Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/oEQMBHsB9wQoDdfdluhkF-eSZ7k.roa
File:                     oEQMBHsB9wQoDdfdluhkF-eSZ7k.roa (raw, json)
Hash identifier:          yvfvkhyYtA7cAP7Qm2CVUycBAj9sshP3P81oEPk4ozA=
Subject key identifier:   A0:44:0C:04:7B:01:F7:04:28:0D:D7:DD:96:E8:64:17:E7:92:67:B9
Certificate issuer:       /CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
Certificate serial:       018E75852A8A5F2A96712A156866D3AB9970
Authority key identifier: D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/oEQMBHsB9wQoDdfdluhkF-eSZ7k.roa
Signing time:             Mon 25 Mar 2024 12:10:45 +0000
ROA not before:           Mon 25 Mar 2024 12:10:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206092
IP address blocks:        81.199.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 03:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:75:85:2a:8a:5f:2a:96:71:2a:15:68:66:d3:ab:99:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1de124e0f8adb4e7d9576ceae325f668dd224b1
        Validity
            Not Before: Mar 25 12:10:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a0440c047b01f704280dd7dd96e86417e79267b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:25:e3:b1:09:ef:2f:da:a8:ad:2d:c8:29:bc:
                    d1:f9:25:01:f8:58:9f:7c:4b:5b:88:3b:1e:b4:04:
                    82:fa:f7:77:b0:75:df:7b:b9:16:87:89:57:b6:ef:
                    9c:34:61:5e:fa:a5:36:57:56:af:7f:ac:c9:b9:c1:
                    a0:a3:3a:3d:b6:df:06:14:7e:11:08:50:4d:ca:90:
                    9a:08:b2:2c:7e:92:34:ba:84:e8:c2:bc:d0:f9:64:
                    12:65:ab:79:74:1d:c5:5d:b1:9d:0b:6a:db:8a:83:
                    f6:43:0c:4b:70:84:e2:f9:68:e0:b1:20:44:76:e7:
                    35:9e:e5:35:e3:4f:f0:a3:75:11:84:af:be:aa:ee:
                    e7:b9:18:d6:f0:96:b6:2c:f0:30:63:8c:c8:0d:99:
                    41:3c:db:16:52:cf:8d:f6:f4:fd:d2:6c:52:3c:d9:
                    3a:59:8d:fb:eb:a1:6f:e7:04:7c:79:03:d2:9b:26:
                    d4:57:b0:59:96:cf:bc:e2:59:14:4b:b2:f7:b7:54:
                    94:f1:7a:66:33:e6:6f:42:0e:87:d2:18:71:d0:7d:
                    7c:57:cc:e4:a0:18:13:ea:60:d7:18:13:86:00:b4:
                    2d:bf:ad:5c:27:62:fd:f9:82:7a:2e:2c:73:1c:0f:
                    01:92:e9:d2:35:41:eb:bd:d1:0a:16:97:cd:0a:95:
                    b7:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:44:0C:04:7B:01:F7:04:28:0D:D7:DD:96:E8:64:17:E7:92:67:B9
            X509v3 Authority Key Identifier:
                keyid:D1:DE:12:4E:0F:8A:DB:4E:7D:95:76:CE:AE:32:5F:66:8D:D2:24:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d4STg-K2059lXbOrjJfZo3SJLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/oEQMBHsB9wQoDdfdluhkF-eSZ7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/abe134-0093-4652-9057-4f4c9b343e90/1/0d4STg-K2059lXbOrjJfZo3SJLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.199.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:10:40:ba:b4:ac:56:42:59:d0:21:b9:ab:fb:7c:bb:5e:9a:
         43:41:43:18:92:64:49:c8:74:1b:8d:b1:a1:4d:31:64:59:ce:
         79:c6:bd:f9:bc:66:3f:fb:7a:c7:1a:17:c8:f2:62:b7:5c:17:
         30:61:f3:61:a6:02:ad:1b:a1:3c:c3:37:d0:f6:bb:d7:54:a0:
         8b:4e:92:6a:81:ab:4e:8d:1c:60:b6:67:39:5c:f4:20:3e:9d:
         3b:84:6a:a7:67:2f:26:9e:bf:9b:17:b1:9c:79:1e:01:9b:b0:
         c2:6c:ee:16:7b:ff:1f:d2:e7:21:41:5e:cd:71:42:76:d0:68:
         e5:7d:f1:a6:c3:21:a7:d0:19:15:57:77:c0:a3:0e:13:50:a2:
         09:4f:d7:e4:29:c3:30:f1:71:82:d6:ab:b0:60:9d:73:27:86:
         97:b5:ee:f2:2f:c8:41:33:17:eb:1b:5d:aa:34:46:2b:29:09:
         1c:77:b8:0d:63:00:0c:07:03:1b:d6:cd:d1:27:f2:b0:0c:c8:
         fd:56:c3:04:4d:c7:02:0a:80:ff:b7:c0:a6:3c:13:2a:cf:f5:
         8b:f1:47:c8:cb:8e:50:41:3c:86:84:ce:b2:e8:b0:6e:08:2f:
         4c:ee:d4:ac:58:f3:44:e9:b5:c2:ed:88:9b:16:1c:78:28:1e:
         44:63:92:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY51hSqKXyqWcSoVaGbTq5lwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZGUxMjRlMGY4YWRiNGU3ZDk1NzZjZWFlMzI1ZjY2OGRk
MjI0YjEwHhcNMjQwMzI1MTIxMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDQ0MGMwNDdiMDFmNzA0MjgwZGQ3ZGQ5NmU4NjQxN2U3OTI2N2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyXjsQnvL9qorS3IKbzR+SUB+Fif
fEtbiDsetASC+vd3sHXfe7kWh4lXtu+cNGFe+qU2V1avf6zJucGgozo9tt8GFH4R
CFBNypCaCLIsfpI0uoTowrzQ+WQSZat5dB3FXbGdC2rbioP2QwxLcITi+WjgsSBE
duc1nuU140/wo3URhK++qu7nuRjW8Ja2LPAwY4zIDZlBPNsWUs+N9vT90mxSPNk6
WY3766Fv5wR8eQPSmybUV7BZls+84lkUS7L3t1SU8XpmM+ZvQg6H0hhx0H18V8zk
oBgT6mDXGBOGALQtv61cJ2L9+YJ6LixzHA8BkunSNUHrvdEKFpfNCpW3BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKBEDAR7AfcEKA3X3ZboZBfnkme5MB8GA1UdIwQY
MBaAFNHeEk4PittOfZV2zq4yX2aN0iSxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTct
NGY0YzliMzQzZTkwLzEvb0VRTUJIc0I5d1FvRGRmZGx1aGtGLWVTWjdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hYmUxMzQtMDA5My00NjUyLTkwNTctNGY0YzliMzQzZTkw
LzEvMGQ0U1RnLUsyMDU5bFhiT3JqSmZabzNTSkxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUccaMA0G
CSqGSIb3DQEBCwUAA4IBAQC9EEC6tKxWQlnQIbmr+3y7XppDQUMYkmRJyHQbjbGh
TTFkWc55xr35vGY/+3rHGhfI8mK3XBcwYfNhpgKtG6E8wzfQ9rvXVKCLTpJqgatO
jRxgtmc5XPQgPp07hGqnZy8mnr+bF7GceR4Bm7DCbO4We/8f0uchQV7NcUJ20Gjl
ffGmwyGn0BkVV3fAow4TUKIJT9fkKcMw8XGC1quwYJ1zJ4aXte7yL8hBMxfrG12q
NEYrKQkcd7gNYwAMBwMb1s3RJ/KwDMj9VsMETccCCoD/t8CmPBMqz/WL8UfIy45Q
QTyGhM6y6LBuCC9M7tSsWPNE6bXC7YibFhx4KB5EY5Lr
-----END CERTIFICATE-----