Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/98fcb5-87a7-4fde-9847-4902a66b2d95/1/hjRb6nqFWbiC3zDTAMuUKbFkltM.roa
File:                     hjRb6nqFWbiC3zDTAMuUKbFkltM.roa (raw, json)
Hash identifier:          KM2/FCn0FpHjkWaHtle3sfhV3CvpWwx8S7Co5qfFxII=
Subject key identifier:   86:34:5B:EA:7A:85:59:B8:82:DF:30:D3:00:CB:94:29:B1:64:96:D3
Certificate issuer:       /CN=26ad7d3560134e0a8ae46fc5b32c5acb61dde39c
Certificate serial:       018D4CE65557882CB1C82DCE96BFDD9B51F0
Authority key identifier: 26:AD:7D:35:60:13:4E:0A:8A:E4:6F:C5:B3:2C:5A:CB:61:DD:E3:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jq19NWATTgqK5G_Fsyxay2Hd45w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/98fcb5-87a7-4fde-9847-4902a66b2d95/1/hjRb6nqFWbiC3zDTAMuUKbFkltM.roa
Signing time:             Sat 27 Jan 2024 21:49:39 +0000
ROA not before:           Sat 27 Jan 2024 21:49:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208324
IP address blocks:        91.205.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/98fcb5-87a7-4fde-9847-4902a66b2d95/1/Jq19NWATTgqK5G_Fsyxay2Hd45w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/98fcb5-87a7-4fde-9847-4902a66b2d95/1/Jq19NWATTgqK5G_Fsyxay2Hd45w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jq19NWATTgqK5G_Fsyxay2Hd45w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:4c:e6:55:57:88:2c:b1:c8:2d:ce:96:bf:dd:9b:51:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26ad7d3560134e0a8ae46fc5b32c5acb61dde39c
        Validity
            Not Before: Jan 27 21:49:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86345bea7a8559b882df30d300cb9429b16496d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:6a:73:82:27:93:03:49:c0:6d:44:0c:58:04:
                    52:71:2e:01:d6:19:e0:0e:2f:b7:46:fa:b2:0c:f9:
                    9d:04:0f:4d:b4:87:c0:2a:41:37:70:a9:78:b7:b6:
                    ff:d1:7d:26:70:a8:a5:2a:3a:a8:cb:75:05:2e:e2:
                    fe:e6:f4:30:3e:4f:92:91:85:de:a6:b5:4c:61:2d:
                    35:7d:2c:7c:2c:d8:ea:d5:95:aa:c6:02:3a:79:bf:
                    6f:2b:43:50:2d:bb:6a:f6:b7:17:0b:2c:0a:a7:ae:
                    0b:ea:7a:62:ab:50:e7:d6:c4:db:20:3c:dc:18:41:
                    04:94:bb:bf:82:19:e2:5f:4f:b0:77:99:f4:10:25:
                    56:a0:14:9b:3c:f6:be:a1:b0:e6:fe:b7:e4:7c:10:
                    fe:02:94:e1:ac:51:f2:0d:e2:b8:c6:d5:8e:1b:15:
                    c3:ba:41:68:cf:54:93:94:4d:60:6b:72:d8:5b:83:
                    be:93:d0:62:38:72:b1:77:53:f1:c5:4d:aa:41:ca:
                    12:da:c5:c8:b4:e4:01:84:4b:7f:9b:66:67:37:c9:
                    05:a1:91:13:37:09:1f:0b:72:eb:d2:5a:14:fe:2d:
                    4c:59:8d:28:ee:e7:90:63:08:4d:9a:72:94:62:f5:
                    d2:b3:44:6d:0e:0a:e0:16:c9:4e:0f:8a:58:f8:b6:
                    3c:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:34:5B:EA:7A:85:59:B8:82:DF:30:D3:00:CB:94:29:B1:64:96:D3
            X509v3 Authority Key Identifier:
                keyid:26:AD:7D:35:60:13:4E:0A:8A:E4:6F:C5:B3:2C:5A:CB:61:DD:E3:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jq19NWATTgqK5G_Fsyxay2Hd45w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/98fcb5-87a7-4fde-9847-4902a66b2d95/1/hjRb6nqFWbiC3zDTAMuUKbFkltM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/98fcb5-87a7-4fde-9847-4902a66b2d95/1/Jq19NWATTgqK5G_Fsyxay2Hd45w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:09:46:b4:7e:79:fe:8c:24:4a:a1:33:61:a1:a1:d5:39:9a:
         b1:00:b7:00:4d:3f:50:f6:f1:cf:8e:b2:ec:44:8f:5b:67:69:
         6b:04:3f:df:52:03:fc:6e:79:28:17:8e:cb:84:2d:31:b6:20:
         7a:45:16:c5:8c:30:50:20:32:4b:00:fe:7f:fb:65:2f:4d:61:
         32:95:bf:d6:5e:9b:f8:88:30:0f:a5:0c:83:bc:79:90:a0:fe:
         85:6e:ee:78:9c:a6:2f:ad:4b:ab:99:da:ec:2f:97:54:ee:0e:
         21:a8:3c:97:e2:3e:0b:04:32:65:6b:d7:3c:4c:65:d9:83:32:
         c9:d8:d3:bb:34:f1:66:bb:a3:e2:ae:ba:9e:b2:5e:44:b6:41:
         fd:aa:e7:e8:86:c6:cb:80:91:14:5c:7c:1a:ca:35:ee:86:1c:
         b2:6f:81:9b:b9:c4:76:72:76:ad:2e:05:b9:84:6d:5d:bd:26:
         55:78:43:6c:b6:b6:95:83:21:ee:ef:17:93:07:7b:8e:d4:d3:
         44:64:f5:fb:d5:95:7e:1d:0a:62:43:f5:b5:e1:3c:da:5d:6b:
         e0:30:eb:68:51:20:bf:19:d0:24:8d:96:b8:23:03:ca:11:7b:
         7b:b3:77:2b:db:1c:58:0b:ec:59:94:0d:42:09:54:4b:c8:f1:
         44:58:2f:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1M5lVXiCyxyC3Olr/dm1HwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2YWQ3ZDM1NjAxMzRlMGE4YWU0NmZjNWIzMmM1YWNiNjFk
ZGUzOWMwHhcNMjQwMTI3MjE0OTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjM0NWJlYTdhODU1OWI4ODJkZjMwZDMwMGNiOTQyOWIxNjQ5NmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWpzgieTA0nAbUQMWARScS4B1hng
Di+3RvqyDPmdBA9NtIfAKkE3cKl4t7b/0X0mcKilKjqoy3UFLuL+5vQwPk+SkYXe
prVMYS01fSx8LNjq1ZWqxgI6eb9vK0NQLbtq9rcXCywKp64L6npiq1Dn1sTbIDzc
GEEElLu/ghniX0+wd5n0ECVWoBSbPPa+obDm/rfkfBD+ApThrFHyDeK4xtWOGxXD
ukFoz1STlE1ga3LYW4O+k9BiOHKxd1PxxU2qQcoS2sXItOQBhEt/m2ZnN8kFoZET
NwkfC3Lr0loU/i1MWY0o7ueQYwhNmnKUYvXSs0RtDgrgFslOD4pY+LY8mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIY0W+p6hVm4gt8w0wDLlCmxZJbTMB8GA1UdIwQY
MBaAFCatfTVgE04KiuRvxbMsWsth3eOcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnExOU5XQVRUZ3FLNUdfRnN5eGF5MkhkNDV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni85OGZjYjUtODdhNy00ZmRlLTk4NDct
NDkwMmE2NmIyZDk1LzEvaGpSYjZucUZXYmlDM3pEVEFNdVVLYkZrbHRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni85OGZjYjUtODdhNy00ZmRlLTk4NDctNDkwMmE2NmIyZDk1
LzEvSnExOU5XQVRUZ3FLNUdfRnN5eGF5MkhkNDV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW80qMA0G
CSqGSIb3DQEBCwUAA4IBAQAGCUa0fnn+jCRKoTNhoaHVOZqxALcATT9Q9vHPjrLs
RI9bZ2lrBD/fUgP8bnkoF47LhC0xtiB6RRbFjDBQIDJLAP5/+2UvTWEylb/WXpv4
iDAPpQyDvHmQoP6Fbu54nKYvrUurmdrsL5dU7g4hqDyX4j4LBDJla9c8TGXZgzLJ
2NO7NPFmu6Pirrqesl5EtkH9qufohsbLgJEUXHwayjXuhhyyb4GbucR2cnatLgW5
hG1dvSZVeENstraVgyHu7xeTB3uO1NNEZPX71ZV+HQpiQ/W14TzaXWvgMOtoUSC/
GdAkjZa4IwPKEXt7s3cr2xxYC+xZlA1CCVRLyPFEWC9X
-----END CERTIFICATE-----