Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/be4a4c-f8c6-485d-a328-a3ce99643947/1/BrQaRtxWKpBRO_k_Y-9hmcFqFlc.roa
File:                     BrQaRtxWKpBRO_k_Y-9hmcFqFlc.roa (raw, json)
Hash identifier:          oQkWOfJ7Yl8jC9RQbRRxwoE2AEYMuYPXwV2FjEP/Pxs=
Subject key identifier:   06:B4:1A:46:DC:56:2A:90:51:3B:F9:3F:63:EF:61:99:C1:6A:16:57
Certificate issuer:       /CN=e60bbe0be77c4e2f05791786eadcc8276b261b8c
Certificate serial:       018CCA99CD1989CFF05008538AE4C7A910D2
Authority key identifier: E6:0B:BE:0B:E7:7C:4E:2F:05:79:17:86:EA:DC:C8:27:6B:26:1B:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5gu-C-d8Ti8FeReG6tzIJ2smG4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/be4a4c-f8c6-485d-a328-a3ce99643947/1/BrQaRtxWKpBRO_k_Y-9hmcFqFlc.roa
Signing time:             Tue 02 Jan 2024 14:35:26 +0000
ROA not before:           Tue 02 Jan 2024 14:35:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211320
IP address blocks:        185.26.138.0/24 maxlen: 24
                          185.26.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/be4a4c-f8c6-485d-a328-a3ce99643947/1/5gu-C-d8Ti8FeReG6tzIJ2smG4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/be4a4c-f8c6-485d-a328-a3ce99643947/1/5gu-C-d8Ti8FeReG6tzIJ2smG4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5gu-C-d8Ti8FeReG6tzIJ2smG4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:cd:19:89:cf:f0:50:08:53:8a:e4:c7:a9:10:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e60bbe0be77c4e2f05791786eadcc8276b261b8c
        Validity
            Not Before: Jan  2 14:35:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06b41a46dc562a90513bf93f63ef6199c16a1657
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:7e:e0:e2:7a:bc:a9:5a:80:45:ec:44:fe:b5:
                    5a:b5:81:56:df:ff:5a:ce:d7:fc:68:eb:1a:26:7a:
                    e0:64:8c:19:18:b1:88:02:36:0a:03:5b:d8:63:ba:
                    a5:ed:d7:d3:d0:0c:25:8b:40:8c:a5:d8:28:3d:45:
                    57:70:f9:83:ba:f0:11:ca:f9:f2:44:aa:c4:a1:af:
                    96:99:e0:5d:36:b3:7f:2f:10:ee:f5:8e:14:d1:c1:
                    ee:bd:6d:cb:f1:20:8e:89:c0:c6:61:9b:40:3e:61:
                    db:77:2a:ec:ac:71:0b:6e:68:86:1d:4c:45:d7:b4:
                    74:a8:26:ac:3e:96:d4:b7:a4:c9:b2:91:40:3c:87:
                    69:1a:d0:f3:26:5c:60:78:13:8a:47:f2:99:0e:2a:
                    35:5d:2e:44:4b:5c:6b:65:fa:e5:c4:dd:07:0f:64:
                    7b:1c:4e:d3:61:6e:0c:ae:f8:b0:e8:aa:b9:39:5b:
                    81:50:ef:21:02:ab:59:47:a0:85:7d:96:a3:83:25:
                    ee:51:ee:1e:1d:dd:3c:31:d8:e1:52:8c:08:35:03:
                    00:ce:80:b2:d5:47:cb:45:c7:d1:62:2b:78:71:90:
                    df:5c:b9:a2:1f:32:64:ec:84:eb:d9:19:df:aa:eb:
                    06:d7:3b:43:c0:f2:5f:c7:f4:43:52:91:b7:0f:e4:
                    9d:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:B4:1A:46:DC:56:2A:90:51:3B:F9:3F:63:EF:61:99:C1:6A:16:57
            X509v3 Authority Key Identifier:
