Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/dB15gn34j7VVhHLm3kFays5Bt3k.roa
File:                     dB15gn34j7VVhHLm3kFays5Bt3k.roa (raw, json)
Hash identifier:          aX+Wak3xDIsK6DcPK3DzZw1DOnc56eHd21GGdPR2B6Y=
Subject key identifier:   74:1D:79:82:7D:F8:8F:B5:55:84:72:E6:DE:41:5A:CA:CE:41:B7:79
Certificate issuer:       /CN=468b592f3110bc6c35249a8271a0dac1a9acb0ce
Certificate serial:       018D3CB8F8E0D7BB8158AD8B38146904D116
Authority key identifier: 46:8B:59:2F:31:10:BC:6C:35:24:9A:82:71:A0:DA:C1:A9:AC:B0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/dB15gn34j7VVhHLm3kFays5Bt3k.roa
Signing time:             Wed 24 Jan 2024 18:26:11 +0000
ROA not before:           Wed 24 Jan 2024 18:26:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35478
IP address blocks:        194.26.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3c:b8:f8:e0:d7:bb:81:58:ad:8b:38:14:69:04:d1:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=468b592f3110bc6c35249a8271a0dac1a9acb0ce
        Validity
            Not Before: Jan 24 18:26:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=741d79827df88fb5558472e6de415acace41b779
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:a5:47:84:10:a7:5e:aa:fb:50:ac:92:8c:ee:
                    e5:a1:8a:f5:fc:26:29:6f:8d:af:10:de:0a:95:84:
                    3a:0a:e0:1d:a3:ac:84:bd:82:16:41:df:19:5f:9d:
                    d5:53:2b:a7:f1:08:d5:c3:f1:e8:37:10:7d:d4:26:
                    8f:2e:f7:10:51:ce:b7:de:fa:00:35:47:86:f3:53:
                    19:6f:58:0d:92:2e:4e:eb:10:cd:29:5e:c9:03:24:
                    dc:24:2b:f5:4c:20:23:cc:ee:3e:f5:5c:dd:ff:da:
                    16:10:c0:64:f5:26:0e:20:3b:73:15:55:b7:49:d7:
                    be:c8:5f:86:2f:3b:d9:03:29:f6:6a:8d:06:bb:e7:
                    ef:98:76:38:8d:1c:a7:bf:c5:55:c5:b1:43:0c:2a:
                    a1:3f:45:82:e2:29:80:f4:46:de:fc:65:7a:03:49:
                    c1:22:d0:0e:01:cf:1b:a7:4c:f7:b3:32:05:52:c9:
                    59:f5:64:c6:50:d4:04:93:3d:8f:4b:ce:b1:ac:4c:
                    30:27:ef:16:58:04:71:22:5c:5d:48:57:f5:90:1e:
                    f1:b8:ec:1e:c6:84:84:db:94:2c:00:f4:97:6d:f2:
                    58:52:12:51:fd:43:51:3f:7b:ae:ab:1c:8e:9f:83:
                    65:9c:d0:2e:9e:84:30:c1:b0:d0:e2:96:a8:02:21:
                    fc:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:1D:79:82:7D:F8:8F:B5:55:84:72:E6:DE:41:5A:CA:CE:41:B7:79
            X509v3 Authority Key Identifier:
                keyid:46:8B:59:2F:31:10:BC:6C:35:24:9A:82:71:A0:DA:C1:A9:AC:B0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/dB15gn34j7VVhHLm3kFays5Bt3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:4d:56:7c:47:f8:8e:65:1a:1a:62:40:de:c7:62:c1:91:88:
