Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/xxtKhdFSQ7arXoaO6JrEtumcw8Q.roa
File:                     xxtKhdFSQ7arXoaO6JrEtumcw8Q.roa (raw, json)
Hash identifier:          TKJ+YH/c8LH+h/OuVUHf7TMyfZImL40fcZXQ7/8vqhk=
Subject key identifier:   C7:1B:4A:85:D1:52:43:B6:AB:5E:86:8E:E8:9A:C4:B6:E9:9C:C3:C4
Certificate issuer:       /CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
Certificate serial:       018CC8DE1C17996840C0846AE59012794868
Authority key identifier: 28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/xxtKhdFSQ7arXoaO6JrEtumcw8Q.roa
Signing time:             Tue 02 Jan 2024 06:30:48 +0000
ROA not before:           Tue 02 Jan 2024 06:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     267950
IP address blocks:        45.139.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:1c:17:99:68:40:c0:84:6a:e5:90:12:79:48:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
        Validity
            Not Before: Jan  2 06:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c71b4a85d15243b6ab5e868ee89ac4b6e99cc3c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:8e:1b:8c:66:5a:0c:d1:dd:97:08:f3:3d:ea:
                    8b:02:d1:45:b0:dc:70:1b:2c:dc:71:b3:52:85:d0:
                    74:a1:e8:52:b6:03:d0:ba:70:6e:04:c4:eb:ad:40:
                    eb:39:9d:5a:82:9f:b5:d4:5b:60:a4:d7:ad:22:b5:
                    66:d9:02:3b:d5:09:f2:6f:e3:d5:c9:2a:07:c2:32:
                    39:6c:2b:a2:7d:11:78:88:b7:e6:aa:12:00:8d:db:
                    2b:e2:f4:32:50:65:57:28:ae:f4:3f:7f:87:93:45:
                    de:6d:1a:df:09:87:08:4d:4f:b3:fe:1f:5d:54:15:
                    fc:73:14:ad:b7:cb:95:9b:9d:d3:43:e8:0d:d1:84:
                    0d:f7:ae:b7:20:e4:55:83:20:25:f0:33:77:a3:c4:
                    61:96:45:13:8b:93:a9:90:1a:7e:34:7c:2b:eb:fa:
                    42:1c:fc:03:6a:ca:01:2c:1a:df:4e:93:92:9d:59:
                    6c:3a:4b:cb:d9:d4:35:11:62:ea:f1:ac:01:96:f1:
                    87:7c:13:77:6f:49:1e:3d:06:8c:b6:94:96:51:0d:
                    7b:df:f0:7d:5d:5d:c3:45:8c:80:c4:08:ac:f0:47:
                    c8:ff:20:18:6e:03:9f:50:32:dd:59:3a:60:74:59:
                    ec:b2:3b:e5:96:b4:31:d7:b7:7b:7f:13:9b:36:ec:
                    97:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:1B:4A:85:D1:52:43:B6:AB:5E:86:8E:E8:9A:C4:B6:E9:9C:C3:C4
            X509v3 Authority Key Identifier:
                keyid:28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/xxtKhdFSQ7arXoaO6JrEtumcw8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:f7:19:d6:e3:bc:ff:6b:ac:4e:59:6b:a3:6a:b6:6b:92:5d:
         2d:01:27:67:54:69:bd:88:99:e2:3c:aa:d5:bd:4d:4f:63:a4:
         70:e7:91:1e:24:fd:ef:bd:4a:e4:eb:b0:9c:1b:58:d1:8c:12:
         67:48:9a:c2:eb:3f:63:9b:6e:b3:6d:7b:24:c8:63:dd:43:4e:
         a2:a8:e5:4c:0b:53:a1:0d:db:73:a7:b5:b5:13:fd:2e:32:ce:
         52:03:a6:3f:01:1e:1b:b8:86:9b:7b:4d:b1:86:a2:17:f3:f4:
         56:a1:40:68:44:88:1e:6f:f1:60:7e:04:59:77:5a:90:ed:9e:
         4e:21:14:b1:38:ec:97:42:f4:b9:97:58:fc:ab:56:2d:f7:2f:
         b2:32:1c:9a:d3:e8:86:8a:50:a0:cc:6a:df:9b:c8:b1:9c:a0:
         24:a4:98:c1:18:7a:17:df:a0:c5:d3:51:39:25:59:30:db:87:
         83:fa:01:b0:7f:8b:80:9a:ea:de:f4:6a:f5:f1:6a:9e:96:6f:
         78:3e:99:80:1a:13:04:68:8c:23:45:fd:7b:48:d5:ad:95:1b:
         3f:17:1e:b5:14:16:52:55:6d:00:8c:79:82:b3:82:78:31:6e:
         56:96:2e:a4:c6:80:67:0e:aa:ac:6d:44:9b:fd:3a:ec:f8:b0:
         d3:83:0e:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3hwXmWhAwIRq5ZASeUhoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MTA3YWI2OTIxZWY4Y2IyZGVjYTNlYjc2NjQ3OGNmZjNl
NWZjNmQwHhcNMjQwMTAyMDYzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzFiNGE4NWQxNTI0M2I2YWI1ZTg2OGVlODlhYzRiNmU5OWNjM2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqI4bjGZaDNHdlwjzPeqLAtFFsNxw
GyzccbNShdB0oehStgPQunBuBMTrrUDrOZ1agp+11FtgpNetIrVm2QI71Qnyb+PV
ySoHwjI5bCuifRF4iLfmqhIAjdsr4vQyUGVXKK70P3+Hk0XebRrfCYcITU+z/h9d
VBX8cxStt8uVm53TQ+gN0YQN9663IORVgyAl8DN3o8RhlkUTi5OpkBp+NHwr6/pC
HPwDasoBLBrfTpOSnVlsOkvL2dQ1EWLq8awBlvGHfBN3b0kePQaMtpSWUQ173/B9
XV3DRYyAxAis8EfI/yAYbgOfUDLdWTpgdFnssjvllrQx17d7fxObNuyXQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMcbSoXRUkO2q16GjuiaxLbpnMPEMB8GA1UdIwQY
MBaAFCgQeraSHvjLLeyj63ZkeM/z5fxtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzIt
YzBmYjNlZjc2NDBlLzEveHh0S2hkRlNRN2FyWG9hTzZKckV0dW1jdzhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzItYzBmYjNlZjc2NDBl
LzEvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYvFMA0G
CSqGSIb3DQEBCwUAA4IBAQAg9xnW47z/a6xOWWujarZrkl0tASdnVGm9iJniPKrV
vU1PY6Rw55EeJP3vvUrk67CcG1jRjBJnSJrC6z9jm26zbXskyGPdQ06iqOVMC1Oh
Ddtzp7W1E/0uMs5SA6Y/AR4buIabe02xhqIX8/RWoUBoRIgeb/FgfgRZd1qQ7Z5O
IRSxOOyXQvS5l1j8q1Yt9y+yMhya0+iGilCgzGrfm8ixnKAkpJjBGHoX36DF01E5
JVkw24eD+gGwf4uAmure9Gr18Wqelm94PpmAGhMEaIwjRf17SNWtlRs/Fx61FBZS
VW0AjHmCs4J4MW5Wli6kxoBnDqqsbUSb/Trs+LDTgw46
-----END CERTIFICATE-----