Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/tvCXJcVm0zmHHo5vcfEmdsgJl6Q.roa
File:                     tvCXJcVm0zmHHo5vcfEmdsgJl6Q.roa (raw, json)
Hash identifier:          VXGCw7DK6wjme+/FJdVN4tIMB0bbyeFCpNU2pOskBWg=
Subject key identifier:   B6:F0:97:25:C5:66:D3:39:87:1E:8E:6F:71:F1:26:76:C8:09:97:A4
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       018E9EEC3D157F13A6A0817A247D058C5A4F
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/tvCXJcVm0zmHHo5vcfEmdsgJl6Q.roa
Signing time:             Tue 02 Apr 2024 13:07:45 +0000
ROA not before:           Tue 02 Apr 2024 13:07:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57013
IP address blocks:        194.26.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9e:ec:3d:15:7f:13:a6:a0:81:7a:24:7d:05:8c:5a:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr  2 13:07:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6f09725c566d339871e8e6f71f12676c80997a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:62:c8:1d:1b:8e:94:66:6b:dd:de:ac:10:ac:
                    e0:7b:91:89:36:45:48:59:51:c2:6c:35:59:85:c0:
                    61:39:83:50:5f:1e:5d:d8:d0:a9:dd:65:31:c8:72:
                    a5:49:0a:4f:ba:5d:b5:6c:78:18:01:8e:65:ad:c3:
                    1c:9d:de:1a:38:a5:2c:11:0a:15:71:d9:da:4a:17:
                    36:27:72:90:33:91:e9:a8:11:08:98:50:1e:12:39:
                    3e:f9:86:bd:72:9e:16:42:2e:7d:9c:dd:38:c7:70:
                    e6:5d:c3:ca:d5:3e:76:1f:f2:d6:a8:01:91:2f:31:
                    32:fb:2e:e5:85:61:30:fc:50:ca:18:fa:93:71:a6:
                    ed:16:48:5e:71:60:e0:35:a7:6b:14:f9:14:18:8e:
                    b2:e5:96:0f:14:d7:10:44:26:33:5d:78:bd:50:fd:
                    eb:ff:2d:5b:60:f3:e3:a6:a3:9c:cd:ea:3d:2a:86:
                    02:0c:1f:85:a4:c3:36:7b:5f:12:13:d4:68:c4:84:
                    58:5a:ec:5e:b8:2c:61:93:dd:3c:cb:ed:b6:df:0b:
                    70:3b:df:a7:35:e7:7b:45:9b:f6:74:3d:4d:94:e5:
                    20:bf:19:38:1d:52:68:65:20:30:98:d6:df:ea:69:
                    62:03:01:38:e5:1d:52:b6:85:3e:69:96:eb:19:a1:
                    dd:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:F0:97:25:C5:66:D3:39:87:1E:8E:6F:71:F1:26:76:C8:09:97:A4
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/tvCXJcVm0zmHHo5vcfEmdsgJl6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:1b:4f:43:93:df:74:f0:15:db:88:b2:eb:77:36:f3:b8:51:
         50:71:73:4c:68:3f:36:6e:09:7f:a5:0c:be:79:f7:d9:03:1c:
         b1:38:1c:85:6c:0e:20:16:84:b9:18:d7:11:02:04:1c:c5:71:
         10:49:ad:00:78:13:de:58:ed:ec:f6:dc:77:10:2a:02:58:9d:
         f5:74:1b:fa:bd:90:db:ea:9d:11:e4:00:70:16:33:02:26:e0:
         41:63:54:c1:a2:3d:4d:1f:ad:29:9b:be:e0:0f:b7:e1:6b:f8:
         9f:75:c5:02:65:de:03:7b:b5:bd:40:42:85:3e:e1:e8:83:a1:
         f1:fa:36:48:2c:99:82:98:ff:9a:dc:0f:92:97:25:0e:32:49:
         99:b5:35:28:8f:e4:88:2a:77:72:c9:4c:ec:61:5c:ca:c2:81:
         cf:72:e5:93:9b:80:21:e9:92:4a:86:54:8e:d8:aa:70:39:82:
         0e:ae:9e:86:a5:7d:4e:95:ef:ea:63:97:cd:bd:18:d9:01:2e:
         3b:9a:42:78:73:18:dc:ba:9d:d2:58:87:7b:e8:04:75:e6:4c:
         7a:25:5c:a3:3a:8e:67:0a:ae:ca:aa:01:b4:0d:91:5b:65:a0:
         d9:a2:d8:46:18:ee:8a:cb:6a:a6:12:ec:b7:db:5e:e2:9c:a2:
         8f:20:b9:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6e7D0VfxOmoIF6JH0FjFpPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwNDAyMTMwNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmYwOTcyNWM1NjZkMzM5ODcxZThlNmY3MWYxMjY3NmM4MDk5N2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi2LIHRuOlGZr3d6sEKzge5GJNkVI
WVHCbDVZhcBhOYNQXx5d2NCp3WUxyHKlSQpPul21bHgYAY5lrcMcnd4aOKUsEQoV
cdnaShc2J3KQM5HpqBEImFAeEjk++Ya9cp4WQi59nN04x3DmXcPK1T52H/LWqAGR
LzEy+y7lhWEw/FDKGPqTcabtFkhecWDgNadrFPkUGI6y5ZYPFNcQRCYzXXi9UP3r
/y1bYPPjpqOczeo9KoYCDB+FpMM2e18SE9RoxIRYWuxeuCxhk908y+223wtwO9+n
Ned7RZv2dD1NlOUgvxk4HVJoZSAwmNbf6mliAwE45R1StoU+aZbrGaHdSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLbwlyXFZtM5hx6Ob3HxJnbICZekMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvdHZDWEpjVm0wem1ISG81dmNmRW1kc2dKbDZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhrNMA0G
CSqGSIb3DQEBCwUAA4IBAQA7G09Dk9908BXbiLLrdzbzuFFQcXNMaD82bgl/pQy+
effZAxyxOByFbA4gFoS5GNcRAgQcxXEQSa0AeBPeWO3s9tx3ECoCWJ31dBv6vZDb
6p0R5ABwFjMCJuBBY1TBoj1NH60pm77gD7fha/ifdcUCZd4De7W9QEKFPuHog6Hx
+jZILJmCmP+a3A+SlyUOMkmZtTUoj+SIKndyyUzsYVzKwoHPcuWTm4Ah6ZJKhlSO
2KpwOYIOrp6GpX1Ole/qY5fNvRjZAS47mkJ4cxjcup3SWId76AR15kx6JVyjOo5n
Cq7KqgG0DZFbZaDZothGGO6Ky2qmEuy3217inKKPILkV
-----END CERTIFICATE-----