Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/RALfoqelFOxbWYgVcoCmYu7c1kI.roa
File:                     RALfoqelFOxbWYgVcoCmYu7c1kI.roa (raw, json)
Hash identifier:          cVLaA9w1zwhrCEpx7vjeddeiy4jN6PwvFD5ABvmpN60=
Subject key identifier:   44:02:DF:A2:A7:A5:14:EC:5B:59:88:15:72:80:A6:62:EE:DC:D6:42
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       018CC9BCA6F83F67E334A3CC587B58EFCAD9
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/RALfoqelFOxbWYgVcoCmYu7c1kI.roa
Signing time:             Tue 02 Jan 2024 10:33:53 +0000
ROA not before:           Tue 02 Jan 2024 10:33:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14813
IP address blocks:        145.26.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:a6:f8:3f:67:e3:34:a3:cc:58:7b:58:ef:ca:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Jan  2 10:33:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4402dfa2a7a514ec5b5988157280a662eedcd642
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:9a:57:01:6f:97:4d:d0:15:7a:f3:15:e8:a7:
                    95:75:2a:83:56:2b:ca:cd:5d:b6:b2:e5:ff:fd:19:
                    af:bf:c2:38:54:89:fe:05:38:bb:8c:55:ce:aa:f4:
                    ab:ff:5b:0c:a3:33:35:69:1f:84:b7:e1:9b:dc:a6:
                    94:51:3d:cf:0f:a4:97:0e:4b:f0:8b:23:cf:19:c1:
                    05:dd:ae:5e:4f:25:55:ad:2b:20:77:67:0b:05:5e:
                    39:5e:96:78:60:5f:0d:b5:b5:11:31:60:1f:19:6f:
                    fe:66:02:29:c9:b1:3d:0a:9c:9e:0e:70:d6:c2:91:
                    5e:c9:7e:31:40:63:a1:43:61:aa:a7:6d:ac:35:79:
                    a2:7d:5a:34:e5:14:67:fa:1c:04:ee:b7:ef:de:73:
                    c9:cc:7f:95:6b:de:d9:f5:62:2a:5d:55:f3:60:a4:
                    bf:a2:64:65:d5:11:1a:12:63:65:44:25:de:48:c8:
                    f7:a0:4a:5e:45:fa:94:85:1e:fc:8d:1a:a7:a7:86:
                    f0:9a:75:90:de:0f:65:28:4d:a2:3d:d9:73:d4:28:
                    60:bd:22:c2:a3:2b:b5:2e:e7:3f:95:44:4c:23:91:
                    3d:4d:50:07:a1:ca:1b:5b:12:bd:fd:d5:e8:c7:da:
                    67:b5:8c:be:03:f3:6f:de:13:03:35:3b:4e:7b:44:
                    1d:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:02:DF:A2:A7:A5:14:EC:5B:59:88:15:72:80:A6:62:EE:DC:D6:42
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/RALfoqelFOxbWYgVcoCmYu7c1kI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.26.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:93:fc:15:08:0a:b5:9f:9e:cd:29:2b:e9:3e:70:39:c2:37:
         73:c8:71:38:6a:fc:1c:a9:cc:7e:31:11:60:97:ba:b1:b5:8c:
         39:fe:56:02:4c:10:90:50:01:9a:f3:05:df:77:6d:eb:72:76:
         a3:b2:ea:72:a5:e1:2e:41:7f:75:49:ed:19:7e:8b:79:b4:bc:
         a8:f3:47:80:f3:a7:51:d4:67:29:6e:87:79:9b:6f:6c:81:f5:
         ac:51:27:3b:3b:79:ce:8e:eb:0d:2d:5c:b3:33:15:38:53:8b:
         17:e2:5e:6b:3e:6d:f1:bb:82:98:2c:74:0a:43:9d:0c:e0:76:
         91:24:89:e6:c0:28:23:af:13:69:14:2c:0d:47:7e:50:d2:d3:
         e3:75:73:01:b6:be:05:74:74:20:a8:eb:57:19:72:aa:65:95:
         c7:ba:6c:4b:59:89:5f:57:ca:2c:0e:1c:a2:3b:ef:fe:7c:ec:
         72:29:f7:cf:16:23:c9:2c:f1:a5:31:49:d7:b8:cf:7f:98:36:
         3b:fd:d6:03:cb:fc:46:06:03:8e:12:0d:70:c0:75:9c:c0:ae:
         d5:12:0b:72:72:ff:41:17:d6:ff:64:a3:82:1d:6c:33:4e:03:
         b2:52:66:b9:08:ba:a3:52:5c:7a:b4:67:bc:ed:5f:3d:24:61:
         82:8c:23:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvKb4P2fjNKPMWHtY78rZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjQwMTAyMTAzMzUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDAyZGZhMmE3YTUxNGVjNWI1OTg4MTU3MjgwYTY2MmVlZGNkNjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5pXAW+XTdAVevMV6KeVdSqDVivK
zV22suX//Rmvv8I4VIn+BTi7jFXOqvSr/1sMozM1aR+Et+Gb3KaUUT3PD6SXDkvw
iyPPGcEF3a5eTyVVrSsgd2cLBV45XpZ4YF8NtbURMWAfGW/+ZgIpybE9CpyeDnDW
wpFeyX4xQGOhQ2Gqp22sNXmifVo05RRn+hwE7rfv3nPJzH+Va97Z9WIqXVXzYKS/
omRl1REaEmNlRCXeSMj3oEpeRfqUhR78jRqnp4bwmnWQ3g9lKE2iPdlz1ChgvSLC
oyu1Luc/lURMI5E9TVAHocobWxK9/dXox9pntYy+A/Nv3hMDNTtOe0Qd9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEQC36KnpRTsW1mIFXKApmLu3NZCMB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvUkFMZm9xZWxGT3hiV1lnVmNvQ21ZdTdjMWtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkRrNMA0G
CSqGSIb3DQEBCwUAA4IBAQCKk/wVCAq1n57NKSvpPnA5wjdzyHE4avwcqcx+MRFg
l7qxtYw5/lYCTBCQUAGa8wXfd23rcnajsupypeEuQX91Se0Zfot5tLyo80eA86dR
1Gcpbod5m29sgfWsUSc7O3nOjusNLVyzMxU4U4sX4l5rPm3xu4KYLHQKQ50M4HaR
JInmwCgjrxNpFCwNR35Q0tPjdXMBtr4FdHQgqOtXGXKqZZXHumxLWYlfV8osDhyi
O+/+fOxyKffPFiPJLPGlMUnXuM9/mDY7/dYDy/xGBgOOEg1wwHWcwK7VEgtycv9B
F9b/ZKOCHWwzTgOyUma5CLqjUlx6tGe87V89JGGCjCPc
-----END CERTIFICATE-----