Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/s6eQUeCekHvX4-zAtY_xr-hveYo.roa
File:                     s6eQUeCekHvX4-zAtY_xr-hveYo.roa (raw, json)
Hash identifier:          Ak9QIrXI3KqGuuyA7qIC/xlJxyzdD4xq9gmd364IEgc=
Subject key identifier:   B3:A7:90:51:E0:9E:90:7B:D7:E3:EC:C0:B5:8F:F1:AF:E8:6F:79:8A
Certificate issuer:       /CN=821a3f21fb0c294d6d4a529b2f1dbd4bd1119bd7
Certificate serial:       018CC6B93845A7FA55CB5B81939AC64F9B82
Authority key identifier: 82:1A:3F:21:FB:0C:29:4D:6D:4A:52:9B:2F:1D:BD:4B:D1:11:9B:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/s6eQUeCekHvX4-zAtY_xr-hveYo.roa
Signing time:             Mon 01 Jan 2024 20:31:16 +0000
ROA not before:           Mon 01 Jan 2024 20:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     262287
IP address blocks:        194.38.26.0/23 maxlen: 23
                          194.38.24.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:38:45:a7:fa:55:cb:5b:81:93:9a:c6:4f:9b:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=821a3f21fb0c294d6d4a529b2f1dbd4bd1119bd7
        Validity
            Not Before: Jan  1 20:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3a79051e09e907bd7e3ecc0b58ff1afe86f798a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:25:30:bd:76:3b:44:11:65:f3:10:38:96:90:
                    6b:c3:ba:ac:4c:07:d7:a1:f8:60:98:79:61:42:38:
                    67:df:80:ae:24:38:e6:5f:f8:15:44:fa:92:bf:fb:
                    36:6d:4f:e1:e2:26:44:91:d0:9f:8c:6c:f7:71:46:
                    d2:77:fe:5b:b8:45:bf:e6:a4:f2:95:c3:b8:b5:aa:
                    08:fc:0d:fa:15:0e:f7:f5:18:ef:0d:ea:1c:11:4b:
                    f9:81:a5:7d:ce:bd:0e:d1:8c:a3:bb:aa:33:13:19:
                    f8:cc:95:71:de:26:90:8a:77:fd:44:46:6c:b2:ba:
                    f1:71:93:23:71:44:b4:90:8b:cf:ee:fe:bf:1a:78:
                    f1:0b:76:2f:06:34:7a:2a:db:db:d2:d0:46:63:93:
                    76:13:a4:94:12:74:d4:77:82:25:77:49:2f:23:d3:
                    17:a2:3f:64:10:73:db:e6:a2:51:63:c4:7e:27:19:
                    00:95:db:87:1c:1f:1b:a0:14:f0:90:f9:1b:65:bd:
                    53:cb:00:21:83:c4:a3:c0:8d:9d:c4:fc:27:ff:ff:
                    e6:b4:cd:4f:8b:ed:f3:65:04:e5:4e:0e:1c:12:c5:
                    6e:34:4e:05:00:9b:c3:3f:2f:3a:57:83:b2:76:93:
                    7f:6b:b2:ca:49:90:92:dd:e0:b5:df:f7:b0:3b:37:
                    fb:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:A7:90:51:E0:9E:90:7B:D7:E3:EC:C0:B5:8F:F1:AF:E8:6F:79:8A
            X509v3 Authority Key Identifier:
