Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/ZuMlAOVSBDR2Uu8z8KE1yEZVJBU.roa
File:                     ZuMlAOVSBDR2Uu8z8KE1yEZVJBU.roa (raw, json)
Hash identifier:          wrTxHWNx3Xe9oW5fAkd41u9LJypmDbzbc9lI+VOOzGs=
Subject key identifier:   66:E3:25:00:E5:52:04:34:76:52:EF:33:F0:A1:35:C8:46:55:24:15
Certificate issuer:       /CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
Certificate serial:       018CC8DE1437C51A7FA9E246A8D2D4FC85D0
Authority key identifier: 28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/ZuMlAOVSBDR2Uu8z8KE1yEZVJBU.roa
Signing time:             Tue 02 Jan 2024 06:30:46 +0000
ROA not before:           Tue 02 Jan 2024 06:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        193.239.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 04:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:14:37:c5:1a:7f:a9:e2:46:a8:d2:d4:fc:85:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
        Validity
            Not Before: Jan  2 06:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66e32500e55204347652ef33f0a135c846552415
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:15:ef:06:f4:96:6a:a4:a9:52:dd:85:a9:5b:
                    f8:cf:4d:aa:85:4b:c1:41:a9:80:73:eb:bb:a8:2f:
                    d1:7f:50:03:0e:e9:ba:8b:5c:20:c5:b4:ef:fa:7a:
                    6c:7f:10:40:2f:50:e7:ff:66:d1:fa:64:01:bc:79:
                    f6:df:13:3e:aa:cc:de:bc:93:2e:1b:a5:2d:58:10:
                    ec:a5:5f:2b:de:ee:21:0c:f3:ce:2e:e7:a5:a9:ac:
                    25:5f:7d:34:0a:b2:12:b8:61:dc:31:c0:eb:d9:57:
                    09:1a:3a:35:09:60:46:22:8d:9a:e7:95:eb:97:c4:
                    1c:8f:43:7a:14:06:2d:84:df:5c:44:a9:19:88:55:
                    a5:67:ae:6c:67:67:9d:bb:3d:45:69:ce:7d:bd:f8:
                    03:c2:49:e3:5b:7a:90:7c:dd:16:54:2f:e0:b5:a0:
                    59:0e:9e:8b:db:47:53:59:9b:16:cb:5f:d4:f4:e6:
                    6f:ce:99:be:15:55:13:d6:51:7d:86:56:9b:39:61:
                    16:1c:f6:42:d4:c2:a8:1b:91:90:7a:45:5d:66:f6:
                    7d:29:2b:a4:b4:32:09:eb:93:30:25:fa:10:84:00:
                    83:56:65:32:c6:c4:f2:99:85:2d:ac:3c:2c:6c:bb:
                    d6:7c:68:36:a3:5e:7b:31:3b:7a:06:d4:87:38:9c:
                    e2:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:E3:25:00:E5:52:04:34:76:52:EF:33:F0:A1:35:C8:46:55:24:15
            X509v3 Authority Key Identifier:
                keyid:28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/ZuMlAOVSBDR2Uu8z8KE1yEZVJBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.239.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:1a:a3:8b:e4:39:1b:dc:6c:fc:81:e7:02:a0:92:9e:c9:af:
         cf:68:00:c9:d3:c2:56:34:82:e2:90:40:d1:b7:92:02:b3:1e:
         ca:ba:82:9e:cd:a0:96:c1:3c:37:5f:3f:46:46:80:26:dd:31:
         34:88:ac:6f:40:d7:38:80:5f:a0:96:dd:b2:ce:f6:cb:5a:d4:
         11:b2:0d:32:86:98:d4:31:d9:48:96:5e:96:14:a4:3b:ed:d8:
         e8:82:37:7d:a4:5e:85:e8:3a:ed:52:f4:a1:44:e4:dc:ae:85:
         4e:3e:27:14:da:0e:8a:1a:cf:60:25:a4:0b:d6:20:14:db:4d:
         e9:01:34:e8:df:4d:4c:50:eb:ce:7e:80:27:20:6a:e3:62:97:
         09:8c:1f:c6:46:c1:c4:b9:19:98:a0:a7:df:43:69:73:8b:cc:
         e0:07:84:12:ea:66:70:91:9e:3e:d9:95:d4:f8:2a:8a:a3:0e:
         da:30:a9:79:0e:70:d2:d6:9e:dc:ad:2d:df:99:4c:93:f0:db:
         0a:77:bb:d5:8c:2b:81:6d:ac:55:26:81:fc:c4:90:03:5e:d8:
         b7:6a:67:79:ef:ad:a8:37:0a:0d:4b:20:81:ec:38:a2:e5:84:
         f4:ec:c9:33:3f:71:32:05:2d:e3:b3:0b:71:bc:b4:67:97:cb:
         ef:a9:88:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3hQ3xRp/qeJGqNLU/IXQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MTA3YWI2OTIxZWY4Y2IyZGVjYTNlYjc2NjQ3OGNmZjNl
NWZjNmQwHhcNMjQwMTAyMDYzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmUzMjUwMGU1NTIwNDM0NzY1MmVmMzNmMGExMzVjODQ2NTUyNDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3RXvBvSWaqSpUt2FqVv4z02qhUvB
QamAc+u7qC/Rf1ADDum6i1wgxbTv+npsfxBAL1Dn/2bR+mQBvHn23xM+qszevJMu
G6UtWBDspV8r3u4hDPPOLuelqawlX300CrISuGHcMcDr2VcJGjo1CWBGIo2a55Xr
l8Qcj0N6FAYthN9cRKkZiFWlZ65sZ2eduz1Fac59vfgDwknjW3qQfN0WVC/gtaBZ
Dp6L20dTWZsWy1/U9OZvzpm+FVUT1lF9hlabOWEWHPZC1MKoG5GQekVdZvZ9KSuk
tDIJ65MwJfoQhACDVmUyxsTymYUtrDwsbLvWfGg2o157MTt6BtSHOJzinQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGbjJQDlUgQ0dlLvM/ChNchGVSQVMB8GA1UdIwQY
MBaAFCgQeraSHvjLLeyj63ZkeM/z5fxtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzIt
YzBmYjNlZjc2NDBlLzEvWnVNbEFPVlNCRFIyVXU4ejhLRTF5RVpWSkJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzItYzBmYjNlZjc2NDBl
LzEvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwe/sMA0G
CSqGSIb3DQEBCwUAA4IBAQBXGqOL5Dkb3Gz8gecCoJKeya/PaADJ08JWNILikEDR
t5ICsx7KuoKezaCWwTw3Xz9GRoAm3TE0iKxvQNc4gF+glt2yzvbLWtQRsg0yhpjU
MdlIll6WFKQ77djogjd9pF6F6DrtUvShROTcroVOPicU2g6KGs9gJaQL1iAU203p
ATTo301MUOvOfoAnIGrjYpcJjB/GRsHEuRmYoKffQ2lzi8zgB4QS6mZwkZ4+2ZXU
+CqKow7aMKl5DnDS1p7crS3fmUyT8NsKd7vVjCuBbaxVJoH8xJADXti3amd5762o
NwoNSyCB7Dii5YT07MkzP3EyBS3jswtxvLRnl8vvqYj+
-----END CERTIFICATE-----