Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/aE0wkVOWDxBIiI7DNbEuML2c7QY.roa
File:                     aE0wkVOWDxBIiI7DNbEuML2c7QY.roa (raw, json)
Hash identifier:          +Ks8QRTdYO2MXG6QiStCkLU7m1R7ItX7TQ90LsnMczY=
Subject key identifier:   68:4D:30:91:53:96:0F:10:48:88:8E:C3:35:B1:2E:30:BD:9C:ED:06
Certificate issuer:       /CN=230340d27e4b24f9124977322edb36942e2d160c
Certificate serial:       018CC7942C9FCB6600CE23BB80739A6D6A34
Authority key identifier: 23:03:40:D2:7E:4B:24:F9:12:49:77:32:2E:DB:36:94:2E:2D:16:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IwNA0n5LJPkSSXcyLts2lC4tFgw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/aE0wkVOWDxBIiI7DNbEuML2c7QY.roa
Signing time:             Tue 02 Jan 2024 00:30:25 +0000
ROA not before:           Tue 02 Jan 2024 00:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8308
IP address blocks:        81.26.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/IwNA0n5LJPkSSXcyLts2lC4tFgw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/IwNA0n5LJPkSSXcyLts2lC4tFgw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IwNA0n5LJPkSSXcyLts2lC4tFgw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 06:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:2c:9f:cb:66:00:ce:23:bb:80:73:9a:6d:6a:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=230340d27e4b24f9124977322edb36942e2d160c
        Validity
            Not Before: Jan  2 00:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=684d309153960f1048888ec335b12e30bd9ced06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:ca:41:d4:dd:28:26:9a:6a:03:0f:d0:58:c0:
                    1c:2e:f4:5a:41:8a:a9:c9:68:f2:de:58:9e:87:4f:
                    02:2c:d3:ad:48:0e:d1:58:d2:2f:5e:9e:34:7b:b2:
                    b9:35:67:d5:50:36:12:8c:26:bc:f5:6b:3d:f8:f8:
                    94:f9:05:a0:36:80:c3:76:17:6d:2e:bf:f4:0b:6c:
                    f8:a8:f8:a3:95:9b:d5:40:2e:37:ff:76:6b:76:8f:
                    fe:c1:cd:61:29:c8:0f:b0:8c:0e:ca:28:74:09:8a:
                    ef:a0:51:8c:30:3e:06:5c:1f:91:d6:cc:6c:2f:35:
                    37:50:a3:85:9b:07:02:5c:8d:21:a6:76:7c:65:de:
                    21:de:60:e9:a3:7f:c8:bf:bd:2a:69:31:39:d2:0b:
                    1d:a5:aa:aa:a3:20:79:d7:85:6d:eb:7d:47:ee:84:
                    eb:08:00:12:9a:8b:b1:ac:ca:8b:cc:dc:53:d6:e5:
                    ae:56:54:e6:d8:10:49:52:fb:e9:dc:77:91:14:24:
                    7f:3c:0b:b6:da:19:19:5d:9d:42:77:a6:0b:4f:05:
                    83:8e:e7:15:91:79:5d:a0:05:1a:dd:91:25:67:14:
                    30:7b:3f:af:fc:2e:73:55:f8:4a:60:db:fd:66:dc:
                    92:f1:ee:df:3c:ce:61:0d:2e:78:70:3b:4d:17:90:
                    fa:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:4D:30:91:53:96:0F:10:48:88:8E:C3:35:B1:2E:30:BD:9C:ED:06
            X509v3 Authority Key Identifier:
                keyid:23:03:40:D2:7E:4B:24:F9:12:49:77:32:2E:DB:36:94:2E:2D:16:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IwNA0n5LJPkSSXcyLts2lC4tFgw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/aE0wkVOWDxBIiI7DNbEuML2c7QY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/IwNA0n5LJPkSSXcyLts2lC4tFgw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.26.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:bd:d1:d7:59:d1:c2:58:24:3e:cb:37:17:6b:4a:f2:da:f0:
         80:e1:5e:57:4d:1c:ec:f2:96:73:f8:22:d1:76:38:f8:54:db:
         59:93:6b:8b:80:a9:0d:64:26:53:1f:21:1f:b4:81:02:b3:60:
         24:40:a3:67:22:5f:b1:e4:65:a5:4c:14:f3:e0:1e:57:87:9e:
         74:3b:85:99:40:09:7f:e2:e7:05:88:6c:ee:6b:b8:32:5a:d5:
         d5:d2:8d:65:e5:cb:e6:37:7c:16:d7:1d:20:15:75:38:d7:65:
         58:1c:2e:34:71:f4:dd:2f:32:8c:68:11:ac:41:da:a5:12:8c:
         ae:75:ca:44:e7:4b:2e:f5:3d:98:16:97:fc:eb:6b:e6:8e:71:
         52:1c:43:6f:9d:e4:ed:be:c1:f5:fb:4c:3e:9a:82:a2:39:1a:
         b1:84:6d:a1:23:0a:e3:ca:b8:f6:c9:f8:51:30:b7:b1:0d:5c:
         dd:4d:e2:06:5d:9e:a0:a2:9c:b4:0d:eb:e4:85:08:ba:ee:c2:
         6f:44:7c:28:cd:48:59:03:fd:24:23:f5:0e:79:b1:7b:61:8a:
         c2:0f:dc:9e:16:44:4c:2d:a5:eb:b8:59:6e:96:45:d6:85:ce:
         d9:bf:e1:71:8c:12:8a:86:d6:91:86:43:01:ce:4f:cd:a5:df:
         47:74:2e:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlCyfy2YAziO7gHOabWo0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMDM0MGQyN2U0YjI0ZjkxMjQ5NzczMjJlZGIzNjk0MmUy
ZDE2MGMwHhcNMjQwMTAyMDAzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODRkMzA5MTUzOTYwZjEwNDg4ODhlYzMzNWIxMmUzMGJkOWNlZDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgMpB1N0oJppqAw/QWMAcLvRaQYqp
yWjy3lieh08CLNOtSA7RWNIvXp40e7K5NWfVUDYSjCa89Ws9+PiU+QWgNoDDdhdt
Lr/0C2z4qPijlZvVQC43/3Zrdo/+wc1hKcgPsIwOyih0CYrvoFGMMD4GXB+R1sxs
LzU3UKOFmwcCXI0hpnZ8Zd4h3mDpo3/Iv70qaTE50gsdpaqqoyB514Vt631H7oTr
CAASmouxrMqLzNxT1uWuVlTm2BBJUvvp3HeRFCR/PAu22hkZXZ1Cd6YLTwWDjucV
kXldoAUa3ZElZxQwez+v/C5zVfhKYNv9ZtyS8e7fPM5hDS54cDtNF5D6mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGhNMJFTlg8QSIiOwzWxLjC9nO0GMB8GA1UdIwQY
MBaAFCMDQNJ+SyT5Ekl3Mi7bNpQuLRYMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXdOQTBuNUxKUGtTU1hjeUx0czJsQzR0Rmd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS83YmRmNTItNmFjNS00YzI0LWJmZDAt
YjU3MDkwN2I1OWViLzEvYUUwd2tWT1dEeEJJaUk3RE5iRXVNTDJjN1FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS83YmRmNTItNmFjNS00YzI0LWJmZDAtYjU3MDkwN2I1OWVi
LzEvSXdOQTBuNUxKUGtTU1hjeUx0czJsQzR0Rmd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURofMA0G
CSqGSIb3DQEBCwUAA4IBAQBdvdHXWdHCWCQ+yzcXa0ry2vCA4V5XTRzs8pZz+CLR
djj4VNtZk2uLgKkNZCZTHyEftIECs2AkQKNnIl+x5GWlTBTz4B5Xh550O4WZQAl/
4ucFiGzua7gyWtXV0o1l5cvmN3wW1x0gFXU412VYHC40cfTdLzKMaBGsQdqlEoyu
dcpE50su9T2YFpf862vmjnFSHENvneTtvsH1+0w+moKiORqxhG2hIwrjyrj2yfhR
MLexDVzdTeIGXZ6gopy0DevkhQi67sJvRHwozUhZA/0kI/UOebF7YYrCD9yeFkRM
LaXruFlulkXWhc7Zv+FxjBKKhtaRhkMBzk/Npd9HdC4G
-----END CERTIFICATE-----