Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/tg8gxzupnjQ3PKoh-2NKi118_vg.roa
File:                     tg8gxzupnjQ3PKoh-2NKi118_vg.roa (raw, json)
Hash identifier:          DKAIf9U60wci23W4N4SgknjLAykkvuMLPpApHxutALM=
Subject key identifier:   B6:0F:20:C7:3B:A9:9E:34:37:3C:AA:21:FB:63:4A:8B:5D:7C:FE:F8
Certificate issuer:       /CN=b27261d715348bfd73ce9dbb72488656993ba2f1
Certificate serial:       018DAE559905074AF75645205F7737E7121D
Authority key identifier: B2:72:61:D7:15:34:8B:FD:73:CE:9D:BB:72:48:86:56:99:3B:A2:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/tg8gxzupnjQ3PKoh-2NKi118_vg.roa
Signing time:             Thu 15 Feb 2024 19:54:21 +0000
ROA not before:           Thu 15 Feb 2024 19:54:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59584
IP address blocks:        193.26.122.0/24 maxlen: 24
                          193.178.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ae:55:99:05:07:4a:f7:56:45:20:5f:77:37:e7:12:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b27261d715348bfd73ce9dbb72488656993ba2f1
        Validity
            Not Before: Feb 15 19:54:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b60f20c73ba99e34373caa21fb634a8b5d7cfef8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:4b:dc:63:24:29:d3:32:83:7e:89:c1:ad:7b:
                    fa:8a:29:b7:65:28:1b:f3:a0:4d:73:8a:67:e7:1c:
                    8e:90:e3:7b:e4:3f:af:10:d7:66:c9:e7:6a:c0:fa:
                    0e:86:4c:a9:6c:fd:d0:ce:f6:82:fb:c1:f2:6e:5e:
                    96:22:24:1b:63:62:6e:7b:d7:eb:35:dc:0f:a3:6e:
                    46:1a:ac:11:d4:79:2a:cb:39:b3:2f:73:3a:e8:1d:
                    d5:27:68:db:cb:2c:5a:37:0d:97:b4:9f:78:37:e6:
                    5a:61:a9:8d:e8:49:b6:b4:d1:4e:06:d5:bb:cb:c0:
                    90:68:3e:9d:75:0e:02:d6:75:a2:00:5d:11:e8:93:
                    95:a6:9c:8c:25:4e:61:78:aa:49:18:54:59:c2:72:
                    22:e6:ee:a1:74:a7:af:66:e6:5b:91:84:0b:b1:1c:
                    4d:5a:4c:55:57:bd:95:be:93:09:d4:74:56:d1:c6:
                    31:c2:dd:92:4a:7e:f5:d1:f2:e4:c3:5b:f3:ba:e0:
                    3b:17:7e:30:25:3e:eb:93:00:a4:94:e3:0b:ed:e8:
                    17:4b:9e:d1:4f:bb:bb:4a:d3:8e:17:74:a6:5e:7a:
                    0c:db:af:43:6b:2d:e6:2e:58:a4:7b:e8:8a:ea:a5:
                    d1:e2:4d:e1:0b:d6:d1:9f:05:1f:7e:eb:c8:31:02:
                    b0:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:0F:20:C7:3B:A9:9E:34:37:3C:AA:21:FB:63:4A:8B:5D:7C:FE:F8
            X509v3 Authority Key Identifier:
                keyid:B2:72:61:D7:15:34:8B:FD:73:CE:9D:BB:72:48:86:56:99:3B:A2:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/tg8gxzupnjQ3PKoh-2NKi118_vg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.122.0/24
