Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/bxdU_uzDBJATyFfztbCUSyqWvO8.roa
File:                     bxdU_uzDBJATyFfztbCUSyqWvO8.roa (raw, json)
Hash identifier:          VhOyCV/6+0T/h3pIfo2Y5CD+ZV79k+poCaJxtWVAJBo=
Subject key identifier:   6F:17:54:FE:EC:C3:04:90:13:C8:57:F3:B5:B0:94:4B:2A:96:BC:EF
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018E5179913C2E18072C82140EEA1E5CC5E8
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/bxdU_uzDBJATyFfztbCUSyqWvO8.roa
Signing time:             Mon 18 Mar 2024 12:11:45 +0000
ROA not before:           Mon 18 Mar 2024 12:11:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209043
IP address blocks:        91.92.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:51:79:91:3c:2e:18:07:2c:82:14:0e:ea:1e:5c:c5:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 18 12:11:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f1754feecc3049013c857f3b5b0944b2a96bcef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:e3:0d:18:a6:e8:32:fd:88:2b:ac:c6:71:c8:
                    22:5f:21:0e:ae:8d:47:c7:d1:f4:20:bd:71:4c:fe:
                    de:5f:7e:db:b4:a4:52:33:c6:85:31:c5:b8:31:68:
                    23:06:a7:2a:76:c4:32:78:ad:c1:22:f2:15:89:99:
                    dc:db:1c:50:5c:9d:83:be:82:90:69:0f:7f:f7:1d:
                    b4:e7:66:af:48:73:7d:79:68:43:ea:5a:38:5b:23:
                    e7:d6:ec:64:81:97:e8:00:80:93:14:d6:e3:d9:c9:
                    46:8a:ce:97:aa:10:68:48:f1:2f:04:ad:f7:46:c2:
                    6b:fa:ee:be:7e:41:5b:b1:f0:38:52:d1:39:24:82:
                    a0:c0:c4:71:47:79:ab:35:e9:c1:87:28:52:e4:2e:
                    24:3c:32:fd:0e:e6:75:84:87:0c:d0:3b:32:e9:3e:
                    6a:ff:00:2f:34:e7:cb:68:ce:c6:38:0b:52:e3:f4:
                    64:60:08:55:c3:3c:19:70:8a:a7:41:6f:d7:c2:08:
                    7c:c7:b7:bc:ae:ed:2b:8a:87:59:d2:5b:ff:33:0e:
                    f6:b4:f7:26:0c:9b:35:56:63:50:9e:48:76:cc:05:
                    65:0f:88:8d:ec:7b:bb:b4:95:36:37:65:d0:fa:45:
                    42:a1:46:df:5c:09:e2:8c:89:f7:7b:e7:45:79:f5:
                    64:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:17:54:FE:EC:C3:04:90:13:C8:57:F3:B5:B0:94:4B:2A:96:BC:EF
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/bxdU_uzDBJATyFfztbCUSyqWvO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.92.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:2c:2d:39:19:e8:ee:4d:7f:a3:28:34:c2:53:1b:c5:0a:e9:
         b6:d1:16:8d:76:ce:cc:17:0d:b1:47:ec:2b:95:8d:b5:48:f5:
         b5:df:0c:d0:d0:77:64:e2:26:17:bc:87:23:58:39:6f:4c:9c:
         67:4c:3e:ce:30:4d:63:e8:b6:a9:ba:04:7c:32:9e:73:a8:c4:
         20:1f:e1:1d:e8:3c:68:98:59:e4:ff:ed:d1:9f:de:ef:32:c0:
         73:10:97:a3:d5:03:d9:93:e4:96:dc:cb:29:e1:16:e8:2f:00:
         5a:3b:eb:08:a1:76:d0:13:82:6c:cf:0b:6a:b9:6a:2f:00:5b:
         9d:52:aa:64:19:d5:36:aa:ff:8b:84:96:95:cc:f7:12:da:57:
         12:66:c1:22:0c:93:8a:22:55:79:13:cb:9c:66:c5:9a:07:bf:
         6b:4d:2b:b0:ea:d3:e7:fd:46:1f:a8:f9:6a:fb:45:fe:2d:d8:
         d7:b6:58:72:cf:85:9f:96:6d:a8:90:bd:f0:1b:7f:32:8a:40:
         ad:df:d9:4a:96:62:13:26:a1:41:cf:32:fd:ad:9e:00:9c:2d:
         d9:3e:4d:fe:07:40:19:ee:17:a3:a8:cf:aa:f6:ec:77:13:aa:
         d1:5d:48:26:04:6e:5b:73:4e:56:60:63:2f:48:69:22:fb:aa:
         2a:6e:6c:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5ReZE8LhgHLIIUDuoeXMXoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMzE4MTIxMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjE3NTRmZWVjYzMwNDkwMTNjODU3ZjNiNWIwOTQ0YjJhOTZiY2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgOMNGKboMv2IK6zGccgiXyEOro1H
x9H0IL1xTP7eX37btKRSM8aFMcW4MWgjBqcqdsQyeK3BIvIViZnc2xxQXJ2DvoKQ
aQ9/9x2052avSHN9eWhD6lo4WyPn1uxkgZfoAICTFNbj2clGis6XqhBoSPEvBK33
RsJr+u6+fkFbsfA4UtE5JIKgwMRxR3mrNenBhyhS5C4kPDL9DuZ1hIcM0Dsy6T5q
/wAvNOfLaM7GOAtS4/RkYAhVwzwZcIqnQW/Xwgh8x7e8ru0riodZ0lv/Mw72tPcm
DJs1VmNQnkh2zAVlD4iN7Hu7tJU2N2XQ+kVCoUbfXAnijIn3e+dFefVk8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG8XVP7swwSQE8hX87WwlEsqlrzvMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvYnhkVV91ekRCSkFUeUZmenRiQ1VTeXFXdk84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW1waMA0G
CSqGSIb3DQEBCwUAA4IBAQBcLC05GejuTX+jKDTCUxvFCum20RaNds7MFw2xR+wr
lY21SPW13wzQ0Hdk4iYXvIcjWDlvTJxnTD7OME1j6LapugR8Mp5zqMQgH+Ed6Dxo
mFnk/+3Rn97vMsBzEJej1QPZk+SW3Msp4RboLwBaO+sIoXbQE4JszwtquWovAFud
UqpkGdU2qv+LhJaVzPcS2lcSZsEiDJOKIlV5E8ucZsWaB79rTSuw6tPn/UYfqPlq
+0X+LdjXtlhyz4Wflm2okL3wG38yikCt39lKlmITJqFBzzL9rZ4AnC3ZPk3+B0AZ
7hejqM+q9ux3E6rRXUgmBG5bc05WYGMvSGki+6oqbmxD
-----END CERTIFICATE-----