Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/xpYHX-DI9oS0E09H1b6eTJBMRX4.roa
File:                     xpYHX-DI9oS0E09H1b6eTJBMRX4.roa (raw, json)
Hash identifier:          PfCqtrVjlIyPFDcqHqX2lePA32+GAhJ2/8ZSx9AsWsQ=
Subject key identifier:   C6:96:07:5F:E0:C8:F6:84:B4:13:4F:47:D5:BE:9E:4C:90:4C:45:7E
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       0192326F9EEF9181B871CC8AF3F07737BD88
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/xpYHX-DI9oS0E09H1b6eTJBMRX4.roa
Signing time:             Fri 27 Sep 2024 07:43:48 +0000
ROA not before:           Fri 27 Sep 2024 07:43:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30058
IP address blocks:        178.22.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:32:6f:9e:ef:91:81:b8:71:cc:8a:f3:f0:77:37:bd:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Sep 27 07:43:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c696075fe0c8f684b4134f47d5be9e4c904c457e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:78:96:2c:8f:ac:39:26:6a:33:d4:da:e5:0f:
                    f9:71:f5:00:1b:d5:f0:a1:99:86:27:b4:4f:de:1c:
                    86:a2:3d:33:86:05:28:ba:f4:75:0a:26:2c:6d:29:
                    aa:8f:c0:04:5b:c9:54:85:99:8f:f1:13:49:94:da:
                    ab:9e:13:d4:b5:68:8b:bc:75:42:06:aa:d4:8a:d7:
                    76:32:43:01:95:aa:b1:92:07:07:ab:33:28:19:cd:
                    05:2f:ea:d8:74:7d:db:db:d6:e3:8c:54:3a:1f:a9:
                    a6:00:4e:97:f0:e8:7f:43:12:67:d8:a3:24:e1:58:
                    52:7f:f5:22:aa:e9:83:10:4f:81:d3:f0:92:05:ee:
                    d8:31:4b:89:c7:83:ae:ae:c9:b1:fa:99:89:25:b2:
                    9e:05:be:19:42:26:e5:a6:cd:c3:27:86:5d:5c:10:
                    cd:07:2d:c8:47:47:a0:41:85:df:2e:35:82:95:7a:
                    68:86:51:68:b8:46:87:92:e6:c0:4c:12:a8:00:27:
                    d1:bd:28:da:0d:16:e2:98:87:c8:d5:f3:36:ea:68:
                    a5:e4:03:d5:ef:22:ba:fd:d7:1d:47:16:31:1c:44:
                    aa:ce:e5:4a:55:2b:b1:39:81:3e:40:6a:e2:76:a2:
                    7f:62:e3:ba:6e:0b:ea:38:f2:8f:59:4d:e1:12:25:
                    f1:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:96:07:5F:E0:C8:F6:84:B4:13:4F:47:D5:BE:9E:4C:90:4C:45:7E
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/xpYHX-DI9oS0E09H1b6eTJBMRX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.22.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:f9:8e:86:92:f4:5d:95:92:ed:7b:fb:53:68:44:85:b0:4b:
         5b:a1:0d:2c:8b:52:58:e5:c6:7f:65:dc:53:63:1e:59:d5:22:
         33:2e:f9:85:a4:50:34:92:20:85:f6:41:ef:09:a6:a1:61:e8:
         81:17:bf:84:4f:73:1f:3a:28:d7:e8:07:a6:ff:44:2b:1b:84:
         24:e7:68:87:e6:23:c1:2d:9e:64:12:dc:ba:5a:b4:3b:51:4e:
         16:8d:97:d6:14:57:1e:10:e6:b0:96:a3:4b:a4:7d:62:83:35:
         12:45:3e:87:92:e7:ee:8d:f7:b3:a8:71:2f:01:6b:f7:ef:e3:
         c6:ab:14:c8:b9:4d:75:73:69:32:16:71:53:6b:6a:0a:b6:53:
         6e:c7:7a:42:9b:dc:f2:94:d6:a5:a7:04:89:9a:af:3a:30:59:
         bb:8a:cf:e4:fd:24:fc:0a:f0:e2:39:17:40:2f:8a:f2:42:d0:
         1d:63:1a:1f:72:06:9a:b0:db:dc:48:ae:b6:d6:6d:d1:5d:da:
         a3:94:88:a4:65:7f:42:9e:fd:9a:9d:bd:4f:d4:88:1c:f2:ee:
         85:79:2d:b4:49:64:bc:df:d7:5a:e0:91:f8:6d:86:6e:bc:fb:
         bd:c6:23:66:63:96:fa:87:de:99:4a:c1:f4:15:51:6d:d0:e3:
         7e:e0:02:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIyb57vkYG4ccyK8/B3N72IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwOTI3MDc0MzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjk2MDc1ZmUwYzhmNjg0YjQxMzRmNDdkNWJlOWU0YzkwNGM0NTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXiWLI+sOSZqM9Ta5Q/5cfUAG9Xw
oZmGJ7RP3hyGoj0zhgUouvR1CiYsbSmqj8AEW8lUhZmP8RNJlNqrnhPUtWiLvHVC
BqrUitd2MkMBlaqxkgcHqzMoGc0FL+rYdH3b29bjjFQ6H6mmAE6X8Oh/QxJn2KMk
4VhSf/UiqumDEE+B0/CSBe7YMUuJx4Oursmx+pmJJbKeBb4ZQiblps3DJ4ZdXBDN
By3IR0egQYXfLjWClXpohlFouEaHkubATBKoACfRvSjaDRbimIfI1fM26mil5APV
7yK6/dcdRxYxHESqzuVKVSuxOYE+QGridqJ/YuO6bgvqOPKPWU3hEiXx8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMaWB1/gyPaEtBNPR9W+nkyQTEV+MB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEveHBZSFgtREk5b1MwRTA5SDFiNmVUSkJNUlg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshYaMA0G
CSqGSIb3DQEBCwUAA4IBAQB/+Y6GkvRdlZLte/tTaESFsEtboQ0si1JY5cZ/ZdxT
Yx5Z1SIzLvmFpFA0kiCF9kHvCaahYeiBF7+ET3MfOijX6Aem/0QrG4Qk52iH5iPB
LZ5kEty6WrQ7UU4WjZfWFFceEOawlqNLpH1igzUSRT6HkufujfezqHEvAWv37+PG
qxTIuU11c2kyFnFTa2oKtlNux3pCm9zylNalpwSJmq86MFm7is/k/ST8CvDiORdA
L4ryQtAdYxofcgaasNvcSK621m3RXdqjlIikZX9Cnv2anb1P1Igc8u6FeS20SWS8
39da4JH4bYZuvPu9xiNmY5b6h96ZSsH0FVFt0ON+4AIa
-----END CERTIFICATE-----