Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/78fea9-efac-4983-ac2b-df45054dd934/1/Cszu9YwOA2k29SdB4TKWnltcP8c.roa
File:                     Cszu9YwOA2k29SdB4TKWnltcP8c.roa (raw, json)
Hash identifier:          QxzW9Z6K7yz49mSQYfp5LimBgxsKWqxFHyCeIDC9XzM=
Subject key identifier:   0A:CC:EE:F5:8C:0E:03:69:36:F5:27:41:E1:32:96:9E:5B:5C:3F:C7
Certificate issuer:       /CN=3bd543d0465ea2f6feb828f18504b03f403ac669
Certificate serial:       018CC726F255BE47672010BC62607CF0F0B7
Authority key identifier: 3B:D5:43:D0:46:5E:A2:F6:FE:B8:28:F1:85:04:B0:3F:40:3A:C6:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O9VD0EZeovb-uCjxhQSwP0A6xmk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/78fea9-efac-4983-ac2b-df45054dd934/1/Cszu9YwOA2k29SdB4TKWnltcP8c.roa
Signing time:             Mon 01 Jan 2024 22:31:07 +0000
ROA not before:           Mon 01 Jan 2024 22:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57395
IP address blocks:        194.26.16.0/24 maxlen: 24
                          2a11:9400::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/78fea9-efac-4983-ac2b-df45054dd934/1/O9VD0EZeovb-uCjxhQSwP0A6xmk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/78fea9-efac-4983-ac2b-df45054dd934/1/O9VD0EZeovb-uCjxhQSwP0A6xmk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O9VD0EZeovb-uCjxhQSwP0A6xmk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 16:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:f2:55:be:47:67:20:10:bc:62:60:7c:f0:f0:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bd543d0465ea2f6feb828f18504b03f403ac669
        Validity
            Not Before: Jan  1 22:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0acceef58c0e036936f52741e132969e5b5c3fc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:37:5f:8e:a7:9c:05:92:b7:45:10:e4:6c:90:
                    9f:2e:60:02:ad:6c:15:19:e1:a3:49:5f:c3:5e:3a:
                    97:52:ca:f3:73:ba:71:85:c8:94:dc:7a:0f:7c:b3:
                    e5:85:5e:eb:9b:28:5c:33:c7:6c:27:a8:f7:ef:07:
                    26:4d:0a:9b:c9:a6:a6:6f:49:2b:dd:e3:a0:5e:6e:
                    00:18:cf:15:7f:86:04:1d:bd:c9:9d:c5:f6:df:f0:
                    1c:2d:7c:81:ce:fc:fa:2f:6e:ce:ec:89:fe:b5:48:
                    5e:4f:ba:43:c0:10:34:a8:85:8c:80:71:04:15:b7:
                    2e:c3:33:26:4d:82:2b:ad:0a:0c:53:2a:05:b1:5c:
                    70:ba:b6:d9:0c:c1:f1:9e:fb:85:96:2e:c0:27:36:
                    ce:78:1b:0c:68:ee:70:99:de:9b:13:e6:e6:41:32:
                    04:07:8e:90:06:46:7e:29:b5:bf:96:6a:cb:30:1a:
                    aa:3d:1a:4a:39:ee:4b:60:21:0d:9e:2a:38:87:55:
                    8f:85:8a:61:26:9f:46:c1:24:4f:0a:59:1d:6d:aa:
                    32:99:50:2c:a6:39:a4:03:4e:6b:9b:bc:df:6a:76:
                    14:96:9c:87:3f:02:de:1c:07:04:d8:e3:8d:9a:05:
                    81:ba:29:c6:86:12:91:d2:4a:24:53:ce:5e:39:75:
                    14:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:CC:EE:F5:8C:0E:03:69:36:F5:27:41:E1:32:96:9E:5B:5C:3F:C7
            X509v3 Authority Key Identifier:
                keyid:3B:D5:43:D0:46:5E:A2:F6:FE:B8:28:F1:85:04:B0:3F:40:3A:C6:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O9VD0EZeovb-uCjxhQSwP0A6xmk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/78fea9-efac-4983-ac2b-df45054dd934/1/Cszu9YwOA2k29SdB4TKWnltcP8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/78fea9-efac-4983-ac2b-df45054dd934/1/O9VD0EZeovb-uCjxhQSwP0A6xmk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.16.0/24
                IPv6:
                  2a11:9400::/32

    Signature Algorithm: sha256WithRSAEncryption
         4e:83:1b:77:bc:cf:96:25:a8:21:e8:9e:4e:fd:1a:77:4c:00:
         e2:61:03:13:5a:63:ca:89:cd:53:e5:cc:37:00:76:c6:71:1f:
         b3:c5:3f:8e:b1:fb:25:6a:d6:6a:37:70:30:15:11:5c:ca:fe:
         b1:09:28:79:6c:16:d6:e7:fc:37:6e:cc:d3:1a:f0:f7:09:75:
         b7:47:c5:bf:78:c5:05:48:ff:69:49:20:b9:50:6e:b7:1f:7c:
         6a:98:cc:3a:a2:c4:01:d4:ee:e4:a1:68:4a:0a:a4:38:87:4e:
         c8:e8:5e:61:17:e2:2d:d6:a4:cc:28:d8:64:39:85:d2:a1:99:
         bf:e1:c1:8d:d7:48:4e:a6:04:b3:5d:97:8c:40:1b:89:ad:a5:
         9e:2b:f5:73:e9:f9:54:7b:4e:48:0f:b9:e4:fb:23:ea:af:b5:
         ad:85:34:c5:dd:d7:15:65:5b:8c:6c:80:1a:ab:93:f6:fc:e8:
         e1:e1:4a:b5:b7:3c:d4:22:d8:63:7f:3e:19:c0:bb:ba:cf:b6:
         af:55:83:78:0b:7c:f3:70:00:c8:9f:f8:26:84:78:14:f6:1c:
         3e:be:eb:80:81:b4:dd:9c:c6:da:4c:9a:c9:2b:58:ed:0c:2f:
         cc:74:b3:ee:3b:f6:12:58:d7:a2:c1:ce:d3:82:fb:da:a5:99:
         2c:6d:05:2d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJvJVvkdnIBC8YmB88PC3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZDU0M2QwNDY1ZWEyZjZmZWI4MjhmMTg1MDRiMDNmNDAz
YWM2NjkwHhcNMjQwMTAxMjIzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWNjZWVmNThjMGUwMzY5MzZmNTI3NDFlMTMyOTY5ZTViNWMzZmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDdfjqecBZK3RRDkbJCfLmACrWwV
GeGjSV/DXjqXUsrzc7pxhciU3HoPfLPlhV7rmyhcM8dsJ6j37wcmTQqbyaamb0kr
3eOgXm4AGM8Vf4YEHb3JncX23/AcLXyBzvz6L27O7In+tUheT7pDwBA0qIWMgHEE
FbcuwzMmTYIrrQoMUyoFsVxwurbZDMHxnvuFli7AJzbOeBsMaO5wmd6bE+bmQTIE
B46QBkZ+KbW/lmrLMBqqPRpKOe5LYCENnio4h1WPhYphJp9GwSRPClkdbaoymVAs
pjmkA05rm7zfanYUlpyHPwLeHAcE2OONmgWBuinGhhKR0kokU85eOXUUtwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFArM7vWMDgNpNvUnQeEylp5bXD/HMB8GA1UdIwQY
MBaAFDvVQ9BGXqL2/rgo8YUEsD9AOsZpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzlWRDBFWmVvdmItdUNqeGhRU3dQMEE2eG1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy83OGZlYTktZWZhYy00OTgzLWFjMmIt
ZGY0NTA1NGRkOTM0LzEvQ3N6dTlZd09BMmsyOVNkQjRUS1dubHRjUDhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy83OGZlYTktZWZhYy00OTgzLWFjMmItZGY0NTA1NGRkOTM0
LzEvTzlWRDBFWmVvdmItdUNqeGhRU3dQMEE2eG1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwhoQMA0E
AgACMAcDBQAqEZQAMA0GCSqGSIb3DQEBCwUAA4IBAQBOgxt3vM+WJagh6J5O/Rp3
TADiYQMTWmPKic1T5cw3AHbGcR+zxT+OsfslatZqN3AwFRFcyv6xCSh5bBbW5/w3
bszTGvD3CXW3R8W/eMUFSP9pSSC5UG63H3xqmMw6osQB1O7koWhKCqQ4h07I6F5h
F+It1qTMKNhkOYXSoZm/4cGN10hOpgSzXZeMQBuJraWeK/Vz6flUe05ID7nk+yPq
r7WthTTF3dcVZVuMbIAaq5P2/Ojh4Uq1tzzUIthjfz4ZwLu6z7avVYN4C3zzcADI
n/gmhHgU9hw+vuuAgbTdnMbaTJrJK1jtDC/MdLPuO/YSWNeiwc7TgvvapZksbQUt
-----END CERTIFICATE-----