Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/IL5hmBxogeO6FNrzFXZoZ3qPWPU.roa
File:                     IL5hmBxogeO6FNrzFXZoZ3qPWPU.roa (raw, json)
Hash identifier:          9NyAT3h4VCQq5bpZw9s6BqCgoRVigXuhpVQaKCnnR2Q=
Subject key identifier:   20:BE:61:98:1C:68:81:E3:BA:14:DA:F3:15:76:68:67:7A:8F:58:F5
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       01900107D0DFF993EF49F54EBEB9C4B27D6B
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/IL5hmBxogeO6FNrzFXZoZ3qPWPU.roa
Signing time:             Mon 10 Jun 2024 07:23:27 +0000
ROA not before:           Mon 10 Jun 2024 07:23:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59210
IP address blocks:        195.128.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:01:07:d0:df:f9:93:ef:49:f5:4e:be:b9:c4:b2:7d:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Jun 10 07:23:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20be61981c6881e3ba14daf3157668677a8f58f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:13:11:b4:d0:ae:a0:a1:7c:57:95:01:3f:94:
                    9a:5d:6e:71:3c:76:2d:6f:be:6c:ed:ae:b5:34:d7:
                    64:4d:1e:05:21:a2:b9:8c:40:72:40:7f:c8:80:fa:
                    ea:03:a0:95:d1:e5:93:1e:c1:16:1b:03:76:c2:4a:
                    0a:6a:30:fa:12:cd:cb:ec:b0:ae:26:78:5c:ca:0b:
                    2b:3e:0a:f1:05:68:8f:e8:79:e3:3e:06:e7:5b:65:
                    47:d2:03:f9:9f:00:b8:88:1d:e3:03:a3:d6:05:6d:
                    a3:0a:de:88:e2:13:54:7a:fe:80:a1:fc:c6:1f:6a:
                    8f:34:91:92:53:5e:8b:eb:61:15:1e:ba:9f:00:c1:
                    93:4e:a5:62:59:cc:9f:a4:f3:9f:32:f2:f8:54:dd:
                    83:3c:a9:cf:97:4e:96:e2:21:32:6b:80:13:7e:48:
                    a2:d2:6a:b6:70:2a:38:38:16:65:05:bc:0a:c1:1d:
                    b0:e8:db:d9:61:92:3a:6d:94:3a:47:32:59:1f:5f:
                    4d:17:fd:09:92:47:ba:aa:63:99:4e:4a:39:74:58:
                    75:f3:38:5b:a1:b9:c6:f7:75:ac:67:44:49:61:4b:
                    f2:7a:f8:72:a1:d8:9d:cc:ef:e7:5d:87:88:2d:83:
                    c3:34:5f:0a:3d:58:e7:27:bd:64:9f:ef:1d:94:ef:
                    87:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:BE:61:98:1C:68:81:E3:BA:14:DA:F3:15:76:68:67:7A:8F:58:F5
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/IL5hmBxogeO6FNrzFXZoZ3qPWPU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.128.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:fa:3e:35:0b:4f:c4:b5:9f:57:67:1e:d2:26:c8:9d:e3:e2:
         54:73:8e:a5:aa:45:fd:1d:d7:00:53:88:18:c9:48:a1:2b:75:
         cf:de:70:64:e2:b4:ee:01:6c:43:b6:25:51:ee:c1:d1:f8:58:
         3e:9f:80:b5:0e:93:4b:0c:62:08:5e:7c:3c:70:46:ec:80:1a:
         4f:8f:5c:4a:59:91:39:5b:28:2d:c5:a1:67:84:e2:91:5d:7e:
         46:c0:ff:bb:2f:87:97:2f:14:4f:8c:e2:03:89:12:db:f8:33:
         31:b2:bd:7e:44:6c:79:e3:ad:e8:24:3d:de:56:d6:44:02:a2:
         d8:c5:42:55:2a:fb:a3:17:54:9c:2e:22:13:ac:1c:b8:bc:a7:
         b8:5f:67:ef:e9:96:3c:3f:87:cb:3b:0d:a4:32:b7:29:04:ba:
         f1:a4:8e:3e:53:f1:41:a2:3d:01:89:f3:d7:8b:be:55:9c:99:
         21:c8:69:24:69:0b:d4:87:8a:79:21:72:e5:13:4b:df:6f:c3:
         8c:b0:bf:51:92:0f:47:92:26:b5:04:12:92:ce:01:6f:37:3d:
         72:bd:ee:c5:9c:cd:51:31:47:ad:a5:35:bc:c7:fa:9a:a5:f6:
         30:fa:43:41:ae:eb:53:67:bc:3d:d9:c7:91:90:1d:6a:37:39:
         3e:5d:5e:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZABB9Df+ZPvSfVOvrnEsn1rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjQwNjEwMDcyMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGJlNjE5ODFjNjg4MWUzYmExNGRhZjMxNTc2Njg2NzdhOGY1OGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkRMRtNCuoKF8V5UBP5SaXW5xPHYt
b75s7a61NNdkTR4FIaK5jEByQH/IgPrqA6CV0eWTHsEWGwN2wkoKajD6Es3L7LCu
JnhcygsrPgrxBWiP6HnjPgbnW2VH0gP5nwC4iB3jA6PWBW2jCt6I4hNUev6AofzG
H2qPNJGSU16L62EVHrqfAMGTTqViWcyfpPOfMvL4VN2DPKnPl06W4iEya4ATfkii
0mq2cCo4OBZlBbwKwR2w6NvZYZI6bZQ6RzJZH19NF/0Jkke6qmOZTko5dFh18zhb
obnG93WsZ0RJYUvyevhyodidzO/nXYeILYPDNF8KPVjnJ71kn+8dlO+HJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCC+YZgcaIHjuhTa8xV2aGd6j1j1MB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvSUw1aG1CeG9nZU82Rk5yekZYWm9aM3FQV1BVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4CIMA0G
CSqGSIb3DQEBCwUAA4IBAQCT+j41C0/EtZ9XZx7SJsid4+JUc46lqkX9HdcAU4gY
yUihK3XP3nBk4rTuAWxDtiVR7sHR+Fg+n4C1DpNLDGIIXnw8cEbsgBpPj1xKWZE5
WygtxaFnhOKRXX5GwP+7L4eXLxRPjOIDiRLb+DMxsr1+RGx5463oJD3eVtZEAqLY
xUJVKvujF1ScLiITrBy4vKe4X2fv6ZY8P4fLOw2kMrcpBLrxpI4+U/FBoj0BifPX
i75VnJkhyGkkaQvUh4p5IXLlE0vfb8OMsL9Rkg9Hkia1BBKSzgFvNz1yve7FnM1R
MUetpTW8x/qapfYw+kNBrutTZ7w92ceRkB1qNzk+XV7o
-----END CERTIFICATE-----