                keyid:82:1A:3F:21:FB:0C:29:4D:6D:4A:52:9B:2F:1D:BD:4B:D1:11:9B:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/s6eQUeCekHvX4-zAtY_xr-hveYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.38.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:a7:48:1d:86:86:88:29:e5:8e:60:f2:cc:7d:23:34:98:a7:
         51:8e:b7:11:a6:9d:6d:c5:2d:28:0e:f6:66:54:e5:87:f3:07:
         0d:b9:cb:de:5a:cc:a2:8a:41:00:21:e6:e0:05:d3:65:4f:ce:
         1c:16:c7:3a:83:36:28:01:7a:9b:ac:e0:06:0d:69:15:fa:fb:
         a1:6a:e1:47:e7:d1:87:32:e2:aa:b4:9d:61:fc:ee:03:df:b8:
         33:53:83:c7:60:d0:66:76:7f:78:fa:4a:b2:27:00:4e:0b:f8:
         c2:81:4d:a3:7a:c4:8c:ae:da:54:4f:bd:14:e4:8e:a4:cc:6b:
         85:ad:a9:2f:ec:1b:c1:1a:25:21:9a:9a:4e:34:e2:f0:3e:7a:
         ff:e9:7d:97:a6:21:ce:d2:86:34:46:9a:99:45:60:74:86:fd:
         fd:7b:a1:30:85:72:11:a5:a3:a3:82:cf:28:b1:4b:e8:69:c6:
         4e:47:59:31:3c:98:83:91:68:bc:c9:dc:0e:c0:27:bf:05:ce:
         24:d7:02:1d:78:ae:ef:96:3e:a4:11:f0:6d:1f:56:43:19:73:
         8a:96:9f:e0:b4:93:ce:f1:65:ba:14:10:f6:fb:02:77:70:9b:
         f7:94:cb:f5:3a:67:bc:77:54:99:dc:33:07:70:37:73:90:7f:
         60:28:82:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuThFp/pVy1uBk5rGT5uCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyMWEzZjIxZmIwYzI5NGQ2ZDRhNTI5YjJmMWRiZDRiZDEx
MTliZDcwHhcNMjQwMTAxMjAzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2E3OTA1MWUwOWU5MDdiZDdlM2VjYzBiNThmZjFhZmU4NmY3OThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCUwvXY7RBFl8xA4lpBrw7qsTAfX
ofhgmHlhQjhn34CuJDjmX/gVRPqSv/s2bU/h4iZEkdCfjGz3cUbSd/5buEW/5qTy
lcO4taoI/A36FQ739RjvDeocEUv5gaV9zr0O0Yyju6ozExn4zJVx3iaQinf9REZs
srrxcZMjcUS0kIvP7v6/GnjxC3YvBjR6Ktvb0tBGY5N2E6SUEnTUd4Ild0kvI9MX
oj9kEHPb5qJRY8R+JxkAlduHHB8boBTwkPkbZb1TywAhg8SjwI2dxPwn///mtM1P
i+3zZQTlTg4cEsVuNE4FAJvDPy86V4OydpN/a7LKSZCS3eC13/ewOzf7mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLOnkFHgnpB71+PswLWP8a/ob3mKMB8GA1UdIwQY
MBaAFIIaPyH7DClNbUpSmy8dvUvREZvXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2hvX0lmc01LVTF0U2xLYkx4MjlTOUVSbTljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9lZGM4NTUtZjJiYy00ZTljLThjMGMt
YjZmMmFjODZlZjI3LzEvczZlUVVlQ2VrSHZYNC16QXRZX3hyLWh2ZVlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9lZGM4NTUtZjJiYy00ZTljLThjMGMtYjZmMmFjODZlZjI3
LzEvZ2hvX0lmc01LVTF0U2xLYkx4MjlTOUVSbTljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiYYMA0G
CSqGSIb3DQEBCwUAA4IBAQANp0gdhoaIKeWOYPLMfSM0mKdRjrcRpp1txS0oDvZm
VOWH8wcNucveWsyiikEAIebgBdNlT84cFsc6gzYoAXqbrOAGDWkV+vuhauFH59GH
MuKqtJ1h/O4D37gzU4PHYNBmdn94+kqyJwBOC/jCgU2jesSMrtpUT70U5I6kzGuF
rakv7BvBGiUhmppONOLwPnr/6X2XpiHO0oY0RpqZRWB0hv39e6EwhXIRpaOjgs8o
sUvoacZOR1kxPJiDkWi8ydwOwCe/Bc4k1wIdeK7vlj6kEfBtH1ZDGXOKlp/gtJPO
8WW6FBD2+wJ3cJv3lMv1Ome8d1SZ3DMHcDdzkH9gKILn
-----END CERTIFICATE-----