Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/TRsIDyV2p5FYlR4S-DKoRIEynVE.roa
File:                     TRsIDyV2p5FYlR4S-DKoRIEynVE.roa (raw, json)
Hash identifier:          H9kbK/17uqfxxO6wYtGMh+lyg9cRk0JOxdJ3pawXKlU=
Subject key identifier:   4D:1B:08:0F:25:76:A7:91:58:95:1E:12:F8:32:A8:44:81:32:9D:51
Certificate issuer:       /CN=f0c104041691dc384f3b1a8cdf95c96628ea6daf
Certificate serial:       01921D6EB9A4DCAD950D71577885507E8AFD
Authority key identifier: F0:C1:04:04:16:91:DC:38:4F:3B:1A:8C:DF:95:C9:66:28:EA:6D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/TRsIDyV2p5FYlR4S-DKoRIEynVE.roa
Signing time:             Mon 23 Sep 2024 05:50:48 +0000
ROA not before:           Mon 23 Sep 2024 05:50:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214526
IP address blocks:        95.38.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/8MEEBBaR3DhPOxqM35XJZijqba8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/8MEEBBaR3DhPOxqM35XJZijqba8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:1d:6e:b9:a4:dc:ad:95:0d:71:57:78:85:50:7e:8a:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0c104041691dc384f3b1a8cdf95c96628ea6daf
        Validity
            Not Before: Sep 23 05:50:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d1b080f2576a79158951e12f832a84481329d51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ef:5d:32:98:2a:66:9c:76:43:eb:e9:c9:e3:
                    7b:2e:43:b5:5e:ab:72:da:13:3d:5c:f3:50:de:84:
                    10:32:4f:2b:8c:bc:72:ce:b5:be:0b:1a:d2:17:55:
                    7c:6c:0a:81:f8:fe:b1:f9:6d:66:84:b3:03:5e:2c:
                    10:09:d5:5c:8d:41:8a:47:b1:f0:8c:8b:24:11:94:
                    ea:c4:ba:72:1f:79:8a:c6:aa:10:30:d9:76:52:d0:
                    7f:72:17:b9:66:69:32:2c:12:e6:11:63:a5:d6:0f:
                    49:64:ac:e5:df:d6:d3:9c:40:a6:7e:11:2f:ac:13:
                    5d:12:a2:d0:a4:5d:a6:e9:47:ee:a5:a3:48:47:05:
                    26:ae:b2:f9:61:31:ed:b2:66:63:f1:18:8d:35:4b:
                    24:30:67:1f:4a:20:21:b4:d3:6d:54:cd:c8:ef:30:
                    bd:48:4f:a5:4e:cb:7f:73:4b:51:df:64:0c:b6:19:
                    01:d0:87:eb:7d:e8:9d:d0:45:a2:d2:01:8a:69:98:
                    64:bd:c8:e4:e7:4a:9a:85:3e:7c:ba:70:8a:7b:c3:
                    81:19:79:3c:a9:13:68:dc:25:d3:5c:ca:77:eb:51:
                    11:af:21:9b:a3:5b:15:5c:7d:79:21:76:f5:bf:6a:
                    13:08:56:54:27:4b:e7:01:6c:3c:37:f2:87:3c:a5:
                    8f:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:1B:08:0F:25:76:A7:91:58:95:1E:12:F8:32:A8:44:81:32:9D:51
            X509v3 Authority Key Identifier:
                keyid:F0:C1:04:04:16:91:DC:38:4F:3B:1A:8C:DF:95:C9:66:28:EA:6D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/TRsIDyV2p5FYlR4S-DKoRIEynVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/8MEEBBaR3DhPOxqM35XJZijqba8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.38.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:1c:1b:c3:7c:63:8f:97:73:19:4d:02:90:24:1f:2a:e2:2d:
         cc:cf:b5:c9:e6:9b:d4:ea:9a:ca:9f:b4:31:fb:64:db:5b:59:
         cf:ca:f9:0b:b4:4a:a6:12:a0:a2:a7:54:e2:05:c0:fe:d5:0e:
         d9:78:75:12:85:5e:5e:8a:ef:de:2c:e9:8f:79:69:f3:98:f0:
         ed:f5:e7:8d:9e:06:d8:87:7e:47:9b:c9:4b:8c:35:e6:05:4e:
         8f:8a:9c:74:62:f1:ce:97:bd:47:53:29:03:ac:37:50:b7:c9:
         31:59:eb:ce:7e:97:97:93:2b:71:da:a2:a4:cd:89:be:d9:32:
         3e:46:af:ad:e3:fb:86:7b:b0:d1:a3:d4:8d:65:d4:d7:c7:da:
         04:b6:96:0c:cb:34:81:95:e8:9d:0a:74:39:11:28:05:e8:74:
         aa:19:3a:6d:12:2b:e5:1c:5d:c8:ab:72:96:10:05:e0:17:c6:
         40:79:c3:86:70:a1:d1:ff:39:bc:7d:8f:32:19:d4:76:43:04:
         ef:6c:8c:28:be:74:5b:e0:42:12:ed:dd:f0:98:ce:4c:8d:6d:
         d5:f8:e0:ae:e8:29:1a:5f:a3:8f:a3:15:7b:b1:a2:23:a9:a8:
         ba:6f:68:c2:0b:f3:86:41:59:e5:85:48:a2:35:e1:22:d8:43:
         c4:53:61:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIdbrmk3K2VDXFXeIVQfor9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwYzEwNDA0MTY5MWRjMzg0ZjNiMWE4Y2RmOTVjOTY2Mjhl
YTZkYWYwHhcNMjQwOTIzMDU1MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDFiMDgwZjI1NzZhNzkxNTg5NTFlMTJmODMyYTg0NDgxMzI5ZDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxu9dMpgqZpx2Q+vpyeN7LkO1Xqty
2hM9XPNQ3oQQMk8rjLxyzrW+CxrSF1V8bAqB+P6x+W1mhLMDXiwQCdVcjUGKR7Hw
jIskEZTqxLpyH3mKxqoQMNl2UtB/che5ZmkyLBLmEWOl1g9JZKzl39bTnECmfhEv
rBNdEqLQpF2m6UfupaNIRwUmrrL5YTHtsmZj8RiNNUskMGcfSiAhtNNtVM3I7zC9
SE+lTst/c0tR32QMthkB0Ifrfeid0EWi0gGKaZhkvcjk50qahT58unCKe8OBGXk8
qRNo3CXTXMp361ERryGbo1sVXH15IXb1v2oTCFZUJ0vnAWw8N/KHPKWPywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE0bCA8ldqeRWJUeEvgyqESBMp1RMB8GA1UdIwQY
MBaAFPDBBAQWkdw4TzsajN+VyWYo6m2vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE1FRUJCYVIzRGhQT3hxTTM1WEpaaWpxYmE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS83ODljYWYtYzhkMi00MTllLWFlMDQt
NjkxNDIyMzExNzI5LzEvVFJzSUR5VjJwNUZZbFI0Uy1ES29SSUV5blZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS83ODljYWYtYzhkMi00MTllLWFlMDQtNjkxNDIyMzExNzI5
LzEvOE1FRUJCYVIzRGhQT3hxTTM1WEpaaWpxYmE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXyYmMA0G
CSqGSIb3DQEBCwUAA4IBAQBdHBvDfGOPl3MZTQKQJB8q4i3Mz7XJ5pvU6prKn7Qx
+2TbW1nPyvkLtEqmEqCip1TiBcD+1Q7ZeHUShV5eiu/eLOmPeWnzmPDt9eeNngbY
h35Hm8lLjDXmBU6Pipx0YvHOl71HUykDrDdQt8kxWevOfpeXkytx2qKkzYm+2TI+
Rq+t4/uGe7DRo9SNZdTXx9oEtpYMyzSBleidCnQ5ESgF6HSqGTptEivlHF3Iq3KW
EAXgF8ZAecOGcKHR/zm8fY8yGdR2QwTvbIwovnRb4EIS7d3wmM5MjW3V+OCu6Cka
X6OPoxV7saIjqai6b2jCC/OGQVnlhUiiNeEi2EPEU2GH
-----END CERTIFICATE-----