
6FCQfvtENISqjXT/wE6ULpr6A6MNXhaBDxVVE4Qh5gpUFSLALDgiD4fSZk/s0I4B
tBvefX/Pr/XireERuUKq5sfGIcw5wSfUACMcOsqRBrhxmvJTA1AHg9K99b6MujUG
bwNE4Hau94Pkn3St+srYpGrELcdPK5U7X293wN2YIiF6RzFo/KE0sKUAuq4+R5DJ
PUZw/9Gf8uO5glgHuV0h5h3rLCcnOmGz6g6iQCLauKI+6DStAPBT1oB9vp3zoCQe
kbWgrG9sQzV+XFXJDIPBx9JGYwj3kuAyS2zqHMVVdzZ47Jiqd3RPlG5OFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXSwJMgKqWLAQs5TmuiGYHIKu8JMB8GA1UdIwQY
MBaAFCgQeraSHvjLLeyj63ZkeM/z5fxtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzIt
YzBmYjNlZjc2NDBlLzEveGRMQWt5QXFwWXNCQ3psT2E2SVpnY2dxN3drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzItYzBmYjNlZjc2NDBl
LzEvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX9atMA0G
CSqGSIb3DQEBCwUAA4IBAQBOndDFFe3BIkmP6F2ooVa/d0IxXOP0DhXy8efGe++j
NNRRT/hRm9xrtUDeRO0Nl53qD9BfWNWcRvwlJPuq+Fb/UhEeWLJ5j+E9O9PCw0CI
C6TEO74sjSt+MgqClt08iE3vV3WH3mNgkuQ/ul+UVgjSGW4ulBY+Hs7Qt3qYqUhu
DM+YCE1AYmFWwkSFiqAH1zxchRi8bE3W95+r3WhYozw/9QdJtyQO8Jw87wRh41RJ
6+HAFKUpKUIdwIxE655hoiBEV8MBwWfJ76Rx5TsUwUxl33IQuFjdkSIcz04QrMza
GWEockEl35ls3kCs2Y0wgNoqheFM2XN5Egebt8fJGCZ6
-----END CERTIFICATE-----