Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/13b4bc-197e-40a6-b845-9ecd8cc50a88/1/v-AG8DzoSZiJbaevsQxhz5cbOJM.roa
File:                     v-AG8DzoSZiJbaevsQxhz5cbOJM.roa (raw, json)
Hash identifier:          c38LxLUUVGG1Dgno303ACX5T4i5TNl+xah7ZBLDNwpk=
Subject key identifier:   BF:E0:06:F0:3C:E8:49:98:89:6D:A7:AF:B1:0C:61:CF:97:1B:38:93
Certificate issuer:       /CN=2791a7b8ee8440522b0b5530c85dce1d73f967b7
Certificate serial:       0190641A88F2C9AF82D5E2DA45DFC88BB81D
Authority key identifier: 27:91:A7:B8:EE:84:40:52:2B:0B:55:30:C8:5D:CE:1D:73:F9:67:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J5GnuO6EQFIrC1UwyF3OHXP5Z7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/13b4bc-197e-40a6-b845-9ecd8cc50a88/1/v-AG8DzoSZiJbaevsQxhz5cbOJM.roa
Signing time:             Sat 29 Jun 2024 13:06:18 +0000
ROA not before:           Sat 29 Jun 2024 13:06:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202391
IP address blocks:        95.128.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/13b4bc-197e-40a6-b845-9ecd8cc50a88/1/J5GnuO6EQFIrC1UwyF3OHXP5Z7c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/13b4bc-197e-40a6-b845-9ecd8cc50a88/1/J5GnuO6EQFIrC1UwyF3OHXP5Z7c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J5GnuO6EQFIrC1UwyF3OHXP5Z7c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Jul 2024 20:47:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:64:1a:88:f2:c9:af:82:d5:e2:da:45:df:c8:8b:b8:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2791a7b8ee8440522b0b5530c85dce1d73f967b7
        Validity
            Not Before: Jun 29 13:06:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfe006f03ce84998896da7afb10c61cf971b3893
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:81:d8:bd:be:be:65:d1:3d:3e:7c:4e:03:2d:
                    8b:a7:cf:43:c6:48:9b:a6:d8:25:93:9b:15:a7:f5:
                    8c:f0:74:6e:76:ce:1f:1b:1c:1b:77:11:30:11:32:
                    08:6c:a7:47:53:6c:51:61:5f:49:8a:26:11:3d:83:
                    8f:aa:70:ac:af:82:56:cb:36:84:ed:ce:45:2a:39:
                    53:0d:bc:79:0f:34:17:40:76:f1:92:09:f9:dd:4b:
                    a4:bc:35:94:91:be:3d:59:de:df:79:68:7f:d2:bf:
                    d4:bd:47:0a:d7:71:3f:15:a2:9d:79:a7:05:81:a7:
                    66:d7:06:6d:bb:92:88:b7:81:ae:25:d4:e2:da:5d:
                    e7:6a:df:9e:af:12:1e:59:19:58:a8:a2:1b:ec:4c:
                    fe:46:86:47:8f:c8:16:a8:c3:aa:26:b6:24:1c:6c:
                    52:a9:f0:3c:9a:94:11:f4:87:99:99:99:67:e5:82:
                    92:8c:50:e6:0a:4d:ca:f7:4e:f4:d6:83:ff:79:81:
                    2d:c1:21:02:71:bc:2d:c5:b2:33:81:dc:be:14:57:
                    29:e6:7e:a6:df:ce:c2:cd:ed:2a:d1:aa:20:54:74:
                    40:e6:11:bd:78:8e:f3:1c:b4:f3:51:43:36:cb:4d:
                    88:88:08:00:34:fc:5f:fd:02:10:24:f0:ba:25:69:
                    da:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:E0:06:F0:3C:E8:49:98:89:6D:A7:AF:B1:0C:61:CF:97:1B:38:93
            X509v3 Authority Key Identifier:
