Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/j5QKeuGXTRBwPGjQWWnfRFS80gs.roa
File:                     j5QKeuGXTRBwPGjQWWnfRFS80gs.roa (raw, json)
Hash identifier:          Z4Hp9oqaE6vPUIIGvGUpRfdgDDW4cmfUljTJCbGbKQk=
Subject key identifier:   8F:94:0A:7A:E1:97:4D:10:70:3C:68:D0:59:69:DF:44:54:BC:D2:0B
Certificate issuer:       /CN=230340d27e4b24f9124977322edb36942e2d160c
Certificate serial:       019427486E7BFF77D393FF3407EAF276FABB
Authority key identifier: 23:03:40:D2:7E:4B:24:F9:12:49:77:32:2E:DB:36:94:2E:2D:16:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IwNA0n5LJPkSSXcyLts2lC4tFgw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/j5QKeuGXTRBwPGjQWWnfRFS80gs.roa
Signing time:             Thu 02 Jan 2025 13:50:45 +0000
ROA not before:           Thu 02 Jan 2025 13:50:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8308
IP address blocks:        81.26.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/IwNA0n5LJPkSSXcyLts2lC4tFgw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/IwNA0n5LJPkSSXcyLts2lC4tFgw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IwNA0n5LJPkSSXcyLts2lC4tFgw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:6e:7b:ff:77:d3:93:ff:34:07:ea:f2:76:fa:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=230340d27e4b24f9124977322edb36942e2d160c
        Validity
            Not Before: Jan  2 13:50:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f940a7ae1974d10703c68d05969df4454bcd20b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:02:c1:39:4a:c4:b7:e0:7a:7f:f5:00:f6:e6:
                    44:87:8e:9e:09:02:bf:3e:79:69:55:29:ab:43:59:
                    72:e7:ce:d9:a6:29:7f:a5:9e:2d:f7:9a:5f:3f:2c:
                    aa:c0:7e:7e:b2:a8:37:cd:4e:3a:b0:42:59:ca:01:
                    7a:b8:44:85:02:9f:04:bd:d7:27:9c:7e:37:c8:b9:
                    ce:80:e4:d3:20:bc:50:65:dc:8f:20:ee:64:0a:23:
                    2e:47:97:dd:3f:12:21:71:f9:79:3b:57:b3:72:54:
                    d2:a5:5f:43:a9:06:8a:6a:0b:3f:b4:5b:34:95:d0:
                    1c:2b:4d:be:3b:fd:b6:9a:46:e7:17:a0:9f:b8:d7:
                    23:a6:67:1c:cf:8e:f2:b9:27:ba:50:45:d1:30:ee:
                    f1:36:18:c6:c5:55:d3:7d:97:4e:d0:86:92:ad:03:
                    2e:6b:23:a4:1e:a5:18:a4:c0:a7:91:d8:1b:d9:12:
                    3a:e1:4f:d4:7e:78:f6:11:61:79:0b:a4:37:59:f6:
                    65:7a:cb:8f:1d:ac:3d:5a:ed:00:8f:e4:f4:82:79:
                    d9:72:78:30:89:8f:bf:18:bf:13:f1:4a:3c:4d:36:
                    cc:e6:8e:b9:04:ad:b7:ea:c3:10:80:a0:18:fa:0b:
                    bb:d6:76:30:be:f1:d2:05:ba:63:07:2c:a1:8e:c6:
                    18:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:94:0A:7A:E1:97:4D:10:70:3C:68:D0:59:69:DF:44:54:BC:D2:0B
            X509v3 Authority Key Identifier:
                keyid:23:03:40:D2:7E:4B:24:F9:12:49:77:32:2E:DB:36:94:2E:2D:16:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IwNA0n5LJPkSSXcyLts2lC4tFgw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/j5QKeuGXTRBwPGjQWWnfRFS80gs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/7bdf52-6ac5-4c24-bfd0-b570907b59eb/1/IwNA0n5LJPkSSXcyLts2lC4tFgw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.26.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:24:5e:92:78:72:93:ff:c3:f6:02:47:e1:6f:c7:c6:56:6b:
         34:66:de:14:9e:5a:be:39:a6:89:de:d8:0c:ee:71:8b:11:82:
         2e:da:86:f9:02:e7:5f:7f:7f:8a:ff:2b:03:39:9f:55:97:40:
         80:2b:78:68:03:68:3c:c8:a9:0f:80:d9:39:ca:f5:0d:1a:f0:
         5d:3b:29:e2:8f:f2:b3:48:20:85:58:ab:dc:12:55:bd:b0:8d:
         2e:24:50:aa:11:17:30:77:90:01:e4:45:86:71:5d:5d:3c:f2:
         4f:35:28:9c:c1:e3:30:2a:e1:8d:76:97:a6:da:0b:36:06:15:
         cf:3a:bf:46:8a:dc:d4:97:1a:f6:57:3a:06:cc:83:9a:c3:49:
         96:9b:4f:03:7d:9b:e1:77:3a:b2:6c:1f:90:17:1d:62:31:6d:
         c4:a6:07:23:9f:85:63:a2:ef:2b:52:1b:d0:80:88:98:23:49:
         cd:3b:a4:fd:35:f7:e3:a4:9e:12:29:a1:12:eb:80:0e:6e:e9:
         7f:0a:dc:22:21:26:84:45:d7:2f:15:49:74:97:0f:d9:da:10:
         b8:f0:e6:ff:64:8b:79:c1:89:3a:4c:3a:01:09:2b:2e:51:d9:
         b6:0a:2e:69:9a:84:ff:c1:03:24:8b:53:cd:89:b8:47:ce:74:
         c9:ad:63:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSG57/3fTk/80B+rydvq7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMDM0MGQyN2U0YjI0ZjkxMjQ5NzczMjJlZGIzNjk0MmUy
ZDE2MGMwHhcNMjUwMTAyMTM1MDQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Zjk0MGE3YWUxOTc0ZDEwNzAzYzY4ZDA1OTY5ZGY0NDU0YmNkMjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvALBOUrEt+B6f/UA9uZEh46eCQK/
PnlpVSmrQ1ly587Zpil/pZ4t95pfPyyqwH5+sqg3zU46sEJZygF6uESFAp8Evdcn
nH43yLnOgOTTILxQZdyPIO5kCiMuR5fdPxIhcfl5O1ezclTSpV9DqQaKags/tFs0
ldAcK02+O/22mkbnF6CfuNcjpmccz47yuSe6UEXRMO7xNhjGxVXTfZdO0IaSrQMu
ayOkHqUYpMCnkdgb2RI64U/Ufnj2EWF5C6Q3WfZlesuPHaw9Wu0Aj+T0gnnZcngw
iY+/GL8T8Uo8TTbM5o65BK236sMQgKAY+gu71nYwvvHSBbpjByyhjsYYwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI+UCnrhl00QcDxo0Flp30RUvNILMB8GA1UdIwQY
MBaAFCMDQNJ+SyT5Ekl3Mi7bNpQuLRYMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXdOQTBuNUxKUGtTU1hjeUx0czJsQzR0Rmd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS83YmRmNTItNmFjNS00YzI0LWJmZDAt
YjU3MDkwN2I1OWViLzEvajVRS2V1R1hUUkJ3UEdqUVdXbmZSRlM4MGdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS83YmRmNTItNmFjNS00YzI0LWJmZDAtYjU3MDkwN2I1OWVi
LzEvSXdOQTBuNUxKUGtTU1hjeUx0czJsQzR0Rmd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURofMA0G
CSqGSIb3DQEBCwUAA4IBAQB1JF6SeHKT/8P2Akfhb8fGVms0Zt4Unlq+OaaJ3tgM
7nGLEYIu2ob5Audff3+K/ysDOZ9Vl0CAK3hoA2g8yKkPgNk5yvUNGvBdOynij/Kz
SCCFWKvcElW9sI0uJFCqERcwd5AB5EWGcV1dPPJPNSicweMwKuGNdpem2gs2BhXP
Or9GitzUlxr2VzoGzIOaw0mWm08DfZvhdzqybB+QFx1iMW3Epgcjn4Vjou8rUhvQ
gIiYI0nNO6T9NffjpJ4SKaES64AObul/CtwiISaERdcvFUl0lw/Z2hC48Ob/ZIt5
wYk6TDoBCSsuUdm2Ci5pmoT/wQMki1PNibhHznTJrWPp
-----END CERTIFICATE-----