Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/KrSdqZJ9g4_TolHAPc4gdVah48o.roa
File:                     KrSdqZJ9g4_TolHAPc4gdVah48o.roa (raw, json)
Hash identifier:          7a6nEsL//j3yVCJtE0m7gmgaFNS8edSSaGou69eaNj8=
Subject key identifier:   2A:B4:9D:A9:92:7D:83:8F:D3:A2:51:C0:3D:CE:20:75:56:A1:E3:CA
Certificate issuer:       /CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
Certificate serial:       01942748509C234C6417D08A591B19731232
Authority key identifier: D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/KrSdqZJ9g4_TolHAPc4gdVah48o.roa
Signing time:             Thu 02 Jan 2025 13:50:38 +0000
ROA not before:           Thu 02 Jan 2025 13:50:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213373
IP address blocks:        85.203.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 05:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:50:9c:23:4c:64:17:d0:8a:59:1b:19:73:12:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
        Validity
            Not Before: Jan  2 13:50:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ab49da9927d838fd3a251c03dce207556a1e3ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f8:18:3a:f3:77:7b:55:50:26:ab:1a:74:37:
                    b6:0d:28:0d:0d:45:78:bd:05:b7:6c:10:6a:db:0d:
                    18:b5:e8:33:e7:8a:f3:c8:00:01:b1:de:af:4c:5d:
                    17:8a:bc:c2:b2:47:89:cc:1e:7e:40:b2:82:fb:b7:
                    50:7b:46:37:82:bd:9c:97:14:81:53:78:f9:cc:99:
                    36:a9:5e:e1:11:e0:43:33:6e:38:e0:ae:65:fe:81:
                    05:a3:fc:d4:af:fb:a9:88:be:6d:8b:03:72:9b:03:
                    d6:f7:89:05:f2:2a:84:2e:d5:39:ac:c3:c8:e3:ac:
                    49:3b:f9:5d:d4:2e:2b:5d:76:10:e5:1c:0e:0e:e9:
                    6a:ac:f7:3d:81:51:2b:74:ad:b4:f5:67:fc:4b:af:
                    0a:ee:fe:28:5f:4f:fa:bd:c1:d7:9d:ec:b9:2c:c8:
                    19:8d:3b:7b:e8:18:2e:f5:a4:8f:45:ff:48:3c:dc:
                    f4:19:36:06:4c:08:99:47:77:f0:4b:31:bd:6e:b8:
                    07:fa:ba:24:26:a8:12:bd:55:ad:21:94:e9:a5:3a:
                    94:1b:6c:8e:11:fb:3f:a2:e4:17:ef:51:97:cb:73:
                    70:df:50:76:b4:48:8a:c0:8c:df:da:57:d5:e0:ea:
                    5e:6b:d5:a3:ef:00:2d:e2:9f:54:a3:38:49:a1:08:
                    eb:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:B4:9D:A9:92:7D:83:8F:D3:A2:51:C0:3D:CE:20:75:56:A1:E3:CA
            X509v3 Authority Key Identifier:
                keyid:D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/KrSdqZJ9g4_TolHAPc4gdVah48o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:80:eb:d8:c8:38:57:f7:07:50:4b:cd:fb:9a:ae:29:ee:31:
         76:94:8f:f1:3f:cf:48:b2:be:a6:79:77:a8:35:1b:e7:04:07:
         58:37:f8:d2:ad:6d:25:86:a8:f7:b4:f8:8d:1f:bd:f5:30:4b:
         b2:f0:c8:63:df:fe:7b:0d:31:2c:45:3b:47:f5:82:15:e0:6b:
         47:4e:0b:83:bc:50:a2:ef:a9:9a:68:ec:c6:d6:36:50:ab:e6:
         3e:40:71:a3:e8:84:d3:21:6a:8d:b0:2b:44:aa:4f:f9:c4:74:
         39:69:a6:85:29:71:3a:0d:c8:39:3c:a8:be:60:91:8e:4e:94:
         20:dc:a4:f6:78:e7:09:3e:a0:e3:5c:dd:05:44:19:bf:9c:2b:
         b9:5f:46:27:19:6e:94:24:60:df:c7:d5:f3:6e:b6:c7:4b:1a:
         78:a8:cc:b6:a2:aa:ee:36:60:8c:7b:e7:90:9d:55:4d:e7:20:
         3c:45:15:85:30:99:df:1c:63:be:12:94:0d:63:77:d3:8a:b6:
         11:0c:c5:b2:10:8c:96:b8:a1:05:65:82:07:50:a6:db:1d:df:
         23:40:9a:1e:1f:10:13:16:eb:84:dd:fa:00:f5:cf:5a:73:86:
         34:89:24:4b:bc:a3:50:60:25:e4:30:43:29:84:d6:52:0c:2f:
         fa:34:6e:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSFCcI0xkF9CKWRsZcxIyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWJkZjZlZWMwODM3MGFlMWY2N2U4M2Y5OWI1YWMxZmUy
Njg3MmMwHhcNMjUwMTAyMTM1MDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWI0OWRhOTkyN2Q4MzhmZDNhMjUxYzAzZGNlMjA3NTU2YTFlM2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPgYOvN3e1VQJqsadDe2DSgNDUV4
vQW3bBBq2w0Ytegz54rzyAABsd6vTF0XirzCskeJzB5+QLKC+7dQe0Y3gr2clxSB
U3j5zJk2qV7hEeBDM2444K5l/oEFo/zUr/upiL5tiwNymwPW94kF8iqELtU5rMPI
46xJO/ld1C4rXXYQ5RwODulqrPc9gVErdK209Wf8S68K7v4oX0/6vcHXney5LMgZ
jTt76Bgu9aSPRf9IPNz0GTYGTAiZR3fwSzG9brgH+rokJqgSvVWtIZTppTqUG2yO
Efs/ouQX71GXy3Nw31B2tEiKwIzf2lfV4Opea9Wj7wAt4p9UozhJoQjrCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCq0namSfYOP06JRwD3OIHVWoePKMB8GA1UdIwQY
MBaAFNRb327sCDcK4fZ+g/mbWsH+JocsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEt
OTg0NjM4NTllY2MxLzEvS3JTZHFaSjlnNF9Ub2xIQVBjNGdkVmFoNDhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEtOTg0NjM4NTllY2Mx
LzEvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcsaMA0G
CSqGSIb3DQEBCwUAA4IBAQB0gOvYyDhX9wdQS837mq4p7jF2lI/xP89Isr6meXeo
NRvnBAdYN/jSrW0lhqj3tPiNH731MEuy8Mhj3/57DTEsRTtH9YIV4GtHTguDvFCi
76maaOzG1jZQq+Y+QHGj6ITTIWqNsCtEqk/5xHQ5aaaFKXE6Dcg5PKi+YJGOTpQg
3KT2eOcJPqDjXN0FRBm/nCu5X0YnGW6UJGDfx9XzbrbHSxp4qMy2oqruNmCMe+eQ
nVVN5yA8RRWFMJnfHGO+EpQNY3fTirYRDMWyEIyWuKEFZYIHUKbbHd8jQJoeHxAT
FuuE3foA9c9ac4Y0iSRLvKNQYCXkMEMphNZSDC/6NG50
-----END CERTIFICATE-----