Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/39cb4f-ca88-480e-97d9-073d0d14ddde/1/26vdi3i3-coQYIKBdb4bkDvKg5c.roa
File:                     26vdi3i3-coQYIKBdb4bkDvKg5c.roa (raw, json)
Hash identifier:          2KcMWsKD3i1cs5U/nnczaE0l7vEhxTZrXosDte6EWyA=
Subject key identifier:   DB:AB:DD:8B:78:B7:F9:CA:10:60:82:81:75:BE:1B:90:3B:CA:83:97
Certificate issuer:       /CN=86fa564cf97577c07633ba4e640ea78c76fc17dd
Certificate serial:       018CC50147ECCCD33B385CF4D540C726F26F
Authority key identifier: 86:FA:56:4C:F9:75:77:C0:76:33:BA:4E:64:0E:A7:8C:76:FC:17:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hvpWTPl1d8B2M7pOZA6njHb8F90.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/39cb4f-ca88-480e-97d9-073d0d14ddde/1/26vdi3i3-coQYIKBdb4bkDvKg5c.roa
Signing time:             Mon 01 Jan 2024 12:30:44 +0000
ROA not before:           Mon 01 Jan 2024 12:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206515
IP address blocks:        45.82.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/39cb4f-ca88-480e-97d9-073d0d14ddde/1/hvpWTPl1d8B2M7pOZA6njHb8F90.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/39cb4f-ca88-480e-97d9-073d0d14ddde/1/hvpWTPl1d8B2M7pOZA6njHb8F90.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hvpWTPl1d8B2M7pOZA6njHb8F90.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:47:ec:cc:d3:3b:38:5c:f4:d5:40:c7:26:f2:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86fa564cf97577c07633ba4e640ea78c76fc17dd
        Validity
            Not Before: Jan  1 12:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbabdd8b78b7f9ca1060828175be1b903bca8397
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:31:02:53:06:6a:90:24:47:70:04:d7:fd:59:
                    9e:ad:b2:4a:62:c6:7a:3a:48:59:9c:55:be:89:50:
                    b3:86:81:23:ec:78:a7:9a:19:00:43:c5:75:e8:83:
                    ca:0b:cf:a5:98:5e:20:df:09:6e:10:07:14:e3:e1:
                    a6:0b:5b:9d:f2:c7:66:dd:7e:fb:e0:dc:77:d4:5b:
                    51:a7:36:03:a4:b8:39:70:fe:8a:d4:90:70:fe:c1:
                    57:77:84:fc:c9:60:03:1a:7a:80:63:da:b1:95:0b:
                    aa:89:0d:cb:c1:04:ea:13:ed:27:19:91:3f:dc:c0:
                    7a:c5:f6:31:69:5a:7e:65:21:6d:81:22:7d:86:68:
                    c7:18:5c:ae:9e:fb:2e:34:26:32:7f:f6:09:49:90:
                    0b:a1:84:bf:27:48:8a:7f:68:b4:ae:50:30:e0:02:
                    cc:40:f2:c0:db:b5:ed:de:c2:ac:55:38:30:3f:ef:
                    29:75:d1:de:3a:d1:c2:f7:89:37:49:ca:6b:08:3d:
                    89:f2:c3:22:e2:13:65:5f:e7:7b:0b:01:af:97:bf:
                    50:72:fc:8e:03:13:70:a2:9a:69:0e:f0:bd:e6:a3:
                    46:d3:80:22:94:75:81:be:33:e8:b5:07:36:67:b5:
                    aa:b6:2f:b8:39:a6:78:9a:a8:d5:60:c1:05:7c:e1:
                    9b:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:AB:DD:8B:78:B7:F9:CA:10:60:82:81:75:BE:1B:90:3B:CA:83:97
            X509v3 Authority Key Identifier:
                keyid:86:FA:56:4C:F9:75:77:C0:76:33:BA:4E:64:0E:A7:8C:76:FC:17:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hvpWTPl1d8B2M7pOZA6njHb8F90.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/39cb4f-ca88-480e-97d9-073d0d14ddde/1/26vdi3i3-coQYIKBdb4bkDvKg5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/39cb4f-ca88-480e-97d9-073d0d14ddde/1/hvpWTPl1d8B2M7pOZA6njHb8F90.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:4f:82:51:f0:14:e7:22:ae:df:5b:d1:8c:c9:68:3e:18:5b:
         7e:49:1f:54:50:31:77:35:31:1b:85:a9:d9:8e:a2:91:30:67:
         b0:a2:cf:45:29:a9:73:d7:70:8c:dc:5d:0d:83:1e:04:8b:56:
         dd:c5:2c:a7:8d:8d:2c:a6:a1:9e:33:53:e2:ab:d8:15:f4:8e:
         5a:3b:02:36:d3:c9:c4:d2:92:a3:65:15:b6:da:2f:1c:d2:9b:
         e3:4d:39:17:5b:cd:c6:76:2f:5e:31:cb:ea:09:ce:15:a3:a6:
         74:0c:a1:72:60:fa:ce:c2:5b:d0:22:e1:ec:ed:08:70:e5:6a:
         b9:41:70:13:23:f4:96:e3:4e:00:a1:00:45:04:82:b0:da:be:
         57:99:c0:10:2d:14:47:0a:61:98:05:71:e9:01:45:9a:31:da:
         8f:6d:a3:4c:f5:3d:9e:b3:8d:f3:28:4f:83:1f:37:7c:e1:02:
         84:58:e6:2e:c8:bb:e3:0c:2e:5f:56:d9:7f:27:4a:c5:4e:4b:
         e0:f5:ee:11:ee:f6:14:88:02:87:d7:44:9f:71:72:f8:95:21:
         f3:78:86:86:96:f8:58:d6:62:27:f7:50:b8:9d:71:66:55:de:
         e4:cc:17:88:c8:67:38:06:b5:9b:dc:48:3e:95:f7:29:2e:46:
         3e:78:a7:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAUfszNM7OFz01UDHJvJvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZmE1NjRjZjk3NTc3YzA3NjMzYmE0ZTY0MGVhNzhjNzZm
YzE3ZGQwHhcNMjQwMTAxMTIzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmFiZGQ4Yjc4YjdmOWNhMTA2MDgyODE3NWJlMWI5MDNiY2E4Mzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgjECUwZqkCRHcATX/VmerbJKYsZ6
OkhZnFW+iVCzhoEj7HinmhkAQ8V16IPKC8+lmF4g3wluEAcU4+GmC1ud8sdm3X77
4Nx31FtRpzYDpLg5cP6K1JBw/sFXd4T8yWADGnqAY9qxlQuqiQ3LwQTqE+0nGZE/
3MB6xfYxaVp+ZSFtgSJ9hmjHGFyunvsuNCYyf/YJSZALoYS/J0iKf2i0rlAw4ALM
QPLA27Xt3sKsVTgwP+8pddHeOtHC94k3ScprCD2J8sMi4hNlX+d7CwGvl79QcvyO
AxNwopppDvC95qNG04AilHWBvjPotQc2Z7Wqti+4OaZ4mqjVYMEFfOGbbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNur3Yt4t/nKEGCCgXW+G5A7yoOXMB8GA1UdIwQY
MBaAFIb6Vkz5dXfAdjO6TmQOp4x2/BfdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHZwV1RQbDFkOEIyTTdwT1pBNm5qSGI4RjkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8zOWNiNGYtY2E4OC00ODBlLTk3ZDkt
MDczZDBkMTRkZGRlLzEvMjZ2ZGkzaTMtY29RWUlLQmRiNGJrRHZLZzVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8zOWNiNGYtY2E4OC00ODBlLTk3ZDktMDczZDBkMTRkZGRl
LzEvaHZwV1RQbDFkOEIyTTdwT1pBNm5qSGI4RjkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVLZMA0G
CSqGSIb3DQEBCwUAA4IBAQAsT4JR8BTnIq7fW9GMyWg+GFt+SR9UUDF3NTEbhanZ
jqKRMGewos9FKalz13CM3F0Ngx4Ei1bdxSynjY0spqGeM1Piq9gV9I5aOwI208nE
0pKjZRW22i8c0pvjTTkXW83Gdi9eMcvqCc4Vo6Z0DKFyYPrOwlvQIuHs7Qhw5Wq5
QXATI/SW404AoQBFBIKw2r5XmcAQLRRHCmGYBXHpAUWaMdqPbaNM9T2es43zKE+D
Hzd84QKEWOYuyLvjDC5fVtl/J0rFTkvg9e4R7vYUiAKH10SfcXL4lSHzeIaGlvhY
1mIn91C4nXFmVd7kzBeIyGc4BrWb3Eg+lfcpLkY+eKcw
-----END CERTIFICATE-----