Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/fe7296-ec8c-4163-a554-78c017762f9f/1/a7YB7BqRT3x_pM10h7O5WYRyGGQ.roa
File:                     a7YB7BqRT3x_pM10h7O5WYRyGGQ.roa (raw, json)
Hash identifier:          n9Mlqr7G0Sn5x2iQvYbQlAdC13UNclJCd+0k20elryw=
Subject key identifier:   6B:B6:01:EC:1A:91:4F:7C:7F:A4:CD:74:87:B3:B9:59:84:72:18:64
Certificate issuer:       /CN=28bbb54e37826c0390b04379279f8e06cff3a234
Certificate serial:       019329DCB36B64186DFA8BE0F53D04B49E33
Authority key identifier: 28:BB:B5:4E:37:82:6C:03:90:B0:43:79:27:9F:8E:06:CF:F3:A2:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KLu1TjeCbAOQsEN5J5-OBs_zojQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/fe7296-ec8c-4163-a554-78c017762f9f/1/a7YB7BqRT3x_pM10h7O5WYRyGGQ.roa
Signing time:             Thu 14 Nov 2024 08:49:09 +0000
ROA not before:           Thu 14 Nov 2024 08:49:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199536
IP address blocks:        95.131.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/fe7296-ec8c-4163-a554-78c017762f9f/1/KLu1TjeCbAOQsEN5J5-OBs_zojQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/fe7296-ec8c-4163-a554-78c017762f9f/1/KLu1TjeCbAOQsEN5J5-OBs_zojQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KLu1TjeCbAOQsEN5J5-OBs_zojQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:29:dc:b3:6b:64:18:6d:fa:8b:e0:f5:3d:04:b4:9e:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28bbb54e37826c0390b04379279f8e06cff3a234
        Validity
            Not Before: Nov 14 08:49:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6bb601ec1a914f7c7fa4cd7487b3b95984721864
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:95:bc:1b:e0:32:e9:9e:32:b5:bb:22:82:0d:
                    f2:fa:ef:a8:e2:52:28:06:73:68:e8:b2:36:1a:45:
                    cf:cb:b8:b9:5b:6b:ca:9b:40:92:56:2e:2e:5f:84:
                    65:ec:a3:ea:c6:4f:51:2b:ad:65:6a:4a:1e:f4:b1:
                    ae:5d:ca:f0:a5:12:3b:6d:a2:9b:8c:fc:f9:24:b4:
                    0c:c3:0b:3e:fc:5d:1d:47:f6:16:11:7c:06:20:d0:
                    a8:66:31:22:9d:67:7b:55:1e:77:46:af:ca:48:1c:
                    d7:67:9e:ce:95:1e:60:74:2f:43:e0:88:d0:89:c9:
                    82:d9:9c:5e:2c:97:79:3d:ba:94:10:9e:6e:57:32:
                    5c:04:5e:91:39:14:05:eb:c2:0b:31:4c:84:3d:e4:
                    5a:67:9d:0a:55:1c:eb:7e:5e:e9:cc:f2:69:77:10:
                    2f:82:a4:5d:27:07:49:eb:7d:7a:11:53:d9:74:b8:
                    21:68:fe:50:22:21:69:69:d8:7b:39:b6:08:b2:b6:
                    23:16:87:e8:17:28:2f:36:d7:f6:fb:65:c4:4a:2d:
                    e0:39:1b:ab:3a:a2:72:29:59:c9:db:00:b9:da:0f:
                    4a:6d:6f:c5:9a:5d:99:35:05:6a:2c:00:ee:bb:f4:
                    a3:7b:57:fa:f1:aa:3d:5b:b5:14:04:1e:07:d4:5c:
                    ec:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:B6:01:EC:1A:91:4F:7C:7F:A4:CD:74:87:B3:B9:59:84:72:18:64
            X509v3 Authority Key Identifier:
