Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/acbohE8I0I4NcDGX0xBlpKt6Hwk.roa
File:                     acbohE8I0I4NcDGX0xBlpKt6Hwk.roa (raw, json)
Hash identifier:          SpcEPz9wK/HRn2Y8rsgw6sbcW9wRs5G7qXN3dITXVn8=
Subject key identifier:   69:C6:E8:84:4F:08:D0:8E:0D:70:31:97:D3:10:65:A4:AB:7A:1F:09
Certificate issuer:       /CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
Certificate serial:       018E9B24837617DA7D254AA739F3A3271135
Authority key identifier: 28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/acbohE8I0I4NcDGX0xBlpKt6Hwk.roa
Signing time:             Mon 01 Apr 2024 19:30:45 +0000
ROA not before:           Mon 01 Apr 2024 19:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198078
IP address blocks:        45.139.198.0/24 maxlen: 24
                          45.139.199.0/24 maxlen: 24
                          95.214.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:02:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9b:24:83:76:17:da:7d:25:4a:a7:39:f3:a3:27:11:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
        Validity
            Not Before: Apr  1 19:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69c6e8844f08d08e0d703197d31065a4ab7a1f09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:e9:2a:87:12:28:8b:b7:42:7b:22:9b:d2:f2:
                    6f:02:85:2a:41:b6:a7:46:0a:7f:8a:ef:e4:32:4b:
                    f6:7b:38:bf:63:fa:18:35:b7:12:b1:67:37:9f:8b:
                    aa:4f:25:67:e5:1e:57:f4:b3:f8:5e:0b:a0:11:82:
                    fa:00:f9:8c:ee:35:90:c4:53:e7:a6:b2:5a:51:58:
                    ee:17:b3:86:7b:96:06:eb:25:5a:7c:ca:86:a3:88:
                    85:64:33:9a:dd:36:cf:51:81:27:8e:e9:28:16:29:
                    19:10:6f:93:c7:15:be:3a:bd:87:e2:c0:2b:33:1d:
                    ec:8a:f1:84:4c:78:4b:4f:bf:73:02:33:5e:81:9a:
                    9e:cc:72:5b:b9:c8:9e:5a:5c:73:04:76:09:69:0c:
                    52:05:81:c9:b2:53:57:0b:89:75:7f:03:3f:1d:bb:
                    15:01:9d:3d:12:9b:ca:db:37:c0:da:44:a0:59:38:
                    6b:29:83:04:dd:54:0c:6c:9d:2a:3f:77:46:b3:41:
                    94:0d:19:11:dc:11:50:5b:23:37:d6:ac:66:90:5e:
                    62:ad:4b:8a:d8:f6:b7:ad:1e:8a:28:37:9e:7e:00:
                    03:c2:82:da:cd:4f:ed:4d:cb:9d:1c:cc:50:a0:99:
                    45:aa:55:2a:f0:d1:00:06:dc:97:57:21:9f:7e:7d:
                    93:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:C6:E8:84:4F:08:D0:8E:0D:70:31:97:D3:10:65:A4:AB:7A:1F:09
            X509v3 Authority Key Identifier:
                keyid:28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/acbohE8I0I4NcDGX0xBlpKt6Hwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.198.0/23
                  95.214.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:de:be:dc:fc:90:32:61:fc:e2:87:18:b3:93:16:45:d6:0a:
         5e:a3:8d:eb:b6:55:77:20:6f:ef:23:80:c3:5c:e4:93:d3:67:
         54:1f:d9:06:ef:a0:6f:8e:3c:e1:36:79:21:a3:98:7b:8b:06:
         c3:9c:af:97:70:c8:42:ce:61:97:b9:36:f2:d3:5e:31:96:fe:
         65:7d:f3:b9:7c:2b:3d:e5:80:d4:0d:0b:60:98:d1:a9:e0:1d:
         f5:ce:ab:66:fc:13:21:bf:74:cd:97:4f:c4:37:f5:fe:9a:3b:
         5a:d4:10:67:81:ce:f5:ef:aa:cd:da:ff:ad:20:9a:38:59:f7:
         ae:17:5f:3a:4f:40:40:92:b9:6b:d2:0b:3b:d0:ad:d2:29:d4:
         a8:c0:12:68:91:7b:24:29:e1:cd:26:f8:60:1a:6e:8c:f1:a7:
         20:b3:90:3a:14:58:33:46:52:43:57:72:b8:c1:ac:d4:64:92:
         37:10:19:70:b3:a0:cf:6a:c4:f9:a8:d3:33:91:a9:90:b8:38:
         ae:39:c5:23:b9:b6:03:bd:aa:5f:80:8c:94:bd:55:f5:76:a8:
         4a:a6:69:a7:a4:42:91:06:81:97:20:14:6a:89:b6:62:b3:91:
         cf:59:1f:b7:53:4b:be:72:87:97:28:b3:e2:0d:9f:09:ef:50:
         d7:57:e0:8a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6bJIN2F9p9JUqnOfOjJxE1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MTA3YWI2OTIxZWY4Y2IyZGVjYTNlYjc2NjQ3OGNmZjNl
NWZjNmQwHhcNMjQwNDAxMTkzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWM2ZTg4NDRmMDhkMDhlMGQ3MDMxOTdkMzEwNjVhNGFiN2ExZjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkOkqhxIoi7dCeyKb0vJvAoUqQban
Rgp/iu/kMkv2ezi/Y/oYNbcSsWc3n4uqTyVn5R5X9LP4XgugEYL6APmM7jWQxFPn
prJaUVjuF7OGe5YG6yVafMqGo4iFZDOa3TbPUYEnjukoFikZEG+TxxW+Or2H4sAr
Mx3sivGETHhLT79zAjNegZqezHJbucieWlxzBHYJaQxSBYHJslNXC4l1fwM/HbsV
AZ09EpvK2zfA2kSgWThrKYME3VQMbJ0qP3dGs0GUDRkR3BFQWyM31qxmkF5irUuK
2Pa3rR6KKDeefgADwoLazU/tTcudHMxQoJlFqlUq8NEABtyXVyGffn2TkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGnG6IRPCNCODXAxl9MQZaSreh8JMB8GA1UdIwQY
MBaAFCgQeraSHvjLLeyj63ZkeM/z5fxtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzIt
YzBmYjNlZjc2NDBlLzEvYWNib2hFOEkwSTROY0RHWDB4QmxwS3Q2SHdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzItYzBmYjNlZjc2NDBl
LzEvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLYvGAwQA
X9auMA0GCSqGSIb3DQEBCwUAA4IBAQCT3r7c/JAyYfzihxizkxZF1gpeo43rtlV3
IG/vI4DDXOST02dUH9kG76BvjjzhNnkho5h7iwbDnK+XcMhCzmGXuTby014xlv5l
ffO5fCs95YDUDQtgmNGp4B31zqtm/BMhv3TNl0/EN/X+mjta1BBngc7176rN2v+t
IJo4WfeuF186T0BAkrlr0gs70K3SKdSowBJokXskKeHNJvhgGm6M8acgs5A6FFgz
RlJDV3K4wazUZJI3EBlws6DPasT5qNMzkamQuDiuOcUjubYDvapfgIyUvVX1dqhK
pmmnpEKRBoGXIBRqibZis5HPWR+3U0u+coeXKLPiDZ8J71DXV+CK
-----END CERTIFICATE-----