Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/13b4bc-197e-40a6-b845-9ecd8cc50a88/1/Kq-o9dF9I_SVJaq1UMV7s1oCFuo.roa
File:                     Kq-o9dF9I_SVJaq1UMV7s1oCFuo.roa (raw, json)
Hash identifier:          t2yzvhgccdM/KpfODAkzzlq+Lx9RiSrTE1rH3fofrDk=
Subject key identifier:   2A:AF:A8:F5:D1:7D:23:F4:95:25:AA:B5:50:C5:7B:B3:5A:02:16:EA
Certificate issuer:       /CN=2791a7b8ee8440522b0b5530c85dce1d73f967b7
Certificate serial:       0190B1BC1F370008D8690F4987201023CD16
Authority key identifier: 27:91:A7:B8:EE:84:40:52:2B:0B:55:30:C8:5D:CE:1D:73:F9:67:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J5GnuO6EQFIrC1UwyF3OHXP5Z7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/13b4bc-197e-40a6-b845-9ecd8cc50a88/1/Kq-o9dF9I_SVJaq1UMV7s1oCFuo.roa
Signing time:             Sun 14 Jul 2024 14:53:34 +0000
ROA not before:           Sun 14 Jul 2024 14:53:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201150
IP address blocks:        95.128.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/13b4bc-197e-40a6-b845-9ecd8cc50a88/1/J5GnuO6EQFIrC1UwyF3OHXP5Z7c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/13b4bc-197e-40a6-b845-9ecd8cc50a88/1/J5GnuO6EQFIrC1UwyF3OHXP5Z7c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J5GnuO6EQFIrC1UwyF3OHXP5Z7c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:b1:bc:1f:37:00:08:d8:69:0f:49:87:20:10:23:cd:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2791a7b8ee8440522b0b5530c85dce1d73f967b7
        Validity
            Not Before: Jul 14 14:53:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2aafa8f5d17d23f49525aab550c57bb35a0216ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:4a:07:1e:0c:9c:09:f4:be:e6:25:e5:94:85:
                    60:dc:ab:f9:c3:ce:46:c8:6d:11:66:4c:50:9b:f7:
                    eb:cc:5d:ee:f9:ad:c9:9c:17:1d:f4:c3:86:70:c8:
                    9f:da:f2:67:2d:29:52:13:2b:8c:1d:3f:2d:c0:50:
                    ec:79:89:e0:99:50:1e:6a:54:7d:3e:c7:07:df:e5:
                    20:30:2b:df:ce:71:f6:70:1e:c0:d4:95:66:f8:e2:
                    f7:43:e8:8d:85:a4:ff:74:2a:de:f7:50:ed:41:bf:
                    78:7a:1f:6d:73:16:9e:db:f5:e2:d2:de:92:16:4e:
                    9d:56:4d:e9:25:9f:5e:81:fe:d4:51:46:52:7c:01:
                    32:a9:f8:e7:d1:70:b0:b1:ca:9f:78:f6:76:99:5d:
                    8d:c4:a9:eb:b5:49:0f:c3:98:dc:96:45:e5:00:d2:
                    bb:07:df:14:9d:0c:0c:51:7d:02:6d:ad:92:2e:a8:
                    40:20:9b:fe:14:a3:d8:55:4f:80:ee:1f:9e:3e:27:
                    0a:b7:14:53:fa:d0:96:ab:39:aa:1a:8c:9a:5f:dd:
                    4a:f3:d9:35:e3:73:95:6d:93:f7:07:ed:d1:ce:56:
                    c4:c4:1b:47:01:22:d4:ec:97:ea:2e:98:6a:6f:16:
                    6c:72:15:e1:82:bf:0b:4d:a8:54:a9:17:19:68:ac:
                    b2:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:AF:A8:F5:D1:7D:23:F4:95:25:AA:B5:50:C5:7B:B3:5A:02:16:EA
            X509v3 Authority Key Identifier:
                keyid:27:91:A7:B8:EE:84:40:52:2B:0B:55:30:C8:5D:CE:1D:73:F9:67:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5GnuO6EQFIrC1UwyF3OHXP5Z7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/13b4bc-197e-40a6-b845-9ecd8cc50a88/1/Kq-o9dF9I_SVJaq1UMV7s1oCFuo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/13b4bc-197e-40a6-b845-9ecd8cc50a88/1/J5GnuO6EQFIrC1UwyF3OHXP5Z7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:5d:ff:50:9b:60:04:94:8d:51:00:82:b3:32:be:62:3e:76:
         2e:e8:1a:3b:35:77:82:5c:ce:40:f7:84:b9:73:69:9d:51:45:
         4f:37:6c:0c:ee:b1:47:ec:c8:58:47:61:92:ff:6b:b2:80:87:
         2e:11:f9:f4:26:1e:b0:99:74:3d:a8:86:e6:1d:c3:e1:d4:cd:
         21:e0:93:e0:05:c1:02:96:4f:08:c1:0c:7e:55:fe:80:17:38:
         e9:90:f3:ab:3f:9c:5b:d1:ed:98:e7:05:33:1b:3b:05:04:0b:
         c1:90:69:7b:9e:5e:4e:fb:50:c5:67:b0:07:10:48:52:ce:a1:
         18:85:ae:e2:8f:68:f4:9b:da:09:35:e5:bd:53:b9:10:66:10:
         87:1c:82:03:01:74:7d:3c:28:09:5c:70:62:ca:ff:b4:3a:13:
         ff:ca:1f:fc:75:8a:01:4d:53:5c:9a:8f:06:c5:b4:d8:d1:8d:
         5a:27:25:ad:c4:93:fd:56:ac:a3:38:e1:5c:62:84:eb:61:0b:
         9e:7d:32:98:93:82:7e:39:78:83:81:1c:ee:29:71:54:91:40:
         f5:a5:ee:41:17:a8:cc:3d:ac:d8:ae:4c:7e:be:07:1d:25:f0:
         70:8d:71:1c:ec:a5:79:aa:98:b2:29:9b:9a:bc:2e:77:67:d4:
         a9:e6:ec:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCxvB83AAjYaQ9JhyAQI80WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OTFhN2I4ZWU4NDQwNTIyYjBiNTUzMGM4NWRjZTFkNzNm
OTY3YjcwHhcNMjQwNzE0MTQ1MzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWFmYThmNWQxN2QyM2Y0OTUyNWFhYjU1MGM1N2JiMzVhMDIxNmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0UoHHgycCfS+5iXllIVg3Kv5w85G
yG0RZkxQm/frzF3u+a3JnBcd9MOGcMif2vJnLSlSEyuMHT8twFDseYngmVAealR9
PscH3+UgMCvfznH2cB7A1JVm+OL3Q+iNhaT/dCre91DtQb94eh9tcxae2/Xi0t6S
Fk6dVk3pJZ9egf7UUUZSfAEyqfjn0XCwscqfePZ2mV2NxKnrtUkPw5jclkXlANK7
B98UnQwMUX0Cba2SLqhAIJv+FKPYVU+A7h+ePicKtxRT+tCWqzmqGoyaX91K89k1
43OVbZP3B+3RzlbExBtHASLU7JfqLphqbxZschXhgr8LTahUqRcZaKyy4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqvqPXRfSP0lSWqtVDFe7NaAhbqMB8GA1UdIwQY
MBaAFCeRp7juhEBSKwtVMMhdzh1z+We3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVHbnVPNkVRRklyQzFVd3lGM09IWFA1WjdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8xM2I0YmMtMTk3ZS00MGE2LWI4NDUt
OWVjZDhjYzUwYTg4LzEvS3EtbzlkRjlJX1NWSmFxMVVNVjdzMW9DRnVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8xM2I0YmMtMTk3ZS00MGE2LWI4NDUtOWVjZDhjYzUwYTg4
LzEvSjVHbnVPNkVRRklyQzFVd3lGM09IWFA1WjdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4DEMA0G
CSqGSIb3DQEBCwUAA4IBAQALXf9Qm2AElI1RAIKzMr5iPnYu6Bo7NXeCXM5A94S5
c2mdUUVPN2wM7rFH7MhYR2GS/2uygIcuEfn0Jh6wmXQ9qIbmHcPh1M0h4JPgBcEC
lk8IwQx+Vf6AFzjpkPOrP5xb0e2Y5wUzGzsFBAvBkGl7nl5O+1DFZ7AHEEhSzqEY
ha7ij2j0m9oJNeW9U7kQZhCHHIIDAXR9PCgJXHBiyv+0OhP/yh/8dYoBTVNcmo8G
xbTY0Y1aJyWtxJP9VqyjOOFcYoTrYQuefTKYk4J+OXiDgRzuKXFUkUD1pe5BF6jM
PazYrkx+vgcdJfBwjXEc7KV5qpiyKZuavC53Z9Sp5uy6
-----END CERTIFICATE-----