                keyid:28:BB:B5:4E:37:82:6C:03:90:B0:43:79:27:9F:8E:06:CF:F3:A2:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KLu1TjeCbAOQsEN5J5-OBs_zojQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/fe7296-ec8c-4163-a554-78c017762f9f/1/a7YB7BqRT3x_pM10h7O5WYRyGGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/fe7296-ec8c-4163-a554-78c017762f9f/1/KLu1TjeCbAOQsEN5J5-OBs_zojQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.131.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:b8:c2:32:35:31:09:db:80:8e:4f:ba:2d:87:89:2f:0f:66:
         99:c7:a8:57:48:b5:3b:c3:f9:d4:a2:c0:18:4d:1a:7d:c8:8a:
         81:0b:62:e3:c1:26:6e:19:36:87:f2:cd:7a:b9:55:c7:41:c0:
         7d:7c:1a:70:5c:ca:d4:3f:dd:21:64:cb:02:a8:0e:89:50:f8:
         b2:2f:6c:1b:21:73:a9:ec:9b:c2:bd:0c:02:a3:06:5d:ae:07:
         55:ca:4b:3e:c0:04:3e:3d:7f:81:1a:80:9f:a2:81:97:db:74:
         e3:8a:ff:26:60:51:7b:c2:40:2a:a5:4c:84:70:59:e1:e4:94:
         e3:e8:9c:d5:fe:6a:3b:0c:2f:64:b7:3e:2a:8e:8c:d8:9c:60:
         6f:d9:9d:99:11:57:17:4e:fe:07:ee:73:2e:93:ea:4c:9b:9a:
         e6:11:4c:a6:fe:24:b3:d8:58:07:01:33:38:ff:7f:9b:29:1a:
         bd:51:79:73:09:65:2e:07:39:56:98:c8:ac:f0:87:3b:0b:33:
         72:c5:fe:6a:9e:0b:85:7d:ff:20:43:99:73:a5:2a:ee:20:e3:
         39:b0:67:f3:ab:66:48:93:57:b2:90:6a:6e:fd:69:87:d1:1f:
         a3:3a:a3:ba:53:f3:ab:21:2f:6a:ae:b9:95:ae:e9:88:5d:a4:
         e9:8c:8e:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMp3LNrZBht+ovg9T0EtJ4zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4YmJiNTRlMzc4MjZjMDM5MGIwNDM3OTI3OWY4ZTA2Y2Zm
M2EyMzQwHhcNMjQxMTE0MDg0OTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmI2MDFlYzFhOTE0ZjdjN2ZhNGNkNzQ4N2IzYjk1OTg0NzIxODY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJW8G+Ay6Z4ytbsigg3y+u+o4lIo
BnNo6LI2GkXPy7i5W2vKm0CSVi4uX4Rl7KPqxk9RK61lakoe9LGuXcrwpRI7baKb
jPz5JLQMwws+/F0dR/YWEXwGINCoZjEinWd7VR53Rq/KSBzXZ57OlR5gdC9D4IjQ
icmC2ZxeLJd5PbqUEJ5uVzJcBF6RORQF68ILMUyEPeRaZ50KVRzrfl7pzPJpdxAv
gqRdJwdJ6316EVPZdLghaP5QIiFpadh7ObYIsrYjFofoFygvNtf2+2XESi3gORur
OqJyKVnJ2wC52g9KbW/Fml2ZNQVqLADuu/Sje1f68ao9W7UUBB4H1FzsFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGu2AewakU98f6TNdIezuVmEchhkMB8GA1UdIwQY
MBaAFCi7tU43gmwDkLBDeSefjgbP86I0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0x1MVRqZUNiQU9Rc0VONUo1LU9Cc196b2pRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9mZTcyOTYtZWM4Yy00MTYzLWE1NTQt
NzhjMDE3NzYyZjlmLzEvYTdZQjdCcVJUM3hfcE0xMGg3TzVXWVJ5R0dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9mZTcyOTYtZWM4Yy00MTYzLWE1NTQtNzhjMDE3NzYyZjlm
LzEvS0x1MVRqZUNiQU9Rc0VONUo1LU9Cc196b2pRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4POMA0G
CSqGSIb3DQEBCwUAA4IBAQB+uMIyNTEJ24COT7oth4kvD2aZx6hXSLU7w/nUosAY
TRp9yIqBC2LjwSZuGTaH8s16uVXHQcB9fBpwXMrUP90hZMsCqA6JUPiyL2wbIXOp
7JvCvQwCowZdrgdVyks+wAQ+PX+BGoCfooGX23Tjiv8mYFF7wkAqpUyEcFnh5JTj
6JzV/mo7DC9ktz4qjozYnGBv2Z2ZEVcXTv4H7nMuk+pMm5rmEUym/iSz2FgHATM4
/3+bKRq9UXlzCWUuBzlWmMis8Ic7CzNyxf5qnguFff8gQ5lzpSruIOM5sGfzq2ZI
k1eykGpu/WmH0R+jOqO6U/OrIS9qrrmVrumIXaTpjI6B
-----END CERTIFICATE-----