Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/d28e01-ad19-48e2-9689-e659d1af68fe/1/w9bqmsM2G3CB5CamgCEoZRGpg8M.roa
File:                     w9bqmsM2G3CB5CamgCEoZRGpg8M.roa (raw, json)
Hash identifier:          QtHzjIBmvhM2SWEIg6j4WYF2jU/qcgln7yzVsBwRrgg=
Subject key identifier:   C3:D6:EA:9A:C3:36:1B:70:81:E4:26:A6:80:21:28:65:11:A9:83:C3
Certificate issuer:       /CN=4568316500ba6538420a9d55c65d9c88dd32a99e
Certificate serial:       018EE63D4C162F09B06BD364EE491C9ECA68
Authority key identifier: 45:68:31:65:00:BA:65:38:42:0A:9D:55:C6:5D:9C:88:DD:32:A9:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RWgxZQC6ZThCCp1Vxl2ciN0yqZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/d28e01-ad19-48e2-9689-e659d1af68fe/1/w9bqmsM2G3CB5CamgCEoZRGpg8M.roa
Signing time:             Tue 16 Apr 2024 09:29:20 +0000
ROA not before:           Tue 16 Apr 2024 09:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39877
IP address blocks:        193.26.136.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/d28e01-ad19-48e2-9689-e659d1af68fe/1/RWgxZQC6ZThCCp1Vxl2ciN0yqZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/d28e01-ad19-48e2-9689-e659d1af68fe/1/RWgxZQC6ZThCCp1Vxl2ciN0yqZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RWgxZQC6ZThCCp1Vxl2ciN0yqZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e6:3d:4c:16:2f:09:b0:6b:d3:64:ee:49:1c:9e:ca:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4568316500ba6538420a9d55c65d9c88dd32a99e
        Validity
            Not Before: Apr 16 09:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3d6ea9ac3361b7081e426a68021286511a983c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:3f:7d:94:05:a9:7e:71:cf:b2:63:c7:d0:a7:
                    51:59:30:c5:bf:1c:38:5e:f7:de:a1:7b:0c:77:69:
                    48:47:fe:eb:d3:9b:49:1c:b7:bc:70:56:e6:7c:68:
                    c3:29:e2:4a:f4:46:bd:8f:29:8a:17:c3:1b:a7:9e:
                    f0:8a:62:c9:d4:d3:72:f5:1f:34:eb:59:10:9d:b2:
                    b9:84:a8:55:8b:6a:62:24:27:d0:fa:76:65:5e:39:
                    fb:27:10:26:b9:bb:0d:f7:e8:02:11:75:2e:d0:95:
                    f0:06:49:55:35:b0:ee:2f:ca:c3:5a:e3:d4:c6:0b:
                    1a:49:8a:60:e4:e6:ef:fe:cf:68:d7:a2:4d:07:f3:
                    e8:7d:49:e9:4b:7e:77:ea:dd:e6:5f:42:b5:3d:d1:
                    08:2a:3d:95:ca:50:23:fc:b3:c8:c7:7e:d5:93:f8:
                    39:10:03:bf:6d:c0:ea:8e:e3:e5:85:cf:eb:8b:96:
                    5f:a8:1a:5e:fb:a3:24:fe:9b:08:22:51:1e:e8:74:
                    24:a9:77:d6:17:f7:83:81:02:c8:6e:35:cf:29:ce:
                    22:13:f2:08:07:98:04:41:e0:71:d7:2c:e3:f5:a5:
                    46:06:6e:3b:0c:e1:ae:7f:ec:84:e2:43:66:4f:76:
                    a4:72:4f:22:c1:95:a4:34:11:8d:c0:85:2f:65:b6:
                    b1:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:D6:EA:9A:C3:36:1B:70:81:E4:26:A6:80:21:28:65:11:A9:83:C3
            X509v3 Authority Key Identifier:
                keyid:45:68:31:65:00:BA:65:38:42:0A:9D:55:C6:5D:9C:88:DD:32:A9:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RWgxZQC6ZThCCp1Vxl2ciN0yqZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/d28e01-ad19-48e2-9689-e659d1af68fe/1/w9bqmsM2G3CB5CamgCEoZRGpg8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/d28e01-ad19-48e2-9689-e659d1af68fe/1/RWgxZQC6ZThCCp1Vxl2ciN0yqZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8a:1f:28:66:54:21:38:5a:3a:89:ec:4a:9c:1e:e5:90:74:b5:
         b8:97:e0:42:a1:3c:9e:69:54:85:68:f5:9c:74:35:ba:aa:bb:
         09:06:10:a5:ee:73:9c:d0:44:77:a4:57:45:b1:6c:a4:cc:a1:
         73:90:d9:c9:25:21:24:ea:49:23:d4:93:ba:76:08:6c:1f:7c:
         8d:ec:dc:10:bf:6c:9e:f6:d9:bf:26:72:bf:16:03:d0:b7:70:
         db:ef:34:fd:31:45:10:87:df:90:1c:bd:0b:09:f4:64:a8:e5:
         01:e6:83:22:36:2a:d6:1a:07:fc:c0:3d:7b:0c:b7:ea:28:4a:
         69:36:a7:a6:45:89:19:9a:2c:25:a0:2a:ce:f4:9a:33:44:3e:
         3b:fb:68:fc:99:fe:47:02:b6:d3:25:67:0f:9e:b6:0e:73:68:
         01:fe:d0:34:ea:91:1a:73:97:8c:e9:aa:fe:b4:2e:28:41:7a:
         d5:7e:ce:74:f0:e9:d9:11:ff:aa:27:38:68:a6:49:23:b5:c1:
         ae:b4:55:8e:95:13:ed:a6:48:56:de:65:3a:3f:f6:4f:78:6c:
         f2:09:37:dd:68:9b:e0:63:9b:28:d1:b3:e9:1e:a2:49:e5:22:
         02:b6:de:39:97:87:d8:70:c4:21:d0:fd:d8:06:1d:c7:7e:eb:
         08:9c:f1:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7mPUwWLwmwa9Nk7kkcnspoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1NjgzMTY1MDBiYTY1Mzg0MjBhOWQ1NWM2NWQ5Yzg4ZGQz
MmE5OWUwHhcNMjQwNDE2MDkyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2Q2ZWE5YWMzMzYxYjcwODFlNDI2YTY4MDIxMjg2NTExYTk4M2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmT99lAWpfnHPsmPH0KdRWTDFvxw4
XvfeoXsMd2lIR/7r05tJHLe8cFbmfGjDKeJK9Ea9jymKF8Mbp57wimLJ1NNy9R80
61kQnbK5hKhVi2piJCfQ+nZlXjn7JxAmubsN9+gCEXUu0JXwBklVNbDuL8rDWuPU
xgsaSYpg5Obv/s9o16JNB/PofUnpS3536t3mX0K1PdEIKj2VylAj/LPIx37Vk/g5
EAO/bcDqjuPlhc/ri5ZfqBpe+6Mk/psIIlEe6HQkqXfWF/eDgQLIbjXPKc4iE/II
B5gEQeBx1yzj9aVGBm47DOGuf+yE4kNmT3akck8iwZWkNBGNwIUvZbaxOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMPW6prDNhtwgeQmpoAhKGURqYPDMB8GA1UdIwQY
MBaAFEVoMWUAumU4QgqdVcZdnIjdMqmeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUldneFpRQzZaVGhDQ3AxVnhsMmNpTjB5cVo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9kMjhlMDEtYWQxOS00OGUyLTk2ODkt
ZTY1OWQxYWY2OGZlLzEvdzlicW1zTTJHM0NCNUNhbWdDRW9aUkdwZzhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9kMjhlMDEtYWQxOS00OGUyLTk2ODktZTY1OWQxYWY2OGZl
LzEvUldneFpRQzZaVGhDQ3AxVnhsMmNpTjB5cVo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwRqIMA0G
CSqGSIb3DQEBCwUAA4IBAQCKHyhmVCE4WjqJ7EqcHuWQdLW4l+BCoTyeaVSFaPWc
dDW6qrsJBhCl7nOc0ER3pFdFsWykzKFzkNnJJSEk6kkj1JO6dghsH3yN7NwQv2ye
9tm/JnK/FgPQt3Db7zT9MUUQh9+QHL0LCfRkqOUB5oMiNirWGgf8wD17DLfqKEpp
NqemRYkZmiwloCrO9JozRD47+2j8mf5HArbTJWcPnrYOc2gB/tA06pEac5eM6ar+
tC4oQXrVfs508OnZEf+qJzhopkkjtcGutFWOlRPtpkhW3mU6P/ZPeGzyCTfdaJvg
Y5so0bPpHqJJ5SICtt45l4fYcMQh0P3YBh3HfusInPFs
-----END CERTIFICATE-----