Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/6719cd-864a-42f0-818f-dd4804840dd6/1/BnovjkpsJ0JwWL8X-SaPkcf0oMQ.roa
File:                     BnovjkpsJ0JwWL8X-SaPkcf0oMQ.roa (raw, json)
Hash identifier:          VEe/ggwJzjxHWDgYqdUOLGmAdut0mKWdd6CmTh4LLXE=
Subject key identifier:   06:7A:2F:8E:4A:6C:27:42:70:58:BF:17:F9:26:8F:91:C7:F4:A0:C4
Certificate issuer:       /CN=16655e5595f5a3c071c12b179db9279dc7db0913
Certificate serial:       018CC26CEF26317B3217189DB2FDB7ECC7D3
Authority key identifier: 16:65:5E:55:95:F5:A3:C0:71:C1:2B:17:9D:B9:27:9D:C7:DB:09:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FmVeVZX1o8BxwSsXnbknncfbCRM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/6719cd-864a-42f0-818f-dd4804840dd6/1/BnovjkpsJ0JwWL8X-SaPkcf0oMQ.roa
Signing time:             Mon 01 Jan 2024 00:29:27 +0000
ROA not before:           Mon 01 Jan 2024 00:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42
IP address blocks:        194.26.237.0/24 maxlen: 24
                          2a11:c7c1:deec::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/6719cd-864a-42f0-818f-dd4804840dd6/1/FmVeVZX1o8BxwSsXnbknncfbCRM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/6719cd-864a-42f0-818f-dd4804840dd6/1/FmVeVZX1o8BxwSsXnbknncfbCRM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FmVeVZX1o8BxwSsXnbknncfbCRM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 10:02:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:ef:26:31:7b:32:17:18:9d:b2:fd:b7:ec:c7:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16655e5595f5a3c071c12b179db9279dc7db0913
        Validity
            Not Before: Jan  1 00:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=067a2f8e4a6c27427058bf17f9268f91c7f4a0c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:69:21:42:27:41:ae:32:a2:0f:54:a0:e5:e9:
                    28:80:a5:88:3d:5b:40:a4:f4:2c:87:27:76:df:f5:
                    75:4d:73:4f:be:ac:91:21:7b:07:71:19:1d:d7:35:
                    ae:7d:b2:d7:e7:70:6d:e4:03:3b:20:88:16:5e:0d:
                    81:ed:57:9a:b0:2c:c0:8b:0e:b4:1a:a6:ed:ab:a2:
                    c3:40:d3:6c:04:2a:02:89:80:3f:0c:35:58:de:4b:
                    2c:b4:e2:ed:6c:96:bf:6b:78:50:52:18:b4:a2:f1:
                    2c:a9:23:af:00:18:a1:e8:dd:f4:4b:1d:81:14:b8:
                    f2:70:64:7e:97:38:97:38:3d:68:5b:28:77:67:41:
                    ae:90:75:6a:f0:5b:2d:7a:da:96:45:78:19:fa:13:
                    bb:15:61:9b:0e:1b:da:16:04:96:7f:10:3a:dc:e2:
                    61:59:a8:50:15:84:c1:c8:17:d7:29:cc:20:c4:23:
                    8c:9a:d2:23:d7:8b:9c:22:4e:44:19:5e:6d:79:36:
                    86:b0:10:c3:ba:98:68:74:d2:8a:c7:6d:e3:cd:e9:
                    57:26:c1:44:05:75:7b:32:3b:78:66:29:d5:3e:f8:
                    54:ff:48:0f:6c:a0:ce:bc:8b:ec:9a:7b:50:bc:ee:
                    2e:44:5b:79:8c:c0:ed:af:7b:35:2f:c2:38:3f:41:
                    59:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:7A:2F:8E:4A:6C:27:42:70:58:BF:17:F9:26:8F:91:C7:F4:A0:C4
            X509v3 Authority Key Identifier:
