Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/G2Nc7X8kuhaKkBB5rKZzY5f6d_w.roa
File:                     G2Nc7X8kuhaKkBB5rKZzY5f6d_w.roa (raw, json)
Hash identifier:          BiQ1jJwpRLMR5whpXakkBkSSSmnMdLyFbrLDwM9WtXM=
Subject key identifier:   1B:63:5C:ED:7F:24:BA:16:8A:90:10:79:AC:A6:73:63:97:FA:77:FC
Certificate issuer:       /CN=89a6cd9f4beb7b0c04d31ffe5c674a87a7739d21
Certificate serial:       018CC34890A54246B0CD977E03013B731188
Authority key identifier: 89:A6:CD:9F:4B:EB:7B:0C:04:D3:1F:FE:5C:67:4A:87:A7:73:9D:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iabNn0vrewwE0x_-XGdKh6dznSE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/G2Nc7X8kuhaKkBB5rKZzY5f6d_w.roa
Signing time:             Mon 01 Jan 2024 04:29:21 +0000
ROA not before:           Mon 01 Jan 2024 04:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48136
IP address blocks:        95.131.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/iabNn0vrewwE0x_-XGdKh6dznSE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/iabNn0vrewwE0x_-XGdKh6dznSE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iabNn0vrewwE0x_-XGdKh6dznSE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:90:a5:42:46:b0:cd:97:7e:03:01:3b:73:11:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89a6cd9f4beb7b0c04d31ffe5c674a87a7739d21
        Validity
            Not Before: Jan  1 04:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b635ced7f24ba168a901079aca6736397fa77fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:9e:a1:96:5c:1c:34:18:46:02:6a:eb:10:ac:
                    ad:20:5d:f8:0f:8a:4e:6b:c7:bf:cf:ff:d4:d5:a2:
                    db:70:dc:3f:97:34:f2:f3:39:24:71:96:79:f1:3f:
                    ed:17:39:bd:54:1b:c2:98:33:94:6c:52:e5:59:99:
                    cb:29:9f:65:ca:1a:79:90:c6:44:9a:fa:34:1a:83:
                    b7:8f:79:8d:c6:ca:ca:a0:df:ed:32:f7:f9:f4:b3:
                    14:40:1f:f0:a0:84:87:46:a0:11:6e:86:29:c2:8e:
                    13:3f:b9:b1:a7:cf:a3:af:8f:b7:ad:f4:93:0d:84:
                    4f:c0:b2:26:ce:10:07:da:0e:ec:ab:35:32:24:3b:
                    18:93:c6:34:27:82:aa:50:dc:b5:c8:22:be:6f:13:
                    ae:b6:12:a8:a6:66:d6:df:d1:63:0b:95:4a:d2:2b:
                    11:0d:ca:c6:f3:ab:46:46:f5:6c:33:da:42:c9:17:
                    b7:8c:4a:85:b8:b7:fb:07:bb:a8:21:c7:d5:c1:db:
                    e5:1f:ee:75:08:0e:b7:d1:e9:1c:6b:d3:b5:09:01:
                    1c:f3:9f:ee:94:90:62:06:f9:aa:f3:52:5f:b5:bc:
                    93:f2:86:ca:32:26:c2:4d:16:ba:4b:f0:d4:78:46:
                    25:d8:02:ff:74:88:38:75:17:8e:7f:f5:28:e7:9e:
                    b1:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:63:5C:ED:7F:24:BA:16:8A:90:10:79:AC:A6:73:63:97:FA:77:FC
            X509v3 Authority Key Identifier:
                keyid:89:A6:CD:9F:4B:EB:7B:0C:04:D3:1F:FE:5C:67:4A:87:A7:73:9D:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iabNn0vrewwE0x_-XGdKh6dznSE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/G2Nc7X8kuhaKkBB5rKZzY5f6d_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/99a4cc-4720-4a64-aa06-1f924495fcdd/1/iabNn0vrewwE0x_-XGdKh6dznSE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.131.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:91:60:a4:68:fa:3a:2c:c7:a8:48:ba:66:24:fa:18:32:2e:
         3d:66:bc:0f:fb:b6:a5:44:8f:8d:10:f8:19:05:ac:eb:35:1c:
         36:aa:a3:dc:32:9b:e7:46:ee:2b:e1:a8:cb:bd:dc:f5:f2:d2:
         0e:87:4b:1b:15:10:b2:7e:17:ca:81:04:e0:19:a1:4e:de:30:
         99:85:9f:8c:a8:83:ff:a5:4a:46:81:a7:09:ab:46:ab:3c:61:
         ea:da:8d:e8:61:9a:d9:a8:e9:30:f1:d8:64:91:99:40:0a:fd:
         d6:3c:1e:80:e2:e6:c8:61:42:f7:fe:79:bf:19:80:00:3d:a1:
         38:28:94:68:4f:e8:f0:ef:f8:cf:f2:8d:76:b0:4b:06:e7:09:
         ca:58:06:ce:ad:47:8b:22:15:6a:94:38:d2:7e:44:83:88:28:
         4b:2f:47:b7:dc:52:72:49:c3:8e:bc:c1:86:cf:1a:eb:ef:d1:
         63:0c:7c:d8:30:da:20:55:3b:a4:54:25:7e:14:e4:57:aa:e1:
         ba:c6:90:df:5c:e3:97:61:ae:1e:57:17:b9:c3:36:16:b8:3d:
         5c:54:85:3a:bc:6a:be:67:34:a0:1c:6c:bd:f2:6d:e2:1a:03:
         54:a2:03:09:31:56:b1:fd:eb:07:7f:ba:25:a6:9f:98:8c:5a:
         ee:20:7f:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSJClQkawzZd+AwE7cxGIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YTZjZDlmNGJlYjdiMGMwNGQzMWZmZTVjNjc0YTg3YTc3
MzlkMjEwHhcNMjQwMTAxMDQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjYzNWNlZDdmMjRiYTE2OGE5MDEwNzlhY2E2NzM2Mzk3ZmE3N2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZ6hllwcNBhGAmrrEKytIF34D4pO
a8e/z//U1aLbcNw/lzTy8zkkcZZ58T/tFzm9VBvCmDOUbFLlWZnLKZ9lyhp5kMZE
mvo0GoO3j3mNxsrKoN/tMvf59LMUQB/woISHRqARboYpwo4TP7mxp8+jr4+3rfST
DYRPwLImzhAH2g7sqzUyJDsYk8Y0J4KqUNy1yCK+bxOuthKopmbW39FjC5VK0isR
DcrG86tGRvVsM9pCyRe3jEqFuLf7B7uoIcfVwdvlH+51CA630ekca9O1CQEc85/u
lJBiBvmq81JftbyT8obKMibCTRa6S/DUeEYl2AL/dIg4dReOf/Uo556xLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBtjXO1/JLoWipAQeaymc2OX+nf8MB8GA1UdIwQY
MBaAFImmzZ9L63sMBNMf/lxnSoenc50hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWFiTm4wdnJld3dFMHhfLVhHZEtoNmR6blNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni85OWE0Y2MtNDcyMC00YTY0LWFhMDYt
MWY5MjQ0OTVmY2RkLzEvRzJOYzdYOGt1aGFLa0JCNXJLWnpZNWY2ZF93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni85OWE0Y2MtNDcyMC00YTY0LWFhMDYtMWY5MjQ0OTVmY2Rk
LzEvaWFiTm4wdnJld3dFMHhfLVhHZEtoNmR6blNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4MgMA0G
CSqGSIb3DQEBCwUAA4IBAQBEkWCkaPo6LMeoSLpmJPoYMi49ZrwP+7alRI+NEPgZ
BazrNRw2qqPcMpvnRu4r4ajLvdz18tIOh0sbFRCyfhfKgQTgGaFO3jCZhZ+MqIP/
pUpGgacJq0arPGHq2o3oYZrZqOkw8dhkkZlACv3WPB6A4ubIYUL3/nm/GYAAPaE4
KJRoT+jw7/jP8o12sEsG5wnKWAbOrUeLIhVqlDjSfkSDiChLL0e33FJyScOOvMGG
zxrr79FjDHzYMNogVTukVCV+FORXquG6xpDfXOOXYa4eVxe5wzYWuD1cVIU6vGq+
ZzSgHGy98m3iGgNUogMJMVax/esHf7olpp+YjFruIH88
-----END CERTIFICATE-----