Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/4MvkOPCh_Hr4wfe6yN3gC7L53j0.roa
File:                     4MvkOPCh_Hr4wfe6yN3gC7L53j0.roa (raw, json)
Hash identifier:          XROEsTJkMZhH5f+LA1HWh7DtgaRJ98nDH9zAiCMtx3E=
Subject key identifier:   E0:CB:E4:38:F0:A1:FC:7A:F8:C1:F7:BA:C8:DD:E0:0B:B2:F9:DE:3D
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       0190BD6DE5C2B1C248E92B7FB539BE6D1CF3
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/4MvkOPCh_Hr4wfe6yN3gC7L53j0.roa
Signing time:             Tue 16 Jul 2024 21:23:34 +0000
ROA not before:           Tue 16 Jul 2024 21:23:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     138997
IP address blocks:        89.251.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 06:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bd:6d:e5:c2:b1:c2:48:e9:2b:7f:b5:39:be:6d:1c:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jul 16 21:23:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0cbe438f0a1fc7af8c1f7bac8dde00bb2f9de3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:56:ae:12:9b:06:97:30:40:ab:e6:24:1b:12:
                    d4:57:8e:12:70:16:1a:b0:a7:a9:df:c4:1e:8f:4f:
                    03:1d:24:ba:d4:87:8b:1f:60:68:bf:33:51:51:9c:
                    0a:94:3c:d5:55:74:4a:76:18:fd:33:3a:79:a6:f6:
                    4a:7e:61:d9:62:78:a5:28:7e:7d:6e:db:eb:cd:0e:
                    c2:38:b2:ab:be:2b:48:a5:d9:d7:8c:93:03:fe:79:
                    21:d8:31:7a:bd:ec:76:ab:53:6c:9e:cb:a3:47:37:
                    f4:2a:7e:c6:41:28:a6:38:5a:3e:db:9a:6d:c5:88:
                    51:27:5a:cb:3a:11:4a:15:2e:95:38:eb:20:6c:cd:
                    40:44:8e:f2:6b:25:b3:bd:9f:a3:08:7c:ea:76:56:
                    7c:fb:a7:1f:72:8e:99:04:a1:a2:4e:88:28:7d:80:
                    a4:28:50:75:06:1c:60:31:39:df:db:f6:24:89:67:
                    bc:a8:30:78:12:72:a9:bd:20:7b:c4:33:09:0b:b6:
                    92:2d:50:24:11:16:5d:cc:54:75:d8:ae:2b:c0:bb:
                    fb:b7:7a:65:ae:60:0a:c9:37:95:10:98:ae:fb:5c:
                    4b:e9:c6:a6:1d:e7:cd:cb:db:33:a9:36:9b:22:bf:
                    07:c0:f1:c1:30:ab:08:31:c7:e1:7a:97:8e:73:a8:
                    3c:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:CB:E4:38:F0:A1:FC:7A:F8:C1:F7:BA:C8:DD:E0:0B:B2:F9:DE:3D
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/4MvkOPCh_Hr4wfe6yN3gC7L53j0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:6c:5e:6b:13:6d:2a:cb:6a:fb:c5:a1:40:b2:ec:49:b2:c5:
         80:c0:ef:26:fb:f6:5d:57:83:5f:a5:54:4f:d0:78:fd:be:12:
         25:4d:69:8e:a4:0b:8e:44:d1:90:c6:45:76:8c:0a:46:a5:7a:
         c1:38:3e:df:de:cf:6e:e9:c5:16:53:63:ab:9c:fb:bc:0d:52:
         69:bc:69:21:57:ae:68:8a:f7:7d:43:76:b9:ec:9f:bb:23:2f:
         95:1f:af:66:b5:4a:b5:fc:7d:9f:17:ec:02:c7:53:48:d2:01:
         93:49:ab:b0:40:06:5f:6a:b8:b3:a1:35:d2:30:6f:c4:63:6d:
         5e:02:f5:65:92:c3:64:08:b6:05:df:2d:47:a4:e9:a5:d5:19:
         fe:96:bb:c5:27:c5:78:8c:ca:8b:ea:20:e6:85:2d:61:42:2f:
         4a:be:56:7d:3a:98:58:9f:44:61:88:83:ab:01:dc:a9:08:c9:
         a0:70:03:a7:ea:3b:4f:d2:66:93:d0:a7:8f:ed:44:5e:51:d9:
         41:f3:fd:f4:91:79:38:7c:6a:00:2d:42:d8:4e:4c:90:a0:17:
         04:34:ef:63:f9:94:c6:5f:37:12:e6:06:f3:18:0b:c0:89:b2:
         c7:2b:6f:f1:dd:27:57:84:e0:a7:10:4f:73:78:ad:54:d6:25:
         45:bf:00:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZC9beXCscJI6St/tTm+bRzzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQwNzE2MjEyMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGNiZTQzOGYwYTFmYzdhZjhjMWY3YmFjOGRkZTAwYmIyZjlkZTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFauEpsGlzBAq+YkGxLUV44ScBYa
sKep38Qej08DHSS61IeLH2BovzNRUZwKlDzVVXRKdhj9Mzp5pvZKfmHZYnilKH59
btvrzQ7COLKrvitIpdnXjJMD/nkh2DF6vex2q1NsnsujRzf0Kn7GQSimOFo+25pt
xYhRJ1rLOhFKFS6VOOsgbM1ARI7yayWzvZ+jCHzqdlZ8+6cfco6ZBKGiTogofYCk
KFB1BhxgMTnf2/YkiWe8qDB4EnKpvSB7xDMJC7aSLVAkERZdzFR12K4rwLv7t3pl
rmAKyTeVEJiu+1xL6camHefNy9szqTabIr8HwPHBMKsIMcfhepeOc6g83wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFODL5Djwofx6+MH3usjd4Auy+d49MB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvNE12a09QQ2hfSHI0d2ZlNnlOM2dDN0w1M2owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfsaMA0G
CSqGSIb3DQEBCwUAA4IBAQAHbF5rE20qy2r7xaFAsuxJssWAwO8m+/ZdV4NfpVRP
0Hj9vhIlTWmOpAuORNGQxkV2jApGpXrBOD7f3s9u6cUWU2OrnPu8DVJpvGkhV65o
ivd9Q3a57J+7Iy+VH69mtUq1/H2fF+wCx1NI0gGTSauwQAZfarizoTXSMG/EY21e
AvVlksNkCLYF3y1HpOml1Rn+lrvFJ8V4jMqL6iDmhS1hQi9KvlZ9OphYn0RhiIOr
AdypCMmgcAOn6jtP0maT0KeP7UReUdlB8/30kXk4fGoALULYTkyQoBcENO9j+ZTG
XzcS5gbzGAvAibLHK2/x3SdXhOCnEE9zeK1U1iVFvwAJ
-----END CERTIFICATE-----