Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/tj7oO6scouBSxPBi_CYsH8VNugo.roa
File:                     tj7oO6scouBSxPBi_CYsH8VNugo.roa (raw, json)
Hash identifier:          858VmTgQGWqo1XNy82MGiZSj+4Igvdya85MSYmudkkE=
Subject key identifier:   B6:3E:E8:3B:AB:1C:A2:E0:52:C4:F0:62:FC:26:2C:1F:C5:4D:BA:0A
Certificate issuer:       /CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
Certificate serial:       018CCA298A182FDEB4521CFBBF3E382FE795
Authority key identifier: D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/tj7oO6scouBSxPBi_CYsH8VNugo.roa
Signing time:             Tue 02 Jan 2024 12:32:49 +0000
ROA not before:           Tue 02 Jan 2024 12:32:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213373
IP address blocks:        85.203.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:8a:18:2f:de:b4:52:1c:fb:bf:3e:38:2f:e7:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
        Validity
            Not Before: Jan  2 12:32:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b63ee83bab1ca2e052c4f062fc262c1fc54dba0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:73:4a:9d:8c:3f:58:9b:0a:eb:ce:9a:2b:ca:
                    a5:3c:3d:bf:85:11:60:1e:b7:a0:ec:27:c6:64:e8:
                    29:f4:64:64:00:e0:47:0c:34:7f:c9:33:ce:06:7a:
                    08:a9:35:bf:1d:56:59:39:03:5e:c3:3d:b6:57:b2:
                    bd:08:72:72:78:1c:ab:ac:4e:3a:8a:1f:12:5c:ca:
                    f1:f8:c8:49:9d:b9:5d:06:62:da:34:3b:46:42:f2:
                    3d:48:9c:32:f4:ca:b9:aa:6d:41:5e:ad:0b:12:d8:
                    ec:70:01:78:3c:07:b8:8a:4d:9e:44:3e:6f:13:2b:
                    5e:78:d4:18:29:10:9a:a3:53:54:ce:22:07:37:fc:
                    19:f8:cc:76:66:43:c3:be:50:bf:24:7b:10:76:ef:
                    57:a7:17:61:cc:1f:e7:da:7b:13:f6:50:86:eb:c6:
                    fa:93:5c:c8:48:bb:57:16:f1:20:90:d1:fc:6a:0d:
                    01:7c:bd:d2:87:24:24:cf:ea:63:9a:ff:61:cc:f0:
                    d4:1e:8f:f3:e3:2d:ce:52:56:aa:e2:a5:a0:a8:b2:
                    5e:9e:b5:5f:db:77:66:82:a4:9e:fa:e7:c3:06:fb:
                    b3:c3:24:79:c0:0c:36:33:75:f1:04:0b:8e:53:e1:
                    fc:b9:e1:c1:45:ff:d7:f6:17:58:89:33:ce:2b:fe:
                    37:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:3E:E8:3B:AB:1C:A2:E0:52:C4:F0:62:FC:26:2C:1F:C5:4D:BA:0A
            X509v3 Authority Key Identifier:
                keyid:D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/tj7oO6scouBSxPBi_CYsH8VNugo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:e2:16:be:ba:35:6a:99:85:bd:98:54:c6:0e:27:9c:3c:09:
         0b:79:05:cd:ab:db:21:bc:d6:0f:f5:00:ae:1d:92:f2:c7:38:
         bd:b7:c2:ee:f4:0d:3c:92:2e:db:e9:a3:33:ec:b5:a3:7c:0a:
         93:26:ef:9c:bb:2d:ce:a6:d1:89:53:91:8c:e0:e6:7a:9e:76:
         7e:a3:ca:18:da:9f:6d:07:79:78:25:a4:27:50:73:e8:24:c1:
         48:fe:60:ae:2e:b9:43:c4:18:c9:36:51:39:3a:48:85:12:7b:
         61:bb:31:69:f4:43:d8:31:13:b9:f7:df:4f:6d:a1:c1:af:77:
         fd:da:2a:40:b6:fc:64:f2:a3:db:0b:7e:ee:1a:20:48:49:28:
         e1:78:fc:5b:3f:40:7f:39:41:33:55:54:17:84:fa:bd:70:25:
         53:f9:3e:33:60:51:7d:7e:3c:b7:13:e0:61:a2:cb:6d:e4:53:
         87:2b:e5:7a:b5:3c:b8:af:6b:d9:57:13:e2:4c:1d:ba:3b:9b:
         64:ae:1c:8d:54:7d:76:eb:4f:f8:0f:35:c2:8f:64:6e:c4:ef:
         65:21:cb:ba:97:f0:ba:e5:ec:15:64:d9:de:29:d1:99:9f:52:
         05:a6:e1:54:9f:21:97:f6:b5:b0:f3:57:06:e2:48:bf:a7:01:
         9e:e5:89:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKYoYL960Uhz7vz44L+eVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWJkZjZlZWMwODM3MGFlMWY2N2U4M2Y5OWI1YWMxZmUy
Njg3MmMwHhcNMjQwMTAyMTIzMjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjNlZTgzYmFiMWNhMmUwNTJjNGYwNjJmYzI2MmMxZmM1NGRiYTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiHNKnYw/WJsK686aK8qlPD2/hRFg
Hreg7CfGZOgp9GRkAOBHDDR/yTPOBnoIqTW/HVZZOQNewz22V7K9CHJyeByrrE46
ih8SXMrx+MhJnbldBmLaNDtGQvI9SJwy9Mq5qm1BXq0LEtjscAF4PAe4ik2eRD5v
EyteeNQYKRCao1NUziIHN/wZ+Mx2ZkPDvlC/JHsQdu9XpxdhzB/n2nsT9lCG68b6
k1zISLtXFvEgkNH8ag0BfL3ShyQkz+pjmv9hzPDUHo/z4y3OUlaq4qWgqLJenrVf
23dmgqSe+ufDBvuzwyR5wAw2M3XxBAuOU+H8ueHBRf/X9hdYiTPOK/43WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLY+6DurHKLgUsTwYvwmLB/FTboKMB8GA1UdIwQY
MBaAFNRb327sCDcK4fZ+g/mbWsH+JocsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEt
OTg0NjM4NTllY2MxLzEvdGo3b082c2NvdUJTeFBCaV9DWXNIOFZOdWdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEtOTg0NjM4NTllY2Mx
LzEvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcsaMA0G
CSqGSIb3DQEBCwUAA4IBAQBh4ha+ujVqmYW9mFTGDiecPAkLeQXNq9shvNYP9QCu
HZLyxzi9t8Lu9A08ki7b6aMz7LWjfAqTJu+cuy3OptGJU5GM4OZ6nnZ+o8oY2p9t
B3l4JaQnUHPoJMFI/mCuLrlDxBjJNlE5OkiFEnthuzFp9EPYMRO5999PbaHBr3f9
2ipAtvxk8qPbC37uGiBISSjhePxbP0B/OUEzVVQXhPq9cCVT+T4zYFF9fjy3E+Bh
ostt5FOHK+V6tTy4r2vZVxPiTB26O5tkrhyNVH1260/4DzXCj2RuxO9lIcu6l/C6
5ewVZNneKdGZn1IFpuFUnyGX9rWw81cG4ki/pwGe5YmE
-----END CERTIFICATE-----