Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/13a432-9db6-431f-a24c-1f323637cc48/1/Jndx3UedXrdg20MSIzjlV9eNss4.roa
File:                     Jndx3UedXrdg20MSIzjlV9eNss4.roa (raw, json)
Hash identifier:          /kbEYvpeJnCSjzTtifbN1sUFUTgZnsy2DUbuFsNf2fM=
Subject key identifier:   26:77:71:DD:47:9D:5E:B7:60:DB:43:12:23:38:E5:57:D7:8D:B2:CE
Certificate issuer:       /CN=aff454ecfc9682862a7b5dbe4f3b9b0efc4c57dc
Certificate serial:       018F14FC0A6E478321454E2A1FC030FE4A76
Authority key identifier: AF:F4:54:EC:FC:96:82:86:2A:7B:5D:BE:4F:3B:9B:0E:FC:4C:57:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_RU7PyWgoYqe12-TzubDvxMV9w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/13a432-9db6-431f-a24c-1f323637cc48/1/Jndx3UedXrdg20MSIzjlV9eNss4.roa
Signing time:             Thu 25 Apr 2024 11:20:13 +0000
ROA not before:           Thu 25 Apr 2024 11:20:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215612
IP address blocks:        95.128.192.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/13a432-9db6-431f-a24c-1f323637cc48/1/r_RU7PyWgoYqe12-TzubDvxMV9w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/13a432-9db6-431f-a24c-1f323637cc48/1/r_RU7PyWgoYqe12-TzubDvxMV9w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_RU7PyWgoYqe12-TzubDvxMV9w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:14:fc:0a:6e:47:83:21:45:4e:2a:1f:c0:30:fe:4a:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aff454ecfc9682862a7b5dbe4f3b9b0efc4c57dc
        Validity
            Not Before: Apr 25 11:20:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=267771dd479d5eb760db43122338e557d78db2ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:58:53:02:3c:80:12:82:c5:cb:aa:45:fc:2b:
                    82:f6:27:25:68:16:81:68:a7:cd:78:11:83:3c:01:
                    18:d3:73:5c:25:e5:ae:21:82:57:b5:78:ce:c9:fc:
                    55:48:d2:db:c0:35:c9:c3:53:a3:82:f3:26:c7:d6:
                    e1:1a:7d:54:af:01:72:8e:af:92:e5:b0:88:ac:64:
                    d8:96:dc:9f:e1:3b:ab:d3:c9:16:1f:2f:a1:7e:fb:
                    d2:60:ca:af:1b:37:bf:ed:09:cc:31:88:91:f9:c8:
                    45:17:f1:61:f4:b6:d5:aa:a6:f9:2c:8d:2a:ce:64:
                    40:82:43:a9:8d:a5:ec:ef:9a:93:19:62:c6:4b:f4:
                    73:01:52:fd:97:fb:5d:a9:1b:d3:26:05:b1:ae:0b:
                    1b:bb:4e:e0:e1:19:ae:11:3c:c8:d3:26:73:25:e6:
                    78:e7:5c:e3:22:98:0e:5f:32:e0:9f:74:1d:56:99:
                    96:a0:e9:70:7c:f5:6a:b2:51:ee:7a:a2:4e:92:57:
                    ce:d9:2d:8a:c0:aa:f3:09:f2:7a:8b:04:35:3b:e6:
                    91:4c:4a:36:0a:7c:21:7c:28:26:c4:05:77:02:d0:
                    bf:3b:0e:54:9f:c6:7e:73:8e:52:d9:09:17:28:64:
                    70:78:4f:98:60:01:a5:57:33:3b:c7:81:5b:a3:da:
                    21:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:77:71:DD:47:9D:5E:B7:60:DB:43:12:23:38:E5:57:D7:8D:B2:CE
            X509v3 Authority Key Identifier:
                keyid:AF:F4:54:EC:FC:96:82:86:2A:7B:5D:BE:4F:3B:9B:0E:FC:4C:57:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_RU7PyWgoYqe12-TzubDvxMV9w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/13a432-9db6-431f-a24c-1f323637cc48/1/Jndx3UedXrdg20MSIzjlV9eNss4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/13a432-9db6-431f-a24c-1f323637cc48/1/r_RU7PyWgoYqe12-TzubDvxMV9w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:b9:d4:54:b5:88:eb:b8:fb:ab:e5:d1:e2:a8:b8:b7:92:00:
         ee:cf:f2:76:ce:2a:ff:c2:b6:99:2b:4b:34:98:24:21:fe:76:
         13:c0:8c:4b:fa:5a:ad:d4:02:ca:87:f4:31:27:68:3d:e8:56:
         82:af:55:94:18:18:cd:86:83:3b:9f:ad:9a:cb:80:06:1e:bb:
         e2:04:7b:b1:2c:03:48:44:40:e0:cb:a1:76:07:d0:46:39:f5:
         9d:8a:58:40:a4:5d:1a:75:b9:bd:4b:d9:89:2d:26:f0:3b:89:
         6a:e7:f1:a0:79:7b:82:a7:b9:ef:88:e7:f5:2c:1c:99:40:06:
         18:a7:36:f7:ce:08:8b:34:25:5e:ca:f1:4c:23:00:b1:ee:34:
         bd:4e:d8:6f:cf:19:85:8d:f7:78:d3:d1:2f:ca:a3:61:e0:db:
         bd:67:98:0a:8f:2a:59:c3:ba:ac:ce:62:c5:8b:7a:48:2e:6b:
         79:d1:4f:90:e8:bf:bf:9e:59:2f:9c:57:16:b5:da:39:e4:3f:
         d3:76:69:59:be:d7:ae:31:11:5a:da:5d:9d:9a:fb:ba:14:b5:
         46:68:13:fd:6c:db:dc:ad:a8:4e:cc:da:7f:8a:72:94:9d:1f:
         31:65:30:74:95:51:53:dc:0a:80:60:fa:c7:c6:75:a6:c0:20:
         80:73:eb:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8U/ApuR4MhRU4qH8Aw/kp2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZjQ1NGVjZmM5NjgyODYyYTdiNWRiZTRmM2I5YjBlZmM0
YzU3ZGMwHhcNMjQwNDI1MTEyMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjc3NzFkZDQ3OWQ1ZWI3NjBkYjQzMTIyMzM4ZTU1N2Q3OGRiMmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1hTAjyAEoLFy6pF/CuC9iclaBaB
aKfNeBGDPAEY03NcJeWuIYJXtXjOyfxVSNLbwDXJw1OjgvMmx9bhGn1UrwFyjq+S
5bCIrGTYltyf4Tur08kWHy+hfvvSYMqvGze/7QnMMYiR+chFF/Fh9LbVqqb5LI0q
zmRAgkOpjaXs75qTGWLGS/RzAVL9l/tdqRvTJgWxrgsbu07g4RmuETzI0yZzJeZ4
51zjIpgOXzLgn3QdVpmWoOlwfPVqslHueqJOklfO2S2KwKrzCfJ6iwQ1O+aRTEo2
CnwhfCgmxAV3AtC/Ow5Un8Z+c45S2QkXKGRweE+YYAGlVzM7x4Fbo9ohjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCZ3cd1HnV63YNtDEiM45VfXjbLOMB8GA1UdIwQY
MBaAFK/0VOz8loKGKntdvk87mw78TFfcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcl9SVTdQeVdnb1lxZTEyLVR6dWJEdnhNVjl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy8xM2E0MzItOWRiNi00MzFmLWEyNGMt
MWYzMjM2MzdjYzQ4LzEvSm5keDNVZWRYcmRnMjBNU0l6amxWOWVOc3M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy8xM2E0MzItOWRiNi00MzFmLWEyNGMtMWYzMjM2MzdjYzQ4
LzEvcl9SVTdQeVdnb1lxZTEyLVR6dWJEdnhNVjl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4DAMA0G
CSqGSIb3DQEBCwUAA4IBAQAiudRUtYjruPur5dHiqLi3kgDuz/J2zir/wraZK0s0
mCQh/nYTwIxL+lqt1ALKh/QxJ2g96FaCr1WUGBjNhoM7n62ay4AGHrviBHuxLANI
REDgy6F2B9BGOfWdilhApF0adbm9S9mJLSbwO4lq5/GgeXuCp7nviOf1LByZQAYY
pzb3zgiLNCVeyvFMIwCx7jS9TthvzxmFjfd409EvyqNh4Nu9Z5gKjypZw7qszmLF
i3pILmt50U+Q6L+/nlkvnFcWtdo55D/TdmlZvteuMRFa2l2dmvu6FLVGaBP9bNvc
rahOzNp/inKUnR8xZTB0lVFT3AqAYPrHxnWmwCCAc+u5
-----END CERTIFICATE-----