Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/cca6c4-ec70-4405-a6a8-6eaa59b0d750/1/rJ7ieapwwEO6FuuF0qvsSKa_xnQ.roa
File:                     rJ7ieapwwEO6FuuF0qvsSKa_xnQ.roa (raw, json)
Hash identifier:          1kGCF9sUS3SEK68xCHWHfBoOiDJL1G6KN3ztxaqO3Ck=
Subject key identifier:   AC:9E:E2:79:AA:70:C0:43:BA:16:EB:85:D2:AB:EC:48:A6:BF:C6:74
Certificate issuer:       /CN=e8464c8c167dd2c87aa3d88acbfae4c233ff77b0
Certificate serial:       018CC4935C39136C2DC6483014AE21582EC5
Authority key identifier: E8:46:4C:8C:16:7D:D2:C8:7A:A3:D8:8A:CB:FA:E4:C2:33:FF:77:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6EZMjBZ90sh6o9iKy_rkwjP_d7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/cca6c4-ec70-4405-a6a8-6eaa59b0d750/1/rJ7ieapwwEO6FuuF0qvsSKa_xnQ.roa
Signing time:             Mon 01 Jan 2024 10:30:40 +0000
ROA not before:           Mon 01 Jan 2024 10:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20886
IP address blocks:        194.55.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/cca6c4-ec70-4405-a6a8-6eaa59b0d750/1/6EZMjBZ90sh6o9iKy_rkwjP_d7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/cca6c4-ec70-4405-a6a8-6eaa59b0d750/1/6EZMjBZ90sh6o9iKy_rkwjP_d7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6EZMjBZ90sh6o9iKy_rkwjP_d7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:03:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:5c:39:13:6c:2d:c6:48:30:14:ae:21:58:2e:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8464c8c167dd2c87aa3d88acbfae4c233ff77b0
        Validity
            Not Before: Jan  1 10:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac9ee279aa70c043ba16eb85d2abec48a6bfc674
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:8e:9f:55:9d:a6:4c:2d:29:1d:98:3b:2d:e8:
                    50:8b:70:54:d0:a2:98:09:5f:7b:6f:4e:26:16:06:
                    68:9c:54:4a:af:21:f8:ec:3b:cb:d5:37:c1:2c:67:
                    4e:17:f2:85:dd:f4:be:8f:dc:63:af:86:27:23:08:
                    18:0e:b1:fe:46:a6:f5:7f:96:35:24:e7:eb:5c:f9:
                    b0:82:1c:f9:1c:00:58:f2:7a:19:65:af:76:bd:2d:
                    85:0e:df:5d:37:4d:01:c3:91:c3:7e:91:ec:2b:34:
                    a8:71:e3:56:05:d0:b8:58:ab:59:80:f5:1c:83:c9:
                    3f:7d:41:6f:5c:0a:35:69:28:e9:e1:0a:aa:22:11:
                    51:e9:bc:f4:4f:4d:43:5a:38:55:a9:56:88:5b:61:
                    8d:64:b1:61:a3:3f:4e:0a:f3:c2:c5:13:08:5b:04:
                    3f:dc:18:24:6a:55:18:51:23:02:15:12:8b:99:ab:
                    e2:a3:c6:fd:eb:5b:a0:d4:60:fd:b2:a6:b5:24:4f:
                    fb:3e:9b:e9:5f:cf:88:44:a2:f4:b6:2c:d2:5a:89:
                    c2:fc:77:fa:f6:38:24:44:c9:f5:2a:c5:cc:ad:c8:
                    25:e2:37:82:5a:65:c9:8a:54:ce:c0:13:23:81:22:
                    ff:7b:ab:87:70:5f:8a:0d:13:0a:89:1d:1d:7b:b0:
                    25:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:9E:E2:79:AA:70:C0:43:BA:16:EB:85:D2:AB:EC:48:A6:BF:C6:74
            X509v3 Authority Key Identifier:
                keyid:E8:46:4C:8C:16:7D:D2:C8:7A:A3:D8:8A:CB:FA:E4:C2:33:FF:77:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6EZMjBZ90sh6o9iKy_rkwjP_d7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/cca6c4-ec70-4405-a6a8-6eaa59b0d750/1/rJ7ieapwwEO6FuuF0qvsSKa_xnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/cca6c4-ec70-4405-a6a8-6eaa59b0d750/1/6EZMjBZ90sh6o9iKy_rkwjP_d7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.55.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:29:11:3a:dd:b9:90:73:98:c5:f7:14:ac:22:b2:a8:8a:55:
         ea:4f:4e:b4:40:09:a4:3a:2f:ed:db:fe:78:6f:b7:c5:ea:56:
         06:07:ce:2d:7d:e0:55:00:28:27:f4:e4:46:e8:af:86:d2:9c:
         27:16:02:ed:43:18:eb:51:27:b2:2a:d6:aa:ae:77:c0:cd:d9:
         2d:98:15:87:fd:b6:ff:47:d3:3f:09:fa:1d:18:42:70:7f:c0:
         b4:a0:3f:75:34:15:0b:f5:e9:db:0c:af:9e:12:b6:05:c1:10:
         1b:ee:23:c4:13:87:e0:d3:bb:73:9a:4c:66:03:2f:be:d5:18:
         4d:b5:e7:16:0c:16:65:00:80:1a:c7:89:9f:f5:a5:8b:83:99:
         9a:e0:c8:d1:b2:6e:6e:76:f2:39:18:c1:0d:11:07:6a:7b:b8:
         0f:2b:67:44:55:a7:cc:73:da:cf:3e:d3:5c:02:2e:e7:3e:60:
         fd:a1:75:c2:b2:08:13:39:63:49:62:fd:9c:74:f1:98:77:b0:
         48:b9:37:d2:64:35:99:07:ee:2d:35:90:5e:44:ed:96:13:40:
         88:1c:62:7a:ef:7c:6d:91:9d:bb:54:e0:cb:e2:f7:fa:57:94:
         65:8c:9e:f9:3b:88:49:4d:6a:f1:ad:61:13:c3:9c:1c:ac:84:
         79:f4:e0:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk1w5E2wtxkgwFK4hWC7FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NDY0YzhjMTY3ZGQyYzg3YWEzZDg4YWNiZmFlNGMyMzNm
Zjc3YjAwHhcNMjQwMTAxMTAzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzllZTI3OWFhNzBjMDQzYmExNmViODVkMmFiZWM0OGE2YmZjNjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk46fVZ2mTC0pHZg7LehQi3BU0KKY
CV97b04mFgZonFRKryH47DvL1TfBLGdOF/KF3fS+j9xjr4YnIwgYDrH+Rqb1f5Y1
JOfrXPmwghz5HABY8noZZa92vS2FDt9dN00Bw5HDfpHsKzSoceNWBdC4WKtZgPUc
g8k/fUFvXAo1aSjp4QqqIhFR6bz0T01DWjhVqVaIW2GNZLFhoz9OCvPCxRMIWwQ/
3BgkalUYUSMCFRKLmavio8b961ug1GD9sqa1JE/7PpvpX8+IRKL0tizSWonC/Hf6
9jgkRMn1KsXMrcgl4jeCWmXJilTOwBMjgSL/e6uHcF+KDRMKiR0de7AlUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKye4nmqcMBDuhbrhdKr7Eimv8Z0MB8GA1UdIwQY
MBaAFOhGTIwWfdLIeqPYisv65MIz/3ewMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkVaTWpCWjkwc2g2bzlpS3lfcmt3alBfZDdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9jY2E2YzQtZWM3MC00NDA1LWE2YTgt
NmVhYTU5YjBkNzUwLzEvcko3aWVhcHd3RU82RnV1RjBxdnNTS2FfeG5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9jY2E2YzQtZWM3MC00NDA1LWE2YTgtNmVhYTU5YjBkNzUw
LzEvNkVaTWpCWjkwc2g2bzlpS3lfcmt3alBfZDdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjcaMA0G
CSqGSIb3DQEBCwUAA4IBAQBKKRE63bmQc5jF9xSsIrKoilXqT060QAmkOi/t2/54
b7fF6lYGB84tfeBVACgn9ORG6K+G0pwnFgLtQxjrUSeyKtaqrnfAzdktmBWH/bb/
R9M/CfodGEJwf8C0oD91NBUL9enbDK+eErYFwRAb7iPEE4fg07tzmkxmAy++1RhN
tecWDBZlAIAax4mf9aWLg5ma4MjRsm5udvI5GMENEQdqe7gPK2dEVafMc9rPPtNc
Ai7nPmD9oXXCsggTOWNJYv2cdPGYd7BIuTfSZDWZB+4tNZBeRO2WE0CIHGJ673xt
kZ27VODL4vf6V5RljJ75O4hJTWrxrWETw5wcrIR59OC8
-----END CERTIFICATE-----