Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/ytTGjQCxlOvw2ybz0p7ec9Xg674.roa
File:                     ytTGjQCxlOvw2ybz0p7ec9Xg674.roa (raw, json)
Hash identifier:          aOhsaFnJS5KABW5cAOZEuJeNf7l9bdFKHIxLDGsoV08=
Subject key identifier:   CA:D4:C6:8D:00:B1:94:EB:F0:DB:26:F3:D2:9E:DE:73:D5:E0:EB:BE
Certificate issuer:       /CN=9374b853dfd9973f2cd994b2e3b75461d9a3fc44
Certificate serial:       0190B1BDF462F07B4DA6A7AEABF9B8F2297F
Authority key identifier: 93:74:B8:53:DF:D9:97:3F:2C:D9:94:B2:E3:B7:54:61:D9:A3:FC:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/ytTGjQCxlOvw2ybz0p7ec9Xg674.roa
Signing time:             Sun 14 Jul 2024 14:55:34 +0000
ROA not before:           Sun 14 Jul 2024 14:55:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201150
IP address blocks:        95.128.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:b1:bd:f4:62:f0:7b:4d:a6:a7:ae:ab:f9:b8:f2:29:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9374b853dfd9973f2cd994b2e3b75461d9a3fc44
        Validity
            Not Before: Jul 14 14:55:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cad4c68d00b194ebf0db26f3d29ede73d5e0ebbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:f2:5b:9e:6e:ae:07:16:19:38:c1:a4:86:29:
                    c3:f9:56:44:b7:bd:3f:f6:f6:27:e3:a5:28:7b:d6:
                    af:54:c6:6f:7d:1d:56:db:ca:e2:29:6d:67:4a:20:
                    c1:87:19:b7:6e:a0:46:53:bf:3f:3a:fb:68:40:ea:
                    4c:16:bc:48:31:7d:1a:d1:ad:6f:24:d4:35:e3:08:
                    e6:86:3b:a4:65:e3:96:0b:45:68:f9:ca:30:02:ca:
                    e9:12:24:9b:3e:b2:3e:23:74:03:6e:fc:2b:86:8b:
                    8f:95:5e:d2:18:37:7b:23:74:c0:2b:59:72:8b:a9:
                    66:b7:a1:19:ec:14:02:70:1a:c6:42:83:c9:c6:1b:
                    9e:4a:ac:42:cf:56:d6:63:7d:e8:54:7a:e2:4b:ef:
                    16:ad:ff:02:9a:1d:18:d5:68:bc:51:3e:a4:35:5a:
                    dd:74:7c:df:a5:13:34:d3:47:9d:80:c7:6c:92:20:
                    a6:ac:fd:03:49:8f:f2:0a:86:60:f7:21:ca:ae:7d:
                    f2:6f:8b:e2:3e:3c:af:b9:39:38:0c:41:e5:bb:d5:
                    c6:21:df:93:b9:02:3d:34:33:de:ef:0c:10:68:c5:
                    f9:1c:38:35:e4:97:21:69:a3:55:a6:d2:66:28:32:
                    26:80:51:35:db:bd:1c:6e:69:9a:ba:3a:74:f4:3e:
                    b8:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:D4:C6:8D:00:B1:94:EB:F0:DB:26:F3:D2:9E:DE:73:D5:E0:EB:BE
            X509v3 Authority Key Identifier:
                keyid:93:74:B8:53:DF:D9:97:3F:2C:D9:94:B2:E3:B7:54:61:D9:A3:FC:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/ytTGjQCxlOvw2ybz0p7ec9Xg674.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:c3:e7:1f:a3:4b:f0:fd:c5:18:49:9f:17:c4:8b:27:bb:44:
         bd:28:82:66:cc:64:1c:15:2f:08:94:cc:c8:b4:b8:cc:7a:fb:
         7b:f8:31:c6:45:e3:ce:86:a6:d0:83:26:b1:ee:72:34:ba:71:
         5b:18:e3:82:9d:bb:68:b2:0c:45:9d:0b:19:0c:bf:73:f4:cf:
         c6:f0:9a:fa:3d:aa:83:70:0b:08:b2:cd:64:88:e6:65:80:23:
         28:88:86:23:dd:f0:fd:f1:4f:53:c5:5e:ef:d5:83:ab:ea:7c:
         40:c0:32:b0:8b:c1:33:dc:6b:49:02:d2:4f:ea:c1:f0:75:cc:
         f1:0a:7a:e8:db:06:57:50:30:09:15:be:4f:18:07:f3:28:17:
         c8:4b:a5:8a:48:58:da:e8:b1:c2:d7:ae:d7:8f:ca:eb:f6:c0:
         02:49:2d:51:73:32:9e:00:6f:a1:a8:94:15:ab:c9:0b:0a:6b:
         6c:9b:83:24:74:a9:9d:91:11:07:b5:c6:e0:2f:c6:f0:0c:e3:
         f8:c0:5d:b5:22:f5:af:8f:18:9b:a3:3f:1c:1a:89:6a:06:5d:
         28:23:65:34:a6:9c:30:a7:2b:a2:18:e8:17:a7:c9:10:9e:55:
         56:ab:69:1c:38:8c:29:3a:d7:c2:65:af:28:ed:35:c0:ed:18:
         b1:48:30:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCxvfRi8HtNpqeuq/m48il/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNzRiODUzZGZkOTk3M2YyY2Q5OTRiMmUzYjc1NDYxZDlh
M2ZjNDQwHhcNMjQwNzE0MTQ1NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWQ0YzY4ZDAwYjE5NGViZjBkYjI2ZjNkMjllZGU3M2Q1ZTBlYmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2vJbnm6uBxYZOMGkhinD+VZEt70/
9vYn46Uoe9avVMZvfR1W28riKW1nSiDBhxm3bqBGU78/OvtoQOpMFrxIMX0a0a1v
JNQ14wjmhjukZeOWC0Vo+cowAsrpEiSbPrI+I3QDbvwrhouPlV7SGDd7I3TAK1ly
i6lmt6EZ7BQCcBrGQoPJxhueSqxCz1bWY33oVHriS+8Wrf8Cmh0Y1Wi8UT6kNVrd
dHzfpRM000edgMdskiCmrP0DSY/yCoZg9yHKrn3yb4viPjyvuTk4DEHlu9XGId+T
uQI9NDPe7wwQaMX5HDg15JchaaNVptJmKDImgFE1270cbmmaujp09D64JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMrUxo0AsZTr8Nsm89Ke3nPV4Ou+MB8GA1UdIwQY
MBaAFJN0uFPf2Zc/LNmUsuO3VGHZo/xEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazNTNFU5X1psejhzMlpTeTQ3ZFVZZG1qX0VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9iYTdiMzMtNWNkOC00MDRmLWJmZmQt
NjViY2M4Y2VmZGQyLzEveXRUR2pRQ3hsT3Z3MnliejBwN2VjOVhnNjc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9iYTdiMzMtNWNkOC00MDRmLWJmZmQtNjViY2M4Y2VmZGQy
LzEvazNTNFU5X1psejhzMlpTeTQ3ZFVZZG1qX0VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4DGMA0G
CSqGSIb3DQEBCwUAA4IBAQChw+cfo0vw/cUYSZ8XxIsnu0S9KIJmzGQcFS8IlMzI
tLjMevt7+DHGRePOhqbQgyax7nI0unFbGOOCnbtosgxFnQsZDL9z9M/G8Jr6PaqD
cAsIss1kiOZlgCMoiIYj3fD98U9TxV7v1YOr6nxAwDKwi8Ez3GtJAtJP6sHwdczx
Cnro2wZXUDAJFb5PGAfzKBfIS6WKSFja6LHC167Xj8rr9sACSS1RczKeAG+hqJQV
q8kLCmtsm4MkdKmdkREHtcbgL8bwDOP4wF21IvWvjxiboz8cGolqBl0oI2U0ppww
pyuiGOgXp8kQnlVWq2kcOIwpOtfCZa8o7TXA7RixSDD/
-----END CERTIFICATE-----