Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/hEDKa4ik2AZRGOVL80X309OnsT8.roa
File:                     hEDKa4ik2AZRGOVL80X309OnsT8.roa (raw, json)
Hash identifier:          5iRlVi/Dp13FRyPytbDcIxT4xVsccFTI4WiZ6hzMc0s=
Subject key identifier:   84:40:CA:6B:88:A4:D8:06:51:18:E5:4B:F3:45:F7:D3:D3:A7:B1:3F
Certificate issuer:       /CN=9e8cd7d6a4105750bf8975a7d0b96794c1efe622
Certificate serial:       018CC94D7C6439CAE10D371495A9AED98F03
Authority key identifier: 9E:8C:D7:D6:A4:10:57:50:BF:89:75:A7:D0:B9:67:94:C1:EF:E6:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nozX1qQQV1C_iXWn0LlnlMHv5iI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/hEDKa4ik2AZRGOVL80X309OnsT8.roa
Signing time:             Tue 02 Jan 2024 08:32:27 +0000
ROA not before:           Tue 02 Jan 2024 08:32:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47984
IP address blocks:        91.207.26.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/nozX1qQQV1C_iXWn0LlnlMHv5iI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/nozX1qQQV1C_iXWn0LlnlMHv5iI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nozX1qQQV1C_iXWn0LlnlMHv5iI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:7c:64:39:ca:e1:0d:37:14:95:a9:ae:d9:8f:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e8cd7d6a4105750bf8975a7d0b96794c1efe622
        Validity
            Not Before: Jan  2 08:32:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8440ca6b88a4d8065118e54bf345f7d3d3a7b13f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:d6:76:80:7a:16:59:11:c6:cb:f5:d0:05:37:
                    29:8f:03:0d:ed:96:75:91:cf:2f:87:81:50:fa:54:
                    55:84:99:79:0e:50:d7:b6:75:65:66:38:4d:71:2c:
                    31:ac:bc:4b:c9:9d:8a:05:cc:6f:64:52:3e:38:17:
                    2d:40:07:23:1e:72:e4:cc:2b:06:8b:33:7c:93:d9:
                    e7:a2:4f:8e:cb:49:8d:74:34:33:bd:5b:8f:36:25:
                    4f:3f:a3:38:55:84:83:21:2c:46:5a:ce:fd:bc:1e:
                    53:db:c3:cf:18:66:4a:44:e8:79:fd:a7:52:b2:7e:
                    04:c7:8a:77:0c:cb:ad:ce:4e:12:c4:72:47:71:35:
                    f2:0e:9d:5c:bc:21:37:52:f9:af:e7:b1:17:3e:cd:
                    48:2c:69:f2:a5:af:a5:7b:9a:6e:6b:43:03:79:61:
                    99:4c:79:a9:d5:87:bc:11:42:b7:79:c1:4f:26:4a:
                    5e:2f:f0:44:6a:43:32:ad:a8:55:63:ee:b3:52:cf:
                    26:3c:a9:7c:a2:cc:7c:fb:33:d9:b4:ed:e3:dc:84:
                    98:0d:08:af:ef:0c:8a:32:21:2f:3c:5a:e3:31:ce:
                    12:fe:d6:6e:f2:91:2f:1b:c1:4a:4d:0d:a4:50:5d:
                    a0:bf:3a:4f:e4:df:4e:77:8b:f7:f1:10:c8:40:d5:
                    0d:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:40:CA:6B:88:A4:D8:06:51:18:E5:4B:F3:45:F7:D3:D3:A7:B1:3F
            X509v3 Authority Key Identifier:
                keyid:9E:8C:D7:D6:A4:10:57:50:BF:89:75:A7:D0:B9:67:94:C1:EF:E6:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nozX1qQQV1C_iXWn0LlnlMHv5iI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/hEDKa4ik2AZRGOVL80X309OnsT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/nozX1qQQV1C_iXWn0LlnlMHv5iI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         50:28:4f:64:6c:af:04:aa:29:ce:c5:8b:85:b1:13:43:41:fd:
         24:0d:14:82:ed:49:d9:4f:59:7f:fa:b1:ba:21:f4:6c:a7:6f:
         83:34:4e:c1:0a:02:f5:45:47:e1:e9:52:cc:64:e7:ef:c3:ab:
         dc:fe:b6:08:fd:2f:80:28:ea:8e:70:96:8e:31:f9:33:23:e0:
         1e:23:29:6e:fe:e7:bd:de:58:1b:90:ce:1b:b6:fe:2c:8d:91:
         8a:f6:e9:d1:1a:d2:85:d9:01:54:ac:41:13:8e:12:83:5d:2a:
         60:bc:f1:cf:b5:27:f8:19:2a:67:e5:65:9a:96:84:17:e6:28:
         e5:48:8e:e7:37:30:fc:bd:b5:53:7c:06:86:30:6a:df:57:f7:
         8b:79:ab:c5:9a:1f:9b:74:ad:c8:7a:07:84:1a:eb:37:e9:47:
         20:12:a0:bc:86:c0:f9:3b:a7:48:9f:1a:cf:e7:bc:54:e6:70:
         22:1d:02:41:e6:85:3c:b0:ec:e0:59:6c:9f:72:a3:1d:bc:f7:
         c5:40:3f:d5:a1:9f:e6:c1:4d:36:59:6b:e8:33:69:e6:e9:06:
         cc:36:e3:82:20:53:6a:af:96:78:31:4e:b4:6f:28:d2:3f:a6:
         9c:c2:8e:1a:1f:c4:10:ad:d6:1b:22:ea:c4:22:12:e4:6c:38:
         18:22:af:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTXxkOcrhDTcUlamu2Y8DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOGNkN2Q2YTQxMDU3NTBiZjg5NzVhN2QwYjk2Nzk0YzFl
ZmU2MjIwHhcNMjQwMTAyMDgzMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDQwY2E2Yjg4YTRkODA2NTExOGU1NGJmMzQ1ZjdkM2QzYTdiMTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NZ2gHoWWRHGy/XQBTcpjwMN7ZZ1
kc8vh4FQ+lRVhJl5DlDXtnVlZjhNcSwxrLxLyZ2KBcxvZFI+OBctQAcjHnLkzCsG
izN8k9nnok+Oy0mNdDQzvVuPNiVPP6M4VYSDISxGWs79vB5T28PPGGZKROh5/adS
sn4Ex4p3DMutzk4SxHJHcTXyDp1cvCE3Uvmv57EXPs1ILGnypa+le5pua0MDeWGZ
THmp1Ye8EUK3ecFPJkpeL/BEakMyrahVY+6zUs8mPKl8osx8+zPZtO3j3ISYDQiv
7wyKMiEvPFrjMc4S/tZu8pEvG8FKTQ2kUF2gvzpP5N9Od4v38RDIQNUNrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIRAymuIpNgGURjlS/NF99PTp7E/MB8GA1UdIwQY
MBaAFJ6M19akEFdQv4l1p9C5Z5TB7+YiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbm96WDFxUVFWMUNfaVhXbjBMbG5sTUh2NWlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi84NWM2YmQtNmE2OC00ZDExLWI5Y2Qt
OGMyZGY1YTVjNmQ3LzEvaEVES2E0aWsyQVpSR09WTDgwWDMwOU9uc1Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi84NWM2YmQtNmE2OC00ZDExLWI5Y2QtOGMyZGY1YTVjNmQ3
LzEvbm96WDFxUVFWMUNfaVhXbjBMbG5sTUh2NWlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW88aMA0G
CSqGSIb3DQEBCwUAA4IBAQBQKE9kbK8EqinOxYuFsRNDQf0kDRSC7UnZT1l/+rG6
IfRsp2+DNE7BCgL1RUfh6VLMZOfvw6vc/rYI/S+AKOqOcJaOMfkzI+AeIylu/ue9
3lgbkM4btv4sjZGK9unRGtKF2QFUrEETjhKDXSpgvPHPtSf4GSpn5WWaloQX5ijl
SI7nNzD8vbVTfAaGMGrfV/eLeavFmh+bdK3IegeEGus36UcgEqC8hsD5O6dInxrP
57xU5nAiHQJB5oU8sOzgWWyfcqMdvPfFQD/VoZ/mwU02WWvoM2nm6QbMNuOCIFNq
r5Z4MU60byjSP6acwo4aH8QQrdYbIurEIhLkbDgYIq/D
-----END CERTIFICATE-----