                keyid:27:91:A7:B8:EE:84:40:52:2B:0B:55:30:C8:5D:CE:1D:73:F9:67:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5GnuO6EQFIrC1UwyF3OHXP5Z7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/13b4bc-197e-40a6-b845-9ecd8cc50a88/1/v-AG8DzoSZiJbaevsQxhz5cbOJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/13b4bc-197e-40a6-b845-9ecd8cc50a88/1/J5GnuO6EQFIrC1UwyF3OHXP5Z7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:3f:69:30:33:35:b9:89:41:06:ea:a2:36:00:1f:20:7c:10:
         73:ff:d1:ae:89:09:d2:7d:6c:f6:c5:60:31:22:9d:1c:3b:3d:
         38:12:b3:e3:af:cb:c0:02:7d:9b:a8:c5:f1:e0:68:10:92:ea:
         c0:b1:d3:81:b8:73:ec:76:10:7c:34:67:ca:77:bf:bf:a3:2b:
         09:17:61:13:9f:4f:30:24:39:f5:a5:a7:31:43:99:3a:b1:a8:
         36:89:3a:9c:8d:33:d7:1b:60:c5:07:0a:ca:c3:6c:4d:9d:6a:
         42:80:95:fb:73:39:42:11:21:d6:3c:be:52:e2:f4:3d:50:dc:
         f8:34:ce:34:64:2d:f0:d7:6a:cd:7f:86:9b:7d:9a:23:1e:5c:
         74:d7:a2:4c:46:4b:05:99:fe:5a:fa:31:a2:13:a3:64:f1:e1:
         13:c4:d2:ef:2b:7e:7c:ee:99:af:43:cc:a3:7d:be:b7:05:71:
         89:5a:2d:a6:3b:3e:47:01:fb:3a:ec:b6:13:82:87:e6:46:43:
         50:87:88:64:b6:b9:37:1b:17:12:04:83:57:74:27:1d:5f:5f:
         c5:55:56:a7:6a:d3:31:bf:b9:bf:6e:06:2c:d3:d5:97:b9:f5:
         10:8b:2c:aa:ff:df:ae:6f:8c:59:e0:c7:c8:b0:91:79:bc:2b:
         4f:41:7b:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBkGojyya+C1eLaRd/Ii7gdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OTFhN2I4ZWU4NDQwNTIyYjBiNTUzMGM4NWRjZTFkNzNm
OTY3YjcwHhcNMjQwNjI5MTMwNjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmUwMDZmMDNjZTg0OTk4ODk2ZGE3YWZiMTBjNjFjZjk3MWIzODkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIHYvb6+ZdE9PnxOAy2Lp89Dxkib
ptglk5sVp/WM8HRuds4fGxwbdxEwETIIbKdHU2xRYV9JiiYRPYOPqnCsr4JWyzaE
7c5FKjlTDbx5DzQXQHbxkgn53UukvDWUkb49Wd7feWh/0r/UvUcK13E/FaKdeacF
gadm1wZtu5KIt4GuJdTi2l3nat+erxIeWRlYqKIb7Ez+RoZHj8gWqMOqJrYkHGxS
qfA8mpQR9IeZmZln5YKSjFDmCk3K90701oP/eYEtwSECcbwtxbIzgdy+FFcp5n6m
387Cze0q0aogVHRA5hG9eI7zHLTzUUM2y02IiAgANPxf/QIQJPC6JWnazQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL/gBvA86EmYiW2nr7EMYc+XGziTMB8GA1UdIwQY
MBaAFCeRp7juhEBSKwtVMMhdzh1z+We3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVHbnVPNkVRRklyQzFVd3lGM09IWFA1WjdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8xM2I0YmMtMTk3ZS00MGE2LWI4NDUt
OWVjZDhjYzUwYTg4LzEvdi1BRzhEem9TWmlKYmFldnNReGh6NWNiT0pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8xM2I0YmMtMTk3ZS00MGE2LWI4NDUtOWVjZDhjYzUwYTg4
LzEvSjVHbnVPNkVRRklyQzFVd3lGM09IWFA1WjdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4DEMA0G
CSqGSIb3DQEBCwUAA4IBAQAdP2kwMzW5iUEG6qI2AB8gfBBz/9GuiQnSfWz2xWAx
Ip0cOz04ErPjr8vAAn2bqMXx4GgQkurAsdOBuHPsdhB8NGfKd7+/oysJF2ETn08w
JDn1pacxQ5k6sag2iTqcjTPXG2DFBwrKw2xNnWpCgJX7czlCESHWPL5S4vQ9UNz4
NM40ZC3w12rNf4abfZojHlx016JMRksFmf5a+jGiE6Nk8eETxNLvK3587pmvQ8yj
fb63BXGJWi2mOz5HAfs67LYTgofmRkNQh4hktrk3GxcSBINXdCcdX1/FVVanatMx
v7m/bgYs09WXufUQiyyq/9+ub4xZ4MfIsJF5vCtPQXsB
-----END CERTIFICATE-----