Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/159860-f832-438a-9e6f-76a141cdd41f/1/ws26yugbDZ8xGgJ_3Hpo9i7fn-o.roa
File:                     ws26yugbDZ8xGgJ_3Hpo9i7fn-o.roa (raw, json)
Hash identifier:          IVRJcIZUL30ET7191P3xDB/EKRxyaljkY2Q8VVCnI68=
Subject key identifier:   C2:CD:BA:CA:E8:1B:0D:9F:31:1A:02:7F:DC:7A:68:F6:2E:DF:9F:EA
Certificate issuer:       /CN=8107dc036d9d6c28f1d87ab64e78ee485a96fd81
Certificate serial:       018D41AB5B2BFF1ACA1A01572824228310B1
Authority key identifier: 81:07:DC:03:6D:9D:6C:28:F1:D8:7A:B6:4E:78:EE:48:5A:96:FD:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gQfcA22dbCjx2Hq2TnjuSFqW_YE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/159860-f832-438a-9e6f-76a141cdd41f/1/ws26yugbDZ8xGgJ_3Hpo9i7fn-o.roa
Signing time:             Thu 25 Jan 2024 17:29:25 +0000
ROA not before:           Thu 25 Jan 2024 17:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199214
IP address blocks:        91.240.74.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/159860-f832-438a-9e6f-76a141cdd41f/1/gQfcA22dbCjx2Hq2TnjuSFqW_YE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/159860-f832-438a-9e6f-76a141cdd41f/1/gQfcA22dbCjx2Hq2TnjuSFqW_YE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gQfcA22dbCjx2Hq2TnjuSFqW_YE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:41:ab:5b:2b:ff:1a:ca:1a:01:57:28:24:22:83:10:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8107dc036d9d6c28f1d87ab64e78ee485a96fd81
        Validity
            Not Before: Jan 25 17:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2cdbacae81b0d9f311a027fdc7a68f62edf9fea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:42:b8:e3:9e:fb:0e:08:94:4e:af:1a:8d:e0:
                    50:ab:cc:ae:3c:43:d9:fc:05:81:16:ae:95:79:d4:
                    8e:54:7e:7e:97:5d:90:80:0b:83:68:d3:55:96:1b:
                    26:de:d1:30:1d:97:48:ba:60:0a:a3:a2:0a:21:90:
                    db:28:49:e3:21:9a:54:f0:f4:11:e9:62:d0:cd:0c:
                    ab:4e:3b:01:b0:72:cd:06:ad:ca:6f:7a:1c:ab:f4:
                    b9:b0:1d:72:ec:d6:49:37:0a:7f:3a:ac:59:4d:1f:
                    63:1d:8c:b0:5b:eb:10:4a:ea:6a:80:08:d1:d4:db:
                    f7:37:ec:cc:d4:b8:c3:eb:ef:60:41:0a:15:81:57:
                    3d:db:37:bc:82:6e:ab:be:48:d9:a5:60:c4:92:60:
                    53:f6:78:e7:50:ff:51:ee:11:72:76:fe:08:e5:66:
                    9c:06:05:a5:5d:df:27:19:63:6f:57:0e:90:93:01:
                    04:17:a4:3b:09:cb:59:89:b3:fc:5a:ea:a1:3e:0c:
                    3a:ec:bf:df:f4:0f:f8:b2:c7:2e:d1:3d:08:a7:f1:
                    7d:6f:50:84:7c:ce:4c:96:90:e2:e8:86:e4:b5:83:
                    31:1e:f2:3c:bf:33:2c:a3:c5:bf:77:a2:5e:68:cc:
                    b4:6f:50:6d:d9:d5:56:b8:4b:1f:33:14:8f:aa:f9:
                    54:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:CD:BA:CA:E8:1B:0D:9F:31:1A:02:7F:DC:7A:68:F6:2E:DF:9F:EA
            X509v3 Authority Key Identifier:
                keyid:81:07:DC:03:6D:9D:6C:28:F1:D8:7A:B6:4E:78:EE:48:5A:96:FD:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gQfcA22dbCjx2Hq2TnjuSFqW_YE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/159860-f832-438a-9e6f-76a141cdd41f/1/ws26yugbDZ8xGgJ_3Hpo9i7fn-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/159860-f832-438a-9e6f-76a141cdd41f/1/gQfcA22dbCjx2Hq2TnjuSFqW_YE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         31:fe:ce:86:f1:81:6e:df:32:fe:b9:f4:75:14:73:9d:6c:6e:
         11:3b:d5:9d:a7:04:9b:6e:c2:69:9f:c8:72:a2:d3:81:26:7d:
         c2:f3:22:04:4b:fd:f2:93:73:22:2d:49:71:5b:78:22:e9:af:
         7b:8d:c7:e5:30:2e:95:18:dc:78:7a:67:1a:20:aa:75:a1:53:
         fb:c9:e9:32:0f:8e:9c:01:21:b1:cd:dc:f4:bb:36:e6:a0:35:
         46:a6:7b:56:b6:0c:29:2c:1a:1e:0b:d8:fe:c9:f1:2a:9b:8f:
         a2:3f:0b:fe:1a:fd:fc:43:b2:dc:ac:a3:e7:d7:2e:67:2b:3f:
         49:a1:03:8e:34:c8:dc:df:f4:89:76:e5:ec:48:6e:57:cb:fb:
         f1:ff:16:7b:98:c0:69:7d:f9:69:9a:93:8c:cb:c6:e7:e1:60:
         a9:e5:ff:3b:2c:75:d0:c0:48:d6:16:8a:4e:83:35:88:98:d1:
         ae:c0:4c:3c:34:d7:f1:22:98:c7:b5:ea:23:2f:91:c2:6d:a5:
         1c:33:01:c8:0d:6c:23:2b:88:7e:20:3e:10:3c:01:1a:27:f3:
         8a:b1:19:f3:65:3f:70:79:05:2c:1a:e7:cd:13:e3:80:4c:f4:
         c3:49:20:3d:ec:0f:36:ad:12:cc:62:18:1a:a4:42:16:6b:18:
         c5:85:59:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1Bq1sr/xrKGgFXKCQigxCxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxMDdkYzAzNmQ5ZDZjMjhmMWQ4N2FiNjRlNzhlZTQ4NWE5
NmZkODEwHhcNMjQwMTI1MTcyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmNkYmFjYWU4MWIwZDlmMzExYTAyN2ZkYzdhNjhmNjJlZGY5ZmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgUK44577DgiUTq8ajeBQq8yuPEPZ
/AWBFq6VedSOVH5+l12QgAuDaNNVlhsm3tEwHZdIumAKo6IKIZDbKEnjIZpU8PQR
6WLQzQyrTjsBsHLNBq3Kb3ocq/S5sB1y7NZJNwp/OqxZTR9jHYywW+sQSupqgAjR
1Nv3N+zM1LjD6+9gQQoVgVc92ze8gm6rvkjZpWDEkmBT9njnUP9R7hFydv4I5Wac
BgWlXd8nGWNvVw6QkwEEF6Q7CctZibP8WuqhPgw67L/f9A/4sscu0T0Ip/F9b1CE
fM5MlpDi6IbktYMxHvI8vzMso8W/d6JeaMy0b1Bt2dVWuEsfMxSPqvlUIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMLNusroGw2fMRoCf9x6aPYu35/qMB8GA1UdIwQY
MBaAFIEH3ANtnWwo8dh6tk547khalv2BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1FmY0EyMmRiQ2p4MkhxMlRuanVTRnFXX1lFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi8xNTk4NjAtZjgzMi00MzhhLTllNmYt
NzZhMTQxY2RkNDFmLzEvd3MyNnl1Z2JEWjh4R2dKXzNIcG85aTdmbi1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi8xNTk4NjAtZjgzMi00MzhhLTllNmYtNzZhMTQxY2RkNDFm
LzEvZ1FmY0EyMmRiQ2p4MkhxMlRuanVTRnFXX1lFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW/BKMA0G
CSqGSIb3DQEBCwUAA4IBAQAx/s6G8YFu3zL+ufR1FHOdbG4RO9WdpwSbbsJpn8hy
otOBJn3C8yIES/3yk3MiLUlxW3gi6a97jcflMC6VGNx4emcaIKp1oVP7yekyD46c
ASGxzdz0uzbmoDVGpntWtgwpLBoeC9j+yfEqm4+iPwv+Gv38Q7LcrKPn1y5nKz9J
oQOONMjc3/SJduXsSG5Xy/vx/xZ7mMBpfflpmpOMy8bn4WCp5f87LHXQwEjWFopO
gzWImNGuwEw8NNfxIpjHteojL5HCbaUcMwHIDWwjK4h+ID4QPAEaJ/OKsRnzZT9w
eQUsGufNE+OATPTDSSA97A82rRLMYhgapEIWaxjFhVkm
-----END CERTIFICATE-----