Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/53b013-5912-42b0-b026-a55b0dcc2946/1/yGqVtzo1K8A2TtGrJu6nUE-n4W0.roa
File:                     yGqVtzo1K8A2TtGrJu6nUE-n4W0.roa (raw, json)
Hash identifier:          Ji1ujKi5nDMQ/e8tBBQvoIlDyOpZ1kl94MAKzWyzC5c=
Subject key identifier:   C8:6A:95:B7:3A:35:2B:C0:36:4E:D1:AB:26:EE:A7:50:4F:A7:E1:6D
Certificate issuer:       /CN=26e3fc79b638b123191dafa4e886d3a5acad487f
Certificate serial:       018F18E7754E217AD55DE753C2D56550B678
Authority key identifier: 26:E3:FC:79:B6:38:B1:23:19:1D:AF:A4:E8:86:D3:A5:AC:AD:48:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JuP8ebY4sSMZHa-k6IbTpaytSH8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/53b013-5912-42b0-b026-a55b0dcc2946/1/yGqVtzo1K8A2TtGrJu6nUE-n4W0.roa
Signing time:             Fri 26 Apr 2024 05:36:13 +0000
ROA not before:           Fri 26 Apr 2024 05:36:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212496
IP address blocks:        91.216.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/53b013-5912-42b0-b026-a55b0dcc2946/1/JuP8ebY4sSMZHa-k6IbTpaytSH8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/53b013-5912-42b0-b026-a55b0dcc2946/1/JuP8ebY4sSMZHa-k6IbTpaytSH8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JuP8ebY4sSMZHa-k6IbTpaytSH8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:18:e7:75:4e:21:7a:d5:5d:e7:53:c2:d5:65:50:b6:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26e3fc79b638b123191dafa4e886d3a5acad487f
        Validity
            Not Before: Apr 26 05:36:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c86a95b73a352bc0364ed1ab26eea7504fa7e16d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:fe:08:c4:75:9a:22:2b:06:29:4e:dd:b0:ba:
                    b6:cf:86:3b:10:ad:78:a4:57:ed:b9:30:0b:b0:a8:
                    13:f2:0c:eb:13:28:1e:df:37:49:0e:9a:92:7e:5f:
                    bb:f4:1e:31:93:a7:27:10:6c:54:71:0f:e0:ce:8a:
                    f9:b0:0a:2c:bb:3f:de:c5:a2:80:1c:d3:a3:11:b8:
                    b3:81:42:f5:a5:a6:76:76:99:e6:35:22:9f:37:91:
                    c6:26:da:ef:1a:fa:e2:37:c7:28:b9:a1:db:ce:69:
                    2d:bf:08:70:0f:f4:fb:0e:73:c1:5f:84:4c:f3:f5:
                    5d:84:03:4a:86:4b:cc:d5:d0:9b:2c:d0:e5:30:ce:
                    9c:56:6f:aa:9e:d9:84:95:e3:67:18:8d:a1:56:41:
                    ca:28:17:91:b0:91:2b:92:ad:d8:f6:a3:c7:e4:f4:
                    98:af:20:44:9c:b6:25:6b:35:3b:02:19:69:00:4c:
                    52:80:a5:a9:ea:42:c0:5b:d3:3f:35:67:f0:e4:00:
                    9e:2e:ef:09:d4:2c:9f:73:2f:f3:fe:18:e7:1e:e5:
                    86:62:c1:b2:50:24:6c:1c:86:64:0f:41:b7:d2:54:
                    13:7f:b0:f9:27:ee:67:36:d9:49:59:15:e3:79:c7:
                    70:4a:e8:e9:6e:73:90:c1:a4:36:70:f2:15:ee:14:
                    04:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:6A:95:B7:3A:35:2B:C0:36:4E:D1:AB:26:EE:A7:50:4F:A7:E1:6D
            X509v3 Authority Key Identifier:
                keyid:26:E3:FC:79:B6:38:B1:23:19:1D:AF:A4:E8:86:D3:A5:AC:AD:48:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JuP8ebY4sSMZHa-k6IbTpaytSH8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/53b013-5912-42b0-b026-a55b0dcc2946/1/yGqVtzo1K8A2TtGrJu6nUE-n4W0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/53b013-5912-42b0-b026-a55b0dcc2946/1/JuP8ebY4sSMZHa-k6IbTpaytSH8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:88:e8:2f:81:43:b9:14:df:60:1d:3e:a0:c0:30:52:25:85:
         00:09:fb:8f:3e:7c:3f:85:9e:a6:3e:b8:04:95:3d:98:86:66:
         b5:56:5a:ca:5a:e4:74:24:76:02:89:d3:5f:2c:0c:89:85:66:
         f1:56:26:4c:6b:fd:fc:f3:8a:a7:7a:1d:d1:35:24:2c:f4:d0:
         d5:eb:f7:1c:55:26:80:a6:7f:22:48:83:3d:46:9b:8a:46:a6:
         62:be:91:54:9e:ef:d3:eb:a2:74:9b:cf:d2:03:da:45:52:78:
         bd:08:4c:13:d5:03:cc:8c:c3:19:72:31:eb:ee:cc:41:00:55:
         75:d7:8d:46:b9:ed:0b:c5:21:f8:87:c8:e4:c0:03:29:aa:85:
         24:a9:e2:61:47:3f:e1:b0:bc:04:08:8d:c9:81:5a:1c:48:74:
         bb:8a:79:19:28:e0:bf:68:d8:93:86:be:11:b3:11:76:f4:10:
         5a:d4:fa:d8:61:35:5c:cb:5c:e3:39:60:e6:9b:23:df:56:d3:
         73:48:61:01:cd:50:eb:eb:dd:fb:50:47:90:a8:2e:9a:a1:f2:
         4d:71:7d:ad:1c:e0:81:02:3c:95:e9:04:af:db:45:c1:b0:7d:
         f9:6e:33:40:fe:0c:57:dd:e9:24:05:7e:fe:ea:ac:00:06:6f:
         bd:21:7b:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8Y53VOIXrVXedTwtVlULZ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2ZTNmYzc5YjYzOGIxMjMxOTFkYWZhNGU4ODZkM2E1YWNh
ZDQ4N2YwHhcNMjQwNDI2MDUzNjEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODZhOTViNzNhMzUyYmMwMzY0ZWQxYWIyNmVlYTc1MDRmYTdlMTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkv4IxHWaIisGKU7dsLq2z4Y7EK14
pFftuTALsKgT8gzrEyge3zdJDpqSfl+79B4xk6cnEGxUcQ/gzor5sAosuz/exaKA
HNOjEbizgUL1paZ2dpnmNSKfN5HGJtrvGvriN8couaHbzmktvwhwD/T7DnPBX4RM
8/VdhANKhkvM1dCbLNDlMM6cVm+qntmEleNnGI2hVkHKKBeRsJErkq3Y9qPH5PSY
ryBEnLYlazU7AhlpAExSgKWp6kLAW9M/NWfw5ACeLu8J1Cyfcy/z/hjnHuWGYsGy
UCRsHIZkD0G30lQTf7D5J+5nNtlJWRXjecdwSujpbnOQwaQ2cPIV7hQEhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMhqlbc6NSvANk7Rqybup1BPp+FtMB8GA1UdIwQY
MBaAFCbj/Hm2OLEjGR2vpOiG06WsrUh/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnVQOGViWTRzU01aSGEtazZJYlRwYXl0U0g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi81M2IwMTMtNTkxMi00MmIwLWIwMjYt
YTU1YjBkY2MyOTQ2LzEveUdxVnR6bzFLOEEyVHRHckp1Nm5VRS1uNFcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi81M2IwMTMtNTkxMi00MmIwLWIwMjYtYTU1YjBkY2MyOTQ2
LzEvSnVQOGViWTRzU01aSGEtazZJYlRwYXl0U0g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9i6MA0G
CSqGSIb3DQEBCwUAA4IBAQCeiOgvgUO5FN9gHT6gwDBSJYUACfuPPnw/hZ6mPrgE
lT2Yhma1VlrKWuR0JHYCidNfLAyJhWbxViZMa/3884qneh3RNSQs9NDV6/ccVSaA
pn8iSIM9RpuKRqZivpFUnu/T66J0m8/SA9pFUni9CEwT1QPMjMMZcjHr7sxBAFV1
141Gue0LxSH4h8jkwAMpqoUkqeJhRz/hsLwECI3JgVocSHS7inkZKOC/aNiThr4R
sxF29BBa1PrYYTVcy1zjOWDmmyPfVtNzSGEBzVDr6937UEeQqC6aofJNcX2tHOCB
AjyV6QSv20XBsH35bjNA/gxX3ekkBX7+6qwABm+9IXtB
-----END CERTIFICATE-----