Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/akqXbnyNbcmX5dg7dzIiFidii1Y.roa
File:                     akqXbnyNbcmX5dg7dzIiFidii1Y.roa (raw, json)
Hash identifier:          /zGLvFEdN3lIxDna16Tnt6hs0xPYiD8skJ1cc+rFg6o=
Subject key identifier:   6A:4A:97:6E:7C:8D:6D:C9:97:E5:D8:3B:77:32:22:16:27:62:8B:56
Certificate issuer:       /CN=aa5b471d0ba089d9e9f46c291319674fac8128d0
Certificate serial:       018CC64A72D67B7442228ED4233C13D58D1A
Authority key identifier: AA:5B:47:1D:0B:A0:89:D9:E9:F4:6C:29:13:19:67:4F:AC:81:28:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qltHHQugidnp9GwpExlnT6yBKNA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/akqXbnyNbcmX5dg7dzIiFidii1Y.roa
Signing time:             Mon 01 Jan 2024 18:30:16 +0000
ROA not before:           Mon 01 Jan 2024 18:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207922
IP address blocks:        195.26.8.0/24 maxlen: 24
                          2a0f:4a40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/qltHHQugidnp9GwpExlnT6yBKNA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/qltHHQugidnp9GwpExlnT6yBKNA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qltHHQugidnp9GwpExlnT6yBKNA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:72:d6:7b:74:42:22:8e:d4:23:3c:13:d5:8d:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa5b471d0ba089d9e9f46c291319674fac8128d0
        Validity
            Not Before: Jan  1 18:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a4a976e7c8d6dc997e5d83b7732221627628b56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:77:30:3e:00:54:51:7a:1b:5a:f3:a4:7f:2a:
                    9f:9a:96:ee:54:7f:ec:78:14:22:6f:52:87:81:76:
                    9a:27:04:45:d4:6a:0e:67:53:12:88:04:24:3a:a8:
                    ae:9a:ee:87:da:0f:fc:f8:f7:63:9b:f9:d7:4f:2c:
                    81:9f:dd:66:52:f6:86:6b:ac:cf:d7:7d:79:6a:4d:
                    32:bd:4f:1f:32:0f:eb:2a:19:6c:cc:12:67:66:3d:
                    5d:5d:9f:a7:57:92:f7:bd:f1:2d:ac:b3:14:cc:89:
                    55:56:75:92:10:c4:65:d1:6e:3f:a6:e9:15:94:e0:
                    5b:2d:94:96:18:7b:a9:e0:a7:0a:1c:d3:21:1e:1b:
                    a3:3c:10:01:36:e6:e3:49:10:b9:ed:4f:6f:db:ea:
                    8a:af:b5:81:ac:c5:2c:57:fa:ea:bd:c8:9b:b5:59:
                    d9:69:d4:c8:ec:cd:af:b4:88:83:f6:a8:5d:bd:ba:
                    e5:80:52:c0:0f:57:df:37:e4:01:3c:e0:a1:a6:c4:
                    e9:5a:d2:64:06:93:73:09:62:ab:32:7a:17:83:90:
                    7b:50:c2:9a:36:6e:81:d1:9b:99:2b:b9:0e:e4:52:
                    a0:77:e5:a0:43:aa:97:e2:1a:92:9a:5f:11:b8:e6:
                    f5:86:36:19:55:fb:43:10:5e:4d:ff:1a:05:6a:88:
                    f8:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:4A:97:6E:7C:8D:6D:C9:97:E5:D8:3B:77:32:22:16:27:62:8B:56
            X509v3 Authority Key Identifier:
