Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/26a34e-2094-4e76-a1ea-1dedbe7b5baf/1/X4rdDQ2a2OMkbzoCoSYIgcZaNIc.roa
File:                     X4rdDQ2a2OMkbzoCoSYIgcZaNIc.roa (raw, json)
Hash identifier:          36WWUi/V8+U4pnfVNq7bgc7AxxM0YmNrqX3/IB4mqu8=
Subject key identifier:   5F:8A:DD:0D:0D:9A:D8:E3:24:6F:3A:02:A1:26:08:81:C6:5A:34:87
Certificate issuer:       /CN=77bdd75f2efc244f86a321b150e62936a14029db
Certificate serial:       018CC9BC78B961E768C697B21831E13D6EA8
Authority key identifier: 77:BD:D7:5F:2E:FC:24:4F:86:A3:21:B1:50:E6:29:36:A1:40:29:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d73XXy78JE-GoyGxUOYpNqFAKds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/26a34e-2094-4e76-a1ea-1dedbe7b5baf/1/X4rdDQ2a2OMkbzoCoSYIgcZaNIc.roa
Signing time:             Tue 02 Jan 2024 10:33:41 +0000
ROA not before:           Tue 02 Jan 2024 10:33:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        195.234.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/26a34e-2094-4e76-a1ea-1dedbe7b5baf/1/d73XXy78JE-GoyGxUOYpNqFAKds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/26a34e-2094-4e76-a1ea-1dedbe7b5baf/1/d73XXy78JE-GoyGxUOYpNqFAKds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d73XXy78JE-GoyGxUOYpNqFAKds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 04:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:78:b9:61:e7:68:c6:97:b2:18:31:e1:3d:6e:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77bdd75f2efc244f86a321b150e62936a14029db
        Validity
            Not Before: Jan  2 10:33:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f8add0d0d9ad8e3246f3a02a1260881c65a3487
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:91:2a:57:ce:8a:53:e8:68:38:9c:36:0c:54:
                    b9:f9:bc:47:61:d6:a3:36:e5:1b:2f:bf:f1:cf:25:
                    6d:a0:05:17:7f:b6:00:e3:58:c8:b2:70:1a:21:a6:
                    0f:03:f5:7a:63:5d:a4:45:4a:c2:e6:d1:83:0c:7d:
                    18:7d:a6:7a:8a:0c:4d:2f:ca:af:c9:94:07:76:90:
                    49:91:3f:e9:96:fe:e8:12:bd:6d:97:62:2c:77:03:
                    d9:41:e9:f1:49:71:6d:66:fe:0d:9a:b3:62:64:26:
                    ef:a9:f2:5d:ec:1d:be:6c:a6:50:38:17:a1:95:13:
                    29:3a:dd:99:79:40:1f:da:e6:81:11:ad:c4:47:a5:
                    0c:99:ca:91:49:ca:f2:22:3f:7e:25:25:3d:74:09:
                    eb:27:f4:e3:a1:e0:a0:a0:73:64:03:c4:1b:71:39:
                    ed:af:c8:54:46:73:31:e7:45:64:95:77:bc:6e:d0:
                    4d:1a:46:ea:4d:64:1b:58:96:6e:cc:8c:54:de:d5:
                    ce:0a:b4:15:4a:75:28:93:70:cf:b2:7a:1d:4d:b2:
                    7f:d8:b5:9d:7e:0a:ce:2a:a3:97:8b:eb:80:75:15:
                    12:16:95:3f:6f:4b:7e:8a:9d:a6:5a:c4:31:fa:60:
                    21:e4:52:7f:7b:f2:89:ab:86:48:68:a7:10:2c:b6:
                    2e:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:8A:DD:0D:0D:9A:D8:E3:24:6F:3A:02:A1:26:08:81:C6:5A:34:87
            X509v3 Authority Key Identifier:
                keyid:77:BD:D7:5F:2E:FC:24:4F:86:A3:21:B1:50:E6:29:36:A1:40:29:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d73XXy78JE-GoyGxUOYpNqFAKds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/26a34e-2094-4e76-a1ea-1dedbe7b5baf/1/X4rdDQ2a2OMkbzoCoSYIgcZaNIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/26a34e-2094-4e76-a1ea-1dedbe7b5baf/1/d73XXy78JE-GoyGxUOYpNqFAKds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:82:ed:b2:bc:d2:db:ee:eb:a9:97:92:4d:b7:fe:28:d1:d1:
         3b:43:46:73:f1:b9:3b:c4:1d:29:69:41:8a:10:84:b3:8d:cb:
         7a:6a:c1:1a:52:38:c2:f3:40:b9:59:e2:7e:7e:f6:10:e8:ec:
         72:f8:ac:47:75:7e:d6:44:1d:d2:c7:7c:cc:98:30:62:48:d9:
         ab:35:c8:19:52:fc:55:e7:64:d9:87:21:03:44:36:76:d0:c8:
         9a:e6:31:30:62:49:72:24:42:78:f8:02:0a:f9:ce:f0:d6:61:
         39:c1:92:a9:10:63:48:12:a4:bc:24:e4:93:0f:be:d9:a4:d5:
         2f:26:71:c2:e0:2a:48:bc:4f:4b:0d:f9:3b:a7:34:e9:96:fc:
         d7:22:63:38:f8:0c:ac:ca:f7:4d:2f:94:f1:59:7c:89:38:0c:
         8e:b1:3d:8d:6a:6c:d9:0c:85:5d:1b:7b:90:50:b5:49:c0:51:
         93:2e:c3:05:74:d2:84:14:c5:4b:91:1b:83:f5:73:2b:60:a3:
         d0:e0:50:7d:60:cf:71:c1:82:f6:6c:61:29:c2:fd:4b:f0:31:
         ec:d4:55:17:c7:89:5a:8d:22:9f:3b:9d:09:c8:47:f0:29:a8:
         2f:53:7a:41:fb:c7:2b:5a:31:4c:24:16:83:89:be:56:1e:09:
         1f:73:15:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvHi5YedoxpeyGDHhPW6oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3YmRkNzVmMmVmYzI0NGY4NmEzMjFiMTUwZTYyOTM2YTE0
MDI5ZGIwHhcNMjQwMTAyMTAzMzQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjhhZGQwZDBkOWFkOGUzMjQ2ZjNhMDJhMTI2MDg4MWM2NWEzNDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpEqV86KU+hoOJw2DFS5+bxHYdaj
NuUbL7/xzyVtoAUXf7YA41jIsnAaIaYPA/V6Y12kRUrC5tGDDH0YfaZ6igxNL8qv
yZQHdpBJkT/plv7oEr1tl2IsdwPZQenxSXFtZv4NmrNiZCbvqfJd7B2+bKZQOBeh
lRMpOt2ZeUAf2uaBEa3ER6UMmcqRScryIj9+JSU9dAnrJ/TjoeCgoHNkA8QbcTnt
r8hURnMx50VklXe8btBNGkbqTWQbWJZuzIxU3tXOCrQVSnUok3DPsnodTbJ/2LWd
fgrOKqOXi+uAdRUSFpU/b0t+ip2mWsQx+mAh5FJ/e/KJq4ZIaKcQLLYuvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+K3Q0NmtjjJG86AqEmCIHGWjSHMB8GA1UdIwQY
MBaAFHe9118u/CRPhqMhsVDmKTahQCnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDczWFh5NzhKRS1Hb3lHeFVPWXBOcUZBS2RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My8yNmEzNGUtMjA5NC00ZTc2LWExZWEt
MWRlZGJlN2I1YmFmLzEvWDRyZERRMmEyT01rYnpvQ29TWUlnY1phTkljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My8yNmEzNGUtMjA5NC00ZTc2LWExZWEtMWRlZGJlN2I1YmFm
LzEvZDczWFh5NzhKRS1Hb3lHeFVPWXBOcUZBS2RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+qbMA0G
CSqGSIb3DQEBCwUAA4IBAQBygu2yvNLb7uupl5JNt/4o0dE7Q0Zz8bk7xB0paUGK
EISzjct6asEaUjjC80C5WeJ+fvYQ6Oxy+KxHdX7WRB3Sx3zMmDBiSNmrNcgZUvxV
52TZhyEDRDZ20Mia5jEwYklyJEJ4+AIK+c7w1mE5wZKpEGNIEqS8JOSTD77ZpNUv
JnHC4CpIvE9LDfk7pzTplvzXImM4+AysyvdNL5TxWXyJOAyOsT2NamzZDIVdG3uQ
ULVJwFGTLsMFdNKEFMVLkRuD9XMrYKPQ4FB9YM9xwYL2bGEpwv1L8DHs1FUXx4la
jSKfO50JyEfwKagvU3pB+8crWjFMJBaDib5WHgkfcxVt
-----END CERTIFICATE-----