Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/0PSxMZsIL4KFY6z5P4F4rb7AhbU.roa
File:                     0PSxMZsIL4KFY6z5P4F4rb7AhbU.roa (raw, json)
Hash identifier:          l5e4TMTjbBxBuLOdmwzAbWqJ+hSxAW8G9GEfM/WBbKw=
Subject key identifier:   D0:F4:B1:31:9B:08:2F:82:85:63:AC:F9:3F:81:78:AD:BE:C0:85:B5
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       01929DB71FE3846AB3F1E7BA140B93F5393A
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/0PSxMZsIL4KFY6z5P4F4rb7AhbU.roa
Signing time:             Fri 18 Oct 2024 03:41:17 +0000
ROA not before:           Fri 18 Oct 2024 03:41:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        178.22.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9d:b7:1f:e3:84:6a:b3:f1:e7:ba:14:0b:93:f5:39:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Oct 18 03:41:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0f4b1319b082f828563acf93f8178adbec085b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:f9:c6:6f:1f:d6:76:9e:15:cd:76:1a:25:63:
                    8a:7d:81:d5:6b:05:06:d6:8a:89:2c:74:9d:90:64:
                    c7:7c:39:75:92:6c:9f:c8:98:73:fe:1a:67:2d:f6:
                    98:c9:8c:43:b6:69:2b:7d:dd:10:7e:43:01:ed:99:
                    07:8a:e8:e2:56:71:ae:11:43:0e:f7:5a:66:61:58:
                    b2:a0:7c:ef:89:55:13:4a:44:08:3b:40:46:92:79:
                    47:5c:cb:ae:4c:3f:0d:e1:52:71:79:5f:2d:de:c4:
                    24:03:ba:2a:2a:45:76:57:56:2a:57:b5:65:07:8e:
                    a8:a1:ea:1e:ed:3e:6b:a1:bb:48:e0:7b:bc:f4:31:
                    73:db:4b:44:e2:12:2e:2e:90:3c:54:b5:de:e8:c0:
                    62:3f:39:57:5c:c6:75:d3:84:55:90:90:4a:cf:a6:
                    d2:d0:81:9d:5f:94:b8:c3:e4:7c:76:9a:6f:38:b0:
                    50:bf:8a:44:d9:1e:d0:7e:13:99:a2:ba:e0:7e:27:
                    b0:b1:b9:7f:c3:3d:ea:d2:f6:64:46:e9:93:3a:6f:
                    84:5b:46:14:d8:2f:87:7a:f6:ba:06:fe:db:d8:f0:
                    f9:22:11:6c:ab:7e:d6:8e:e8:62:c5:9a:d5:22:ec:
                    8c:db:fa:15:dd:7a:30:e7:60:d8:7c:de:d4:c6:be:
                    c7:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:F4:B1:31:9B:08:2F:82:85:63:AC:F9:3F:81:78:AD:BE:C0:85:B5
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/0PSxMZsIL4KFY6z5P4F4rb7AhbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.22.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:1c:8d:72:ed:66:2c:c7:32:22:70:0f:59:0e:95:1d:04:f1:
         82:82:07:11:d5:d6:d7:b7:48:35:93:a3:8c:78:9b:fa:65:4b:
         2a:c0:45:21:35:7b:3e:2e:5b:0c:e9:e0:74:06:9f:88:5c:0c:
         1c:33:e9:a9:6d:8e:55:29:52:43:11:20:2b:47:7e:3e:8e:ee:
         00:7d:53:c8:5c:5b:9f:38:7c:92:75:58:66:8a:92:09:bd:00:
         f9:e4:39:e1:dd:1c:5b:ee:09:f7:47:50:c1:11:56:05:81:3b:
         04:b4:93:1b:de:cf:33:ef:2b:eb:9f:1b:13:58:5d:30:b3:97:
         e3:26:84:ff:c2:21:e9:ce:f3:c7:8a:1e:03:07:9c:94:df:f0:
         c2:98:43:8d:bd:b6:57:4e:e8:17:6f:b8:13:32:2e:c1:63:65:
         6e:45:f0:fc:15:c4:df:c4:6d:9e:98:cf:28:44:2a:a8:a1:79:
         3b:80:64:38:fa:7d:58:62:a1:14:fd:72:78:b7:63:e3:08:cf:
         2d:ba:0d:61:5c:65:53:e7:e6:f0:33:8f:43:34:93:15:b8:cc:
         6f:dd:ba:b8:57:09:6e:ce:86:0b:9f:14:e1:c1:41:81:26:82:
         fb:a4:3c:2e:6d:80:ca:b8:81:12:34:39:71:cf:89:94:55:2e:
         e8:09:8d:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKdtx/jhGqz8ee6FAuT9Tk6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQxMDE4MDM0MTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGY0YjEzMTliMDgyZjgyODU2M2FjZjkzZjgxNzhhZGJlYzA4NWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPnGbx/Wdp4VzXYaJWOKfYHVawUG
1oqJLHSdkGTHfDl1kmyfyJhz/hpnLfaYyYxDtmkrfd0QfkMB7ZkHiujiVnGuEUMO
91pmYViyoHzviVUTSkQIO0BGknlHXMuuTD8N4VJxeV8t3sQkA7oqKkV2V1YqV7Vl
B46ooeoe7T5robtI4Hu89DFz20tE4hIuLpA8VLXe6MBiPzlXXMZ104RVkJBKz6bS
0IGdX5S4w+R8dppvOLBQv4pE2R7QfhOZorrgfiewsbl/wz3q0vZkRumTOm+EW0YU
2C+Heva6Bv7b2PD5IhFsq37WjuhixZrVIuyM2/oV3Xow52DYfN7Uxr7HKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFND0sTGbCC+ChWOs+T+BeK2+wIW1MB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvMFBTeE1ac0lMNEtGWTZ6NVA0RjRyYjdBaGJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshYaMA0G
CSqGSIb3DQEBCwUAA4IBAQCRHI1y7WYsxzIicA9ZDpUdBPGCggcR1dbXt0g1k6OM
eJv6ZUsqwEUhNXs+LlsM6eB0Bp+IXAwcM+mpbY5VKVJDESArR34+ju4AfVPIXFuf
OHySdVhmipIJvQD55Dnh3Rxb7gn3R1DBEVYFgTsEtJMb3s8z7yvrnxsTWF0ws5fj
JoT/wiHpzvPHih4DB5yU3/DCmEONvbZXTugXb7gTMi7BY2VuRfD8FcTfxG2emM8o
RCqooXk7gGQ4+n1YYqEU/XJ4t2PjCM8tug1hXGVT5+bwM49DNJMVuMxv3bq4Vwlu
zoYLnxThwUGBJoL7pDwubYDKuIESNDlxz4mUVS7oCY2R
-----END CERTIFICATE-----