Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/468b75-5994-48fb-a85d-4a5eed1ee5bc/1/i4_hI4Gg2aIRbiZ7lER_39EUlnk.roa
File:                     i4_hI4Gg2aIRbiZ7lER_39EUlnk.roa (raw, json)
Hash identifier:          Lqvu16LMK5ge5lLLjTF6Ba8FlVe5RP6849UzNRqbwMA=
Subject key identifier:   8B:8F:E1:23:81:A0:D9:A2:11:6E:26:7B:94:44:7F:DF:D1:14:96:79
Certificate issuer:       /CN=eb78358a6a97d19b2f5afff1cfc793fbb4eafc9d
Certificate serial:       018CC5011BF43E3C7B8B1EFE9CF0C2011771
Authority key identifier: EB:78:35:8A:6A:97:D1:9B:2F:5A:FF:F1:CF:C7:93:FB:B4:EA:FC:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/63g1imqX0ZsvWv_xz8eT-7Tq_J0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/468b75-5994-48fb-a85d-4a5eed1ee5bc/1/i4_hI4Gg2aIRbiZ7lER_39EUlnk.roa
Signing time:             Mon 01 Jan 2024 12:30:33 +0000
ROA not before:           Mon 01 Jan 2024 12:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209372
IP address blocks:        31.204.26.0/23 maxlen: 24
                          31.204.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/468b75-5994-48fb-a85d-4a5eed1ee5bc/1/63g1imqX0ZsvWv_xz8eT-7Tq_J0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/468b75-5994-48fb-a85d-4a5eed1ee5bc/1/63g1imqX0ZsvWv_xz8eT-7Tq_J0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/63g1imqX0ZsvWv_xz8eT-7Tq_J0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 21:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:1b:f4:3e:3c:7b:8b:1e:fe:9c:f0:c2:01:17:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb78358a6a97d19b2f5afff1cfc793fbb4eafc9d
        Validity
            Not Before: Jan  1 12:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b8fe12381a0d9a2116e267b94447fdfd1149679
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:8b:f6:cb:a0:a7:94:9d:26:d7:c9:44:74:33:
                    f9:b1:48:41:df:ed:b7:2b:a5:d9:fe:a4:ca:83:44:
                    7a:f1:e6:81:09:0b:f0:8d:1f:15:f6:25:7b:e1:1e:
                    e9:e3:ca:a2:83:91:65:16:fd:52:58:23:1e:44:44:
                    f2:ae:5d:c5:e0:36:ad:2d:63:ec:ff:10:57:62:75:
                    57:6e:f2:1f:ee:cd:f6:55:60:fe:77:e8:f2:a0:87:
                    d6:0b:0b:23:a0:79:86:6a:ab:b6:c9:4c:02:54:9f:
                    e9:a1:cc:32:64:32:6b:c2:bb:a5:48:33:46:e7:ad:
                    5f:bb:3f:72:ba:e9:88:10:3b:55:7b:11:58:e2:e5:
                    c1:ed:1a:c4:e9:f7:4d:32:e5:dc:9d:51:bc:01:50:
                    9f:18:33:88:2b:d9:55:86:3a:d8:d3:1a:59:a6:d7:
                    19:6f:98:c6:40:ef:fb:40:97:f0:30:2b:f6:b4:c8:
                    2f:1c:73:77:88:15:b2:37:4d:59:29:f7:65:8e:12:
                    9a:bf:76:67:64:ed:ed:b3:ad:4c:82:a1:a6:9d:a4:
                    2d:02:e4:d3:6d:c2:e4:fe:1d:e5:01:cc:aa:0a:ef:
                    c6:40:eb:1a:7e:17:2a:05:31:a6:60:3c:d4:7a:d3:
                    a4:01:27:a8:df:ca:ef:7c:e3:96:19:61:56:b2:e4:
                    1d:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:8F:E1:23:81:A0:D9:A2:11:6E:26:7B:94:44:7F:DF:D1:14:96:79
            X509v3 Authority Key Identifier:
                keyid:EB:78:35:8A:6A:97:D1:9B:2F:5A:FF:F1:CF:C7:93:FB:B4:EA:FC:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/63g1imqX0ZsvWv_xz8eT-7Tq_J0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/468b75-5994-48fb-a85d-4a5eed1ee5bc/1/i4_hI4Gg2aIRbiZ7lER_39EUlnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/468b75-5994-48fb-a85d-4a5eed1ee5bc/1/63g1imqX0ZsvWv_xz8eT-7Tq_J0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.204.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8c:69:b9:49:de:44:59:b1:6d:58:98:b0:b5:75:ed:a9:94:ad:
         42:88:8c:ad:c6:d6:1d:ef:a7:82:80:8d:7e:a9:d3:b7:f9:1c:
         f6:2a:cb:32:d2:f7:35:fe:d6:f6:da:55:af:0a:fc:4c:c9:cf:
         60:43:da:08:84:89:24:fc:68:18:3e:97:67:c4:0f:cc:a9:00:
         98:68:4c:ca:0c:48:30:c0:fe:12:6c:f7:67:43:43:32:85:25:
         a1:08:42:02:98:7c:70:38:dc:b7:77:6d:c0:49:20:69:98:f3:
         a2:c9:1d:31:2f:0f:7b:0b:7c:07:fd:13:45:07:af:14:85:ec:
         3a:39:93:de:fd:3e:fd:88:6e:23:bd:3e:7f:10:97:d9:a8:f5:
         0b:53:c0:83:6e:7f:90:4a:11:bc:a9:28:45:01:0e:b2:e1:5f:
         67:64:67:65:ad:6d:72:b7:35:71:0a:9f:3e:42:ae:84:3b:50:
         ae:19:32:03:73:10:62:e5:cd:52:0d:51:90:8a:1a:60:b1:fa:
         52:4a:de:63:64:9a:eb:2d:eb:13:7e:25:41:aa:8b:ba:53:68:
         70:3b:b1:f6:d7:87:29:7f:c6:8a:12:e2:26:ec:a6:3f:31:4c:
         63:0a:e1:96:a2:6c:44:08:46:0a:a3:e9:8c:31:ac:f6:3a:a5:
         da:74:a3:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFARv0Pjx7ix7+nPDCARdxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViNzgzNThhNmE5N2QxOWIyZjVhZmZmMWNmYzc5M2ZiYjRl
YWZjOWQwHhcNMjQwMTAxMTIzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjhmZTEyMzgxYTBkOWEyMTE2ZTI2N2I5NDQ0N2ZkZmQxMTQ5Njc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhIv2y6CnlJ0m18lEdDP5sUhB3+23
K6XZ/qTKg0R68eaBCQvwjR8V9iV74R7p48qig5FlFv1SWCMeRETyrl3F4DatLWPs
/xBXYnVXbvIf7s32VWD+d+jyoIfWCwsjoHmGaqu2yUwCVJ/pocwyZDJrwrulSDNG
561fuz9yuumIEDtVexFY4uXB7RrE6fdNMuXcnVG8AVCfGDOIK9lVhjrY0xpZptcZ
b5jGQO/7QJfwMCv2tMgvHHN3iBWyN01ZKfdljhKav3ZnZO3ts61MgqGmnaQtAuTT
bcLk/h3lAcyqCu/GQOsafhcqBTGmYDzUetOkASeo38rvfOOWGWFWsuQdqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIuP4SOBoNmiEW4me5REf9/RFJZ5MB8GA1UdIwQY
MBaAFOt4NYpql9GbL1r/8c/Hk/u06vydMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjNnMWltcVgwWnN2V3ZfeHo4ZVQtN1RxX0owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi80NjhiNzUtNTk5NC00OGZiLWE4NWQt
NGE1ZWVkMWVlNWJjLzEvaTRfaEk0R2cyYUlSYmlaN2xFUl8zOUVVbG5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi80NjhiNzUtNTk5NC00OGZiLWE4NWQtNGE1ZWVkMWVlNWJj
LzEvNjNnMWltcVgwWnN2V3ZfeHo4ZVQtN1RxX0owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBH8waMA0G
CSqGSIb3DQEBCwUAA4IBAQCMablJ3kRZsW1YmLC1de2plK1CiIytxtYd76eCgI1+
qdO3+Rz2Kssy0vc1/tb22lWvCvxMyc9gQ9oIhIkk/GgYPpdnxA/MqQCYaEzKDEgw
wP4SbPdnQ0MyhSWhCEICmHxwONy3d23ASSBpmPOiyR0xLw97C3wH/RNFB68Uhew6
OZPe/T79iG4jvT5/EJfZqPULU8CDbn+QShG8qShFAQ6y4V9nZGdlrW1ytzVxCp8+
Qq6EO1CuGTIDcxBi5c1SDVGQihpgsfpSSt5jZJrrLesTfiVBqou6U2hwO7H214cp
f8aKEuIm7KY/MUxjCuGWomxECEYKo+mMMaz2OqXadKM4
-----END CERTIFICATE-----