Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/51d6dd-6ce8-466d-a2d4-dc17e53caccb/1/0SKQQAQVQAngP6WDCMrsF23jTWU.roa
File:                     0SKQQAQVQAngP6WDCMrsF23jTWU.roa (raw, json)
Hash identifier:          TFgj4nLEuc8vhAGN7ymuXb7LbvpfbS1Nc7+XOKmQTbY=
Subject key identifier:   D1:22:90:40:04:15:40:09:E0:3F:A5:83:08:CA:EC:17:6D:E3:4D:65
Certificate issuer:       /CN=6d7a01bfd34bb13dfb7a535721dec401cd9312d9
Certificate serial:       018CC3B73C84B75AB9EF28B29D51B0118656
Authority key identifier: 6D:7A:01:BF:D3:4B:B1:3D:FB:7A:53:57:21:DE:C4:01:CD:93:12:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXoBv9NLsT37elNXId7EAc2TEtk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/51d6dd-6ce8-466d-a2d4-dc17e53caccb/1/0SKQQAQVQAngP6WDCMrsF23jTWU.roa
Signing time:             Mon 01 Jan 2024 06:30:14 +0000
ROA not before:           Mon 01 Jan 2024 06:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34863
IP address blocks:        176.116.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/51d6dd-6ce8-466d-a2d4-dc17e53caccb/1/bXoBv9NLsT37elNXId7EAc2TEtk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/51d6dd-6ce8-466d-a2d4-dc17e53caccb/1/bXoBv9NLsT37elNXId7EAc2TEtk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXoBv9NLsT37elNXId7EAc2TEtk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3c:84:b7:5a:b9:ef:28:b2:9d:51:b0:11:86:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d7a01bfd34bb13dfb7a535721dec401cd9312d9
        Validity
            Not Before: Jan  1 06:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d122904004154009e03fa58308caec176de34d65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:78:e1:bf:2d:2f:e4:0d:b8:f3:0d:e3:66:bf:
                    05:ff:6b:0a:7c:7c:7a:bb:20:3b:4b:1e:44:64:01:
                    c5:bf:80:e3:09:97:40:a6:dc:b4:5e:2b:59:55:2b:
                    03:fa:61:07:6f:3f:40:0d:1e:d7:a7:34:5b:fc:99:
                    3e:9c:d1:3f:53:b1:fa:b1:bf:8c:a6:4b:8d:af:e4:
                    bb:5f:85:b4:ec:34:7a:b7:0d:1c:0b:ae:70:76:9d:
                    51:0e:5f:32:6e:04:80:73:60:fb:35:07:6c:c4:6b:
                    29:90:0c:cb:f4:5b:5b:f5:de:d2:56:bf:cc:ab:82:
                    c7:9a:b1:88:20:9e:c1:99:68:7e:47:bc:89:d2:40:
                    30:8f:e3:6e:29:88:27:ae:5c:43:56:1c:92:a4:a2:
                    fe:de:5a:86:c9:3c:a3:cf:be:7b:d9:96:43:c6:a7:
                    98:b8:28:1c:fd:66:7d:78:8c:17:38:33:50:fb:28:
                    eb:a9:f3:50:a9:78:84:a6:31:1c:ad:d0:1a:f7:b6:
                    ec:5d:70:94:b8:dd:26:84:83:05:88:79:50:fc:e5:
                    2c:f6:a5:9e:2d:97:b0:a9:aa:2c:aa:f8:12:a6:86:
                    97:2c:e6:65:32:f1:28:85:81:b3:b4:4c:fd:c7:53:
                    4a:b7:ba:47:70:ab:f6:6a:de:73:c3:33:99:f2:dd:
                    d7:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:22:90:40:04:15:40:09:E0:3F:A5:83:08:CA:EC:17:6D:E3:4D:65
            X509v3 Authority Key Identifier:
