Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/mjbEDz8bb3bUPTJA-h6DgOWpUjE.roa
File:                     mjbEDz8bb3bUPTJA-h6DgOWpUjE.roa (raw, json)
Hash identifier:          gcaKo75ZeUj4lJJ05jpjbbouXecfbrLd9zfLR7/y2pE=
Subject key identifier:   9A:36:C4:0F:3F:1B:6F:76:D4:3D:32:40:FA:1E:83:80:E5:A9:52:31
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       018CC794D7A1941DA16FF703A4738FCF6139
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/mjbEDz8bb3bUPTJA-h6DgOWpUjE.roa
Signing time:             Tue 02 Jan 2024 00:31:09 +0000
ROA not before:           Tue 02 Jan 2024 00:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     138997
IP address blocks:        89.251.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:d7:a1:94:1d:a1:6f:f7:03:a4:73:8f:cf:61:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jan  2 00:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a36c40f3f1b6f76d43d3240fa1e8380e5a95231
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:02:26:a9:75:df:09:7a:3d:a2:2d:ff:1d:74:
                    e2:20:26:4d:c7:5d:5e:df:23:a8:c4:9b:07:cd:14:
                    b5:7e:58:f4:81:1e:eb:e6:d5:5e:84:8b:f7:0d:f7:
                    19:54:74:10:33:c6:cd:21:ce:0c:4b:46:ae:de:6b:
                    62:cb:c1:17:12:a7:82:11:98:80:da:d3:9c:a5:bd:
                    85:ed:5b:6f:38:5a:5f:15:0b:d0:e8:59:3b:92:ad:
                    3c:05:41:c8:7c:07:86:ec:81:ef:9f:34:8e:06:70:
                    5b:ae:bd:14:49:a1:87:9e:20:86:07:49:7f:12:df:
                    6c:7d:3e:8c:77:44:32:95:29:9b:17:2d:86:91:0a:
                    4b:f7:da:4e:00:18:be:39:b1:c5:97:ef:81:0d:5c:
                    20:03:24:14:60:6d:36:46:f4:e9:ac:1c:88:39:da:
                    7f:ff:f0:f3:b3:4b:2e:37:37:9c:63:41:c9:53:e2:
                    ca:5b:9d:f4:8c:14:59:f5:9b:8b:ae:1c:e5:23:1d:
                    91:03:72:12:4e:41:42:c3:8c:28:7e:95:d2:5f:86:
                    30:3d:0e:fe:5b:ab:c8:3d:a3:ea:a6:83:68:cc:8e:
                    39:a2:c9:ef:28:ab:04:ef:a0:84:e7:d7:46:dd:c2:
                    1d:74:6e:b1:a1:ca:01:cf:57:ba:9f:b8:1a:94:be:
                    c7:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:36:C4:0F:3F:1B:6F:76:D4:3D:32:40:FA:1E:83:80:E5:A9:52:31
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/mjbEDz8bb3bUPTJA-h6DgOWpUjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:4d:63:10:a2:67:d5:e5:1c:53:a0:6a:df:9f:f5:a5:ed:eb:
         0d:44:3a:c1:f2:d5:22:84:85:95:35:32:39:95:64:79:7b:9c:
         1b:3f:ca:5d:20:fe:e8:a2:c7:bb:cc:ad:5d:41:fd:cf:ac:bc:
         d4:83:25:e0:7d:6c:3a:57:a3:a3:be:7b:e4:a6:7f:6e:38:e3:
         0b:cb:7d:44:4f:ee:e6:46:93:d5:09:66:22:f7:51:64:f7:9b:
         b0:20:03:22:79:55:1d:f1:9c:be:d6:11:ec:60:38:c1:38:b2:
         31:ac:9e:fe:e1:be:a4:ae:46:31:97:29:52:8e:f4:3f:c0:9e:
         9c:61:36:55:4d:c8:14:5a:49:9e:a9:40:08:22:0d:6b:05:86:
         f5:36:46:db:01:e8:89:88:8e:f5:5e:de:6e:b0:c6:d0:56:d2:
         a1:ef:d2:00:1a:7a:6b:69:91:3f:90:11:ce:0a:4d:d7:85:db:
         38:01:3a:dd:ac:57:54:2d:5b:df:2d:44:70:32:e4:d1:41:b9:
         16:7b:9c:52:09:9b:1e:6e:e2:4a:1c:3c:02:59:99:c6:f7:47:
         db:50:1b:65:d4:c0:53:9d:3c:6b:a3:a7:91:f8:5f:3e:9e:4f:
         36:3f:ac:ba:b8:50:e6:a2:70:38:42:fe:bb:59:15:31:9b:c8:
         30:00:cb:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlNehlB2hb/cDpHOPz2E5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQwMTAyMDAzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTM2YzQwZjNmMWI2Zjc2ZDQzZDMyNDBmYTFlODM4MGU1YTk1MjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzAImqXXfCXo9oi3/HXTiICZNx11e
3yOoxJsHzRS1flj0gR7r5tVehIv3DfcZVHQQM8bNIc4MS0au3mtiy8EXEqeCEZiA
2tOcpb2F7VtvOFpfFQvQ6Fk7kq08BUHIfAeG7IHvnzSOBnBbrr0USaGHniCGB0l/
Et9sfT6Md0QylSmbFy2GkQpL99pOABi+ObHFl++BDVwgAyQUYG02RvTprByIOdp/
//Dzs0suNzecY0HJU+LKW530jBRZ9ZuLrhzlIx2RA3ISTkFCw4wofpXSX4YwPQ7+
W6vIPaPqpoNozI45osnvKKsE76CE59dG3cIddG6xocoBz1e6n7galL7HMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJo2xA8/G2921D0yQPoeg4DlqVIxMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvbWpiRUR6OGJiM2JVUFRKQS1oNkRnT1dwVWpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfsaMA0G
CSqGSIb3DQEBCwUAA4IBAQAoTWMQomfV5RxToGrfn/Wl7esNRDrB8tUihIWVNTI5
lWR5e5wbP8pdIP7oose7zK1dQf3PrLzUgyXgfWw6V6Ojvnvkpn9uOOMLy31ET+7m
RpPVCWYi91Fk95uwIAMieVUd8Zy+1hHsYDjBOLIxrJ7+4b6krkYxlylSjvQ/wJ6c
YTZVTcgUWkmeqUAIIg1rBYb1NkbbAeiJiI71Xt5usMbQVtKh79IAGnpraZE/kBHO
Ck3Xhds4ATrdrFdULVvfLURwMuTRQbkWe5xSCZsebuJKHDwCWZnG90fbUBtl1MBT
nTxro6eR+F8+nk82P6y6uFDmonA4Qv67WRUxm8gwAMvR
-----END CERTIFICATE-----