Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/13b4bc-197e-40a6-b845-9ecd8cc50a88/1/1-5fd_na-28afkI4BAGk0u73bwKI.roa
File:                     1-5fd_na-28afkI4BAGk0u73bwKI.roa (raw, json)
Hash identifier:          pTpcP9NkbJQ/sr1cjttSDJyf+j5ikRxsMAreqkoTQi4=
Subject key identifier:   FB:97:DD:FE:76:BE:DB:C6:9F:90:8E:01:00:69:34:BB:BD:DB:C0:A2
Certificate issuer:       /CN=2791a7b8ee8440522b0b5530c85dce1d73f967b7
Certificate serial:       018F57C45915F052F180E4461AE3F8854F09
Authority key identifier: 27:91:A7:B8:EE:84:40:52:2B:0B:55:30:C8:5D:CE:1D:73:F9:67:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J5GnuO6EQFIrC1UwyF3OHXP5Z7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/13b4bc-197e-40a6-b845-9ecd8cc50a88/1/1-5fd_na-28afkI4BAGk0u73bwKI.roa
Signing time:             Wed 08 May 2024 10:33:56 +0000
ROA not before:           Wed 08 May 2024 10:33:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202391
IP address blocks:        95.128.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/13b4bc-197e-40a6-b845-9ecd8cc50a88/1/J5GnuO6EQFIrC1UwyF3OHXP5Z7c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/13b4bc-197e-40a6-b845-9ecd8cc50a88/1/J5GnuO6EQFIrC1UwyF3OHXP5Z7c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J5GnuO6EQFIrC1UwyF3OHXP5Z7c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:57:c4:59:15:f0:52:f1:80:e4:46:1a:e3:f8:85:4f:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2791a7b8ee8440522b0b5530c85dce1d73f967b7
        Validity
            Not Before: May  8 10:33:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb97ddfe76bedbc69f908e01006934bbbddbc0a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:61:0e:c6:17:fa:ee:97:ae:06:9d:60:22:9b:
                    3a:a6:65:a6:c8:a9:60:cb:bf:4b:d0:c3:23:97:55:
                    c0:9e:88:41:58:86:c7:e1:be:39:0a:87:2f:18:59:
                    0c:73:c2:cb:2a:bc:0e:fa:7c:a1:ef:5a:a9:61:7e:
                    79:62:f3:fb:58:c9:a7:2d:11:b0:d2:e0:52:b5:b9:
                    f2:8d:59:a3:89:8f:c8:55:40:0d:11:5d:89:c9:94:
                    61:e4:a1:f3:19:fe:3e:5c:cd:2e:7e:86:0d:33:b5:
                    2b:21:ce:fa:b9:32:fe:9a:f6:f3:b9:1f:5d:d0:c5:
                    ed:39:96:de:05:b5:1d:56:d6:c3:f3:2e:74:06:e3:
                    91:4d:3e:eb:ad:4b:c9:29:b6:15:4b:8a:7e:e7:59:
                    c3:50:9a:55:f0:aa:20:64:2f:d5:d4:ad:1b:cd:b6:
                    82:46:3f:dc:5a:fd:de:7a:11:85:90:46:ef:e8:49:
                    06:95:a7:33:d7:f8:88:3b:ac:de:0e:37:83:53:7a:
                    d1:f8:42:7b:26:72:3a:d2:11:8d:84:46:ab:3e:22:
                    c9:c5:45:70:f2:b3:12:28:38:67:ad:98:5f:7a:06:
                    fb:28:a2:7f:d7:56:56:a6:f3:9b:d8:37:fb:34:5e:
                    35:72:82:75:66:c1:c6:5e:14:3d:7b:84:c7:f3:22:
                    f1:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:97:DD:FE:76:BE:DB:C6:9F:90:8E:01:00:69:34:BB:BD:DB:C0:A2
            X509v3 Authority Key Identifier:
                keyid:27:91:A7:B8:EE:84:40:52:2B:0B:55:30:C8:5D:CE:1D:73:F9:67:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5GnuO6EQFIrC1UwyF3OHXP5Z7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/13b4bc-197e-40a6-b845-9ecd8cc50a88/1/1-5fd_na-28afkI4BAGk0u73bwKI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/13b4bc-197e-40a6-b845-9ecd8cc50a88/1/J5GnuO6EQFIrC1UwyF3OHXP5Z7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:e4:b1:40:c9:de:e4:ae:d3:63:c7:75:bb:85:19:14:dd:c6:
         4b:7e:77:a6:fc:2b:70:a5:07:f6:66:c8:a3:e5:9f:42:b2:26:
         99:b9:e8:6e:ce:0c:2b:9c:bc:63:41:c1:24:41:d2:c1:50:bb:
         77:b5:75:f0:22:46:72:96:8a:f9:86:bd:45:88:66:ff:36:4c:
         d7:52:86:6e:67:9c:4d:0a:79:bc:7b:27:ba:1b:3e:9f:5e:c5:
         d5:03:55:b3:4c:54:e9:a9:0b:76:95:14:e0:40:60:56:e4:98:
         1a:8f:fa:3d:d2:d5:33:07:75:f5:a1:5c:ef:63:a1:af:76:7e:
         f9:6d:00:c5:3c:ac:47:af:62:0d:11:72:f8:8e:5a:98:0c:48:
         3c:06:2d:fd:09:3c:5f:0c:a2:9d:9a:fd:e6:40:fe:2b:31:26:
         b9:00:a7:1a:0a:cc:a9:b7:b0:17:a7:60:c0:d1:7f:7c:5a:df:
         35:71:b8:3e:d4:24:0b:61:5c:33:2e:1d:d3:72:ab:65:73:e4:
         6c:cb:47:87:4b:8b:29:c8:53:14:1c:05:fc:06:4d:bc:f4:31:
         ff:eb:c9:23:a4:f2:5a:c6:e9:10:6f:17:b1:c0:86:10:63:51:
         df:f0:eb:86:ae:fc:9b:b8:84:b8:c7:f1:05:4b:09:da:db:3f:
         24:b0:31:5f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY9XxFkV8FLxgORGGuP4hU8JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OTFhN2I4ZWU4NDQwNTIyYjBiNTUzMGM4NWRjZTFkNzNm
OTY3YjcwHhcNMjQwNTA4MTAzMzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjk3ZGRmZTc2YmVkYmM2OWY5MDhlMDEwMDY5MzRiYmJkZGJjMGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGEOxhf67peuBp1gIps6pmWmyKlg
y79L0MMjl1XAnohBWIbH4b45CocvGFkMc8LLKrwO+nyh71qpYX55YvP7WMmnLRGw
0uBStbnyjVmjiY/IVUANEV2JyZRh5KHzGf4+XM0ufoYNM7UrIc76uTL+mvbzuR9d
0MXtOZbeBbUdVtbD8y50BuORTT7rrUvJKbYVS4p+51nDUJpV8KogZC/V1K0bzbaC
Rj/cWv3eehGFkEbv6EkGlacz1/iIO6zeDjeDU3rR+EJ7JnI60hGNhEarPiLJxUVw
8rMSKDhnrZhfegb7KKJ/11ZWpvOb2Df7NF41coJ1ZsHGXhQ9e4TH8yLxtwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPuX3f52vtvGn5COAQBpNLu928CiMB8GA1UdIwQY
MBaAFCeRp7juhEBSKwtVMMhdzh1z+We3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVHbnVPNkVRRklyQzFVd3lGM09IWFA1WjdjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8xM2I0YmMtMTk3ZS00MGE2LWI4NDUt
OWVjZDhjYzUwYTg4LzEvMS01ZmRfbmEtMjhhZmtJNEJBR2swdTczYndLSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODEvMTNiNGJjLTE5N2UtNDBhNi1iODQ1LTllY2Q4Y2M1MGE4
OC8xL0o1R251TzZFUUZJckMxVXd5RjNPSFhQNVo3Yy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAF+AxDAN
BgkqhkiG9w0BAQsFAAOCAQEAHeSxQMne5K7TY8d1u4UZFN3GS353pvwrcKUH9mbI
o+WfQrImmbnobs4MK5y8Y0HBJEHSwVC7d7V18CJGcpaK+Ya9RYhm/zZM11KGbmec
TQp5vHsnuhs+n17F1QNVs0xU6akLdpUU4EBgVuSYGo/6PdLVMwd19aFc72Ohr3Z+
+W0AxTysR69iDRFy+I5amAxIPAYt/Qk8XwyinZr95kD+KzEmuQCnGgrMqbewF6dg
wNF/fFrfNXG4PtQkC2FcMy4d03KrZXPkbMtHh0uLKchTFBwF/AZNvPQx/+vJI6Ty
WsbpEG8XscCGEGNR3/Drhq78m7iEuMfxBUsJ2ts/JLAxXw==
-----END CERTIFICATE-----