                keyid:AA:5B:47:1D:0B:A0:89:D9:E9:F4:6C:29:13:19:67:4F:AC:81:28:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qltHHQugidnp9GwpExlnT6yBKNA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/akqXbnyNbcmX5dg7dzIiFidii1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/qltHHQugidnp9GwpExlnT6yBKNA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.26.8.0/24
                IPv6:
                  2a0f:4a40::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:50:ad:a1:e5:d0:6a:e4:07:76:ac:57:72:26:ae:cf:91:04:
         cd:7f:76:10:9e:98:8d:3b:2d:f1:b5:84:be:c8:c0:f0:28:e7:
         99:e4:78:91:d4:61:6d:be:12:67:3e:d3:38:a8:32:66:b0:83:
         ab:e9:22:72:f4:c7:22:01:49:1b:e9:a2:63:66:39:59:f9:dc:
         9d:cb:ce:07:4f:c7:77:d9:89:57:36:b3:c3:3d:22:0d:cd:79:
         17:60:cd:57:d3:41:85:1d:31:e5:97:e7:eb:7e:6c:68:b3:b6:
         9d:3d:0c:83:d1:f0:49:eb:c1:88:93:94:d6:6e:6b:1e:30:19:
         0f:90:b7:2a:64:9e:6b:89:36:f7:93:ae:ba:69:d6:cf:92:d2:
         85:23:01:b8:56:43:e4:4b:0b:98:f3:19:3a:a9:4e:1e:f0:6b:
         5e:3f:4f:b9:50:71:25:09:1e:2b:a3:65:59:b6:8c:f8:51:82:
         a7:46:32:f6:6b:12:9c:44:54:a0:98:81:91:e9:ec:93:fc:87:
         5b:5d:9e:a0:96:aa:9f:15:41:fc:77:8e:91:e2:5d:97:0a:6f:
         3d:d5:8e:cd:b0:8b:2a:0d:40:a0:56:da:cd:29:8b:9f:0b:33:
         91:ba:85:2b:f5:91:92:0f:b1:0b:61:d1:fa:77:20:a1:d1:3c:
         91:52:a7:11
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGSnLWe3RCIo7UIzwT1Y0aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNWI0NzFkMGJhMDg5ZDllOWY0NmMyOTEzMTk2NzRmYWM4
MTI4ZDAwHhcNMjQwMTAxMTgzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTRhOTc2ZTdjOGQ2ZGM5OTdlNWQ4M2I3NzMyMjIxNjI3NjI4YjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh3cwPgBUUXobWvOkfyqfmpbuVH/s
eBQib1KHgXaaJwRF1GoOZ1MSiAQkOqiumu6H2g/8+Pdjm/nXTyyBn91mUvaGa6zP
1315ak0yvU8fMg/rKhlszBJnZj1dXZ+nV5L3vfEtrLMUzIlVVnWSEMRl0W4/pukV
lOBbLZSWGHup4KcKHNMhHhujPBABNubjSRC57U9v2+qKr7WBrMUsV/rqvcibtVnZ
adTI7M2vtIiD9qhdvbrlgFLAD1ffN+QBPOChpsTpWtJkBpNzCWKrMnoXg5B7UMKa
Nm6B0ZuZK7kO5FKgd+WgQ6qX4hqSml8RuOb1hjYZVftDEF5N/xoFaoj4xwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGpKl258jW3Jl+XYO3cyIhYnYotWMB8GA1UdIwQY
MBaAFKpbRx0LoInZ6fRsKRMZZ0+sgSjQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWx0SEhRdWdpZG5wOUd3cEV4bG5UNnlCS05BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS80YmUwMjctODhlOS00N2UzLWJiODgt
NmYyZTI1MjliZTgyLzEvYWtxWGJueU5iY21YNWRnN2R6SWlGaWRpaTFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS80YmUwMjctODhlOS00N2UzLWJiODgtNmYyZTI1MjliZTgy
LzEvcWx0SEhRdWdpZG5wOUd3cEV4bG5UNnlCS05BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwxoIMA0E
AgACMAcDBQMqD0pAMA0GCSqGSIb3DQEBCwUAA4IBAQA7UK2h5dBq5Ad2rFdyJq7P
kQTNf3YQnpiNOy3xtYS+yMDwKOeZ5HiR1GFtvhJnPtM4qDJmsIOr6SJy9MciAUkb
6aJjZjlZ+dydy84HT8d32YlXNrPDPSINzXkXYM1X00GFHTHll+frfmxos7adPQyD
0fBJ68GIk5TWbmseMBkPkLcqZJ5riTb3k666adbPktKFIwG4VkPkSwuY8xk6qU4e
8GteP0+5UHElCR4ro2VZtoz4UYKnRjL2axKcRFSgmIGR6eyT/IdbXZ6glqqfFUH8
d46R4l2XCm891Y7NsIsqDUCgVtrNKYufCzORuoUr9ZGSD7ELYdH6dyCh0TyRUqcR
-----END CERTIFICATE-----