Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/850e96-191f-4dcb-9edb-cd58fa2014dd/1/aqMcYAu349t5cJ_a5qZq2xhd2dY.roa
File:                     aqMcYAu349t5cJ_a5qZq2xhd2dY.roa (raw, json)
Hash identifier:          DCFw0MJYz77VsMmihaHznWXsharSKjlhTI2DKD7oMT0=
Subject key identifier:   6A:A3:1C:60:0B:B7:E3:DB:79:70:9F:DA:E6:A6:6A:DB:18:5D:D9:D6
Certificate issuer:       /CN=22fd1b59d5caaf7506bc0d5c34f30c2159b04398
Certificate serial:       018D9DEA6974EC19DF3F988327431050FBB2
Authority key identifier: 22:FD:1B:59:D5:CA:AF:75:06:BC:0D:5C:34:F3:0C:21:59:B0:43:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iv0bWdXKr3UGvA1cNPMMIVmwQ5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/850e96-191f-4dcb-9edb-cd58fa2014dd/1/aqMcYAu349t5cJ_a5qZq2xhd2dY.roa
Signing time:             Mon 12 Feb 2024 15:23:21 +0000
ROA not before:           Mon 12 Feb 2024 15:23:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55002
IP address blocks:        193.26.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/850e96-191f-4dcb-9edb-cd58fa2014dd/1/Iv0bWdXKr3UGvA1cNPMMIVmwQ5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/850e96-191f-4dcb-9edb-cd58fa2014dd/1/Iv0bWdXKr3UGvA1cNPMMIVmwQ5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iv0bWdXKr3UGvA1cNPMMIVmwQ5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9d:ea:69:74:ec:19:df:3f:98:83:27:43:10:50:fb:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22fd1b59d5caaf7506bc0d5c34f30c2159b04398
        Validity
            Not Before: Feb 12 15:23:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6aa31c600bb7e3db79709fdae6a66adb185dd9d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:e9:56:ab:b2:93:d7:2d:18:bb:41:66:f5:f5:
                    de:e7:fc:a5:65:94:d6:34:53:27:f7:b0:05:5b:a4:
                    22:e1:8e:0d:1f:52:ee:b7:bc:64:cc:33:98:8a:58:
                    c0:c7:5a:29:fb:06:7a:d2:10:6b:24:b8:ff:61:7f:
                    f9:8e:de:d4:82:2c:6c:2e:82:0b:68:da:34:32:19:
                    a2:de:c2:1d:28:10:0b:2c:7e:b4:d2:38:6a:4c:6f:
                    1d:b4:79:29:ee:42:7a:36:7e:b4:7b:cd:c0:f4:b7:
                    40:1b:5e:a3:3a:9d:72:e1:97:df:a9:e9:d4:c2:73:
                    47:3c:5c:ed:b9:c7:30:bc:8c:0d:ed:2c:86:1a:be:
                    b1:1d:33:86:22:35:c4:09:09:d0:7c:dc:56:59:9c:
                    3c:a3:b6:f1:d1:a0:3a:cd:2d:e3:15:68:12:0e:5f:
                    8e:fb:0f:a7:47:42:a0:38:4e:a2:dd:2b:4c:f2:ca:
                    52:48:b9:3a:23:a7:56:69:2d:9d:3a:46:49:26:89:
                    96:c6:fb:4e:d6:80:67:32:15:b5:0b:7f:e3:bb:11:
                    40:62:cc:d5:5c:97:37:dd:31:6a:43:5b:33:8c:2c:
                    3e:a5:40:29:57:b3:35:e2:9a:55:8d:41:8e:c8:b9:
                    ec:2a:8e:76:30:eb:7f:1e:3b:14:9c:a6:bf:24:09:
                    6e:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:A3:1C:60:0B:B7:E3:DB:79:70:9F:DA:E6:A6:6A:DB:18:5D:D9:D6
            X509v3 Authority Key Identifier:
                keyid:22:FD:1B:59:D5:CA:AF:75:06:BC:0D:5C:34:F3:0C:21:59:B0:43:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iv0bWdXKr3UGvA1cNPMMIVmwQ5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/850e96-191f-4dcb-9edb-cd58fa2014dd/1/aqMcYAu349t5cJ_a5qZq2xhd2dY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/850e96-191f-4dcb-9edb-cd58fa2014dd/1/Iv0bWdXKr3UGvA1cNPMMIVmwQ5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:bd:e5:73:76:9d:a9:bd:ab:13:a3:5b:5e:77:c6:c1:02:a1:
         48:33:08:13:97:d9:d4:7c:46:7c:32:1a:76:14:31:a2:7b:8b:
         ad:a5:97:73:40:a2:cb:15:d3:7d:b1:03:a6:80:75:41:0b:8d:
         89:ba:12:14:53:83:1a:03:37:73:18:a9:37:02:f9:66:7e:5a:
         dc:86:7b:a0:77:e5:77:c9:27:3f:c8:bf:34:fd:60:46:6f:59:
         5a:db:b7:ca:d7:7a:5a:75:10:74:c3:8f:64:1c:86:e1:e3:64:
         1e:55:af:bb:de:da:03:1a:fc:3c:88:df:f4:a0:93:62:6f:e9:
         f3:5c:54:65:a2:ac:ad:2c:b2:ae:ca:6d:62:0e:41:c8:ba:cd:
         69:49:d6:75:df:a0:30:4c:a1:3e:b7:bb:92:f3:b5:27:79:12:
         14:bf:5a:2d:66:b1:2a:a0:a4:f4:d8:77:91:d5:74:b1:b5:2f:
         a9:f5:b2:00:ed:3d:ec:87:c0:a9:0b:f4:b7:b7:4e:7e:5a:22:
         d6:ab:53:d0:24:c0:de:db:14:80:1f:6d:93:b2:4d:64:61:2d:
         78:3f:47:8c:66:9a:ad:a9:6b:22:41:06:db:10:f4:3e:e4:f4:
         56:05:c4:58:f4:a1:c8:3c:12:46:a0:7f:f5:b2:5c:53:58:7d:
         dc:6a:b2:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2d6ml07BnfP5iDJ0MQUPuyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZmQxYjU5ZDVjYWFmNzUwNmJjMGQ1YzM0ZjMwYzIxNTli
MDQzOTgwHhcNMjQwMjEyMTUyMzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWEzMWM2MDBiYjdlM2RiNzk3MDlmZGFlNmE2NmFkYjE4NWRkOWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOlWq7KT1y0Yu0Fm9fXe5/ylZZTW
NFMn97AFW6Qi4Y4NH1Lut7xkzDOYiljAx1op+wZ60hBrJLj/YX/5jt7UgixsLoIL
aNo0Mhmi3sIdKBALLH600jhqTG8dtHkp7kJ6Nn60e83A9LdAG16jOp1y4ZffqenU
wnNHPFztuccwvIwN7SyGGr6xHTOGIjXECQnQfNxWWZw8o7bx0aA6zS3jFWgSDl+O
+w+nR0KgOE6i3StM8spSSLk6I6dWaS2dOkZJJomWxvtO1oBnMhW1C3/juxFAYszV
XJc33TFqQ1szjCw+pUApV7M14ppVjUGOyLnsKo52MOt/HjsUnKa/JAluTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqjHGALt+PbeXCf2uamatsYXdnWMB8GA1UdIwQY
MBaAFCL9G1nVyq91BrwNXDTzDCFZsEOYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXYwYldkWEtyM1VHdkExY05QTU1JVm13UTVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC84NTBlOTYtMTkxZi00ZGNiLTllZGIt
Y2Q1OGZhMjAxNGRkLzEvYXFNY1lBdTM0OXQ1Y0pfYTVxWnEyeGhkMmRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC84NTBlOTYtMTkxZi00ZGNiLTllZGItY2Q1OGZhMjAxNGRk
LzEvSXYwYldkWEtyM1VHdkExY05QTU1JVm13UTVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRoHMA0G
CSqGSIb3DQEBCwUAA4IBAQCpveVzdp2pvasTo1ted8bBAqFIMwgTl9nUfEZ8Mhp2
FDGie4utpZdzQKLLFdN9sQOmgHVBC42JuhIUU4MaAzdzGKk3Avlmflrchnugd+V3
ySc/yL80/WBGb1la27fK13padRB0w49kHIbh42QeVa+73toDGvw8iN/0oJNib+nz
XFRloqytLLKuym1iDkHIus1pSdZ136AwTKE+t7uS87UneRIUv1otZrEqoKT02HeR
1XSxtS+p9bIA7T3sh8CpC/S3t05+WiLWq1PQJMDe2xSAH22Tsk1kYS14P0eMZpqt
qWsiQQbbEPQ+5PRWBcRY9KHIPBJGoH/1slxTWH3carJM
-----END CERTIFICATE-----