Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/9nKSEocOwMfg3p2xvkMme5bgWtM.roa
File:                     9nKSEocOwMfg3p2xvkMme5bgWtM.roa (raw, json)
Hash identifier:          Yj21ojsxNm4tJZwltN0LJJdpsI+MRAGsUvtDwRmvbos=
Subject key identifier:   F6:72:92:12:87:0E:C0:C7:E0:DE:9D:B1:BE:43:26:7B:96:E0:5A:D3
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC80278D95628487C913162AC01CAA6AA
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/9nKSEocOwMfg3p2xvkMme5bgWtM.roa
Signing time:             Tue 02 Jan 2024 02:30:54 +0000
ROA not before:           Tue 02 Jan 2024 02:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35699
IP address blocks:        194.26.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:78:d9:56:28:48:7c:91:31:62:ac:01:ca:a6:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6729212870ec0c7e0de9db1be43267b96e05ad3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d1:7c:48:7a:75:a1:83:8f:25:a4:6a:50:3e:
                    ee:4e:f2:13:76:54:5d:33:2b:08:80:f8:6c:7b:87:
                    d4:51:e1:6d:ee:21:b3:50:b1:2a:33:57:c4:ce:eb:
                    8c:27:18:1f:85:8f:4d:22:b3:bf:be:38:3e:2b:ed:
                    86:38:69:9e:61:4f:40:c7:c8:89:29:b1:b9:6a:fd:
                    ce:40:71:04:f7:80:a4:21:14:73:be:7e:cf:9b:dc:
                    43:e7:25:3f:ea:a1:35:26:53:e3:10:42:eb:5b:b5:
                    e7:40:6e:59:0e:2d:a4:53:9c:45:b8:97:98:fa:95:
                    24:ce:aa:c0:d9:bd:07:69:93:1b:12:95:f9:c2:b0:
                    0c:7a:35:2e:3a:59:a7:22:ad:96:43:95:bd:ec:16:
                    41:fb:2a:2e:5a:d0:d9:8f:ec:a7:8d:56:a4:10:5b:
                    fe:98:8a:c0:71:fc:45:40:36:05:54:8c:b6:c1:72:
                    de:c4:f0:49:5a:9b:1b:85:4b:ce:2b:bf:ab:31:6a:
                    79:84:85:dc:7a:e7:b2:e9:1f:6c:ba:f9:97:8d:be:
                    33:b6:6f:15:82:0b:4f:c5:24:87:9b:65:2c:73:ef:
                    97:63:77:2d:f1:70:4a:c5:62:37:4a:bf:cc:77:d0:
                    8a:b5:8b:41:71:ea:85:a7:4d:f9:d7:85:a6:2b:4b:
                    a9:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:72:92:12:87:0E:C0:C7:E0:DE:9D:B1:BE:43:26:7B:96:E0:5A:D3
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/9nKSEocOwMfg3p2xvkMme5bgWtM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:fc:26:d0:ed:4e:d9:46:ad:c0:8e:9b:fa:2c:83:bf:b7:35:
         ec:2e:04:ce:5a:5b:4b:e4:61:a9:c3:29:0a:80:56:bf:65:05:
         dc:d4:00:77:0f:f4:06:64:eb:d9:ab:22:6e:b1:4f:70:0a:78:
         81:2d:93:3b:a7:a5:86:ab:5b:e2:04:14:8f:93:3b:19:e0:6e:
         d8:0c:8c:21:fe:8c:35:cf:2b:01:d6:d8:1d:b7:22:ee:e8:d4:
         02:15:11:f0:e5:22:ce:b3:8a:e4:1d:6a:9c:21:d1:ea:d7:59:
         e2:fb:25:10:29:05:d1:10:45:71:6b:b0:e9:42:6b:30:6f:4d:
         30:ec:4c:6c:1e:0d:f8:34:df:81:15:0e:64:11:cf:e1:1d:d2:
         cb:c9:20:1a:72:f8:cd:6f:5d:22:73:8e:62:f9:c9:06:f5:17:
         70:8c:da:c4:24:2e:d8:69:a9:f4:c3:ce:33:bd:fa:89:d7:a0:
         4e:91:06:c5:cf:25:4d:3d:7b:89:8a:d1:55:3a:c4:06:73:8d:
         cb:f9:2c:e7:f3:59:5e:55:da:d1:fb:9d:75:b7:3c:05:62:bf:
         2d:e1:9f:83:c8:5f:79:e7:14:83:2c:e9:47:20:72:ff:e4:74:
         70:9f:aa:53:37:05:ac:3f:21:4d:cc:12:64:14:06:32:63:2d:
         35:4e:4e:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAnjZVihIfJExYqwByqaqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjcyOTIxMjg3MGVjMGM3ZTBkZTlkYjFiZTQzMjY3Yjk2ZTA1YWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9F8SHp1oYOPJaRqUD7uTvITdlRd
MysIgPhse4fUUeFt7iGzULEqM1fEzuuMJxgfhY9NIrO/vjg+K+2GOGmeYU9Ax8iJ
KbG5av3OQHEE94CkIRRzvn7Pm9xD5yU/6qE1JlPjEELrW7XnQG5ZDi2kU5xFuJeY
+pUkzqrA2b0HaZMbEpX5wrAMejUuOlmnIq2WQ5W97BZB+youWtDZj+ynjVakEFv+
mIrAcfxFQDYFVIy2wXLexPBJWpsbhUvOK7+rMWp5hIXceuey6R9suvmXjb4ztm8V
ggtPxSSHm2Usc++XY3ct8XBKxWI3Sr/Md9CKtYtBceqFp03514WmK0up1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPZykhKHDsDH4N6dsb5DJnuW4FrTMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvOW5LU0VvY093TWZnM3AyeHZrTW1lNWJnV3RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhqvMA0G
CSqGSIb3DQEBCwUAA4IBAQAW/CbQ7U7ZRq3Ajpv6LIO/tzXsLgTOWltL5GGpwykK
gFa/ZQXc1AB3D/QGZOvZqyJusU9wCniBLZM7p6WGq1viBBSPkzsZ4G7YDIwh/ow1
zysB1tgdtyLu6NQCFRHw5SLOs4rkHWqcIdHq11ni+yUQKQXREEVxa7DpQmswb00w
7ExsHg34NN+BFQ5kEc/hHdLLySAacvjNb10ic45i+ckG9RdwjNrEJC7Yaan0w84z
vfqJ16BOkQbFzyVNPXuJitFVOsQGc43L+Szn81leVdrR+511tzwFYr8t4Z+DyF95
5xSDLOlHIHL/5HRwn6pTNwWsPyFNzBJkFAYyYy01Tk73
-----END CERTIFICATE-----