         21:bd:f4:ee:f4:e5:83:7e:5e:98:dd:8a:95:29:2a:1c:14:90:
         fd:37:48:d0:70:2b:aa:02:12:08:b0:18:40:2e:b1:c5:0e:f3:
         e3:84:29:ee:1d:49:1d:66:21:50:46:40:c1:d6:39:a2:e7:54:
         30:45:6c:0a:97:bb:07:81:34:5c:a6:8f:3c:de:2a:04:ea:f8:
         f9:a3:8f:34:64:54:8e:35:55:19:b8:3f:12:b5:a6:45:fe:fa:
         db:e2:9e:74:1f:09:4f:ac:6e:33:ac:b2:53:25:26:07:24:69:
         49:40:87:bb:61:7c:75:a1:6a:30:63:5c:35:f1:67:00:e6:3e:
         e2:f1:50:6b:d9:36:96:85:7d:ba:24:f5:05:51:57:4e:ec:2f:
         2f:ea:d7:8c:b5:45:55:29:2d:df:db:12:41:4f:e0:1b:6c:6c:
         88:67:1e:d7:2e:79:71:61:95:ba:70:b4:31:7e:14:13:35:78:
         ea:09:30:b6:a2:4e:fe:76:1d:19:fc:e5:5d:7a:e3:40:d9:0d:
         3e:86:14:9b:2e:3d:5a:e4:2e:ce:e2:11:d7:a8:10:07:a6:49:
         e8:ab:b5:b9:9b:b5:2b:07:56:ad:2d:31:c4:6d:e6:eb:d5:47:
         03:fd:43:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY08uPjg17uBWK2LOBRpBNEWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2OGI1OTJmMzExMGJjNmMzNTI0OWE4MjcxYTBkYWMxYTlh
Y2IwY2UwHhcNMjQwMTI0MTgyNjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDFkNzk4MjdkZjg4ZmI1NTU4NDcyZTZkZTQxNWFjYWNlNDFiNzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqVHhBCnXqr7UKySjO7loYr1/CYp
b42vEN4KlYQ6CuAdo6yEvYIWQd8ZX53VUyun8QjVw/HoNxB91CaPLvcQUc633voA
NUeG81MZb1gNki5O6xDNKV7JAyTcJCv1TCAjzO4+9Vzd/9oWEMBk9SYOIDtzFVW3
Sde+yF+GLzvZAyn2ao0Gu+fvmHY4jRynv8VVxbFDDCqhP0WC4imA9Ebe/GV6A0nB
ItAOAc8bp0z3szIFUslZ9WTGUNQEkz2PS86xrEwwJ+8WWARxIlxdSFf1kB7xuOwe
xoSE25QsAPSXbfJYUhJR/UNRP3uuqxyOn4NlnNAunoQwwbDQ4paoAiH8/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHQdeYJ9+I+1VYRy5t5BWsrOQbd5MB8GA1UdIwQY
MBaAFEaLWS8xELxsNSSagnGg2sGprLDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUm90Wkx6RVF2R3cxSkpxQ2NhRGF3YW1zc000LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yOWUxNjYtOThkMi00OWYyLTg0OTct
MDUwMzc0OWFkZWEwLzEvZEIxNWduMzRqN1ZWaEhMbTNrRmF5czVCdDNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yOWUxNjYtOThkMi00OWYyLTg0OTctMDUwMzc0OWFkZWEw
LzEvUm90Wkx6RVF2R3cxSkpxQ2NhRGF3YW1zc000LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhraMA0G
CSqGSIb3DQEBCwUAA4IBAQAnTVZ8R/iOZRoaYkDex2LBkYghvfTu9OWDfl6Y3YqV
KSocFJD9N0jQcCuqAhIIsBhALrHFDvPjhCnuHUkdZiFQRkDB1jmi51QwRWwKl7sH
gTRcpo883ioE6vj5o480ZFSONVUZuD8StaZF/vrb4p50HwlPrG4zrLJTJSYHJGlJ
QIe7YXx1oWowY1w18WcA5j7i8VBr2TaWhX26JPUFUVdO7C8v6teMtUVVKS3f2xJB
T+AbbGyIZx7XLnlxYZW6cLQxfhQTNXjqCTC2ok7+dh0Z/OVdeuNA2Q0+hhSbLj1a
5C7O4hHXqBAHpknoq7W5m7UrB1atLTHEbebr1UcD/UOc
-----END CERTIFICATE-----