Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/5731f3-b180-4054-8acb-2ca13dd1db63/1/2njOcV1Cmv4R1mJvrWN7awegq-k.roa
File:                     2njOcV1Cmv4R1mJvrWN7awegq-k.roa (raw, json)
Hash identifier:          RAhr+1dpMb8l03Ve1RTJLSW99gi6VduOYelD9GTCTho=
Subject key identifier:   DA:78:CE:71:5D:42:9A:FE:11:D6:62:6F:AD:63:7B:6B:07:A0:AB:E9
Certificate issuer:       /CN=72ca456cad238830b38ecd4d267cacfa5cd5f1f1
Certificate serial:       018CC94C14B00D794B6DF34CF78AF1FAA467
Authority key identifier: 72:CA:45:6C:AD:23:88:30:B3:8E:CD:4D:26:7C:AC:FA:5C:D5:F1:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cspFbK0jiDCzjs1NJnys-lzV8fE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/5731f3-b180-4054-8acb-2ca13dd1db63/1/2njOcV1Cmv4R1mJvrWN7awegq-k.roa
Signing time:             Tue 02 Jan 2024 08:30:55 +0000
ROA not before:           Tue 02 Jan 2024 08:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39146
IP address blocks:        194.26.79.0/24 maxlen: 24
                          194.26.76.0/24 maxlen: 24
                          194.26.77.0/24 maxlen: 24
                          194.26.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/5731f3-b180-4054-8acb-2ca13dd1db63/1/cspFbK0jiDCzjs1NJnys-lzV8fE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/5731f3-b180-4054-8acb-2ca13dd1db63/1/cspFbK0jiDCzjs1NJnys-lzV8fE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cspFbK0jiDCzjs1NJnys-lzV8fE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:14:b0:0d:79:4b:6d:f3:4c:f7:8a:f1:fa:a4:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72ca456cad238830b38ecd4d267cacfa5cd5f1f1
        Validity
            Not Before: Jan  2 08:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da78ce715d429afe11d6626fad637b6b07a0abe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:7f:80:c5:d2:6f:4c:ab:7b:fb:5c:e0:f5:b9:
                    fe:fa:e3:4f:e5:70:e7:66:ff:61:d8:eb:56:02:1c:
                    d3:9b:25:c3:2a:e0:cf:c8:e7:e3:42:66:78:ed:6d:
                    b5:9c:d5:b5:50:28:98:52:06:cd:22:26:53:b6:57:
                    9e:c0:89:fb:0f:3b:5d:d6:fd:b2:80:2e:9f:7e:98:
                    b1:dc:21:7a:d9:b2:16:9d:3d:af:bf:bc:b9:5a:da:
                    f1:b3:06:3d:6e:04:f5:a6:d3:db:77:33:27:21:ad:
                    79:6d:65:12:13:a0:80:4f:1f:32:70:eb:79:ca:60:
                    68:3c:5d:3c:bd:6a:a2:be:37:d3:83:76:42:81:93:
                    9a:40:ed:a2:b2:4d:87:39:c5:6e:56:01:58:77:76:
                    2d:e2:c7:9d:cd:ff:ee:8c:a7:6e:f6:17:95:cf:97:
                    db:42:b3:a3:40:8f:ea:7b:db:ae:17:02:25:09:43:
                    ba:9f:c1:ef:71:b3:1d:eb:63:9a:ae:bf:9c:cf:68:
                    b0:de:96:32:3b:5d:d6:da:e2:88:4c:a3:4b:1c:df:
                    20:e7:26:d1:be:79:b4:70:01:c6:96:2c:22:1a:f6:
                    5b:79:8c:db:02:31:34:38:38:59:b9:35:9e:8a:31:
                    f9:28:93:c9:fd:91:2b:bf:3b:06:f7:42:8f:8d:e9:
                    6a:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:78:CE:71:5D:42:9A:FE:11:D6:62:6F:AD:63:7B:6B:07:A0:AB:E9
