Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/_pv_H2OuxzqaAg_iMbm2RiMv1xQ.roa
File:                     _pv_H2OuxzqaAg_iMbm2RiMv1xQ.roa (raw, json)
Hash identifier:          beDqLV42U9Fkc/iTURQ0hiRR9RukfxOChtEPJebttKY=
Subject key identifier:   FE:9B:FF:1F:63:AE:C7:3A:9A:02:0F:E2:31:B9:B6:46:23:2F:D7:14
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC802738AE04AA65C926291E15D0D7C31
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/_pv_H2OuxzqaAg_iMbm2RiMv1xQ.roa
Signing time:             Tue 02 Jan 2024 02:30:53 +0000
ROA not before:           Tue 02 Jan 2024 02:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26141
IP address blocks:        194.26.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:73:8a:e0:4a:a6:5c:92:62:91:e1:5d:0d:7c:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe9bff1f63aec73a9a020fe231b9b646232fd714
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:83:b5:c2:64:d6:e9:b6:64:d6:06:11:33:82:
                    ee:56:c8:cc:f4:03:43:cb:8a:35:3c:21:77:50:a1:
                    c5:ef:f0:33:86:ff:60:4b:5b:77:2d:2b:85:5a:cf:
                    b7:b3:35:ea:4d:5c:6c:13:39:2a:2e:e8:e8:37:e2:
                    c9:67:39:20:d6:ca:df:87:9a:2c:cd:42:0d:24:b0:
                    3a:0b:7e:30:60:76:55:4d:02:c3:1b:e4:2d:b8:07:
                    9d:ee:15:f7:7d:ff:9c:18:00:70:0b:01:4a:5d:28:
                    48:71:31:c6:53:19:a9:00:29:91:9c:17:5a:c0:e8:
                    73:33:2c:6c:aa:15:ea:31:bc:14:b3:01:e4:e2:6d:
                    4d:1e:70:3a:52:3b:31:3a:dc:e0:06:08:78:cc:5d:
                    2f:a8:ba:c2:01:0b:0b:ab:53:6b:10:04:f5:96:61:
                    ea:c5:3e:b3:fb:0d:ca:bc:4e:1a:46:0c:20:fb:24:
                    b2:01:11:23:a4:92:18:99:dd:8d:ae:a1:0a:d6:59:
                    89:2b:a3:35:68:b2:7a:d4:6c:09:de:4b:10:31:df:
                    02:90:d5:8e:3c:a2:76:3a:17:bf:68:5f:67:25:4a:
                    23:c4:51:1e:04:40:44:f3:04:08:51:21:08:2c:e0:
                    4e:98:37:16:23:cc:f3:e8:06:49:88:35:ba:5f:4d:
                    3f:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:9B:FF:1F:63:AE:C7:3A:9A:02:0F:E2:31:B9:B6:46:23:2F:D7:14
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/_pv_H2OuxzqaAg_iMbm2RiMv1xQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:39:2b:63:14:b5:ee:77:53:3f:02:e5:1c:90:c6:63:81:38:
         e6:a5:61:6a:3f:5d:69:23:d6:af:d9:05:d9:9e:73:6d:2d:a7:
         32:0f:ad:fa:e1:7c:4b:bf:c5:71:3c:28:d4:8b:3d:e2:8a:64:
         d9:74:ec:0e:3c:0a:42:02:90:05:f0:06:9a:2a:3f:61:54:7a:
         9b:34:5e:a1:ae:da:c1:a0:77:1c:36:c6:20:56:e7:c2:b0:42:
         66:29:39:10:fd:56:1f:05:87:a1:13:a2:5d:f4:50:4f:67:ea:
         5c:5a:97:2f:15:74:64:96:5d:40:b6:11:f5:f9:fe:19:84:91:
         d9:36:b9:69:31:8d:99:5e:a8:c1:0e:bf:f2:a8:d8:85:02:96:
         12:8b:23:2d:0e:82:c0:cd:7f:21:e8:0e:69:e4:6f:91:7d:47:
         80:12:58:a9:51:97:7e:e3:11:fb:65:7d:8d:2f:62:18:cc:f5:
         d6:d0:59:42:63:87:78:c0:26:52:9d:e5:19:b5:48:13:af:11:
         59:7f:f7:96:b3:39:c7:43:e6:71:bf:50:d9:a7:b9:09:f2:23:
         4c:d2:fd:4b:5d:25:ba:40:bf:be:6e:f5:c4:75:b1:ed:06:f7:
         a8:e9:a0:cd:6c:ea:28:b5:1c:5d:a1:75:18:2f:d3:e3:73:ad:
         76:9f:55:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAnOK4EqmXJJikeFdDXwxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTliZmYxZjYzYWVjNzNhOWEwMjBmZTIzMWI5YjY0NjIzMmZkNzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhYO1wmTW6bZk1gYRM4LuVsjM9AND
y4o1PCF3UKHF7/Azhv9gS1t3LSuFWs+3szXqTVxsEzkqLujoN+LJZzkg1srfh5os
zUINJLA6C34wYHZVTQLDG+QtuAed7hX3ff+cGABwCwFKXShIcTHGUxmpACmRnBda
wOhzMyxsqhXqMbwUswHk4m1NHnA6UjsxOtzgBgh4zF0vqLrCAQsLq1NrEAT1lmHq
xT6z+w3KvE4aRgwg+ySyAREjpJIYmd2NrqEK1lmJK6M1aLJ61GwJ3ksQMd8CkNWO
PKJ2Ohe/aF9nJUojxFEeBEBE8wQIUSEILOBOmDcWI8zz6AZJiDW6X00/7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP6b/x9jrsc6mgIP4jG5tkYjL9cUMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvX3B2X0gyT3V4enFhQWdfaU1ibTJSaU12MXhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhpkMA0G
CSqGSIb3DQEBCwUAA4IBAQBFOStjFLXud1M/AuUckMZjgTjmpWFqP11pI9av2QXZ
nnNtLacyD6364XxLv8VxPCjUiz3iimTZdOwOPApCApAF8AaaKj9hVHqbNF6hrtrB
oHccNsYgVufCsEJmKTkQ/VYfBYehE6Jd9FBPZ+pcWpcvFXRkll1AthH1+f4ZhJHZ
NrlpMY2ZXqjBDr/yqNiFApYSiyMtDoLAzX8h6A5p5G+RfUeAElipUZd+4xH7ZX2N
L2IYzPXW0FlCY4d4wCZSneUZtUgTrxFZf/eWsznHQ+Zxv1DZp7kJ8iNM0v1LXSW6
QL++bvXEdbHtBveo6aDNbOootRxdoXUYL9Pjc612n1VS
-----END CERTIFICATE-----