                keyid:E6:0B:BE:0B:E7:7C:4E:2F:05:79:17:86:EA:DC:C8:27:6B:26:1B:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5gu-C-d8Ti8FeReG6tzIJ2smG4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/be4a4c-f8c6-485d-a328-a3ce99643947/1/BrQaRtxWKpBRO_k_Y-9hmcFqFlc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/be4a4c-f8c6-485d-a328-a3ce99643947/1/5gu-C-d8Ti8FeReG6tzIJ2smG4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.26.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2c:7c:47:86:04:e3:8d:63:ba:4a:d0:e4:5a:aa:ab:67:0f:d6:
         c1:82:b6:8b:b9:e5:05:3e:b2:28:c4:39:a0:25:4e:e4:68:a3:
         71:7d:8a:72:50:89:6a:e0:b2:59:6c:3d:25:d7:8e:26:3a:75:
         e1:0e:56:b8:78:f9:5d:ae:da:29:d6:c1:b7:af:ad:d3:c9:31:
         38:16:67:6d:3b:43:f0:c2:66:e5:95:b4:56:d1:bb:27:ac:38:
         e8:9b:1e:e6:c3:58:7e:50:61:a6:33:c1:b3:68:d6:ef:e5:cf:
         00:2a:7c:d0:9f:1e:69:5b:87:f4:6b:8b:84:d5:e6:b1:3c:c8:
         18:42:eb:14:80:90:40:cc:d0:a4:4a:a0:a9:25:62:06:32:d3:
         cd:3f:5e:02:81:58:39:53:10:42:5c:46:52:b9:e1:a5:4c:34:
         8a:83:90:2c:30:e0:a1:43:81:ec:22:8a:ad:81:a6:41:6b:64:
         49:f8:67:61:33:81:0c:30:fc:b4:c8:79:57:7a:99:f9:89:83:
         28:86:4d:17:d2:a7:ad:00:2a:6b:ff:a7:b3:3a:a8:2e:89:3a:
         d1:03:0c:cf:52:cd:04:ee:79:a7:a2:65:de:3e:c1:e4:f1:d1:
         96:50:9b:01:7e:51:a0:35:7b:99:10:92:9f:99:6c:c8:36:68:
         03:e9:6d:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmc0Zic/wUAhTiuTHqRDSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MGJiZTBiZTc3YzRlMmYwNTc5MTc4NmVhZGNjODI3NmIy
NjFiOGMwHhcNMjQwMTAyMTQzNTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmI0MWE0NmRjNTYyYTkwNTEzYmY5M2Y2M2VmNjE5OWMxNmExNjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh37g4nq8qVqARexE/rVatYFW3/9a
ztf8aOsaJnrgZIwZGLGIAjYKA1vYY7ql7dfT0Awli0CMpdgoPUVXcPmDuvARyvny
RKrEoa+WmeBdNrN/LxDu9Y4U0cHuvW3L8SCOicDGYZtAPmHbdyrsrHELbmiGHUxF
17R0qCasPpbUt6TJspFAPIdpGtDzJlxgeBOKR/KZDio1XS5ES1xrZfrlxN0HD2R7
HE7TYW4Mrviw6Kq5OVuBUO8hAqtZR6CFfZajgyXuUe4eHd08MdjhUowINQMAzoCy
1UfLRcfRYit4cZDfXLmiHzJk7ITr2RnfqusG1ztDwPJfx/RDUpG3D+SdIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAa0GkbcViqQUTv5P2PvYZnBahZXMB8GA1UdIwQY
MBaAFOYLvgvnfE4vBXkXhurcyCdrJhuMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWd1LUMtZDhUaThGZVJlRzZ0eklKMnNtRzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9iZTRhNGMtZjhjNi00ODVkLWEzMjgt
YTNjZTk5NjQzOTQ3LzEvQnJRYVJ0eFdLcEJST19rX1ktOWhtY0ZxRmxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9iZTRhNGMtZjhjNi00ODVkLWEzMjgtYTNjZTk5NjQzOTQ3
LzEvNWd1LUMtZDhUaThGZVJlRzZ0eklKMnNtRzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuRqKMA0G
CSqGSIb3DQEBCwUAA4IBAQAsfEeGBOONY7pK0ORaqqtnD9bBgraLueUFPrIoxDmg
JU7kaKNxfYpyUIlq4LJZbD0l144mOnXhDla4ePldrtop1sG3r63TyTE4FmdtO0Pw
wmbllbRW0bsnrDjomx7mw1h+UGGmM8GzaNbv5c8AKnzQnx5pW4f0a4uE1eaxPMgY
QusUgJBAzNCkSqCpJWIGMtPNP14CgVg5UxBCXEZSueGlTDSKg5AsMOChQ4HsIoqt
gaZBa2RJ+GdhM4EMMPy0yHlXepn5iYMohk0X0qetACpr/6ezOqguiTrRAwzPUs0E
7nmnomXePsHk8dGWUJsBflGgNXuZEJKfmWzINmgD6W1a
-----END CERTIFICATE-----