            X509v3 Authority Key Identifier:
                keyid:72:CA:45:6C:AD:23:88:30:B3:8E:CD:4D:26:7C:AC:FA:5C:D5:F1:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cspFbK0jiDCzjs1NJnys-lzV8fE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5731f3-b180-4054-8acb-2ca13dd1db63/1/2njOcV1Cmv4R1mJvrWN7awegq-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5731f3-b180-4054-8acb-2ca13dd1db63/1/cspFbK0jiDCzjs1NJnys-lzV8fE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:cc:f1:ec:a1:c1:f4:da:28:4f:e0:9f:76:b3:bf:95:79:6c:
         1c:02:91:11:ee:52:02:d9:15:bc:02:be:54:24:2a:10:08:22:
         5e:ed:0d:33:d3:9d:d0:57:c6:66:2d:e3:48:23:64:91:60:9d:
         56:51:7d:17:90:58:c0:6f:01:23:1c:45:21:75:4d:80:38:40:
         1c:3b:66:20:bf:43:5b:2e:bf:65:43:4f:9a:d3:d4:d3:30:0b:
         12:90:78:6d:b2:25:bc:1d:b2:d8:7d:2b:ab:36:eb:9e:a9:05:
         8f:95:18:44:6d:31:b2:3b:d0:31:b1:5b:46:c5:4f:30:56:64:
         e2:e4:53:26:b0:6e:45:62:b9:72:8c:20:9a:7c:1e:5b:54:a5:
         f7:53:7c:ba:6b:72:1a:3b:7c:62:a0:9d:7d:6d:6b:16:1f:54:
         e1:9c:0e:14:ad:66:ae:85:8f:57:50:ac:6b:ef:d3:bb:d8:c7:
         e5:18:3d:c0:01:bc:6d:88:e4:69:02:ed:fb:f5:48:86:c8:04:
         db:05:9c:71:8a:e0:9b:ef:47:45:d6:2b:ee:4a:28:16:aa:f3:
         6e:3b:b7:0b:29:fe:cf:45:28:ca:08:8e:ac:af:15:dc:b1:9d:
         a3:27:f1:a9:05:e7:84:48:89:5d:56:6a:9f:5d:8d:dc:bf:9f:
         78:ae:02:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTBSwDXlLbfNM94rx+qRnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyY2E0NTZjYWQyMzg4MzBiMzhlY2Q0ZDI2N2NhY2ZhNWNk
NWYxZjEwHhcNMjQwMTAyMDgzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTc4Y2U3MTVkNDI5YWZlMTFkNjYyNmZhZDYzN2I2YjA3YTBhYmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3+AxdJvTKt7+1zg9bn++uNP5XDn
Zv9h2OtWAhzTmyXDKuDPyOfjQmZ47W21nNW1UCiYUgbNIiZTtleewIn7Dztd1v2y
gC6ffpix3CF62bIWnT2vv7y5WtrxswY9bgT1ptPbdzMnIa15bWUSE6CATx8ycOt5
ymBoPF08vWqivjfTg3ZCgZOaQO2isk2HOcVuVgFYd3Yt4sedzf/ujKdu9heVz5fb
QrOjQI/qe9uuFwIlCUO6n8HvcbMd62Oarr+cz2iw3pYyO13W2uKITKNLHN8g5ybR
vnm0cAHGliwiGvZbeYzbAjE0ODhZuTWeijH5KJPJ/ZErvzsG90KPjelqtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNp4znFdQpr+EdZib61je2sHoKvpMB8GA1UdIwQY
MBaAFHLKRWytI4gws47NTSZ8rPpc1fHxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3NwRmJLMGppREN6anMxTkpueXMtbHpWOGZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi81NzMxZjMtYjE4MC00MDU0LThhY2It
MmNhMTNkZDFkYjYzLzEvMm5qT2NWMUNtdjRSMW1KdnJXTjdhd2VncS1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi81NzMxZjMtYjE4MC00MDU0LThhY2ItMmNhMTNkZDFkYjYz
LzEvY3NwRmJLMGppREN6anMxTkpueXMtbHpWOGZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwhpMMA0G
CSqGSIb3DQEBCwUAA4IBAQBXzPHsocH02ihP4J92s7+VeWwcApER7lIC2RW8Ar5U
JCoQCCJe7Q0z053QV8ZmLeNII2SRYJ1WUX0XkFjAbwEjHEUhdU2AOEAcO2Ygv0Nb
Lr9lQ0+a09TTMAsSkHhtsiW8HbLYfSurNuueqQWPlRhEbTGyO9AxsVtGxU8wVmTi
5FMmsG5FYrlyjCCafB5bVKX3U3y6a3IaO3xioJ19bWsWH1ThnA4UrWauhY9XUKxr
79O72MflGD3AAbxtiORpAu379UiGyATbBZxxiuCb70dF1ivuSigWqvNuO7cLKf7P
RSjKCI6srxXcsZ2jJ/GpBeeESIldVmqfXY3cv594rgIG
-----END CERTIFICATE-----