Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/e6b238-5355-40f0-be87-497fd6506ae5/1/k5IK2aFsCMWdA6KcDFwF1c8d5Eg.roa
File:                     k5IK2aFsCMWdA6KcDFwF1c8d5Eg.roa (raw, json)
Hash identifier:          RLYxMyHbkbgzP531TQCOJ1cVPIXCFneiBCAL7eel4cQ=
Subject key identifier:   93:92:0A:D9:A1:6C:08:C5:9D:03:A2:9C:0C:5C:05:D5:CF:1D:E4:48
Certificate issuer:       /CN=4a13b7758676de2ef127cc7750ee76c5a8341d78
Certificate serial:       018CC795553EDBF8D75212F32CDCBA9926E9
Authority key identifier: 4A:13:B7:75:86:76:DE:2E:F1:27:CC:77:50:EE:76:C5:A8:34:1D:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ShO3dYZ23i7xJ8x3UO52xag0HXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/e6b238-5355-40f0-be87-497fd6506ae5/1/k5IK2aFsCMWdA6KcDFwF1c8d5Eg.roa
Signing time:             Tue 02 Jan 2024 00:31:41 +0000
ROA not before:           Tue 02 Jan 2024 00:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1213
IP address blocks:        194.26.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/e6b238-5355-40f0-be87-497fd6506ae5/1/ShO3dYZ23i7xJ8x3UO52xag0HXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/e6b238-5355-40f0-be87-497fd6506ae5/1/ShO3dYZ23i7xJ8x3UO52xag0HXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ShO3dYZ23i7xJ8x3UO52xag0HXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:55:3e:db:f8:d7:52:12:f3:2c:dc:ba:99:26:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a13b7758676de2ef127cc7750ee76c5a8341d78
        Validity
            Not Before: Jan  2 00:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93920ad9a16c08c59d03a29c0c5c05d5cf1de448
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:2c:a4:03:57:c9:c5:c4:97:38:71:9c:54:23:
                    c1:14:cd:a9:00:10:37:66:5a:57:25:44:70:f2:77:
                    83:8b:f7:25:fe:bd:bc:bb:f9:ea:93:de:ce:a0:c5:
                    4f:96:ab:b7:09:2c:d8:47:d9:8c:b9:ad:67:2f:67:
                    2c:44:f0:73:a0:6a:1b:6e:03:c7:aa:3b:f6:41:71:
                    e7:da:24:a2:1d:10:2d:d2:16:84:0f:be:5c:e8:5c:
                    0c:29:e9:73:55:48:c2:8c:3e:7f:98:6f:59:ef:07:
                    a5:af:be:26:dc:46:93:1f:e4:e0:d4:b7:23:5b:29:
                    61:54:2e:29:fd:57:59:28:73:6a:90:35:38:9b:45:
                    65:25:18:0a:87:68:fa:d8:53:d9:a4:54:78:83:ca:
                    4c:92:9b:0f:2a:7d:69:50:a0:0b:18:f7:78:13:3f:
                    70:2b:df:28:85:bf:0a:5b:e1:8f:dc:50:cd:2d:f9:
                    1c:9b:70:79:bb:57:cf:85:fa:ce:23:31:bd:ab:5d:
                    54:70:91:92:aa:b6:21:24:e9:de:b5:76:82:20:c0:
                    d8:43:b3:3d:25:7f:b6:5d:a9:a3:03:66:5d:c4:36:
                    8b:a5:62:05:09:f6:74:6e:14:23:91:98:34:dd:40:
                    25:2a:81:13:59:0d:8b:a7:f5:40:a5:71:e4:0c:e1:
                    75:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:92:0A:D9:A1:6C:08:C5:9D:03:A2:9C:0C:5C:05:D5:CF:1D:E4:48
            X509v3 Authority Key Identifier:
