Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/s9vn8VnHEFGsXUc8LyMP92tXBTo.roa
File:                     s9vn8VnHEFGsXUc8LyMP92tXBTo.roa (raw, json)
Hash identifier:          sTxGU54F/6jV4K8mp1ItrmVWkwRENAIfJYvahoOHp2M=
Subject key identifier:   B3:DB:E7:F1:59:C7:10:51:AC:5D:47:3C:2F:23:0F:F7:6B:57:05:3A
Certificate issuer:       /CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
Certificate serial:       018CC8DE19B3D4EABD944E09C4CE58315BDC
Authority key identifier: 28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/s9vn8VnHEFGsXUc8LyMP92tXBTo.roa
Signing time:             Tue 02 Jan 2024 06:30:47 +0000
ROA not before:           Tue 02 Jan 2024 06:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209371
IP address blocks:        45.139.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:19:b3:d4:ea:bd:94:4e:09:c4:ce:58:31:5b:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
        Validity
            Not Before: Jan  2 06:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3dbe7f159c71051ac5d473c2f230ff76b57053a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:ab:93:59:c7:3c:67:f7:aa:da:14:4a:2f:c1:
                    59:24:aa:7f:54:7a:4d:5e:ae:cb:4f:b5:9a:06:de:
                    75:94:51:6b:ca:09:87:a5:74:24:49:22:d5:f5:73:
                    39:59:52:bf:26:fa:d9:1d:f1:00:f2:cc:6d:00:45:
                    42:29:3b:35:34:40:75:0f:ed:46:d1:53:53:68:c7:
                    e1:c3:d5:30:57:68:21:c1:bf:fe:0d:eb:60:63:0b:
                    c1:2f:97:0e:be:b9:07:b2:47:fc:6d:fe:fb:d0:c5:
                    0f:20:fb:94:50:99:bd:af:e7:6c:3f:00:1b:9c:b2:
                    96:03:13:88:18:12:b7:cb:31:3c:ac:08:b2:2f:a9:
                    20:d1:f9:0e:10:6e:f6:2e:20:10:47:3e:4a:87:2f:
                    52:91:be:2e:b4:94:b6:a1:ba:09:d7:5f:ff:1e:bb:
                    4d:6b:20:9a:0e:1f:6f:3b:7f:07:58:2e:0a:97:c3:
                    1f:24:4d:ae:0a:5e:65:d7:73:c9:f8:48:b2:ea:dc:
                    a2:eb:8d:1b:05:be:6b:10:5c:93:35:7f:c0:93:02:
                    e7:95:85:64:40:a0:99:9d:a9:de:e2:fe:4f:c9:52:
                    2a:82:af:3e:07:0b:d9:86:0f:68:e0:94:e9:a5:9e:
                    99:fd:e5:28:02:b5:fe:f7:50:6f:57:21:91:11:f5:
                    48:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:DB:E7:F1:59:C7:10:51:AC:5D:47:3C:2F:23:0F:F7:6B:57:05:3A
            X509v3 Authority Key Identifier:
                keyid:28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/s9vn8VnHEFGsXUc8LyMP92tXBTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:38:07:87:5b:bb:8c:26:8e:e9:ee:cb:c9:65:19:39:ff:61:
         9a:b2:5b:f5:cc:48:53:e6:fa:af:ad:31:21:4f:9c:00:c6:f9:
         b3:64:1a:69:af:7a:b2:17:f4:ec:b0:f9:28:ec:e8:f6:39:3d:
         dd:30:74:32:c6:9e:4e:4e:a7:ab:e3:cc:b1:5b:65:ad:e2:40:
         9a:1a:9f:c0:e0:50:57:bc:a8:78:9a:f0:90:e1:e7:78:6c:23:
         ed:8e:f9:f3:bd:b9:de:22:b5:de:4f:9b:04:f2:a2:7d:16:3d:
         9f:ff:b9:2d:96:d6:47:b1:08:a3:20:aa:97:30:a9:8b:0f:83:
         39:24:c5:5c:33:3b:42:92:e4:36:d5:e5:d0:6d:78:89:6e:ba:
         a2:d4:dd:29:e8:f9:8e:f6:36:1b:bd:0b:6c:58:aa:0a:88:c5:
         d8:e9:17:e1:1b:9e:1b:76:06:49:8c:76:c9:43:04:cc:d6:fc:
         6a:b9:80:bc:bd:b1:61:9d:25:9f:3a:a4:3e:4c:37:4a:0c:b2:
         b7:2b:db:05:be:d7:ae:2f:ed:cb:ce:5d:71:b3:15:42:75:68:
         68:f9:df:53:8d:5b:9b:8f:80:be:ca:2a:b0:4f:5c:5e:0f:f3:
         6a:47:9a:7d:8d:94:b4:8c:66:1c:44:f0:41:ed:e0:3e:04:1f:
         95:ea:72:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3hmz1Oq9lE4JxM5YMVvcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MTA3YWI2OTIxZWY4Y2IyZGVjYTNlYjc2NjQ3OGNmZjNl
NWZjNmQwHhcNMjQwMTAyMDYzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2RiZTdmMTU5YzcxMDUxYWM1ZDQ3M2MyZjIzMGZmNzZiNTcwNTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiauTWcc8Z/eq2hRKL8FZJKp/VHpN
Xq7LT7WaBt51lFFrygmHpXQkSSLV9XM5WVK/JvrZHfEA8sxtAEVCKTs1NEB1D+1G
0VNTaMfhw9UwV2ghwb/+DetgYwvBL5cOvrkHskf8bf770MUPIPuUUJm9r+dsPwAb
nLKWAxOIGBK3yzE8rAiyL6kg0fkOEG72LiAQRz5Khy9Skb4utJS2oboJ11//HrtN
ayCaDh9vO38HWC4Kl8MfJE2uCl5l13PJ+Eiy6tyi640bBb5rEFyTNX/AkwLnlYVk
QKCZnane4v5PyVIqgq8+BwvZhg9o4JTppZ6Z/eUoArX+91BvVyGREfVIUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLPb5/FZxxBRrF1HPC8jD/drVwU6MB8GA1UdIwQY
MBaAFCgQeraSHvjLLeyj63ZkeM/z5fxtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzIt
YzBmYjNlZjc2NDBlLzEvczl2bjhWbkhFRkdzWFVjOEx5TVA5MnRYQlRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzItYzBmYjNlZjc2NDBl
LzEvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYvHMA0G
CSqGSIb3DQEBCwUAA4IBAQCcOAeHW7uMJo7p7svJZRk5/2Gaslv1zEhT5vqvrTEh
T5wAxvmzZBppr3qyF/TssPko7Oj2OT3dMHQyxp5OTqer48yxW2Wt4kCaGp/A4FBX
vKh4mvCQ4ed4bCPtjvnzvbneIrXeT5sE8qJ9Fj2f/7ktltZHsQijIKqXMKmLD4M5
JMVcMztCkuQ21eXQbXiJbrqi1N0p6PmO9jYbvQtsWKoKiMXY6RfhG54bdgZJjHbJ
QwTM1vxquYC8vbFhnSWfOqQ+TDdKDLK3K9sFvteuL+3Lzl1xsxVCdWho+d9TjVub
j4C+yiqwT1xeD/NqR5p9jZS0jGYcRPBB7eA+BB+V6nIY
-----END CERTIFICATE-----