Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/sxg6VG3fdX60i8fagXcDs1e6AA4.roa
File:                     sxg6VG3fdX60i8fagXcDs1e6AA4.roa (raw, json)
Hash identifier:          0SADIXyCeZm7tJ51Yv80vbXKlCzTPiZB9dLgnsZReeU=
Subject key identifier:   B3:18:3A:54:6D:DF:75:7E:B4:8B:C7:DA:81:77:03:B3:57:BA:00:0E
Certificate issuer:       /CN=9374b853dfd9973f2cd994b2e3b75461d9a3fc44
Certificate serial:       018D3092EE1CD8548E863EC6B9E8D27C96FE
Authority key identifier: 93:74:B8:53:DF:D9:97:3F:2C:D9:94:B2:E3:B7:54:61:D9:A3:FC:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/sxg6VG3fdX60i8fagXcDs1e6AA4.roa
Signing time:             Mon 22 Jan 2024 09:49:11 +0000
ROA not before:           Mon 22 Jan 2024 09:49:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213296
IP address blocks:        95.128.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 22:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:30:92:ee:1c:d8:54:8e:86:3e:c6:b9:e8:d2:7c:96:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9374b853dfd9973f2cd994b2e3b75461d9a3fc44
        Validity
            Not Before: Jan 22 09:49:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3183a546ddf757eb48bc7da817703b357ba000e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ea:f3:6b:fc:7e:63:9c:d7:eb:7d:a1:87:12:
                    65:ef:70:dd:5e:60:99:78:91:2e:bc:59:27:22:cb:
                    8a:ce:50:1b:25:8c:19:66:9b:c3:d8:67:36:6f:69:
                    1d:4c:b6:12:5b:85:95:0e:2c:c9:55:2c:b8:f9:b4:
                    2d:7d:d2:2f:8a:1c:cf:49:55:f7:56:09:1e:f3:73:
                    38:93:4e:1d:4b:e8:c4:73:f9:70:dd:d5:7e:e0:f9:
                    e3:44:23:6a:56:23:ce:42:0b:16:2e:e2:95:4f:c3:
                    0e:2c:7c:91:73:64:15:96:e6:72:bb:8d:ff:54:df:
                    4e:cb:a5:d9:58:3c:26:e5:63:67:97:09:f0:ba:57:
                    b9:c5:33:fa:96:69:ef:bd:14:77:06:7b:f2:b6:bc:
                    9c:34:31:bb:09:b5:f9:4a:11:19:ca:bf:78:c6:41:
                    9f:7f:f6:b0:f7:df:98:2f:f0:9c:0a:63:7b:d2:f4:
                    8a:87:77:6d:fc:d7:d6:f0:b4:13:66:f4:89:80:2a:
                    30:03:f7:a3:1e:ee:13:43:ee:31:60:68:97:86:fe:
                    a3:27:0d:1e:f3:da:1b:38:9a:41:e7:97:49:56:f3:
                    50:21:15:f9:75:65:ab:9c:93:f2:81:50:5f:98:b3:
                    28:77:66:fa:96:0e:fd:62:7b:4a:8a:2d:ad:a2:55:
                    8c:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:18:3A:54:6D:DF:75:7E:B4:8B:C7:DA:81:77:03:B3:57:BA:00:0E
            X509v3 Authority Key Identifier:
                keyid:93:74:B8:53:DF:D9:97:3F:2C:D9:94:B2:E3:B7:54:61:D9:A3:FC:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/sxg6VG3fdX60i8fagXcDs1e6AA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:aa:ac:12:9b:38:59:c6:21:ec:d9:65:7d:f7:23:4c:ab:c4:
         df:64:4c:34:8e:9c:73:55:99:ed:75:a9:c4:82:94:8c:53:5d:
         33:cb:ca:5c:fc:66:42:3b:ac:c4:e1:de:3c:5c:25:b8:af:5d:
         de:98:ae:02:ce:63:fe:6d:74:49:5f:89:54:3b:6c:6b:22:d9:
         f6:8e:d5:cd:89:06:cd:e9:8a:64:68:b7:50:e0:c4:bf:f7:24:
         47:5c:34:8a:2c:b1:ad:cd:19:b7:9b:ea:16:28:3c:7d:4f:2e:
         be:43:ba:7b:22:78:e2:77:aa:09:41:36:30:a7:88:16:ca:06:
         8c:6a:49:0c:5a:7d:4d:79:4b:95:c3:07:07:57:f9:8e:7c:bd:
         da:69:dd:09:fe:cd:ca:9f:0d:2a:a6:47:d9:bc:29:6c:f9:17:
         83:eb:e0:1e:21:2a:38:f0:5e:9f:ca:41:98:23:d2:d0:4f:0c:
         c1:b6:d0:a1:69:99:68:9d:db:be:a2:1d:77:5c:2b:4b:da:ba:
         77:e6:9d:d0:6f:ac:40:f4:0d:59:98:22:56:5f:eb:6f:71:de:
         67:30:43:29:75:68:5a:5d:bd:11:29:c4:97:57:87:5f:0e:eb:
         c0:56:11:a3:18:ed:77:9e:b4:d3:f0:41:fe:a0:72:87:a9:6e:
         58:60:e0:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0wku4c2FSOhj7GuejSfJb+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNzRiODUzZGZkOTk3M2YyY2Q5OTRiMmUzYjc1NDYxZDlh
M2ZjNDQwHhcNMjQwMTIyMDk0OTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzE4M2E1NDZkZGY3NTdlYjQ4YmM3ZGE4MTc3MDNiMzU3YmEwMDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+rza/x+Y5zX632hhxJl73DdXmCZ
eJEuvFknIsuKzlAbJYwZZpvD2Gc2b2kdTLYSW4WVDizJVSy4+bQtfdIvihzPSVX3
Vgke83M4k04dS+jEc/lw3dV+4PnjRCNqViPOQgsWLuKVT8MOLHyRc2QVluZyu43/
VN9Oy6XZWDwm5WNnlwnwule5xTP6lmnvvRR3BnvytrycNDG7CbX5ShEZyr94xkGf
f/aw99+YL/CcCmN70vSKh3dt/NfW8LQTZvSJgCowA/ejHu4TQ+4xYGiXhv6jJw0e
89obOJpB55dJVvNQIRX5dWWrnJPygVBfmLMod2b6lg79YntKii2tolWMVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLMYOlRt33V+tIvH2oF3A7NXugAOMB8GA1UdIwQY
MBaAFJN0uFPf2Zc/LNmUsuO3VGHZo/xEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazNTNFU5X1psejhzMlpTeTQ3ZFVZZG1qX0VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9iYTdiMzMtNWNkOC00MDRmLWJmZmQt
NjViY2M4Y2VmZGQyLzEvc3hnNlZHM2ZkWDYwaThmYWdYY0RzMWU2QUE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9iYTdiMzMtNWNkOC00MDRmLWJmZmQtNjViY2M4Y2VmZGQy
LzEvazNTNFU5X1psejhzMlpTeTQ3ZFVZZG1qX0VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4DGMA0G
CSqGSIb3DQEBCwUAA4IBAQCXqqwSmzhZxiHs2WV99yNMq8TfZEw0jpxzVZntdanE
gpSMU10zy8pc/GZCO6zE4d48XCW4r13emK4CzmP+bXRJX4lUO2xrItn2jtXNiQbN
6YpkaLdQ4MS/9yRHXDSKLLGtzRm3m+oWKDx9Ty6+Q7p7Injid6oJQTYwp4gWygaM
akkMWn1NeUuVwwcHV/mOfL3aad0J/s3Knw0qpkfZvCls+ReD6+AeISo48F6fykGY
I9LQTwzBttChaZlondu+oh13XCtL2rp35p3Qb6xA9A1ZmCJWX+tvcd5nMEMpdWha
Xb0RKcSXV4dfDuvAVhGjGO13nrTT8EH+oHKHqW5YYODq
-----END CERTIFICATE-----