                keyid:6D:7A:01:BF:D3:4B:B1:3D:FB:7A:53:57:21:DE:C4:01:CD:93:12:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXoBv9NLsT37elNXId7EAc2TEtk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/51d6dd-6ce8-466d-a2d4-dc17e53caccb/1/0SKQQAQVQAngP6WDCMrsF23jTWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/51d6dd-6ce8-466d-a2d4-dc17e53caccb/1/bXoBv9NLsT37elNXId7EAc2TEtk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.116.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:f9:4f:72:23:66:e4:82:f9:f8:03:f5:a0:d9:ab:7f:36:9b:
         3d:c7:e0:d4:d5:0a:38:58:8f:f5:39:39:d8:a2:1d:b5:3d:f4:
         52:30:4d:e2:cc:19:7e:db:91:c2:73:75:96:88:07:81:08:30:
         84:5c:22:b7:7d:7e:dd:ef:74:b4:72:81:c1:55:48:cc:a2:19:
         b9:c0:86:bc:17:a1:f5:19:2f:c6:16:80:54:fb:6c:95:fa:73:
         ff:cf:01:4e:1a:0a:58:27:57:76:fe:0d:22:5a:71:09:a6:c7:
         15:8c:e0:94:0b:38:8a:90:c9:5f:86:a6:a8:58:ec:f3:62:c8:
         50:c0:6a:06:5a:96:93:f1:ac:28:0a:2e:f3:93:61:80:0d:ec:
         e2:3e:66:0b:86:53:dc:09:5e:97:0a:09:ec:96:09:a6:fe:77:
         b7:72:7b:ac:06:6f:31:92:6b:15:d0:78:46:88:29:28:37:7a:
         bf:94:c8:c1:78:ea:ac:36:20:08:b2:c4:7c:c4:b7:a8:0a:cd:
         c6:75:15:9a:c3:26:25:d5:8b:53:8d:bc:44:f0:a9:bc:fa:9f:
         4b:5a:67:1e:a1:bb:30:f4:f1:23:b8:d6:5d:6d:86:eb:40:28:
         51:43:96:0d:92:96:d3:9a:27:99:d8:0c:b9:11:ed:21:cd:1c:
         96:31:01:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtzyEt1q57yiynVGwEYZWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkN2EwMWJmZDM0YmIxM2RmYjdhNTM1NzIxZGVjNDAxY2Q5
MzEyZDkwHhcNMjQwMTAxMDYzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTIyOTA0MDA0MTU0MDA5ZTAzZmE1ODMwOGNhZWMxNzZkZTM0ZDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0njhvy0v5A248w3jZr8F/2sKfHx6
uyA7Sx5EZAHFv4DjCZdApty0XitZVSsD+mEHbz9ADR7XpzRb/Jk+nNE/U7H6sb+M
pkuNr+S7X4W07DR6tw0cC65wdp1RDl8ybgSAc2D7NQdsxGspkAzL9Ftb9d7SVr/M
q4LHmrGIIJ7BmWh+R7yJ0kAwj+NuKYgnrlxDVhySpKL+3lqGyTyjz7572ZZDxqeY
uCgc/WZ9eIwXODNQ+yjrqfNQqXiEpjEcrdAa97bsXXCUuN0mhIMFiHlQ/OUs9qWe
LZewqaosqvgSpoaXLOZlMvEohYGztEz9x1NKt7pHcKv2at5zwzOZ8t3XeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNEikEAEFUAJ4D+lgwjK7Bdt401lMB8GA1UdIwQY
MBaAFG16Ab/TS7E9+3pTVyHexAHNkxLZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhvQnY5TkxzVDM3ZWxOWElkN0VBYzJURXRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS81MWQ2ZGQtNmNlOC00NjZkLWEyZDQt
ZGMxN2U1M2NhY2NiLzEvMFNLUVFBUVZRQW5nUDZXRENNcnNGMjNqVFdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS81MWQ2ZGQtNmNlOC00NjZkLWEyZDQtZGMxN2U1M2NhY2Ni
LzEvYlhvQnY5TkxzVDM3ZWxOWElkN0VBYzJURXRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHQaMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ+U9yI2bkgvn4A/Wg2at/Nps9x+DU1Qo4WI/1OTnY
oh21PfRSME3izBl+25HCc3WWiAeBCDCEXCK3fX7d73S0coHBVUjMohm5wIa8F6H1
GS/GFoBU+2yV+nP/zwFOGgpYJ1d2/g0iWnEJpscVjOCUCziKkMlfhqaoWOzzYshQ
wGoGWpaT8awoCi7zk2GADeziPmYLhlPcCV6XCgnslgmm/ne3cnusBm8xkmsV0HhG
iCkoN3q/lMjBeOqsNiAIssR8xLeoCs3GdRWawyYl1YtTjbxE8Km8+p9LWmceobsw
9PEjuNZdbYbrQChRQ5YNkpbTmieZ2Ay5Ee0hzRyWMQFc
-----END CERTIFICATE-----