Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/26trm0NcbpYxhUDap6OFXHH6cA0.roa
File:                     26trm0NcbpYxhUDap6OFXHH6cA0.roa (raw, json)
Hash identifier:          ppenx2kf4Dc22Age0XPgesPs7SXWYcJkx5GeVRn8ZG4=
Subject key identifier:   DB:AB:6B:9B:43:5C:6E:96:31:85:40:DA:A7:A3:85:5C:71:FA:70:0D
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       018CC793F2363ECC2BCD6B1FA2F750F4E50A
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/26trm0NcbpYxhUDap6OFXHH6cA0.roa
Signing time:             Tue 02 Jan 2024 00:30:10 +0000
ROA not before:           Tue 02 Jan 2024 00:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200554
IP address blocks:        185.41.0.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:f2:36:3e:cc:2b:cd:6b:1f:a2:f7:50:f4:e5:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Jan  2 00:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbab6b9b435c6e96318540daa7a3855c71fa700d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:fd:98:0b:e8:cf:4c:4f:b6:cb:00:c1:87:25:
                    3d:58:71:22:29:18:4e:2f:00:f8:bb:c4:a0:aa:f2:
                    0a:89:17:99:64:47:06:9c:c4:2f:ca:c7:73:f6:d7:
                    12:bf:e4:ca:78:72:27:c1:23:29:53:ea:25:0e:6b:
                    9f:59:16:a0:fc:d4:5a:fb:d4:b3:cb:d5:b1:36:94:
                    93:26:97:1a:05:05:7a:9f:e3:7e:56:e1:9c:c7:34:
                    98:d4:60:b9:e1:4c:d0:cc:60:24:a8:1e:35:8a:ea:
                    0f:75:f2:6d:99:c4:30:ef:c5:31:9b:ce:1e:11:c4:
                    9a:08:aa:a8:b9:79:f4:ce:f4:d4:5c:24:b8:c9:a9:
                    02:af:ec:4c:84:95:20:33:b1:88:bd:e4:c3:5f:4e:
                    9a:f4:ef:c3:86:b6:2d:be:fd:cc:63:8e:c8:4c:24:
                    6b:e8:83:18:7c:51:09:a8:ef:46:fb:36:ed:1f:9b:
                    83:06:fb:86:d2:6d:d9:6c:28:88:ac:bd:b7:04:30:
                    d7:5c:cc:0d:ea:c9:62:aa:ad:a8:24:a9:88:e9:f4:
                    58:9c:2b:5e:01:ef:24:e5:07:62:b6:2b:0f:46:16:
                    72:ea:e7:66:25:29:3d:d6:6b:82:38:66:07:07:3c:
                    64:51:fc:b6:1e:3a:a9:a3:54:58:20:3e:35:f8:33:
                    0d:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:AB:6B:9B:43:5C:6E:96:31:85:40:DA:A7:A3:85:5C:71:FA:70:0D
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/26trm0NcbpYxhUDap6OFXHH6cA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.41.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:d1:f5:e6:a4:0c:67:cd:ac:8b:a6:06:b0:28:56:08:82:19:
         60:ce:e2:a3:53:c4:ec:e1:88:52:24:54:36:31:a2:11:4d:ef:
         bf:e0:01:81:51:ea:22:bb:a1:10:21:13:8a:84:40:b6:89:60:
         f6:e3:00:15:ba:23:76:7e:8e:7a:ba:cf:5a:36:e8:f1:8e:cd:
         76:a9:57:ae:f5:9f:dc:dc:16:bc:c0:97:e2:76:af:3b:42:7b:
         9d:d3:ea:74:cc:a3:8a:80:3a:2a:c3:e9:a4:fc:a4:ad:64:c7:
         5a:e1:8d:48:74:1b:51:d0:d9:45:71:fe:97:a1:e4:b8:07:b0:
         c3:71:91:9a:1f:ab:e1:41:60:fc:c8:68:62:99:c9:b2:e1:fc:
         ab:bb:6a:4c:85:68:32:e7:92:21:4a:af:02:6d:f7:1e:39:ad:
         72:6d:d5:85:84:eb:7c:20:11:ee:4f:dd:41:1f:77:eb:c4:fe:
         55:64:be:c7:d1:11:10:c0:26:11:4b:1e:db:6c:a6:07:f3:ad:
         a6:58:0e:e8:2b:4d:d0:2b:12:27:b5:e1:7b:f5:d8:36:d7:19:
         e9:0c:dc:9b:02:5b:62:39:39:72:71:d8:04:be:ff:40:74:97:
         74:78:3f:74:87:fd:35:a8:58:37:9d:2f:7e:c8:8b:9c:25:ba:
         34:b8:c1:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk/I2PswrzWsfovdQ9OUKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjQwMTAyMDAzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmFiNmI5YjQzNWM2ZTk2MzE4NTQwZGFhN2EzODU1YzcxZmE3MDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm/2YC+jPTE+2ywDBhyU9WHEiKRhO
LwD4u8SgqvIKiReZZEcGnMQvysdz9tcSv+TKeHInwSMpU+olDmufWRag/NRa+9Sz
y9WxNpSTJpcaBQV6n+N+VuGcxzSY1GC54UzQzGAkqB41iuoPdfJtmcQw78Uxm84e
EcSaCKqouXn0zvTUXCS4yakCr+xMhJUgM7GIveTDX06a9O/DhrYtvv3MY47ITCRr
6IMYfFEJqO9G+zbtH5uDBvuG0m3ZbCiIrL23BDDXXMwN6sliqq2oJKmI6fRYnCte
Ae8k5QditisPRhZy6udmJSk91muCOGYHBzxkUfy2Hjqpo1RYID41+DMNXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNura5tDXG6WMYVA2qejhVxx+nANMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvMjZ0cm0wTmNicFl4aFVEYXA2T0ZYSEg2Y0EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSkAMA0G
CSqGSIb3DQEBCwUAA4IBAQCF0fXmpAxnzayLpgawKFYIghlgzuKjU8Ts4YhSJFQ2
MaIRTe+/4AGBUeoiu6EQIROKhEC2iWD24wAVuiN2fo56us9aNujxjs12qVeu9Z/c
3Ba8wJfidq87Qnud0+p0zKOKgDoqw+mk/KStZMda4Y1IdBtR0NlFcf6XoeS4B7DD
cZGaH6vhQWD8yGhimcmy4fyru2pMhWgy55IhSq8CbfceOa1ybdWFhOt8IBHuT91B
H3frxP5VZL7H0REQwCYRSx7bbKYH862mWA7oK03QKxInteF79dg21xnpDNybAlti
OTlycdgEvv9AdJd0eD90h/01qFg3nS9+yIucJbo0uMGB
-----END CERTIFICATE-----