Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/TgErBZmt1CUt-p02CLWMe34NGA0.roa
File:                     TgErBZmt1CUt-p02CLWMe34NGA0.roa (raw, json)
Hash identifier:          YDtwDqk5IIGjkA+SrROG90+ftuPW/5ScFhW7bFkI1wo=
Subject key identifier:   4E:01:2B:05:99:AD:D4:25:2D:FA:9D:36:08:B5:8C:7B:7E:0D:18:0D
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018D422A67BFBEF4A031E77D6F2A78F1D445
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/TgErBZmt1CUt-p02CLWMe34NGA0.roa
Signing time:             Thu 25 Jan 2024 19:48:11 +0000
ROA not before:           Thu 25 Jan 2024 19:48:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        178.253.26.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:42:2a:67:bf:be:f4:a0:31:e7:7d:6f:2a:78:f1:d4:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Jan 25 19:48:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e012b0599add4252dfa9d3608b58c7b7e0d180d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:21:34:88:95:e2:e8:34:dc:65:91:56:24:de:
                    e6:a3:5a:6e:b5:91:a2:47:5f:b5:23:fa:ec:09:f8:
                    f5:9b:54:bc:36:41:59:17:b7:54:c7:7c:13:72:6f:
                    48:fd:2e:ca:57:ea:c4:1c:23:fb:40:c8:4e:b7:1b:
                    7f:e8:50:cc:9c:9a:59:28:40:92:74:b9:33:ed:25:
                    71:7c:24:3c:06:b7:08:0c:14:5f:75:69:4c:ed:a0:
                    81:39:54:12:55:af:ed:5a:9e:5e:1d:fa:71:3f:57:
                    a9:4c:f7:be:8f:86:86:68:08:9d:22:a0:bb:8a:19:
                    9d:3d:d8:d7:99:a9:66:1b:50:19:ff:d1:36:58:ef:
                    46:05:47:c4:22:df:69:cf:af:fd:4d:50:60:c3:a2:
                    70:e2:10:a4:05:97:cd:ab:e1:94:40:91:9a:8b:19:
                    1f:cc:3f:a6:08:50:5f:e8:6e:25:40:06:2e:63:22:
                    16:65:5b:24:9b:95:9e:4d:b4:ca:31:fc:75:0d:6f:
                    97:eb:3a:99:d1:70:17:d4:9a:ba:3b:ba:72:73:a1:
                    36:f9:ee:70:52:f3:d2:94:04:89:fd:41:f8:23:83:
                    3a:5a:16:51:6c:ed:f0:e5:57:1f:a5:6a:5f:92:07:
                    6b:f3:00:01:28:aa:1f:b2:e5:c0:09:2b:d1:fc:ab:
                    99:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:01:2B:05:99:AD:D4:25:2D:FA:9D:36:08:B5:8C:7B:7E:0D:18:0D
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/TgErBZmt1CUt-p02CLWMe34NGA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:b3:5b:ac:c6:20:28:ed:6a:4d:5d:cf:68:d5:c8:e9:67:0f:
         a0:81:a0:75:8b:71:58:40:84:e8:ab:92:3f:c9:0a:5d:59:27:
         09:a5:96:1a:84:ec:ad:ab:75:18:2d:a6:c0:91:25:17:da:a6:
         92:6f:79:a0:99:ab:d2:7a:f7:c3:36:c7:3a:bb:58:a7:f2:b4:
         a1:8e:79:04:b7:29:6e:07:92:c3:8f:25:2f:7d:ed:3b:69:3d:
         e2:0a:b1:69:7d:a6:29:6a:3e:2e:5d:f5:46:05:bf:9f:fb:a7:
         f2:08:81:e1:82:a5:cd:d4:c2:b1:7a:1f:20:a3:b0:d3:85:ea:
         ec:7a:1e:5f:a5:37:06:86:9b:33:0b:e1:33:17:ff:ab:6b:01:
         ee:0b:0b:e2:07:7c:25:5e:11:27:ae:cf:48:ca:ea:90:65:0b:
         cb:fe:1e:ef:42:0b:5d:78:a6:dc:91:9f:b6:83:ab:0e:4f:ef:
         46:c5:3c:c8:06:e3:9f:c4:fe:1f:38:50:88:ed:86:69:42:e8:
         68:a0:f0:a6:e6:fd:fa:d0:54:b3:5e:7c:92:02:d3:49:b5:18:
         98:29:24:2f:bb:a6:54:d1:c1:d9:06:db:f1:fb:0e:53:c8:01:
         a0:61:2b:02:e6:86:42:cf:79:e1:c8:e2:81:64:e3:e6:b1:9f:
         9f:df:8f:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1CKme/vvSgMed9byp48dRFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwMTI1MTk0ODExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTAxMmIwNTk5YWRkNDI1MmRmYTlkMzYwOGI1OGM3YjdlMGQxODBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0yE0iJXi6DTcZZFWJN7mo1putZGi
R1+1I/rsCfj1m1S8NkFZF7dUx3wTcm9I/S7KV+rEHCP7QMhOtxt/6FDMnJpZKECS
dLkz7SVxfCQ8BrcIDBRfdWlM7aCBOVQSVa/tWp5eHfpxP1epTPe+j4aGaAidIqC7
ihmdPdjXmalmG1AZ/9E2WO9GBUfEIt9pz6/9TVBgw6Jw4hCkBZfNq+GUQJGaixkf
zD+mCFBf6G4lQAYuYyIWZVskm5WeTbTKMfx1DW+X6zqZ0XAX1Jq6O7pyc6E2+e5w
UvPSlASJ/UH4I4M6WhZRbO3w5VcfpWpfkgdr8wABKKofsuXACSvR/KuZwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE4BKwWZrdQlLfqdNgi1jHt+DRgNMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvVGdFckJabXQxQ1V0LXAwMkNMV01lMzROR0EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsv0aMA0G
CSqGSIb3DQEBCwUAA4IBAQATs1usxiAo7WpNXc9o1cjpZw+ggaB1i3FYQIToq5I/
yQpdWScJpZYahOytq3UYLabAkSUX2qaSb3mgmavSevfDNsc6u1in8rShjnkEtylu
B5LDjyUvfe07aT3iCrFpfaYpaj4uXfVGBb+f+6fyCIHhgqXN1MKxeh8go7DThers
eh5fpTcGhpszC+EzF/+rawHuCwviB3wlXhEnrs9IyuqQZQvL/h7vQgtdeKbckZ+2
g6sOT+9GxTzIBuOfxP4fOFCI7YZpQuhooPCm5v360FSzXnySAtNJtRiYKSQvu6ZU
0cHZBtvx+w5TyAGgYSsC5oZCz3nhyOKBZOPmsZ+f349w
-----END CERTIFICATE-----