Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/b2f5f9-d34a-47a3-bb54-0871fdb6a4fa/1/glzmuLP9p33EkxQbfpt1NZeugwg.roa
File:                     glzmuLP9p33EkxQbfpt1NZeugwg.roa (raw, json)
Hash identifier:          0h1DdJNF8BnB3VhY8eobyi3DOeHfjESlJJRNSVrmFRM=
Subject key identifier:   82:5C:E6:B8:B3:FD:A7:7D:C4:93:14:1B:7E:9B:75:35:97:AE:83:08
Certificate issuer:       /CN=1d61cb4bbee5cdd7eceda7560aa249c6d11f23a9
Certificate serial:       018CC56EC86FB170C369E51370DD81C7C076
Authority key identifier: 1D:61:CB:4B:BE:E5:CD:D7:EC:ED:A7:56:0A:A2:49:C6:D1:1F:23:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HWHLS77lzdfs7adWCqJJxtEfI6k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/b2f5f9-d34a-47a3-bb54-0871fdb6a4fa/1/glzmuLP9p33EkxQbfpt1NZeugwg.roa
Signing time:             Mon 01 Jan 2024 14:30:20 +0000
ROA not before:           Mon 01 Jan 2024 14:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198142
IP address blocks:        193.150.27.0/24 maxlen: 24
                          193.150.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/b2f5f9-d34a-47a3-bb54-0871fdb6a4fa/1/HWHLS77lzdfs7adWCqJJxtEfI6k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/b2f5f9-d34a-47a3-bb54-0871fdb6a4fa/1/HWHLS77lzdfs7adWCqJJxtEfI6k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HWHLS77lzdfs7adWCqJJxtEfI6k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:c8:6f:b1:70:c3:69:e5:13:70:dd:81:c7:c0:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d61cb4bbee5cdd7eceda7560aa249c6d11f23a9
        Validity
            Not Before: Jan  1 14:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=825ce6b8b3fda77dc493141b7e9b753597ae8308
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:17:f6:7e:26:af:19:cc:38:ff:5f:f6:1a:c1:
                    c8:aa:e1:ad:86:10:16:c7:0c:ab:68:0a:27:fb:48:
                    cd:a5:15:00:59:51:fb:cb:ef:ad:58:ed:8b:25:6e:
                    bb:ae:f8:db:7b:44:8d:58:57:25:a9:03:43:d4:3e:
                    1b:0c:cf:fe:10:ef:b4:b5:a8:f1:06:da:5f:9e:5f:
                    81:e4:5e:44:29:cd:28:1b:2f:b5:29:eb:f7:49:cc:
                    21:75:8f:6d:57:32:b5:b7:d5:55:06:0a:cf:5c:2b:
                    82:5b:0b:17:78:44:94:95:78:c4:65:fb:d2:ec:3c:
                    2d:36:ba:4c:9f:81:23:c9:ee:b5:9f:3b:b2:ac:3f:
                    41:9f:c2:33:3e:5f:be:47:51:e1:ec:ec:58:0f:54:
                    9f:3b:d3:5c:e5:6b:86:5b:88:49:8e:de:90:96:93:
                    3c:43:ee:bd:87:57:f2:1a:2b:32:c4:e4:fb:0e:e6:
                    28:70:6d:ae:e2:e6:f1:b4:70:fd:ef:9d:fd:71:0b:
                    2a:ec:e5:07:33:d9:6d:48:09:73:fe:46:79:3e:b6:
                    fe:99:90:6d:b1:39:78:d1:6b:1f:1b:0c:bf:79:14:
                    c1:fa:d6:12:22:1e:9f:2d:a8:69:8e:c6:20:ec:01:
                    d2:3f:6f:1f:4c:d4:9b:b6:c9:f4:19:5f:3d:80:f6:
                    b0:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:5C:E6:B8:B3:FD:A7:7D:C4:93:14:1B:7E:9B:75:35:97:AE:83:08
            X509v3 Authority Key Identifier:
