Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/b70de1-4ed6-476b-8a11-c9e43839bcec/1/GtHsY_TvXEXndFf4EVx51vV80qg.roa
File:                     GtHsY_TvXEXndFf4EVx51vV80qg.roa (raw, json)
Hash identifier:          tOUj0bm+a5vVg/D7UYJwwcXZ69G9fqWS+YG69eHxt2k=
Subject key identifier:   1A:D1:EC:63:F4:EF:5C:45:E7:74:57:F8:11:5C:79:D6:F5:7C:D2:A8
Certificate issuer:       /CN=26d0abe89beb9756be4894ae6908cd8cb145cdb6
Certificate serial:       018CC794FF0452FBFADA9B30835A5B4F71C6
Authority key identifier: 26:D0:AB:E8:9B:EB:97:56:BE:48:94:AE:69:08:CD:8C:B1:45:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JtCr6Jvrl1a-SJSuaQjNjLFFzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/b70de1-4ed6-476b-8a11-c9e43839bcec/1/GtHsY_TvXEXndFf4EVx51vV80qg.roa
Signing time:             Tue 02 Jan 2024 00:31:19 +0000
ROA not before:           Tue 02 Jan 2024 00:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24904
IP address blocks:        94.103.120.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/b70de1-4ed6-476b-8a11-c9e43839bcec/1/JtCr6Jvrl1a-SJSuaQjNjLFFzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/b70de1-4ed6-476b-8a11-c9e43839bcec/1/JtCr6Jvrl1a-SJSuaQjNjLFFzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JtCr6Jvrl1a-SJSuaQjNjLFFzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:ff:04:52:fb:fa:da:9b:30:83:5a:5b:4f:71:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26d0abe89beb9756be4894ae6908cd8cb145cdb6
        Validity
            Not Before: Jan  2 00:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ad1ec63f4ef5c45e77457f8115c79d6f57cd2a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:c7:ac:80:8d:12:dc:df:7d:c9:0d:4d:1a:b9:
                    11:bc:1e:58:da:94:f3:45:3c:43:34:6e:18:da:43:
                    51:2e:e8:b8:65:40:ff:37:27:85:02:89:39:b7:2b:
                    4d:c3:67:58:04:d4:cf:b5:e9:b4:cd:98:01:3e:3c:
                    04:3c:c4:fe:e1:0a:7d:d2:11:bb:f9:2f:b1:0f:83:
                    c2:db:2a:4b:83:93:39:85:2e:14:18:0b:11:dd:6f:
                    60:e3:c8:a1:c1:19:be:d3:c3:c5:be:87:ae:e0:e0:
                    11:6e:16:bd:b3:4f:7f:bc:06:fe:06:86:94:ae:b6:
                    40:59:cb:a8:1c:0e:1c:b1:7f:b4:d8:0b:96:a1:21:
                    18:05:ad:0f:6b:90:82:c6:94:40:72:a2:b3:37:3c:
                    79:76:95:dd:4a:11:c5:8f:2c:2d:cc:81:09:53:56:
                    b6:43:c3:b1:2c:c0:a8:5f:0a:33:64:36:84:5c:49:
                    d1:92:b5:ca:e2:1d:31:fc:e2:ce:df:64:76:cb:e0:
                    09:14:3c:79:f1:0c:78:c5:3b:79:a2:64:36:bb:0a:
                    19:2e:5c:44:bc:1f:86:1f:d1:9f:e5:88:3e:62:43:
                    ed:2a:5d:7d:07:dd:1d:39:e8:92:90:a7:bf:a9:71:
                    51:d8:8d:1a:49:f9:1e:e6:55:21:6b:a0:b9:82:6c:
                    57:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:D1:EC:63:F4:EF:5C:45:E7:74:57:F8:11:5C:79:D6:F5:7C:D2:A8
            X509v3 Authority Key Identifier:
                keyid:26:D0:AB:E8:9B:EB:97:56:BE:48:94:AE:69:08:CD:8C:B1:45:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JtCr6Jvrl1a-SJSuaQjNjLFFzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/b70de1-4ed6-476b-8a11-c9e43839bcec/1/GtHsY_TvXEXndFf4EVx51vV80qg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/b70de1-4ed6-476b-8a11-c9e43839bcec/1/JtCr6Jvrl1a-SJSuaQjNjLFFzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.103.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         28:52:e0:89:a2:8d:f5:ea:58:bc:f5:20:82:e8:99:73:07:bf:
         61:cf:58:64:09:27:d5:6e:54:c8:76:a5:62:bc:d0:5b:99:c7:
         5f:b3:71:06:c7:3e:41:68:bc:1b:92:25:d6:16:74:d2:df:1b:
         61:9f:3a:82:d6:a8:94:4f:a1:00:ff:43:de:d9:c2:24:57:47:
         49:6c:a4:9c:5c:cc:44:82:ea:1d:e4:2d:8b:4b:51:c8:56:0d:
         6b:5b:b7:78:8c:31:1d:f4:f4:28:74:cb:40:91:bd:8b:f0:8d:
         26:cf:e4:01:e0:d1:b5:e1:c2:53:14:12:5d:57:d3:b2:c7:6a:
         cd:d1:33:5c:20:ef:47:42:70:de:83:14:32:a0:28:69:88:b4:
         05:04:ad:65:7c:87:95:82:be:3b:1e:6f:6a:07:b6:d8:8f:a1:
         7b:cb:3d:b2:6e:a3:19:ba:4c:cb:01:0f:ac:d6:18:84:0e:6e:
         74:75:43:90:ab:c0:4b:49:61:d8:01:fc:9a:61:4f:cf:4b:6d:
         a2:90:27:4c:0a:e5:71:5f:19:1a:51:93:fc:e0:eb:37:28:b6:
         38:5d:57:9f:cd:9f:cd:c5:e7:14:d2:ea:b7:d2:a6:5d:99:02:
         b1:ef:22:e3:77:ee:ee:cd:8d:af:52:7a:c2:c2:05:2a:b4:f9:
         6d:13:bf:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlP8EUvv62pswg1pbT3HGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2ZDBhYmU4OWJlYjk3NTZiZTQ4OTRhZTY5MDhjZDhjYjE0
NWNkYjYwHhcNMjQwMTAyMDAzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWQxZWM2M2Y0ZWY1YzQ1ZTc3NDU3ZjgxMTVjNzlkNmY1N2NkMmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhsesgI0S3N99yQ1NGrkRvB5Y2pTz
RTxDNG4Y2kNRLui4ZUD/NyeFAok5tytNw2dYBNTPtem0zZgBPjwEPMT+4Qp90hG7
+S+xD4PC2ypLg5M5hS4UGAsR3W9g48ihwRm+08PFvoeu4OARbha9s09/vAb+BoaU
rrZAWcuoHA4csX+02AuWoSEYBa0Pa5CCxpRAcqKzNzx5dpXdShHFjywtzIEJU1a2
Q8OxLMCoXwozZDaEXEnRkrXK4h0x/OLO32R2y+AJFDx58Qx4xTt5omQ2uwoZLlxE
vB+GH9Gf5Yg+YkPtKl19B90dOeiSkKe/qXFR2I0aSfke5lUha6C5gmxXiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBrR7GP071xF53RX+BFcedb1fNKoMB8GA1UdIwQY
MBaAFCbQq+ib65dWvkiUrmkIzYyxRc22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnRDcjZKdnJsMWEtU0pTdWFRak5qTEZGemJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi9iNzBkZTEtNGVkNi00NzZiLThhMTEt
YzllNDM4MzliY2VjLzEvR3RIc1lfVHZYRVhuZEZmNEVWeDUxdlY4MHFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi9iNzBkZTEtNGVkNi00NzZiLThhMTEtYzllNDM4MzliY2Vj
LzEvSnRDcjZKdnJsMWEtU0pTdWFRak5qTEZGemJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXmd4MA0G
CSqGSIb3DQEBCwUAA4IBAQAoUuCJoo316li89SCC6JlzB79hz1hkCSfVblTIdqVi
vNBbmcdfs3EGxz5BaLwbkiXWFnTS3xthnzqC1qiUT6EA/0Pe2cIkV0dJbKScXMxE
guod5C2LS1HIVg1rW7d4jDEd9PQodMtAkb2L8I0mz+QB4NG14cJTFBJdV9Oyx2rN
0TNcIO9HQnDegxQyoChpiLQFBK1lfIeVgr47Hm9qB7bYj6F7yz2ybqMZukzLAQ+s
1hiEDm50dUOQq8BLSWHYAfyaYU/PS22ikCdMCuVxXxkaUZP84Os3KLY4XVefzZ/N
xecU0uq30qZdmQKx7yLjd+7uzY2vUnrCwgUqtPltE7/+
-----END CERTIFICATE-----