Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/3887e4-b598-45e3-8d85-2210ed9d0861/1/AhpK2xntz_ynrDrqkp1KAFkuHsw.roa
File:                     AhpK2xntz_ynrDrqkp1KAFkuHsw.roa (raw, json)
Hash identifier:          2Viq9GcBbZAbkyKN2fn02zAQlRDG5a+TKEcLy4ubcjc=
Subject key identifier:   02:1A:4A:DB:19:ED:CF:FC:A7:AC:3A:EA:92:9D:4A:00:59:2E:1E:CC
Certificate issuer:       /CN=b68f8f32514a183e977a3c7df36473d56260c4a4
Certificate serial:       018CC5DCDCC1DCC4A1BDD4826D6773520D64
Authority key identifier: B6:8F:8F:32:51:4A:18:3E:97:7A:3C:7D:F3:64:73:D5:62:60:C4:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/to-PMlFKGD6Xejx982Rz1WJgxKQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/3887e4-b598-45e3-8d85-2210ed9d0861/1/AhpK2xntz_ynrDrqkp1KAFkuHsw.roa
Signing time:             Mon 01 Jan 2024 16:30:35 +0000
ROA not before:           Mon 01 Jan 2024 16:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1759
IP address blocks:        193.142.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/3887e4-b598-45e3-8d85-2210ed9d0861/1/to-PMlFKGD6Xejx982Rz1WJgxKQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/3887e4-b598-45e3-8d85-2210ed9d0861/1/to-PMlFKGD6Xejx982Rz1WJgxKQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/to-PMlFKGD6Xejx982Rz1WJgxKQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 07:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:dc:c1:dc:c4:a1:bd:d4:82:6d:67:73:52:0d:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b68f8f32514a183e977a3c7df36473d56260c4a4
        Validity
            Not Before: Jan  1 16:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=021a4adb19edcffca7ac3aea929d4a00592e1ecc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:57:e1:2c:be:43:0f:f3:6c:5c:44:e7:10:63:
                    ff:dd:74:ad:a4:7b:9e:0c:a1:bf:2f:a7:ed:df:9e:
                    ca:e5:65:d0:3e:df:e7:b6:29:b0:a5:73:3a:3a:db:
                    2b:b2:e5:2c:ee:ac:1f:8d:b5:e1:99:b7:61:36:bb:
                    85:39:1c:b4:b7:72:04:10:93:03:85:5a:1f:68:68:
                    c5:e3:ea:59:57:b8:e9:12:69:8f:9f:a7:59:80:10:
                    b3:61:68:96:56:80:dd:2a:06:12:df:f1:df:eb:d5:
                    47:50:16:54:7c:25:fb:c9:1b:b0:98:0d:6c:dc:d4:
                    5e:87:84:d9:1c:4a:5e:fc:7c:63:16:01:82:bc:c4:
                    d4:13:2c:22:c4:2f:a9:60:c4:fb:f6:6b:fd:c0:be:
                    a7:c5:98:2c:3f:45:8b:e7:a3:37:8d:f9:3d:98:89:
                    4e:68:e5:9e:a0:8c:86:24:c5:8f:e3:1f:a2:8d:88:
                    dc:4f:c1:46:d6:81:10:f2:92:af:f7:53:43:cb:4b:
                    76:4c:12:88:c8:3e:f8:f7:bc:44:c9:d9:fe:6b:d9:
                    24:8b:58:f4:00:6c:54:fb:e2:25:9f:fa:c4:43:1d:
                    41:76:60:48:39:e2:d0:27:61:18:eb:df:a4:8b:5d:
                    d2:08:a9:8a:6a:66:cb:54:7a:47:e1:85:bb:70:46:
                    e0:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:1A:4A:DB:19:ED:CF:FC:A7:AC:3A:EA:92:9D:4A:00:59:2E:1E:CC
            X509v3 Authority Key Identifier:
                keyid:B6:8F:8F:32:51:4A:18:3E:97:7A:3C:7D:F3:64:73:D5:62:60:C4:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/to-PMlFKGD6Xejx982Rz1WJgxKQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/3887e4-b598-45e3-8d85-2210ed9d0861/1/AhpK2xntz_ynrDrqkp1KAFkuHsw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/3887e4-b598-45e3-8d85-2210ed9d0861/1/to-PMlFKGD6Xejx982Rz1WJgxKQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:d2:9c:66:cd:74:be:0f:2d:6b:2e:ab:85:85:0f:2b:5c:2d:
         28:89:ce:88:30:95:4b:d2:2f:2b:8a:76:54:67:e3:2a:03:d1:
         1e:c2:3d:4a:09:58:17:1c:24:9e:03:27:53:ca:be:c1:7d:be:
         b7:52:ac:fb:a5:30:f9:c7:b1:97:26:a6:ca:6c:aa:d4:cd:f7:
         b4:de:58:ac:99:42:d2:d7:b1:c5:17:2d:52:d1:26:03:4f:fd:
         5d:d6:db:7d:b8:ac:91:c9:a9:a6:d8:15:cd:de:f4:f0:19:df:
         f4:cd:a9:f6:ad:77:31:35:5b:52:23:15:80:0f:75:c7:c6:22:
         69:75:c4:1b:11:d2:22:2f:22:5e:b3:24:ee:f8:8a:e2:44:70:
         a4:8d:63:3a:15:62:94:18:83:c9:d2:ea:ee:21:16:27:91:c2:
         bc:40:f0:5f:93:0f:e7:de:9d:09:3d:27:8d:f6:79:73:d0:b6:
         31:2f:9e:80:28:71:83:57:d2:93:a9:d5:10:b2:ab:db:4a:4e:
         b0:f9:d2:34:e2:4f:3d:d3:55:a2:7e:de:df:42:be:93:54:7d:
         4a:3a:2e:37:10:26:23:df:96:7d:22:9a:94:85:9e:83:32:a0:
         b0:b0:8c:3d:89:ef:cb:0d:ba:63:f5:ed:d1:66:c8:12:d1:18:
         c8:d3:ce:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3NzB3MShvdSCbWdzUg1kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2OGY4ZjMyNTE0YTE4M2U5NzdhM2M3ZGYzNjQ3M2Q1NjI2
MGM0YTQwHhcNMjQwMTAxMTYzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjFhNGFkYjE5ZWRjZmZjYTdhYzNhZWE5MjlkNGEwMDU5MmUxZWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1fhLL5DD/NsXETnEGP/3XStpHue
DKG/L6ft357K5WXQPt/ntimwpXM6OtsrsuUs7qwfjbXhmbdhNruFORy0t3IEEJMD
hVofaGjF4+pZV7jpEmmPn6dZgBCzYWiWVoDdKgYS3/Hf69VHUBZUfCX7yRuwmA1s
3NReh4TZHEpe/HxjFgGCvMTUEywixC+pYMT79mv9wL6nxZgsP0WL56M3jfk9mIlO
aOWeoIyGJMWP4x+ijYjcT8FG1oEQ8pKv91NDy0t2TBKIyD7497xEydn+a9kki1j0
AGxU++Iln/rEQx1BdmBIOeLQJ2EY69+ki13SCKmKambLVHpH4YW7cEbg4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAIaStsZ7c/8p6w66pKdSgBZLh7MMB8GA1UdIwQY
MBaAFLaPjzJRShg+l3o8ffNkc9ViYMSkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdG8tUE1sRktHRDZYZWp4OTgyUnoxV0pneEtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8zODg3ZTQtYjU5OC00NWUzLThkODUt
MjIxMGVkOWQwODYxLzEvQWhwSzJ4bnR6X3luckRycWtwMUtBRmt1SHN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8zODg3ZTQtYjU5OC00NWUzLThkODUtMjIxMGVkOWQwODYx
LzEvdG8tUE1sRktHRDZYZWp4OTgyUnoxV0pneEtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwY4aMA0G
CSqGSIb3DQEBCwUAA4IBAQCE0pxmzXS+Dy1rLquFhQ8rXC0oic6IMJVL0i8rinZU
Z+MqA9Eewj1KCVgXHCSeAydTyr7Bfb63Uqz7pTD5x7GXJqbKbKrUzfe03lismULS
17HFFy1S0SYDT/1d1tt9uKyRyamm2BXN3vTwGd/0zan2rXcxNVtSIxWAD3XHxiJp
dcQbEdIiLyJesyTu+IriRHCkjWM6FWKUGIPJ0uruIRYnkcK8QPBfkw/n3p0JPSeN
9nlz0LYxL56AKHGDV9KTqdUQsqvbSk6w+dI04k8901Wift7fQr6TVH1KOi43ECYj
35Z9IpqUhZ6DMqCwsIw9ie/LDbpj9e3RZsgS0RjI085q
-----END CERTIFICATE-----