                keyid:1D:61:CB:4B:BE:E5:CD:D7:EC:ED:A7:56:0A:A2:49:C6:D1:1F:23:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HWHLS77lzdfs7adWCqJJxtEfI6k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/b2f5f9-d34a-47a3-bb54-0871fdb6a4fa/1/glzmuLP9p33EkxQbfpt1NZeugwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/b2f5f9-d34a-47a3-bb54-0871fdb6a4fa/1/HWHLS77lzdfs7adWCqJJxtEfI6k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.150.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         14:16:b8:a6:15:4a:9f:f2:cf:6d:39:ff:ed:02:be:7c:3c:06:
         fe:37:97:82:de:b0:90:be:1d:91:56:eb:b3:79:94:13:27:c0:
         3f:9e:67:bc:d3:41:75:94:7e:d4:2f:65:d3:bf:56:03:88:89:
         ae:73:ff:cc:3a:10:14:22:7d:da:5c:a7:81:0b:3f:cc:b6:90:
         23:7b:99:ab:44:7f:fa:8c:ce:8a:60:f3:46:53:19:cc:0b:55:
         a9:4c:8e:d6:51:8b:32:57:85:be:2a:ee:76:0d:81:c0:03:58:
         16:8d:3e:35:9f:94:de:ea:2f:a3:37:c1:1c:6e:f3:36:03:13:
         9c:5f:e5:22:8d:3b:94:c6:4f:3d:3b:38:5c:78:82:f2:7c:16:
         d6:68:24:b2:1a:e4:d9:10:49:43:8b:60:12:89:75:70:31:8c:
         fe:0f:57:35:91:fa:70:7b:15:62:8e:b6:b7:c8:be:e1:97:6c:
         f0:36:b3:3e:76:87:57:c1:e6:9f:be:f7:37:37:d8:56:e7:25:
         79:a0:0f:db:be:4a:de:48:9d:84:d6:d5:1f:a7:9b:dd:ed:dd:
         fa:2d:a0:a2:e7:63:99:6a:db:64:19:0a:d2:f1:30:09:e3:5c:
         2c:33:4b:54:ec:43:0c:dd:23:64:a6:75:fa:63:6a:49:db:25:
         04:57:a3:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbshvsXDDaeUTcN2Bx8B2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNjFjYjRiYmVlNWNkZDdlY2VkYTc1NjBhYTI0OWM2ZDEx
ZjIzYTkwHhcNMjQwMTAxMTQzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjVjZTZiOGIzZmRhNzdkYzQ5MzE0MWI3ZTliNzUzNTk3YWU4MzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgxf2fiavGcw4/1/2GsHIquGthhAW
xwyraAon+0jNpRUAWVH7y++tWO2LJW67rvjbe0SNWFclqQND1D4bDM/+EO+0tajx
Btpfnl+B5F5EKc0oGy+1Kev3ScwhdY9tVzK1t9VVBgrPXCuCWwsXeESUlXjEZfvS
7DwtNrpMn4Ejye61nzuyrD9Bn8IzPl++R1Hh7OxYD1SfO9Nc5WuGW4hJjt6QlpM8
Q+69h1fyGisyxOT7DuYocG2u4ubxtHD97539cQsq7OUHM9ltSAlz/kZ5Prb+mZBt
sTl40WsfGwy/eRTB+tYSIh6fLahpjsYg7AHSP28fTNSbtsn0GV89gPawCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIJc5riz/ad9xJMUG36bdTWXroMIMB8GA1UdIwQY
MBaAFB1hy0u+5c3X7O2nVgqiScbRHyOpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFdITFM3N2x6ZGZzN2FkV0NxSkp4dEVmSTZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9iMmY1ZjktZDM0YS00N2EzLWJiNTQt
MDg3MWZkYjZhNGZhLzEvZ2x6bXVMUDlwMzNFa3hRYmZwdDFOWmV1Z3dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9iMmY1ZjktZDM0YS00N2EzLWJiNTQtMDg3MWZkYjZhNGZh
LzEvSFdITFM3N2x6ZGZzN2FkV0NxSkp4dEVmSTZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwZYaMA0G
CSqGSIb3DQEBCwUAA4IBAQAUFrimFUqf8s9tOf/tAr58PAb+N5eC3rCQvh2RVuuz
eZQTJ8A/nme800F1lH7UL2XTv1YDiImuc//MOhAUIn3aXKeBCz/MtpAje5mrRH/6
jM6KYPNGUxnMC1WpTI7WUYsyV4W+Ku52DYHAA1gWjT41n5Te6i+jN8EcbvM2AxOc
X+UijTuUxk89OzhceILyfBbWaCSyGuTZEElDi2ASiXVwMYz+D1c1kfpwexVijra3
yL7hl2zwNrM+dodXweafvvc3N9hW5yV5oA/bvkreSJ2E1tUfp5vd7d36LaCi52OZ
attkGQrS8TAJ41wsM0tU7EMM3SNkpnX6Y2pJ2yUEV6NX
-----END CERTIFICATE-----