Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/S26GBAVB_SQCg7tEdc2n-dNXiXU.roa
File:                     S26GBAVB_SQCg7tEdc2n-dNXiXU.roa (raw, json)
Hash identifier:          aACtqxh+2LSUI50GU3+k+vAn64Nn6HXTMAZMIJUeC7c=
Subject key identifier:   4B:6E:86:04:05:41:FD:24:02:83:BB:44:75:CD:A7:F9:D3:57:89:75
Certificate issuer:       /CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
Certificate serial:       018F6963269256190384D960AB04A1813FAD
Authority key identifier: E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/S26GBAVB_SQCg7tEdc2n-dNXiXU.roa
Signing time:             Sat 11 May 2024 20:40:56 +0000
ROA not before:           Sat 11 May 2024 20:40:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        45.135.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 12:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:69:63:26:92:56:19:03:84:d9:60:ab:04:a1:81:3f:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
        Validity
            Not Before: May 11 20:40:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b6e86040541fd240283bb4475cda7f9d3578975
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:20:bd:af:4f:85:df:bf:8e:bb:93:d0:31:9e:
                    5c:c4:75:59:76:8f:93:63:4e:1c:20:40:be:c0:cf:
                    a3:56:a7:5a:bc:e8:be:b2:de:6c:39:f8:28:51:d6:
                    3d:7c:f2:96:da:c1:7a:25:4b:93:6d:73:cd:a8:b5:
                    ee:20:ed:d1:f0:77:b5:b5:47:ce:d5:c7:df:80:14:
                    39:da:d6:05:4c:a3:5a:1f:29:40:d4:2b:5c:1a:8b:
                    7b:58:16:70:f3:a8:06:d5:c5:f6:f5:6f:b9:2f:1b:
                    70:33:50:91:69:10:c3:4d:53:07:4f:96:84:fa:79:
                    24:64:6a:ff:de:85:3b:72:e2:3e:a5:4b:32:29:db:
                    f8:53:15:97:54:cd:f2:e0:b6:1c:3a:1c:e7:5d:d5:
                    8c:43:70:55:fb:d8:6b:55:4b:8d:4b:1d:7f:88:34:
                    0f:51:6f:ea:0e:c7:12:1b:2b:9d:2e:b8:fe:31:0d:
                    9b:6f:42:d5:d9:70:c3:da:f6:91:fc:a6:0e:5d:e6:
                    39:6b:8d:bc:ac:ab:15:f5:f7:83:7d:12:b5:db:91:
                    98:17:cc:31:ab:00:98:62:aa:51:2b:ea:7e:64:17:
                    1d:b8:aa:a0:98:4b:fc:38:f2:7c:97:9a:d3:5b:00:
                    f2:d1:8f:d8:63:fa:0f:69:3e:fa:68:2c:76:e7:48:
                    65:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:6E:86:04:05:41:FD:24:02:83:BB:44:75:CD:A7:F9:D3:57:89:75
            X509v3 Authority Key Identifier:
                keyid:E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/S26GBAVB_SQCg7tEdc2n-dNXiXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:27:78:c7:ad:77:b0:1f:94:6e:92:67:25:1d:a4:4b:9c:1d:
         52:0a:fe:70:aa:5e:52:fb:6d:49:6b:c2:20:ae:3c:ee:bb:3c:
         34:37:16:47:d0:2f:c5:f0:74:d3:f7:db:c5:51:f8:ee:11:0c:
         68:96:8e:06:18:58:8c:09:68:39:91:90:e3:fa:7b:ba:94:b3:
         83:4a:01:42:1a:a4:fe:f3:d0:b6:f5:e6:39:e2:81:fe:08:61:
         00:ab:94:eb:0e:21:69:ff:44:27:76:79:b8:a4:83:a8:75:dc:
         cd:95:93:d5:6e:41:ae:0f:6a:f2:da:cd:b8:f7:95:d3:f9:6a:
         52:ec:8f:e7:e4:47:20:37:f1:8e:9c:8a:d2:a2:4d:d5:4e:d7:
         62:4a:27:09:8e:ba:f7:19:f4:ab:35:42:fd:55:2e:82:1b:d1:
         a4:f1:a3:ea:b4:67:79:a4:5a:d3:17:50:b5:5b:08:83:b0:80:
         dc:15:12:17:e2:19:7d:a7:00:48:bb:49:e1:99:d7:cc:54:c5:
         a5:43:c2:de:fd:14:b0:fa:f2:a5:d7:39:97:56:f9:a4:01:19:
         31:27:1c:cb:c8:b1:df:34:e0:d9:ba:eb:44:b3:26:d9:06:1d:
         b2:8e:94:22:94:42:e6:30:46:7e:a7:35:f5:02:87:e2:00:90:
         34:8c:9c:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9pYyaSVhkDhNlgqwShgT+tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NmQwZGFiMzQ3YTM4ZTJiODdiNWEyMmEyZjdjOWUyMWMx
OGM5YmMwHhcNMjQwNTExMjA0MDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjZlODYwNDA1NDFmZDI0MDI4M2JiNDQ3NWNkYTdmOWQzNTc4OTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryC9r0+F37+Ou5PQMZ5cxHVZdo+T
Y04cIEC+wM+jVqdavOi+st5sOfgoUdY9fPKW2sF6JUuTbXPNqLXuIO3R8He1tUfO
1cffgBQ52tYFTKNaHylA1CtcGot7WBZw86gG1cX29W+5LxtwM1CRaRDDTVMHT5aE
+nkkZGr/3oU7cuI+pUsyKdv4UxWXVM3y4LYcOhznXdWMQ3BV+9hrVUuNSx1/iDQP
UW/qDscSGyudLrj+MQ2bb0LV2XDD2vaR/KYOXeY5a428rKsV9feDfRK125GYF8wx
qwCYYqpRK+p+ZBcduKqgmEv8OPJ8l5rTWwDy0Y/YY/oPaT76aCx250hl0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEtuhgQFQf0kAoO7RHXNp/nTV4l1MB8GA1UdIwQY
MBaAFOdtDas0ejjiuHtaIqL3yeIcGMm8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDkt
YmQzYmZjOTliZGE5LzEvUzI2R0JBVkJfU1FDZzd0RWRjMm4tZE5YaVhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDktYmQzYmZjOTliZGE5
LzEvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYeLMA0G
CSqGSIb3DQEBCwUAA4IBAQBRJ3jHrXewH5RukmclHaRLnB1SCv5wql5S+21Ja8Ig
rjzuuzw0NxZH0C/F8HTT99vFUfjuEQxolo4GGFiMCWg5kZDj+nu6lLODSgFCGqT+
89C29eY54oH+CGEAq5TrDiFp/0Qndnm4pIOoddzNlZPVbkGuD2ry2s2495XT+WpS
7I/n5EcgN/GOnIrSok3VTtdiSicJjrr3GfSrNUL9VS6CG9Gk8aPqtGd5pFrTF1C1
WwiDsIDcFRIX4hl9pwBIu0nhmdfMVMWlQ8Le/RSw+vKl1zmXVvmkARkxJxzLyLHf
NODZuutEsybZBh2yjpQilELmMEZ+pzX1AofiAJA0jJzU
-----END CERTIFICATE-----