Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/gggO8DVV7iZwCSasEaLPQ42soKk.roa
File:                     gggO8DVV7iZwCSasEaLPQ42soKk.roa (raw, json)
Hash identifier:          8+/dNDI7lcw8y3xnk3m03RDxAtchKvl9eJ6s7qo82gU=
Subject key identifier:   82:08:0E:F0:35:55:EE:26:70:09:26:AC:11:A2:CF:43:8D:AC:A0:A9
Certificate issuer:       /CN=9e8cd7d6a4105750bf8975a7d0b96794c1efe622
Certificate serial:       018CC94D7CA6B02F1B9F90D3C87606716257
Authority key identifier: 9E:8C:D7:D6:A4:10:57:50:BF:89:75:A7:D0:B9:67:94:C1:EF:E6:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nozX1qQQV1C_iXWn0LlnlMHv5iI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/gggO8DVV7iZwCSasEaLPQ42soKk.roa
Signing time:             Tue 02 Jan 2024 08:32:27 +0000
ROA not before:           Tue 02 Jan 2024 08:32:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50942
IP address blocks:        91.207.26.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/nozX1qQQV1C_iXWn0LlnlMHv5iI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/nozX1qQQV1C_iXWn0LlnlMHv5iI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nozX1qQQV1C_iXWn0LlnlMHv5iI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:7c:a6:b0:2f:1b:9f:90:d3:c8:76:06:71:62:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e8cd7d6a4105750bf8975a7d0b96794c1efe622
        Validity
            Not Before: Jan  2 08:32:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82080ef03555ee26700926ac11a2cf438daca0a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:d0:39:4d:5d:c0:fb:ff:71:5f:77:45:47:1f:
                    b1:62:78:f2:92:eb:84:58:a2:ca:5a:65:58:a7:bc:
                    01:d4:7e:55:7c:94:7d:90:b4:9f:e3:71:65:6a:66:
                    44:2c:aa:95:51:af:e7:11:d9:b0:98:17:06:62:9d:
                    25:70:87:98:8b:96:ec:08:54:23:57:dd:61:61:f5:
                    24:01:ea:79:5f:54:1e:02:69:00:a7:2d:96:25:89:
                    52:bb:98:87:8b:55:b9:08:a1:0d:dc:d1:c2:47:0b:
                    e2:27:fa:c2:e1:e9:61:df:84:39:c2:2b:64:1a:69:
                    a1:49:7d:01:9d:8a:de:5b:9d:f8:e8:4c:14:c7:b4:
                    57:44:c4:61:50:ca:b0:04:15:06:65:e7:25:91:45:
                    73:ad:fd:a9:39:c6:4d:7b:8c:c3:de:6f:70:bf:e4:
                    8c:92:22:d8:b5:15:38:dd:a2:61:2b:6a:84:17:a8:
                    e9:2b:51:90:2e:fd:54:ba:d0:1e:16:1d:15:32:71:
                    51:42:b5:d1:99:07:13:11:f2:ec:84:e2:1d:7f:a8:
                    e2:91:27:d2:8c:b5:53:79:76:04:0f:9b:58:da:31:
                    0e:ab:fb:02:7e:66:bd:9c:ec:37:b2:36:05:d0:45:
                    ed:81:77:9a:04:e3:1b:2a:1c:18:b7:87:a3:8e:9e:
                    10:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:08:0E:F0:35:55:EE:26:70:09:26:AC:11:A2:CF:43:8D:AC:A0:A9
            X509v3 Authority Key Identifier:
