Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/c9e704-958d-413f-8acc-6ea3cbfd3a84/1/c26zPerzgVBHPu_vijyV_Oovrl4.roa
File:                     c26zPerzgVBHPu_vijyV_Oovrl4.roa (raw, json)
Hash identifier:          Gk43PDLGRAfU27KozR+OSnOsvS5KnMxHT/HJnzP3YQ0=
Subject key identifier:   73:6E:B3:3D:EA:F3:81:50:47:3E:EF:EF:8A:3C:95:FC:EA:2F:AE:5E
Certificate issuer:       /CN=b8e0f79841c0210d95b4ef56ff68441c2aa9fc0f
Certificate serial:       0194244505B353637CB2DF067326133AAECB
Authority key identifier: B8:E0:F7:98:41:C0:21:0D:95:B4:EF:56:FF:68:44:1C:2A:A9:FC:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uOD3mEHAIQ2VtO9W_2hEHCqp_A8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/c9e704-958d-413f-8acc-6ea3cbfd3a84/1/c26zPerzgVBHPu_vijyV_Oovrl4.roa
Signing time:             Wed 01 Jan 2025 23:48:10 +0000
ROA not before:           Wed 01 Jan 2025 23:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200409
IP address blocks:        185.156.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/c9e704-958d-413f-8acc-6ea3cbfd3a84/1/uOD3mEHAIQ2VtO9W_2hEHCqp_A8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/c9e704-958d-413f-8acc-6ea3cbfd3a84/1/uOD3mEHAIQ2VtO9W_2hEHCqp_A8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uOD3mEHAIQ2VtO9W_2hEHCqp_A8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 05:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:05:b3:53:63:7c:b2:df:06:73:26:13:3a:ae:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8e0f79841c0210d95b4ef56ff68441c2aa9fc0f
        Validity
            Not Before: Jan  1 23:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=736eb33deaf38150473eefef8a3c95fcea2fae5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:03:14:7a:a3:31:1a:a0:83:cd:36:12:fd:b8:
                    53:d8:00:b0:bd:06:24:88:c0:b3:83:0c:fe:4c:7b:
                    ca:73:65:34:1d:c5:c9:44:b9:69:ef:39:90:58:e7:
                    a3:e3:d3:07:20:ac:42:32:99:82:e9:fb:e2:a8:a9:
                    df:4a:22:46:bc:84:37:2c:3c:09:2f:28:74:21:fa:
                    52:6a:9f:95:91:be:62:ee:d2:4d:42:c0:a3:47:af:
                    fb:78:eb:b9:86:d0:50:99:5a:20:b4:46:bd:74:62:
                    f1:c0:18:4d:82:ff:d1:e7:69:80:77:88:95:1d:bf:
                    8b:14:b4:10:a1:8d:ee:07:ec:1d:40:f6:b1:39:f7:
                    a8:c7:7d:08:84:6f:d1:07:30:bb:0f:59:6d:fb:f5:
                    5e:80:37:8a:af:85:b7:1b:26:21:3e:73:2a:e8:0e:
                    01:20:e8:20:80:f3:6b:40:1a:df:a0:68:13:d0:c9:
                    2b:57:e2:ae:35:fc:51:da:bb:f7:a2:1c:98:80:fc:
                    9d:22:23:92:6b:c6:49:12:75:83:82:33:b8:2b:79:
                    57:b3:ed:8c:84:69:64:bc:92:e3:6e:99:b2:c7:4d:
                    df:91:db:99:3e:fd:a4:53:dd:50:30:b4:50:d7:89:
                    b1:2b:54:47:04:35:3c:54:73:03:98:c1:ac:09:c7:
                    aa:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:6E:B3:3D:EA:F3:81:50:47:3E:EF:EF:8A:3C:95:FC:EA:2F:AE:5E
            X509v3 Authority Key Identifier:
                keyid:B8:E0:F7:98:41:C0:21:0D:95:B4:EF:56:FF:68:44:1C:2A:A9:FC:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uOD3mEHAIQ2VtO9W_2hEHCqp_A8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/c9e704-958d-413f-8acc-6ea3cbfd3a84/1/c26zPerzgVBHPu_vijyV_Oovrl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/c9e704-958d-413f-8acc-6ea3cbfd3a84/1/uOD3mEHAIQ2VtO9W_2hEHCqp_A8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:90:da:2d:3d:d1:79:1b:11:55:19:49:4d:95:9d:b3:ce:d6:
         8f:e5:fe:68:13:6b:22:7f:f1:88:f8:29:c4:e3:4b:17:f9:f0:
         ab:50:87:09:06:71:f4:61:4d:73:ad:22:c2:9f:d2:23:81:43:
         8f:81:ec:db:2d:0a:36:fd:80:29:8a:65:97:d2:72:98:22:78:
         85:25:a3:a9:b7:2c:71:da:23:45:cb:0a:61:8e:41:b9:bb:5c:
         23:1e:87:63:e4:25:8d:12:5b:99:ae:3f:65:85:cc:2c:20:ea:
         3e:dc:7b:be:87:5b:c2:91:dd:30:2e:8f:72:26:e0:81:aa:db:
         4e:5e:ba:5e:b6:df:4d:e5:8a:72:35:68:4b:e5:fb:37:eb:10:
         8d:2d:f8:46:43:b8:db:52:6a:43:05:de:72:6e:ee:79:ba:e9:
         20:e3:d8:bb:15:11:14:ee:64:b1:7d:5e:7b:5a:a7:fe:6a:a8:
         70:23:c5:42:d2:ad:fb:ab:68:9d:14:62:9a:7e:81:99:d1:06:
         36:e4:8d:01:1c:eb:f0:e4:1a:0a:ab:a1:32:53:45:59:ee:36:
         85:9b:cc:52:c8:e6:8b:30:0f:74:75:0f:f3:b5:76:f5:ed:9c:
         d6:da:13:fd:6b:a6:52:d9:8c:4e:c4:c3:f9:dd:8c:cb:aa:19:
         bf:52:93:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRQWzU2N8st8GcyYTOq7LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4ZTBmNzk4NDFjMDIxMGQ5NWI0ZWY1NmZmNjg0NDFjMmFh
OWZjMGYwHhcNMjUwMTAxMjM0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzZlYjMzZGVhZjM4MTUwNDczZWVmZWY4YTNjOTVmY2VhMmZhZTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQMUeqMxGqCDzTYS/bhT2ACwvQYk
iMCzgwz+THvKc2U0HcXJRLlp7zmQWOej49MHIKxCMpmC6fviqKnfSiJGvIQ3LDwJ
Lyh0IfpSap+Vkb5i7tJNQsCjR6/7eOu5htBQmVogtEa9dGLxwBhNgv/R52mAd4iV
Hb+LFLQQoY3uB+wdQPaxOfeox30IhG/RBzC7D1lt+/VegDeKr4W3GyYhPnMq6A4B
IOgggPNrQBrfoGgT0MkrV+KuNfxR2rv3ohyYgPydIiOSa8ZJEnWDgjO4K3lXs+2M
hGlkvJLjbpmyx03fkduZPv2kU91QMLRQ14mxK1RHBDU8VHMDmMGsCceqeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHNusz3q84FQRz7v74o8lfzqL65eMB8GA1UdIwQY
MBaAFLjg95hBwCENlbTvVv9oRBwqqfwPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU9EM21FSEFJUTJWdE85V18yaEVIQ3FwX0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9jOWU3MDQtOTU4ZC00MTNmLThhY2Mt
NmVhM2NiZmQzYTg0LzEvYzI2elBlcnpnVkJIUHVfdmlqeVZfT292cmw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9jOWU3MDQtOTU4ZC00MTNmLThhY2MtNmVhM2NiZmQzYTg0
LzEvdU9EM21FSEFJUTJWdE85V18yaEVIQ3FwX0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZyXMA0G
CSqGSIb3DQEBCwUAA4IBAQAykNotPdF5GxFVGUlNlZ2zztaP5f5oE2sif/GI+CnE
40sX+fCrUIcJBnH0YU1zrSLCn9IjgUOPgezbLQo2/YApimWX0nKYIniFJaOptyxx
2iNFywphjkG5u1wjHodj5CWNEluZrj9lhcwsIOo+3Hu+h1vCkd0wLo9yJuCBqttO
Xrpett9N5YpyNWhL5fs36xCNLfhGQ7jbUmpDBd5ybu55uukg49i7FREU7mSxfV57
Wqf+aqhwI8VC0q37q2idFGKafoGZ0QY25I0BHOvw5BoKq6EyU0VZ7jaFm8xSyOaL
MA90dQ/ztXb17ZzW2hP9a6ZS2YxOxMP53YzLqhm/UpPa
-----END CERTIFICATE-----