Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Shq6GGnlf1kbVvyhhybk-eOtM7o.roa
File:                     Shq6GGnlf1kbVvyhhybk-eOtM7o.roa (raw, json)
Hash identifier:          JfYqZAepilc0Qh9GgZa2HpZt+PC9ALYFJ8qVgDLm2j8=
Subject key identifier:   4A:1A:BA:18:69:E5:7F:59:1B:56:FC:A1:87:26:E4:F9:E3:AD:33:BA
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC80290F0CBA8F9672D8B14CC0B1E195D
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Shq6GGnlf1kbVvyhhybk-eOtM7o.roa
Signing time:             Tue 02 Jan 2024 02:31:00 +0000
ROA not before:           Tue 02 Jan 2024 02:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210472
IP address blocks:        194.26.172.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 03:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:90:f0:cb:a8:f9:67:2d:8b:14:cc:0b:1e:19:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a1aba1869e57f591b56fca18726e4f9e3ad33ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:07:09:91:44:1a:bd:f3:6a:12:39:15:96:29:
                    14:85:9b:a2:6e:c6:37:bc:c1:81:9e:0c:84:f8:35:
                    47:3a:67:41:ca:49:70:59:d0:11:7a:89:bd:f4:b8:
                    e3:24:c4:62:d2:c2:7b:e6:01:58:7b:f6:b7:7c:a2:
                    22:19:6b:ad:ec:ca:5d:87:12:53:2e:34:73:3b:74:
                    9a:b0:98:97:c9:d7:53:01:9b:c4:52:ea:27:25:26:
                    f2:82:33:91:21:2c:c5:39:a2:b3:90:77:79:6d:8c:
                    12:ff:9c:1a:c1:da:cb:cc:da:58:dc:eb:01:7a:43:
                    6d:a6:2e:ba:73:0f:98:35:58:5f:ca:2f:f5:6a:9b:
                    9c:c1:cb:69:92:73:33:94:7b:03:a6:98:5f:33:d3:
                    b2:16:23:1b:0f:53:06:52:b6:28:06:6a:3a:07:b3:
                    1d:12:0a:7b:c7:94:57:a8:c3:1a:a4:62:d8:86:42:
                    d4:b0:60:bd:44:a7:e4:fd:6f:4c:6d:eb:47:7b:44:
                    8a:7e:17:34:d0:6d:c2:89:44:33:a2:21:dd:7f:46:
                    d3:e1:e6:3c:6a:68:25:36:07:0a:a3:35:5e:e7:9c:
                    09:7a:83:20:83:fd:18:e7:82:3f:57:b1:f7:2b:02:
                    06:07:55:fd:3a:12:db:2b:e2:c3:cf:bb:16:a4:16:
                    2f:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:1A:BA:18:69:E5:7F:59:1B:56:FC:A1:87:26:E4:F9:E3:AD:33:BA
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Shq6GGnlf1kbVvyhhybk-eOtM7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.172.0/23

    Signature Algorithm: sha256WithRSAEncryption
         48:44:87:05:ad:e6:44:39:9f:98:a7:b9:55:41:ee:0a:ef:4e:
         a1:3b:35:10:d1:13:a4:e6:b6:81:68:53:b5:28:36:10:e4:37:
         f2:cf:ec:ba:f5:9f:b9:44:30:7c:6f:e0:4f:d5:9b:53:89:4f:
         fd:f0:ec:94:25:c0:d0:5b:9d:87:a6:3c:6c:c5:28:bf:e0:fd:
         7c:f5:03:a4:5d:2a:61:4f:96:33:af:ef:0e:42:b6:8b:ee:40:
         de:91:0f:b2:d6:f9:43:ff:fc:f0:65:db:68:d6:fa:c0:e9:fa:
         26:97:5b:53:76:43:ae:de:ce:21:78:bd:62:71:7c:95:ba:4a:
         29:2d:d1:aa:2c:22:d3:19:bc:9c:10:07:a9:05:40:4f:d3:d8:
         56:95:a1:99:48:85:6c:95:da:d5:3c:c0:ea:73:f7:d3:83:55:
         e5:46:df:6c:31:7c:6b:f5:1e:8c:bf:ad:32:9c:63:84:e2:e5:
         43:1f:dc:a9:45:71:56:37:0a:0a:a4:82:c0:c7:90:e0:f6:38:
         f9:d0:55:78:c8:86:e0:de:09:64:4a:62:5b:4e:6b:13:7f:63:
         4c:9e:49:db:27:ed:6a:ea:7e:19:e6:2d:c2:c6:af:65:ea:b1:
         e6:cb:f8:51:f5:b9:aa:4c:5f:f2:2a:00:22:fc:9e:95:cb:41:
         e4:4d:25:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIApDwy6j5Zy2LFMwLHhldMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTFhYmExODY5ZTU3ZjU5MWI1NmZjYTE4NzI2ZTRmOWUzYWQzM2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnAcJkUQavfNqEjkVlikUhZuibsY3
vMGBngyE+DVHOmdByklwWdAReom99LjjJMRi0sJ75gFYe/a3fKIiGWut7MpdhxJT
LjRzO3SasJiXyddTAZvEUuonJSbygjORISzFOaKzkHd5bYwS/5wawdrLzNpY3OsB
ekNtpi66cw+YNVhfyi/1apucwctpknMzlHsDpphfM9OyFiMbD1MGUrYoBmo6B7Md
Egp7x5RXqMMapGLYhkLUsGC9RKfk/W9MbetHe0SKfhc00G3CiUQzoiHdf0bT4eY8
amglNgcKozVe55wJeoMgg/0Y54I/V7H3KwIGB1X9OhLbK+LDz7sWpBYv0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEoauhhp5X9ZG1b8oYcm5PnjrTO6MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvU2hxNkdHbmxmMWtiVnZ5aGh5YmstZU90TTdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwhqsMA0G
CSqGSIb3DQEBCwUAA4IBAQBIRIcFreZEOZ+Yp7lVQe4K706hOzUQ0ROk5raBaFO1
KDYQ5Dfyz+y69Z+5RDB8b+BP1ZtTiU/98OyUJcDQW52HpjxsxSi/4P189QOkXSph
T5Yzr+8OQraL7kDekQ+y1vlD//zwZdto1vrA6foml1tTdkOu3s4heL1icXyVukop
LdGqLCLTGbycEAepBUBP09hWlaGZSIVsldrVPMDqc/fTg1XlRt9sMXxr9R6Mv60y
nGOE4uVDH9ypRXFWNwoKpILAx5Dg9jj50FV4yIbg3glkSmJbTmsTf2NMnknbJ+1q
6n4Z5i3Cxq9l6rHmy/hR9bmqTF/yKgAi/J6Vy0HkTSWv
-----END CERTIFICATE-----