Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/4c3160-de12-4929-a483-7c65a852f092/1/BwGEnByIcUDYRHtgGja43TkOh6g.roa
File:                     BwGEnByIcUDYRHtgGja43TkOh6g.roa (raw, json)
Hash identifier:          dpNH2Ng1onvbCFMc6oAkQOX6YSRmeR1TbKHxNwNmY2U=
Subject key identifier:   07:01:84:9C:1C:88:71:40:D8:44:7B:60:1A:36:B8:DD:39:0E:87:A8
Certificate issuer:       /CN=d38cd9440552e7dab9cd5631d4ab872451535b7a
Certificate serial:       019256F6D1A66496C9F54E8988D908671674
Authority key identifier: D3:8C:D9:44:05:52:E7:DA:B9:CD:56:31:D4:AB:87:24:51:53:5B:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/04zZRAVS59q5zVYx1KuHJFFTW3o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/4c3160-de12-4929-a483-7c65a852f092/1/BwGEnByIcUDYRHtgGja43TkOh6g.roa
Signing time:             Fri 04 Oct 2024 09:57:48 +0000
ROA not before:           Fri 04 Oct 2024 09:57:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        95.128.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/4c3160-de12-4929-a483-7c65a852f092/1/04zZRAVS59q5zVYx1KuHJFFTW3o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/4c3160-de12-4929-a483-7c65a852f092/1/04zZRAVS59q5zVYx1KuHJFFTW3o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/04zZRAVS59q5zVYx1KuHJFFTW3o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:56:f6:d1:a6:64:96:c9:f5:4e:89:88:d9:08:67:16:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d38cd9440552e7dab9cd5631d4ab872451535b7a
        Validity
            Not Before: Oct  4 09:57:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0701849c1c887140d8447b601a36b8dd390e87a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:6f:62:19:84:cf:7a:8a:4b:cf:51:51:cb:f8:
                    37:ae:8f:f7:7a:ac:3b:ef:1d:af:84:e5:eb:a5:35:
                    e7:f5:ef:b1:c9:8b:77:3b:90:02:0e:14:0d:bd:a2:
                    ac:93:df:19:36:f7:77:ec:3e:4a:f3:80:3f:04:83:
                    5c:6b:43:0f:7d:3e:8b:38:1b:62:5d:ca:5e:cf:4e:
                    99:95:4a:d0:7f:33:ff:14:66:8c:07:5c:b4:cb:fc:
                    38:5e:e4:6a:0d:3f:c2:c3:59:92:f9:07:72:04:72:
                    95:17:c1:bb:47:e0:2f:07:a1:b8:89:fb:4a:92:fb:
                    df:f3:55:2d:6a:1d:df:f6:f0:96:c2:48:71:3f:83:
                    94:1d:4b:88:d2:79:be:97:e5:84:53:c2:f7:ae:24:
                    5e:d2:c2:89:10:af:6f:be:70:8a:f7:73:ef:7f:a7:
                    c0:cd:84:60:8f:2b:4f:33:c7:55:d3:86:9a:f0:0f:
                    6b:1c:73:d8:c3:ac:a3:0e:0b:fa:ce:7b:7f:77:43:
                    d8:47:86:da:ff:c7:ae:58:ed:60:55:7b:1b:2d:35:
                    d6:92:08:6b:49:85:92:2f:a0:1f:39:0e:87:53:ad:
                    ea:b4:d3:83:b6:d8:a7:19:70:99:c5:a6:b1:b5:c0:
                    70:e4:12:ae:06:32:f7:c7:7b:2d:cb:a7:24:0e:ea:
                    0a:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:01:84:9C:1C:88:71:40:D8:44:7B:60:1A:36:B8:DD:39:0E:87:A8
            X509v3 Authority Key Identifier:
                keyid:D3:8C:D9:44:05:52:E7:DA:B9:CD:56:31:D4:AB:87:24:51:53:5B:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/04zZRAVS59q5zVYx1KuHJFFTW3o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/4c3160-de12-4929-a483-7c65a852f092/1/BwGEnByIcUDYRHtgGja43TkOh6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/4c3160-de12-4929-a483-7c65a852f092/1/04zZRAVS59q5zVYx1KuHJFFTW3o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:14:a7:78:2d:6b:a3:b6:27:4e:fc:f7:03:d8:e0:30:51:b6:
         4f:a8:0a:e7:ec:cc:4b:0b:b9:85:b1:8c:0a:54:09:9a:10:55:
         6f:79:71:15:39:72:02:3f:d3:34:5b:63:a2:cf:88:b8:f9:98:
         0b:8b:b4:0f:7b:dd:11:51:b0:6c:cc:ae:08:ba:03:11:b7:45:
         be:ae:e0:95:01:3d:69:61:37:04:d6:f3:7a:69:5e:01:0c:51:
         af:0a:76:22:f0:e4:9e:ec:3b:3b:1d:62:ab:e3:e1:c8:83:fc:
         b2:de:4e:c8:b4:01:9e:c6:41:09:51:6a:c3:c8:d6:a5:47:19:
         e7:ce:d9:64:6b:85:00:43:16:d4:0f:30:ec:66:f4:57:78:20:
         b7:e2:a5:9f:3e:88:41:85:c9:90:e5:c5:5d:62:51:17:05:fd:
         79:87:95:9a:0f:06:22:cb:57:48:88:b6:bb:8c:fa:d7:93:26:
         3e:f0:33:71:93:02:c7:c5:ac:8b:01:7c:7f:b5:4d:b2:e1:d9:
         bf:c8:c6:c8:f7:0f:43:05:c9:b0:d1:c9:1c:e2:e6:10:7f:84:
         b1:3e:cc:47:72:7a:99:6d:a8:7e:b0:38:12:85:74:a0:2d:91:
         f6:f9:03:c1:23:37:a2:92:7d:12:78:ed:c0:f3:12:db:3d:77:
         90:9b:c8:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJW9tGmZJbJ9U6JiNkIZxZ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzOGNkOTQ0MDU1MmU3ZGFiOWNkNTYzMWQ0YWI4NzI0NTE1
MzViN2EwHhcNMjQxMDA0MDk1NzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzAxODQ5YzFjODg3MTQwZDg0NDdiNjAxYTM2YjhkZDM5MGU4N2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4G9iGYTPeopLz1FRy/g3ro/3eqw7
7x2vhOXrpTXn9e+xyYt3O5ACDhQNvaKsk98ZNvd37D5K84A/BINca0MPfT6LOBti
Xcpez06ZlUrQfzP/FGaMB1y0y/w4XuRqDT/Cw1mS+QdyBHKVF8G7R+AvB6G4iftK
kvvf81Utah3f9vCWwkhxP4OUHUuI0nm+l+WEU8L3riRe0sKJEK9vvnCK93Pvf6fA
zYRgjytPM8dV04aa8A9rHHPYw6yjDgv6znt/d0PYR4ba/8euWO1gVXsbLTXWkghr
SYWSL6AfOQ6HU63qtNODttinGXCZxaaxtcBw5BKuBjL3x3sty6ckDuoKTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAcBhJwciHFA2ER7YBo2uN05DoeoMB8GA1UdIwQY
MBaAFNOM2UQFUufauc1WMdSrhyRRU1t6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDR6WlJBVlM1OXE1elZZeDFLdUhKRkZUVzNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi80YzMxNjAtZGUxMi00OTI5LWE0ODMt
N2M2NWE4NTJmMDkyLzEvQndHRW5CeUljVURZUkh0Z0dqYTQzVGtPaDZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi80YzMxNjAtZGUxMi00OTI5LWE0ODMtN2M2NWE4NTJmMDky
LzEvMDR6WlJBVlM1OXE1elZZeDFLdUhKRkZUVzNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4CcMA0G
CSqGSIb3DQEBCwUAA4IBAQBOFKd4LWujtidO/PcD2OAwUbZPqArn7MxLC7mFsYwK
VAmaEFVveXEVOXICP9M0W2Oiz4i4+ZgLi7QPe90RUbBszK4IugMRt0W+ruCVAT1p
YTcE1vN6aV4BDFGvCnYi8OSe7Ds7HWKr4+HIg/yy3k7ItAGexkEJUWrDyNalRxnn
ztlka4UAQxbUDzDsZvRXeCC34qWfPohBhcmQ5cVdYlEXBf15h5WaDwYiy1dIiLa7
jPrXkyY+8DNxkwLHxayLAXx/tU2y4dm/yMbI9w9DBcmw0ckc4uYQf4SxPsxHcnqZ
bah+sDgShXSgLZH2+QPBIzeikn0SeO3A8xLbPXeQm8hp
-----END CERTIFICATE-----