                keyid:16:65:5E:55:95:F5:A3:C0:71:C1:2B:17:9D:B9:27:9D:C7:DB:09:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FmVeVZX1o8BxwSsXnbknncfbCRM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/6719cd-864a-42f0-818f-dd4804840dd6/1/BnovjkpsJ0JwWL8X-SaPkcf0oMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/6719cd-864a-42f0-818f-dd4804840dd6/1/FmVeVZX1o8BxwSsXnbknncfbCRM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.237.0/24
                IPv6:
                  2a11:c7c1:deec::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:94:ac:c0:04:3d:3c:92:4d:53:c5:62:01:8f:17:00:62:7a:
         62:94:80:66:d1:2d:ee:f0:fd:2c:68:b4:2f:31:0a:96:c9:cd:
         6e:7c:1e:c5:7c:28:cc:1f:65:ea:14:b5:03:a5:6a:84:a0:1e:
         f5:a1:5b:18:8c:32:c7:fe:15:1b:31:2d:eb:e6:5b:b9:02:e1:
         ca:df:70:df:32:67:17:43:60:76:49:11:44:3c:61:5a:e7:15:
         bd:89:cd:81:0d:fb:34:59:83:1c:c5:96:29:09:41:c4:6a:16:
         8c:61:92:df:8c:a4:c5:67:aa:52:f3:5c:a0:d0:cb:72:ea:30:
         22:dd:b1:34:17:fd:aa:3d:ca:81:3c:4f:8f:db:95:b3:c8:69:
         fb:42:2a:63:37:32:20:91:0e:38:aa:7f:9f:94:b1:98:d8:ad:
         fd:d3:28:8d:07:35:c6:c9:66:f8:d5:4c:16:47:9e:45:03:73:
         c6:0a:d6:f3:5d:f2:f1:7a:f6:9f:b7:a7:bd:dd:c3:4d:ea:b2:
         e9:a9:ac:8e:f6:4f:76:5e:7a:aa:61:44:0d:24:64:a0:7d:4a:
         17:a1:ca:c4:ae:ee:24:63:b4:2b:e9:2a:88:64:20:1c:a2:a2:
         98:97:40:6d:2b:ac:93:3e:57:de:e9:f9:cc:fb:75:0b:17:ba:
         09:29:a6:47
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzCbO8mMXsyFxidsv237MfTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2NjU1ZTU1OTVmNWEzYzA3MWMxMmIxNzlkYjkyNzlkYzdk
YjA5MTMwHhcNMjQwMTAxMDAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjdhMmY4ZTRhNmMyNzQyNzA1OGJmMTdmOTI2OGY5MWM3ZjRhMGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg2khQidBrjKiD1Sg5ekogKWIPVtA
pPQshyd23/V1TXNPvqyRIXsHcRkd1zWufbLX53Bt5AM7IIgWXg2B7VeasCzAiw60
Gqbtq6LDQNNsBCoCiYA/DDVY3ksstOLtbJa/a3hQUhi0ovEsqSOvABih6N30Sx2B
FLjycGR+lziXOD1oWyh3Z0GukHVq8FstetqWRXgZ+hO7FWGbDhvaFgSWfxA63OJh
WahQFYTByBfXKcwgxCOMmtIj14ucIk5EGV5teTaGsBDDuphodNKKx23jzelXJsFE
BXV7Mjt4ZinVPvhU/0gPbKDOvIvsmntQvO4uRFt5jMDtr3s1L8I4P0FZDQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAZ6L45KbCdCcFi/F/kmj5HH9KDEMB8GA1UdIwQY
MBaAFBZlXlWV9aPAccErF525J53H2wkTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRm1WZVZaWDFvOEJ4d1NzWG5ia25uY2ZiQ1JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC82NzE5Y2QtODY0YS00MmYwLTgxOGYt
ZGQ0ODA0ODQwZGQ2LzEvQm5vdmprcHNKMEp3V0w4WC1TYVBrY2Ywb01RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC82NzE5Y2QtODY0YS00MmYwLTgxOGYtZGQ0ODA0ODQwZGQ2
LzEvRm1WZVZaWDFvOEJ4d1NzWG5ia25uY2ZiQ1JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwhrtMA8E
AgACMAkDBwAqEcfB3uwwDQYJKoZIhvcNAQELBQADggEBADiUrMAEPTySTVPFYgGP
FwBiemKUgGbRLe7w/SxotC8xCpbJzW58HsV8KMwfZeoUtQOlaoSgHvWhWxiMMsf+
FRsxLevmW7kC4crfcN8yZxdDYHZJEUQ8YVrnFb2JzYEN+zRZgxzFlikJQcRqFoxh
kt+MpMVnqlLzXKDQy3LqMCLdsTQX/ao9yoE8T4/blbPIaftCKmM3MiCRDjiqf5+U
sZjYrf3TKI0HNcbJZvjVTBZHnkUDc8YK1vNd8vF69p+3p73dw03qsumprI72T3Ze
eqphRA0kZKB9ShehysSu7iRjtCvpKohkIByiopiXQG0rrJM+V97p+cz7dQsXugkp
pkc=
-----END CERTIFICATE-----