Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/uYFQ73u1JvOXQm0svWQQIL7NBHs.roa
File:                     uYFQ73u1JvOXQm0svWQQIL7NBHs.roa (raw, json)
Hash identifier:          57cZW6sQxZ7FQTZoThWTZT+2bjo3Th6YQEU7JmriD3U=
Subject key identifier:   B9:81:50:EF:7B:B5:26:F3:97:42:6D:2C:BD:64:10:20:BE:CD:04:7B
Certificate issuer:       /CN=af2f2e86dd7cc9101658ff8d5a5241445fcd1d6a
Certificate serial:       018DD1230689D43E074EFBCEAABF092CE1DD
Authority key identifier: AF:2F:2E:86:DD:7C:C9:10:16:58:FF:8D:5A:52:41:44:5F:CD:1D:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/uYFQ73u1JvOXQm0svWQQIL7NBHs.roa
Signing time:             Thu 22 Feb 2024 14:05:49 +0000
ROA not before:           Thu 22 Feb 2024 14:05:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42689
IP address blocks:        194.26.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ry8uht18yRAWWP-NWlJBRF_NHWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ry8uht18yRAWWP-NWlJBRF_NHWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d1:23:06:89:d4:3e:07:4e:fb:ce:aa:bf:09:2c:e1:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af2f2e86dd7cc9101658ff8d5a5241445fcd1d6a
        Validity
            Not Before: Feb 22 14:05:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b98150ef7bb526f397426d2cbd641020becd047b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:96:74:d6:20:d5:ef:de:7b:3d:3b:aa:c3:d3:
                    da:55:ec:4e:42:01:32:0c:cc:ed:e0:d5:f6:55:20:
                    3d:d1:0f:fb:71:9f:d6:f8:db:fd:09:ec:b7:cb:e6:
                    eb:e2:bd:8b:da:2e:b7:45:ec:1e:57:08:da:c0:01:
                    b7:e7:69:e0:b9:91:54:d0:5d:b9:86:f3:d7:a3:9e:
                    bd:af:c8:dc:cd:2d:b7:49:59:70:86:26:12:3e:f6:
                    52:38:69:e4:53:76:a1:05:59:d8:f5:45:de:11:4b:
                    e5:6f:ac:80:5d:65:ab:e5:78:60:0b:ee:ea:a7:3a:
                    7d:a0:f2:c3:50:f4:95:28:50:ef:55:ad:7b:a8:12:
                    08:eb:1a:9a:5f:38:07:66:58:b1:0b:c8:8f:dd:a1:
                    60:3c:16:ed:4f:31:05:4e:02:15:20:f6:c4:43:fc:
                    c1:58:03:ba:b3:87:40:1d:23:e6:39:62:96:47:78:
                    86:c2:e6:cb:4e:37:c5:24:72:23:f3:fd:33:bd:bf:
                    de:87:f0:d5:fc:bf:6e:ed:df:3c:d9:e0:5a:e7:a2:
                    23:76:04:e9:9f:be:31:c7:88:d6:a8:17:9a:d5:3a:
                    c5:3a:cc:92:2b:b7:2f:37:5f:dd:d8:ab:f5:89:58:
                    30:59:cf:c9:17:87:08:ae:a2:f3:7c:07:24:9d:cb:
                    01:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:81:50:EF:7B:B5:26:F3:97:42:6D:2C:BD:64:10:20:BE:CD:04:7B
            X509v3 Authority Key Identifier:
                keyid:AF:2F:2E:86:DD:7C:C9:10:16:58:FF:8D:5A:52:41:44:5F:CD:1D:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/uYFQ73u1JvOXQm0svWQQIL7NBHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ry8uht18yRAWWP-NWlJBRF_NHWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:23:ca:7e:88:6f:6f:fe:74:7f:e7:8f:2a:7b:9f:bd:76:fe:
         d9:2e:0a:b5:61:a4:b8:f4:f2:f8:e5:d4:87:84:f0:76:14:dd:
         f7:af:74:03:f2:18:bd:ba:0c:4d:7d:99:3b:b0:f2:d4:b5:be:
         99:7c:f1:0b:67:6e:2d:6e:bd:52:67:4a:75:b0:a8:15:cf:cc:
         36:dc:ea:45:0a:65:40:8c:9c:03:3b:63:e8:64:e6:8f:30:f3:
         41:95:82:65:e1:93:38:69:4b:68:1c:2e:88:20:d7:39:a4:27:
         37:28:8b:88:37:55:50:ff:de:49:64:be:bf:65:7b:f1:6d:07:
         93:79:3c:88:e9:1b:14:20:b1:30:d2:5f:77:93:63:f0:e4:f8:
         83:86:7e:df:b7:cb:7d:f9:4b:b4:b2:98:4a:76:8e:01:74:70:
         54:8f:7c:0a:33:9d:11:08:61:a8:40:8d:a6:5a:94:d2:28:5f:
         4f:35:21:2b:3b:5d:8c:5a:aa:ff:f9:9a:51:14:63:27:fc:e6:
         38:e2:c3:bd:ae:e2:54:24:fa:9d:e9:44:e9:99:5b:91:57:c5:
         b4:9c:6b:8a:e4:d9:f6:42:d2:e4:31:5e:22:8a:c9:e2:b6:55:
         46:68:8e:17:12:2e:ae:53:c7:86:c1:75:b4:e6:bd:76:8f:11:
         aa:bd:d4:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3RIwaJ1D4HTvvOqr8JLOHdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMmYyZTg2ZGQ3Y2M5MTAxNjU4ZmY4ZDVhNTI0MTQ0NWZj
ZDFkNmEwHhcNMjQwMjIyMTQwNTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTgxNTBlZjdiYjUyNmYzOTc0MjZkMmNiZDY0MTAyMGJlY2QwNDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZZ01iDV7957PTuqw9PaVexOQgEy
DMzt4NX2VSA90Q/7cZ/W+Nv9Cey3y+br4r2L2i63ReweVwjawAG352nguZFU0F25
hvPXo569r8jczS23SVlwhiYSPvZSOGnkU3ahBVnY9UXeEUvlb6yAXWWr5XhgC+7q
pzp9oPLDUPSVKFDvVa17qBII6xqaXzgHZlixC8iP3aFgPBbtTzEFTgIVIPbEQ/zB
WAO6s4dAHSPmOWKWR3iGwubLTjfFJHIj8/0zvb/eh/DV/L9u7d882eBa56IjdgTp
n74xx4jWqBea1TrFOsySK7cvN1/d2Kv1iVgwWc/JF4cIrqLzfAckncsBbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLmBUO97tSbzl0JtLL1kECC+zQR7MB8GA1UdIwQY
MBaAFK8vLobdfMkQFlj/jVpSQURfzR1qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnk4dWh0MTh5UkFXV1AtTldsSkJSRl9OSFdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9lMDhiOGUtYmYyMi00MzVjLThiMWYt
NDZiYjdhZWMxZjMwLzEvdVlGUTczdTFKdk9YUW0wc3ZXUVFJTDdOQkhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9lMDhiOGUtYmYyMi00MzVjLThiMWYtNDZiYjdhZWMxZjMw
LzEvcnk4dWh0MTh5UkFXV1AtTldsSkJSRl9OSFdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhoUMA0G
CSqGSIb3DQEBCwUAA4IBAQBiI8p+iG9v/nR/548qe5+9dv7ZLgq1YaS49PL45dSH
hPB2FN33r3QD8hi9ugxNfZk7sPLUtb6ZfPELZ24tbr1SZ0p1sKgVz8w23OpFCmVA
jJwDO2PoZOaPMPNBlYJl4ZM4aUtoHC6IINc5pCc3KIuIN1VQ/95JZL6/ZXvxbQeT
eTyI6RsUILEw0l93k2Pw5PiDhn7ft8t9+Uu0sphKdo4BdHBUj3wKM50RCGGoQI2m
WpTSKF9PNSErO12MWqr/+ZpRFGMn/OY44sO9ruJUJPqd6UTpmVuRV8W0nGuK5Nn2
QtLkMV4iisnitlVGaI4XEi6uU8eGwXW05r12jxGqvdRk
-----END CERTIFICATE-----