                keyid:9E:8C:D7:D6:A4:10:57:50:BF:89:75:A7:D0:B9:67:94:C1:EF:E6:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nozX1qQQV1C_iXWn0LlnlMHv5iI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/gggO8DVV7iZwCSasEaLPQ42soKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/nozX1qQQV1C_iXWn0LlnlMHv5iI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         40:4c:76:4f:bc:36:79:8a:ea:4c:e5:b6:1f:5b:c7:06:86:48:
         a0:70:51:48:69:8f:a9:54:0c:9d:3b:c2:66:da:be:f4:a5:c8:
         74:ab:65:9b:a9:d8:d1:f2:01:d8:b0:c8:b2:1c:48:26:e9:f9:
         90:4f:81:a0:0f:36:7b:7a:ae:94:16:04:04:04:d0:af:97:75:
         4a:aa:2c:24:66:f4:f1:2d:d6:c1:c8:89:d9:75:7b:68:6e:dc:
         87:a7:d1:c2:67:bd:0f:07:8a:d6:0e:a5:06:e8:fd:b7:60:a1:
         41:ef:ed:43:de:9a:88:6c:63:93:45:21:e0:d4:94:85:b3:49:
         7f:fa:a0:d7:b6:1c:d7:b7:a6:e3:be:ea:4a:bc:c3:d0:38:7f:
         0f:ee:bf:58:0d:9c:4e:36:51:d1:1e:ff:d9:ee:e0:61:5a:15:
         67:f9:a6:30:2e:64:48:ca:9d:b3:23:98:ad:da:00:50:48:a3:
         cc:a7:87:09:52:1c:69:ee:b3:73:f5:23:8b:d5:6b:75:c7:4f:
         74:6e:60:77:9b:d8:47:12:6f:56:84:ae:7f:52:d9:da:45:ac:
         c9:e8:c8:57:c4:5a:0b:c0:28:89:ec:b4:50:6e:20:29:87:85:
         4b:ae:1f:fe:87:26:f5:8a:13:ca:d2:58:52:9e:a0:ac:f9:9a:
         fd:6d:d3:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTXymsC8bn5DTyHYGcWJXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOGNkN2Q2YTQxMDU3NTBiZjg5NzVhN2QwYjk2Nzk0YzFl
ZmU2MjIwHhcNMjQwMTAyMDgzMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjA4MGVmMDM1NTVlZTI2NzAwOTI2YWMxMWEyY2Y0MzhkYWNhMGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntA5TV3A+/9xX3dFRx+xYnjykuuE
WKLKWmVYp7wB1H5VfJR9kLSf43FlamZELKqVUa/nEdmwmBcGYp0lcIeYi5bsCFQj
V91hYfUkAep5X1QeAmkApy2WJYlSu5iHi1W5CKEN3NHCRwviJ/rC4elh34Q5witk
GmmhSX0BnYreW5346EwUx7RXRMRhUMqwBBUGZeclkUVzrf2pOcZNe4zD3m9wv+SM
kiLYtRU43aJhK2qEF6jpK1GQLv1UutAeFh0VMnFRQrXRmQcTEfLshOIdf6jikSfS
jLVTeXYED5tY2jEOq/sCfma9nOw3sjYF0EXtgXeaBOMbKhwYt4ejjp4QIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIIIDvA1Ve4mcAkmrBGiz0ONrKCpMB8GA1UdIwQY
MBaAFJ6M19akEFdQv4l1p9C5Z5TB7+YiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbm96WDFxUVFWMUNfaVhXbjBMbG5sTUh2NWlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi84NWM2YmQtNmE2OC00ZDExLWI5Y2Qt
OGMyZGY1YTVjNmQ3LzEvZ2dnTzhEVlY3aVp3Q1Nhc0VhTFBRNDJzb0trLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi84NWM2YmQtNmE2OC00ZDExLWI5Y2QtOGMyZGY1YTVjNmQ3
LzEvbm96WDFxUVFWMUNfaVhXbjBMbG5sTUh2NWlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW88aMA0G
CSqGSIb3DQEBCwUAA4IBAQBATHZPvDZ5iupM5bYfW8cGhkigcFFIaY+pVAydO8Jm
2r70pch0q2WbqdjR8gHYsMiyHEgm6fmQT4GgDzZ7eq6UFgQEBNCvl3VKqiwkZvTx
LdbByInZdXtobtyHp9HCZ70PB4rWDqUG6P23YKFB7+1D3pqIbGOTRSHg1JSFs0l/
+qDXthzXt6bjvupKvMPQOH8P7r9YDZxONlHRHv/Z7uBhWhVn+aYwLmRIyp2zI5it
2gBQSKPMp4cJUhxp7rNz9SOL1Wt1x090bmB3m9hHEm9WhK5/UtnaRazJ6MhXxFoL
wCiJ7LRQbiAph4VLrh/+hyb1ihPK0lhSnqCs+Zr9bdME
-----END CERTIFICATE-----