Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/18d059-3cb2-46bf-a588-fe95a9af3adc/1/26gFwF4G5h6wlg_W51YrCuA9_5k.roa
File:                     26gFwF4G5h6wlg_W51YrCuA9_5k.roa (raw, json)
Hash identifier:          272kvgsL4vdRkK5SUJg+ExvDEW7yLvzeaekRkL1kzG0=
Subject key identifier:   DB:A8:05:C0:5E:06:E6:1E:B0:96:0F:D6:E7:56:2B:0A:E0:3D:FF:99
Certificate issuer:       /CN=d57c7db04e78c221f3df2a2af082b518d962a8f0
Certificate serial:       018CC49352B36278435E113C32B22AA6F275
Authority key identifier: D5:7C:7D:B0:4E:78:C2:21:F3:DF:2A:2A:F0:82:B5:18:D9:62:A8:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Xx9sE54wiHz3yoq8IK1GNliqPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/18d059-3cb2-46bf-a588-fe95a9af3adc/1/26gFwF4G5h6wlg_W51YrCuA9_5k.roa
Signing time:             Mon 01 Jan 2024 10:30:38 +0000
ROA not before:           Mon 01 Jan 2024 10:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36040
IP address blocks:        2a0f:f4c1:2::/48 maxlen: 48
                          2a0f:f4c1:2::/64 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/18d059-3cb2-46bf-a588-fe95a9af3adc/1/1Xx9sE54wiHz3yoq8IK1GNliqPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/18d059-3cb2-46bf-a588-fe95a9af3adc/1/1Xx9sE54wiHz3yoq8IK1GNliqPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Xx9sE54wiHz3yoq8IK1GNliqPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 01:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:52:b3:62:78:43:5e:11:3c:32:b2:2a:a6:f2:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d57c7db04e78c221f3df2a2af082b518d962a8f0
        Validity
            Not Before: Jan  1 10:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dba805c05e06e61eb0960fd6e7562b0ae03dff99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:c0:58:05:cf:ab:a0:fd:06:ac:ee:2c:4e:d8:
                    49:f1:69:a9:69:a9:86:c4:17:21:0c:8b:08:b7:eb:
                    19:78:c4:67:62:06:e3:d2:b2:30:1d:e8:73:4a:e0:
                    99:8f:26:cb:94:70:f5:84:0c:50:ef:da:b6:24:96:
                    4d:09:3d:de:21:5a:85:c4:2d:8e:0f:4f:76:69:c0:
                    8d:8f:88:9e:70:10:ea:07:66:1a:5a:0e:df:c9:79:
                    32:a3:6a:90:5d:9e:aa:05:b4:1b:ce:e7:34:ad:1d:
                    18:a7:82:cf:b8:81:f8:36:b8:b4:70:a0:55:fb:d2:
                    21:79:4f:e9:73:59:79:36:52:33:cd:b7:45:dd:a3:
                    81:35:b0:9d:ec:8f:0b:8f:65:9e:5b:b4:d5:d9:e2:
                    d6:36:38:2d:f9:a4:35:37:34:4f:dd:af:46:72:e3:
                    47:66:dd:23:40:83:e0:90:8f:e8:ea:4c:5f:34:f3:
                    df:2c:1c:4f:68:bc:4e:bc:8c:72:c0:c5:3d:1a:af:
                    5a:fe:03:1e:34:6b:01:82:aa:6a:5c:d4:62:c9:d6:
                    4a:f1:68:99:da:ee:3e:e1:3b:21:98:a7:05:6c:35:
                    89:11:8f:75:74:d6:5e:77:ec:e1:62:37:55:a7:56:
                    e2:55:7b:e2:31:96:7b:e7:ac:56:ad:fa:70:37:a0:
                    60:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:A8:05:C0:5E:06:E6:1E:B0:96:0F:D6:E7:56:2B:0A:E0:3D:FF:99
            X509v3 Authority Key Identifier:
                keyid:D5:7C:7D:B0:4E:78:C2:21:F3:DF:2A:2A:F0:82:B5:18:D9:62:A8:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Xx9sE54wiHz3yoq8IK1GNliqPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/18d059-3cb2-46bf-a588-fe95a9af3adc/1/26gFwF4G5h6wlg_W51YrCuA9_5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/18d059-3cb2-46bf-a588-fe95a9af3adc/1/1Xx9sE54wiHz3yoq8IK1GNliqPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:f4c1:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:0a:40:3c:87:51:fe:f6:e9:52:6b:b5:cb:60:bb:5d:ef:5f:
         79:fd:fc:2e:22:42:b1:71:34:25:c9:8c:04:36:46:a5:e7:eb:
         01:e5:0b:d8:a7:09:e0:f4:5b:aa:d9:8b:b6:13:f1:ea:24:f6:
         6e:03:20:89:73:a3:ee:31:3a:e6:93:8c:fe:60:49:7f:6a:0e:
         39:59:47:24:6a:95:c8:56:66:c6:7a:b7:16:8c:49:ed:3e:cc:
         65:75:4e:9c:3a:7d:19:80:ae:55:24:fc:22:32:8c:9c:14:90:
         81:28:64:95:31:8c:58:ff:c6:4c:19:2e:aa:33:40:98:e8:ce:
         a1:04:89:a2:a0:63:d8:66:6e:85:85:df:57:e9:eb:f6:9d:28:
         3f:de:5c:60:b9:48:52:25:5a:57:c0:9c:fd:ec:57:90:35:a1:
         e7:db:2d:fd:aa:f4:4a:0a:20:fd:59:f2:52:57:91:04:1d:fd:
         69:05:60:83:20:78:72:24:b1:10:94:17:05:c8:eb:da:c3:e5:
         7c:d3:be:5a:b0:f0:8c:9f:35:f6:1b:38:b5:f9:ba:57:e0:10:
         81:f4:9d:59:98:a8:86:7a:4d:05:87:43:0d:ba:5a:6b:19:25:
         12:21:c5:6f:0e:ee:47:51:d2:e5:b1:af:57:a7:64:25:0c:4e:
         e6:dc:b7:3a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk1KzYnhDXhE8MrIqpvJ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1N2M3ZGIwNGU3OGMyMjFmM2RmMmEyYWYwODJiNTE4ZDk2
MmE4ZjAwHhcNMjQwMTAxMTAzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmE4MDVjMDVlMDZlNjFlYjA5NjBmZDZlNzU2MmIwYWUwM2RmZjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi8BYBc+roP0GrO4sTthJ8WmpaamG
xBchDIsIt+sZeMRnYgbj0rIwHehzSuCZjybLlHD1hAxQ79q2JJZNCT3eIVqFxC2O
D092acCNj4iecBDqB2YaWg7fyXkyo2qQXZ6qBbQbzuc0rR0Yp4LPuIH4Nri0cKBV
+9IheU/pc1l5NlIzzbdF3aOBNbCd7I8Lj2WeW7TV2eLWNjgt+aQ1NzRP3a9GcuNH
Zt0jQIPgkI/o6kxfNPPfLBxPaLxOvIxywMU9Gq9a/gMeNGsBgqpqXNRiydZK8WiZ
2u4+4TshmKcFbDWJEY91dNZed+zhYjdVp1biVXviMZZ756xWrfpwN6BgLQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNuoBcBeBuYesJYP1udWKwrgPf+ZMB8GA1UdIwQY
MBaAFNV8fbBOeMIh898qKvCCtRjZYqjwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVh4OXNFNTR3aUh6M3lvcThJSzFHTmxpcVBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi8xOGQwNTktM2NiMi00NmJmLWE1ODgt
ZmU5NWE5YWYzYWRjLzEvMjZnRndGNEc1aDZ3bGdfVzUxWXJDdUE5XzVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi8xOGQwNTktM2NiMi00NmJmLWE1ODgtZmU5NWE5YWYzYWRj
LzEvMVh4OXNFNTR3aUh6M3lvcThJSzFHTmxpcVBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg/0wQAC
MA0GCSqGSIb3DQEBCwUAA4IBAQAPCkA8h1H+9ulSa7XLYLtd7195/fwuIkKxcTQl
yYwENkal5+sB5QvYpwng9Fuq2Yu2E/HqJPZuAyCJc6PuMTrmk4z+YEl/ag45WUck
apXIVmbGercWjEntPsxldU6cOn0ZgK5VJPwiMoycFJCBKGSVMYxY/8ZMGS6qM0CY
6M6hBImioGPYZm6Fhd9X6ev2nSg/3lxguUhSJVpXwJz97FeQNaHn2y39qvRKCiD9
WfJSV5EEHf1pBWCDIHhyJLEQlBcFyOvaw+V8075asPCMnzX2Gzi1+bpX4BCB9J1Z
mKiGek0Fh0MNulprGSUSIcVvDu5HUdLlsa9Xp2QlDE7m3Lc6
-----END CERTIFICATE-----