                keyid:4A:13:B7:75:86:76:DE:2E:F1:27:CC:77:50:EE:76:C5:A8:34:1D:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ShO3dYZ23i7xJ8x3UO52xag0HXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/e6b238-5355-40f0-be87-497fd6506ae5/1/k5IK2aFsCMWdA6KcDFwF1c8d5Eg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/e6b238-5355-40f0-be87-497fd6506ae5/1/ShO3dYZ23i7xJ8x3UO52xag0HXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:b0:85:27:00:a1:87:14:45:26:76:9b:bb:eb:24:c6:19:55:
         2c:cc:00:f4:f3:da:45:a1:c6:2b:d5:d6:a7:e8:eb:e9:2d:06:
         2c:9b:1e:e7:6c:46:26:0b:46:70:26:13:93:6c:fa:e6:87:97:
         de:97:d4:4d:ab:64:f9:83:65:3a:55:01:39:37:5e:93:72:1c:
         1e:e9:d5:01:7e:0e:67:0b:cc:47:c1:ea:a4:90:1d:ee:cd:f8:
         0b:33:31:4e:90:09:66:08:e7:c1:d3:95:58:8f:a7:78:15:d4:
         71:db:b3:fc:93:67:98:a0:87:01:86:fb:15:02:70:2e:83:62:
         0d:cf:18:6b:cf:c5:5d:42:2f:30:29:65:f6:da:0c:d3:70:76:
         be:bb:04:e6:78:15:93:b0:86:8a:1a:18:64:dd:dd:72:2b:43:
         d9:4b:32:a9:1f:84:2c:52:1b:a1:15:fe:ff:15:69:14:5d:81:
         76:af:2d:bc:be:67:f3:88:66:68:33:aa:f8:fc:43:e6:24:50:
         b7:c6:fd:5f:64:58:31:83:32:fc:a2:73:a9:c9:b8:26:b3:30:
         72:41:fd:1a:67:d3:90:2d:e2:23:b3:f2:93:11:6b:f1:b8:1b:
         ac:7c:e3:cd:8d:5a:08:87:f5:85:51:90:1a:c5:d3:0a:c2:ae:
         d5:2b:39:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlVU+2/jXUhLzLNy6mSbpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhMTNiNzc1ODY3NmRlMmVmMTI3Y2M3NzUwZWU3NmM1YTgz
NDFkNzgwHhcNMjQwMTAyMDAzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzkyMGFkOWExNmMwOGM1OWQwM2EyOWMwYzVjMDVkNWNmMWRlNDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyykA1fJxcSXOHGcVCPBFM2pABA3
ZlpXJURw8neDi/cl/r28u/nqk97OoMVPlqu3CSzYR9mMua1nL2csRPBzoGobbgPH
qjv2QXHn2iSiHRAt0haED75c6FwMKelzVUjCjD5/mG9Z7welr74m3EaTH+Tg1Lcj
WylhVC4p/VdZKHNqkDU4m0VlJRgKh2j62FPZpFR4g8pMkpsPKn1pUKALGPd4Ez9w
K98ohb8KW+GP3FDNLfkcm3B5u1fPhfrOIzG9q11UcJGSqrYhJOnetXaCIMDYQ7M9
JX+2XamjA2ZdxDaLpWIFCfZ0bhQjkZg03UAlKoETWQ2Lp/VApXHkDOF1RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJOSCtmhbAjFnQOinAxcBdXPHeRIMB8GA1UdIwQY
MBaAFEoTt3WGdt4u8SfMd1DudsWoNB14MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2hPM2RZWjIzaTd4Sjh4M1VPNTJ4YWcwSFhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9lNmIyMzgtNTM1NS00MGYwLWJlODct
NDk3ZmQ2NTA2YWU1LzEvazVJSzJhRnNDTVdkQTZLY0RGd0YxYzhkNUVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9lNmIyMzgtNTM1NS00MGYwLWJlODctNDk3ZmQ2NTA2YWU1
LzEvU2hPM2RZWjIzaTd4Sjh4M1VPNTJ4YWcwSFhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhoAMA0G
CSqGSIb3DQEBCwUAA4IBAQAZsIUnAKGHFEUmdpu76yTGGVUszAD089pFocYr1dan
6OvpLQYsmx7nbEYmC0ZwJhOTbPrmh5fel9RNq2T5g2U6VQE5N16Tchwe6dUBfg5n
C8xHweqkkB3uzfgLMzFOkAlmCOfB05VYj6d4FdRx27P8k2eYoIcBhvsVAnAug2IN
zxhrz8VdQi8wKWX22gzTcHa+uwTmeBWTsIaKGhhk3d1yK0PZSzKpH4QsUhuhFf7/
FWkUXYF2ry28vmfziGZoM6r4/EPmJFC3xv1fZFgxgzL8onOpybgmszByQf0aZ9OQ
LeIjs/KTEWvxuBusfOPNjVoIh/WFUZAaxdMKwq7VKzmA
-----END CERTIFICATE-----