Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/fV4oO8hwaKFk3tUhBBWLVTNXaC0.roa
File:                     fV4oO8hwaKFk3tUhBBWLVTNXaC0.roa (raw, json)
Hash identifier:          KATGN57zcEQbUAPqOvBR+jqnFd/nIzn9zHCeoJyamv4=
Subject key identifier:   7D:5E:28:3B:C8:70:68:A1:64:DE:D5:21:04:15:8B:55:33:57:68:2D
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018DD747E17C472679B285431C45F27ACD99
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/fV4oO8hwaKFk3tUhBBWLVTNXaC0.roa
Signing time:             Fri 23 Feb 2024 18:43:48 +0000
ROA not before:           Fri 23 Feb 2024 18:43:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399382
IP address blocks:        217.26.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d7:47:e1:7c:47:26:79:b2:85:43:1c:45:f2:7a:cd:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Feb 23 18:43:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d5e283bc87068a164ded52104158b553357682d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:ed:96:83:e5:32:aa:3b:35:b9:1b:03:c0:4e:
                    f5:87:27:91:7c:75:ee:f2:ef:b9:3b:b0:f4:0b:8d:
                    4b:56:95:b2:e5:08:08:f6:6e:bb:58:6a:c8:bd:ea:
                    57:d1:73:f4:9d:7d:2b:e8:09:f9:72:a0:77:3f:dc:
                    92:e1:e3:55:15:7f:80:79:5c:67:d0:c6:37:03:84:
                    a2:71:e5:79:c6:2b:df:1a:4b:b5:ee:df:ad:a1:54:
                    ed:f8:b5:eb:70:e6:68:a4:0b:10:27:9c:ae:d8:0b:
                    d9:bc:17:4c:70:a5:d0:f2:22:50:20:0f:59:b6:27:
                    d8:89:2b:4f:8a:ca:c0:4f:29:0c:8c:97:4c:45:32:
                    0b:72:94:a9:d1:b8:cf:2d:ae:b5:db:27:35:83:a6:
                    5f:68:58:2f:12:1e:20:6d:a6:b5:d5:24:20:6e:4e:
                    f2:d4:ae:05:3b:60:a7:db:d1:88:78:b2:95:9f:0b:
                    e3:51:02:ab:49:e2:9e:02:c3:b5:02:ae:49:12:5a:
                    25:2f:20:22:e3:7a:4e:b8:19:14:c7:d1:6b:5c:f0:
                    fc:66:af:24:ae:66:e0:ff:a2:09:0e:97:6d:12:20:
                    2f:4b:01:86:6e:a9:76:6c:4b:36:b2:f7:b9:1a:15:
                    7c:6a:95:95:4b:29:9a:09:3c:73:68:bb:0d:2c:0b:
                    e0:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:5E:28:3B:C8:70:68:A1:64:DE:D5:21:04:15:8B:55:33:57:68:2D
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/fV4oO8hwaKFk3tUhBBWLVTNXaC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.26.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:b8:1c:f0:2b:48:15:3c:0a:21:5c:07:82:77:c8:de:04:c7:
         91:6b:57:5e:02:ef:62:b4:86:06:ab:4f:04:d1:59:61:6d:0c:
         69:dd:24:4a:a6:21:c2:8d:87:66:69:84:03:29:e3:df:82:8a:
         9b:33:7d:ee:ab:0f:3a:8d:91:a5:64:02:0d:3d:7b:6e:11:e7:
         8e:62:a1:09:a9:1c:66:25:36:d5:71:cb:54:a8:df:5c:43:74:
         96:de:5f:1a:ea:47:6e:0c:b7:f4:a3:a8:90:32:1d:b9:3b:92:
         1e:e6:b0:c0:31:8d:86:3b:aa:ed:bc:7e:be:27:e5:2f:60:a3:
         0f:67:58:21:4e:45:c0:43:c8:63:b1:fa:70:88:f7:71:60:d2:
         f0:78:9d:74:f0:c3:61:ab:0f:54:08:be:5f:41:c3:71:57:85:
         5a:8e:e6:34:d2:34:fd:04:47:e9:cd:bf:0c:fa:03:af:7f:c1:
         95:e5:a5:f7:0b:06:cb:05:2a:5d:ba:bd:f3:40:b4:ce:95:7d:
         4c:54:b0:15:cf:72:c5:56:20:2f:4e:dc:3e:c4:00:4e:50:63:
         91:4c:58:30:6b:91:e7:5e:9d:0e:eb:ee:54:93:8b:36:7c:c2:
         29:a5:ec:e0:07:a3:4b:b7:a7:7e:40:69:df:29:d1:08:e9:be:
         34:ba:32:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3XR+F8RyZ5soVDHEXyes2ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMjIzMTg0MzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDVlMjgzYmM4NzA2OGExNjRkZWQ1MjEwNDE1OGI1NTMzNTc2ODJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+2Wg+Uyqjs1uRsDwE71hyeRfHXu
8u+5O7D0C41LVpWy5QgI9m67WGrIvepX0XP0nX0r6An5cqB3P9yS4eNVFX+AeVxn
0MY3A4SiceV5xivfGku17t+toVTt+LXrcOZopAsQJ5yu2AvZvBdMcKXQ8iJQIA9Z
tifYiStPisrATykMjJdMRTILcpSp0bjPLa612yc1g6ZfaFgvEh4gbaa11SQgbk7y
1K4FO2Cn29GIeLKVnwvjUQKrSeKeAsO1Aq5JElolLyAi43pOuBkUx9FrXPD8Zq8k
rmbg/6IJDpdtEiAvSwGGbql2bEs2sve5GhV8apWVSymaCTxzaLsNLAvgvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH1eKDvIcGihZN7VIQQVi1UzV2gtMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvZlY0b084aHdhS0ZrM3RVaEJCV0xWVE5YYUMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Rq+MA0G
CSqGSIb3DQEBCwUAA4IBAQCkuBzwK0gVPAohXAeCd8jeBMeRa1deAu9itIYGq08E
0VlhbQxp3SRKpiHCjYdmaYQDKePfgoqbM33uqw86jZGlZAINPXtuEeeOYqEJqRxm
JTbVcctUqN9cQ3SW3l8a6kduDLf0o6iQMh25O5Ie5rDAMY2GO6rtvH6+J+UvYKMP
Z1ghTkXAQ8hjsfpwiPdxYNLweJ108MNhqw9UCL5fQcNxV4VajuY00jT9BEfpzb8M
+gOvf8GV5aX3CwbLBSpdur3zQLTOlX1MVLAVz3LFViAvTtw+xABOUGORTFgwa5Hn
Xp0O6+5Uk4s2fMIppezgB6NLt6d+QGnfKdEI6b40ujLx
-----END CERTIFICATE-----