                  193.178.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:4d:24:c2:e7:5f:69:1d:bf:4c:b4:61:49:68:3b:17:30:58:
         bf:0c:84:46:94:be:8b:9e:fc:9d:44:6e:5a:99:0d:d3:6c:fd:
         ef:9a:f1:db:76:0d:6a:dc:b4:bc:09:ea:cc:a3:4d:20:68:90:
         36:a8:d9:57:ec:33:9a:ef:70:b9:e4:27:af:1b:a8:4e:44:e7:
         59:f1:ed:73:ee:7c:84:08:d7:9e:66:25:d8:c1:ec:a4:26:ac:
         db:c4:ce:11:35:07:68:0e:3d:62:cd:5d:76:1b:75:77:a2:8b:
         59:16:fb:5b:91:81:43:2d:df:f8:a7:41:d3:9c:70:27:45:86:
         40:af:5e:9c:e8:f7:74:0d:1b:29:2e:07:77:19:c4:ad:f3:0e:
         ef:f6:35:83:2c:95:88:f7:d0:db:9a:bb:b8:f6:1a:df:e4:0d:
         4a:9b:94:17:7c:51:2e:65:02:70:10:6c:11:73:47:4b:79:15:
         5a:c1:10:ef:8b:33:3a:8c:88:28:68:1b:57:52:b8:ed:c1:6b:
         69:45:0c:b5:ef:33:a7:a7:e2:e3:cf:b6:ae:8a:a1:3e:2d:02:
         68:d9:5a:a3:7a:f4:92:87:08:9d:0b:65:fe:a8:98:5f:bf:0e:
         f5:ac:81:84:da:b7:aa:d3:72:19:87:9f:27:2c:24:7e:74:5a:
         54:e2:40:3e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2uVZkFB0r3VkUgX3c35xIdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNzI2MWQ3MTUzNDhiZmQ3M2NlOWRiYjcyNDg4NjU2OTkz
YmEyZjEwHhcNMjQwMjE1MTk1NDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjBmMjBjNzNiYTk5ZTM0MzczY2FhMjFmYjYzNGE4YjVkN2NmZWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0vcYyQp0zKDfonBrXv6iim3ZSgb
86BNc4pn5xyOkON75D+vENdmyedqwPoOhkypbP3QzvaC+8Hybl6WIiQbY2Jue9fr
NdwPo25GGqwR1HkqyzmzL3M66B3VJ2jbyyxaNw2XtJ94N+ZaYamN6Em2tNFOBtW7
y8CQaD6ddQ4C1nWiAF0R6JOVppyMJU5heKpJGFRZwnIi5u6hdKevZuZbkYQLsRxN
WkxVV72VvpMJ1HRW0cYxwt2SSn710fLkw1vzuuA7F34wJT7rkwCklOML7egXS57R
T7u7StOOF3SmXnoM269Day3mLlike+iK6qXR4k3hC9bRnwUffuvIMQKwOQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLYPIMc7qZ40NzyqIftjSotdfP74MB8GA1UdIwQY
MBaAFLJyYdcVNIv9c86du3JIhlaZO6LxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc25KaDF4VTBpXzF6enAyN2NraUdWcGs3b3ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9hYmE1MDItZDE5MS00ZmQ3LWE3Y2Yt
NTA0ZjI3NjY3NjBmLzEvdGc4Z3h6dXBualEzUEtvaC0yTktpMTE4X3ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9hYmE1MDItZDE5MS00ZmQ3LWE3Y2YtNTA0ZjI3NjY3NjBm
LzEvc25KaDF4VTBpXzF6enAyN2NraUdWcGs3b3ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwRp6AwQA
wbLXMA0GCSqGSIb3DQEBCwUAA4IBAQA1TSTC519pHb9MtGFJaDsXMFi/DIRGlL6L
nvydRG5amQ3TbP3vmvHbdg1q3LS8CerMo00gaJA2qNlX7DOa73C55CevG6hOROdZ
8e1z7nyECNeeZiXYweykJqzbxM4RNQdoDj1izV12G3V3ootZFvtbkYFDLd/4p0HT
nHAnRYZAr16c6Pd0DRspLgd3GcSt8w7v9jWDLJWI99Dbmru49hrf5A1Km5QXfFEu
ZQJwEGwRc0dLeRVawRDvizM6jIgoaBtXUrjtwWtpRQy17zOnp+Ljz7auiqE+LQJo
2VqjevSShwidC2X+qJhfvw71rIGE2req03IZh58nLCR+dFpU4kA+
-----END CERTIFICATE-----