Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/63c344-b50e-4af0-9e9e-fcd4f797d356/1/lo2c5L0YOiTtusts_UImo8E5XTo.roa
File:                     lo2c5L0YOiTtusts_UImo8E5XTo.roa (raw, json)
Hash identifier:          ED3vtnr+Xoin0XLoi9WVNs1xFAPK1p/ytlllVHcDwTs=
Subject key identifier:   96:8D:9C:E4:BD:18:3A:24:ED:BA:CB:6C:FD:42:26:A3:C1:39:5D:3A
Certificate issuer:       /CN=265873ae2350d0e3e8c3553bf90646112764e1c0
Certificate serial:       018CC424A636600CBEBFA5E4D83900026C99
Authority key identifier: 26:58:73:AE:23:50:D0:E3:E8:C3:55:3B:F9:06:46:11:27:64:E1:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JlhzriNQ0OPow1U7-QZGESdk4cA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/63c344-b50e-4af0-9e9e-fcd4f797d356/1/lo2c5L0YOiTtusts_UImo8E5XTo.roa
Signing time:             Mon 01 Jan 2024 08:29:45 +0000
ROA not before:           Mon 01 Jan 2024 08:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52177
IP address blocks:        194.26.208.0/24 maxlen: 24
                          2a12:5800::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/63c344-b50e-4af0-9e9e-fcd4f797d356/1/JlhzriNQ0OPow1U7-QZGESdk4cA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/63c344-b50e-4af0-9e9e-fcd4f797d356/1/JlhzriNQ0OPow1U7-QZGESdk4cA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JlhzriNQ0OPow1U7-QZGESdk4cA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:a6:36:60:0c:be:bf:a5:e4:d8:39:00:02:6c:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=265873ae2350d0e3e8c3553bf90646112764e1c0
        Validity
            Not Before: Jan  1 08:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=968d9ce4bd183a24edbacb6cfd4226a3c1395d3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:f0:80:ac:38:5d:d5:74:e4:9f:6a:7c:9f:6d:
                    fd:c5:bb:b7:bc:e8:01:ff:ef:5d:19:57:a7:42:7e:
                    ca:16:a2:fe:98:f4:db:fe:eb:0a:37:e0:91:ef:5a:
                    f7:4a:4f:c7:36:03:7e:f8:1a:97:c0:5f:ad:28:af:
                    98:41:24:95:c6:c3:39:dd:10:79:85:ac:74:a0:00:
                    41:b9:60:6e:17:f1:cd:68:cd:12:fa:15:30:91:10:
                    ec:8b:fa:53:7d:26:f5:a0:fb:8e:47:7d:f4:18:ca:
                    a7:03:bc:b7:89:60:08:26:0f:17:a5:87:e3:51:96:
                    59:ae:7a:cd:9a:96:df:69:ec:ad:8d:86:3e:a3:2a:
                    3e:4b:18:47:34:72:22:73:c3:7b:81:da:ea:86:2b:
                    85:f8:93:04:9f:dc:1c:e3:ce:8f:5a:24:24:f2:e0:
                    8c:61:bb:94:7f:ff:95:51:f1:aa:e3:a1:ee:4c:ac:
                    6b:68:ab:08:78:f1:47:a5:77:48:ef:b0:5c:ac:55:
                    a6:51:8b:75:b1:b2:07:f5:30:38:2c:83:33:d5:3b:
                    a2:ae:5b:c1:01:56:3b:75:4e:58:1e:9c:29:c6:18:
                    aa:b9:75:77:ce:f9:33:2e:97:92:e3:7e:1d:da:4a:
                    3a:30:bb:a8:e3:12:e5:6f:6c:d8:e7:f6:a0:77:c4:
                    3d:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:8D:9C:E4:BD:18:3A:24:ED:BA:CB:6C:FD:42:26:A3:C1:39:5D:3A
            X509v3 Authority Key Identifier:
                keyid:26:58:73:AE:23:50:D0:E3:E8:C3:55:3B:F9:06:46:11:27:64:E1:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JlhzriNQ0OPow1U7-QZGESdk4cA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/63c344-b50e-4af0-9e9e-fcd4f797d356/1/lo2c5L0YOiTtusts_UImo8E5XTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/63c344-b50e-4af0-9e9e-fcd4f797d356/1/JlhzriNQ0OPow1U7-QZGESdk4cA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.208.0/24
                IPv6:
                  2a12:5800::/29

    Signature Algorithm: sha256WithRSAEncryption
         bb:b4:57:b9:fd:d1:58:e5:15:f1:60:f9:71:70:31:aa:f0:f1:
         53:22:3a:45:ba:f3:8c:13:36:30:8a:e0:ef:4b:77:b0:c5:73:
         a3:54:53:37:08:5d:88:d2:8c:7d:fc:80:c9:74:b6:01:ee:b6:
         63:d5:bc:6a:b8:28:b8:a9:dc:94:5b:6d:8c:53:6f:92:c1:4a:
         b2:b3:1d:a4:05:b8:d9:a6:09:ad:fe:7f:0a:2b:60:dc:aa:b3:
         93:c8:97:72:81:dc:50:7f:7c:e3:42:90:2d:57:f2:c5:60:7b:
         f2:69:6f:e1:46:6c:b1:97:94:e4:5c:fa:b9:34:b1:8c:f7:40:
         6b:9b:a3:45:34:e2:0e:e6:1d:d5:2f:cf:7f:95:cc:78:99:e5:
         73:da:26:54:97:0a:a7:ed:33:62:84:4b:e7:2b:ea:1c:b6:ba:
         6b:43:60:46:2c:2a:a7:2f:22:ed:5a:9f:14:1c:47:f6:0f:24:
         98:a6:c6:c6:e3:c6:0c:e2:30:3b:0b:4c:6e:12:80:f1:12:ef:
         a7:44:df:74:cd:47:6f:aa:18:27:b9:25:1f:96:2f:05:ae:e6:
         b3:54:d2:5c:b2:f3:8a:08:2e:7d:86:b5:be:39:f0:07:e7:31:
         7b:83:34:ea:f1:31:70:4f:60:b2:82:e1:78:96:7f:fe:9c:39:
         90:32:c0:60
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJKY2YAy+v6Xk2DkAAmyZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NTg3M2FlMjM1MGQwZTNlOGMzNTUzYmY5MDY0NjExMjc2
NGUxYzAwHhcNMjQwMTAxMDgyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjhkOWNlNGJkMTgzYTI0ZWRiYWNiNmNmZDQyMjZhM2MxMzk1ZDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPCArDhd1XTkn2p8n239xbu3vOgB
/+9dGVenQn7KFqL+mPTb/usKN+CR71r3Sk/HNgN++BqXwF+tKK+YQSSVxsM53RB5
hax0oABBuWBuF/HNaM0S+hUwkRDsi/pTfSb1oPuOR330GMqnA7y3iWAIJg8XpYfj
UZZZrnrNmpbfaeytjYY+oyo+SxhHNHIic8N7gdrqhiuF+JMEn9wc486PWiQk8uCM
YbuUf/+VUfGq46HuTKxraKsIePFHpXdI77BcrFWmUYt1sbIH9TA4LIMz1TuirlvB
AVY7dU5YHpwpxhiquXV3zvkzLpeS434d2ko6MLuo4xLlb2zY5/agd8Q98QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJaNnOS9GDok7brLbP1CJqPBOV06MB8GA1UdIwQY
MBaAFCZYc64jUNDj6MNVO/kGRhEnZOHAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmxoenJpTlEwT1BvdzFVNy1RWkdFU2RrNGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC82M2MzNDQtYjUwZS00YWYwLTllOWUt
ZmNkNGY3OTdkMzU2LzEvbG8yYzVMMFlPaVR0dXN0c19VSW1vOEU1WFRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC82M2MzNDQtYjUwZS00YWYwLTllOWUtZmNkNGY3OTdkMzU2
LzEvSmxoenJpTlEwT1BvdzFVNy1RWkdFU2RrNGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwhrQMA0E
AgACMAcDBQMqElgAMA0GCSqGSIb3DQEBCwUAA4IBAQC7tFe5/dFY5RXxYPlxcDGq
8PFTIjpFuvOMEzYwiuDvS3ewxXOjVFM3CF2I0ox9/IDJdLYB7rZj1bxquCi4qdyU
W22MU2+SwUqysx2kBbjZpgmt/n8KK2DcqrOTyJdygdxQf3zjQpAtV/LFYHvyaW/h
Rmyxl5TkXPq5NLGM90Brm6NFNOIO5h3VL89/lcx4meVz2iZUlwqn7TNihEvnK+oc
trprQ2BGLCqnLyLtWp8UHEf2DySYpsbG48YM4jA7C0xuEoDxEu+nRN90zUdvqhgn
uSUfli8FruazVNJcsvOKCC59hrW+OfAH5zF7gzTq8TFwT2CyguF4ln/+nDmQMsBg
-----END CERTIFICATE-----