Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/822b22-8ca3-469d-9083-345b2ab0db18/1/59Ty2BPff5mfZRjkWnmBzynNwtg.roa
File:                     59Ty2BPff5mfZRjkWnmBzynNwtg.roa (raw, json)
Hash identifier:          56Ely2wsnix7m4ARnx0UDuYLKDhm7NUsN1vsAa7f7OQ=
Subject key identifier:   E7:D4:F2:D8:13:DF:7F:99:9F:65:18:E4:5A:79:81:CF:29:CD:C2:D8
Certificate issuer:       /CN=ce8a8d40e437adf4acd7cdb38e0402477a2e51a6
Certificate serial:       018CC86F9B5B8C244B70A3A6AB7EA04766DF
Authority key identifier: CE:8A:8D:40:E4:37:AD:F4:AC:D7:CD:B3:8E:04:02:47:7A:2E:51:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zoqNQOQ3rfSs182zjgQCR3ouUaY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/822b22-8ca3-469d-9083-345b2ab0db18/1/59Ty2BPff5mfZRjkWnmBzynNwtg.roa
Signing time:             Tue 02 Jan 2024 04:30:06 +0000
ROA not before:           Tue 02 Jan 2024 04:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208396
IP address blocks:        194.26.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/822b22-8ca3-469d-9083-345b2ab0db18/1/zoqNQOQ3rfSs182zjgQCR3ouUaY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/822b22-8ca3-469d-9083-345b2ab0db18/1/zoqNQOQ3rfSs182zjgQCR3ouUaY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zoqNQOQ3rfSs182zjgQCR3ouUaY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:9b:5b:8c:24:4b:70:a3:a6:ab:7e:a0:47:66:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce8a8d40e437adf4acd7cdb38e0402477a2e51a6
        Validity
            Not Before: Jan  2 04:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7d4f2d813df7f999f6518e45a7981cf29cdc2d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:c6:c9:81:60:77:9b:8d:75:c6:92:a9:c9:4d:
                    1e:48:da:d9:80:b1:74:47:71:b0:68:0c:90:04:1f:
                    4e:dd:be:da:6b:c5:9f:ac:24:44:15:87:fb:e7:99:
                    d8:a3:b2:a2:57:32:c1:f7:ca:79:6c:ba:b2:a7:51:
                    bf:17:bc:75:5e:ac:a7:9f:11:6a:c9:3a:9a:54:77:
                    c4:56:bd:af:40:12:71:ac:71:3a:97:63:7c:69:de:
                    24:29:5d:01:91:ab:13:56:10:25:8d:d1:aa:22:2c:
                    1a:b6:fb:3b:83:09:92:ee:71:6e:4f:28:89:56:58:
                    74:35:9d:dc:a0:41:84:5b:f1:a3:2b:b4:c8:9c:cb:
                    3c:e4:5b:d9:a8:3f:0b:5a:de:ab:a2:6a:19:b7:69:
                    56:1e:cb:94:f6:bc:e6:56:82:a4:b2:fd:7d:2a:1a:
                    be:9a:8d:1a:6f:0a:50:03:e1:25:a1:58:a7:36:dc:
                    ee:be:2b:f3:3e:b5:42:a8:5e:68:b1:d6:5a:0a:2b:
                    60:b8:35:b1:9f:d3:e9:9a:57:62:bb:72:71:06:3c:
                    cd:a5:8e:75:93:99:2d:8f:ea:03:39:ec:4c:2d:3c:
                    44:d0:ac:0c:59:22:b6:5b:8f:50:38:bb:41:ca:a3:
                    37:b3:2f:15:bd:43:7e:e8:c6:4f:bc:20:17:db:5c:
                    fc:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:D4:F2:D8:13:DF:7F:99:9F:65:18:E4:5A:79:81:CF:29:CD:C2:D8
            X509v3 Authority Key Identifier:
                keyid:CE:8A:8D:40:E4:37:AD:F4:AC:D7:CD:B3:8E:04:02:47:7A:2E:51:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zoqNQOQ3rfSs182zjgQCR3ouUaY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/822b22-8ca3-469d-9083-345b2ab0db18/1/59Ty2BPff5mfZRjkWnmBzynNwtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/822b22-8ca3-469d-9083-345b2ab0db18/1/zoqNQOQ3rfSs182zjgQCR3ouUaY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:c8:3b:08:21:3b:ac:78:fe:17:1f:3b:3b:a7:02:f8:a3:9b:
         e3:23:08:16:ef:1d:96:9f:f4:03:9b:6a:41:24:1a:ea:dc:76:
         e6:b5:61:c9:93:2f:b3:53:17:05:6a:7f:a6:67:13:9c:29:8d:
         88:ad:11:f6:11:dd:90:03:2e:fe:cd:8e:24:fa:82:46:a3:52:
         3a:53:58:9d:f6:2d:5a:70:c2:64:35:a6:51:d2:92:5a:e6:ad:
         22:4b:71:48:0e:79:61:d9:14:c9:4d:7d:4b:db:13:b2:69:ad:
         15:bb:af:be:38:e8:0d:d8:00:b4:78:8e:ea:ea:11:53:f9:08:
         d1:22:67:a6:db:c3:96:ad:1a:f7:46:9e:e1:c2:07:63:b5:dd:
         34:cc:80:10:32:6a:ad:f4:82:0f:70:c8:80:19:b9:c4:12:ef:
         4c:1a:1f:09:79:3c:82:e3:01:35:88:7f:03:04:2e:72:9c:63:
         b8:e5:87:ac:3c:63:ce:61:fb:a0:e5:67:99:96:fc:dc:22:f4:
         5b:95:fa:bc:76:18:9c:3a:6d:9c:15:8b:f3:84:ad:8e:a8:82:
         43:53:be:25:c3:a3:e5:82:af:dc:cd:7e:c6:0a:6e:5c:d0:d3:
         f5:37:f0:50:14:e0:82:a0:a2:49:a2:3c:59:a7:d8:ce:f7:6b:
         7a:c5:68:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb5tbjCRLcKOmq36gR2bfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlOGE4ZDQwZTQzN2FkZjRhY2Q3Y2RiMzhlMDQwMjQ3N2Ey
ZTUxYTYwHhcNMjQwMTAyMDQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2Q0ZjJkODEzZGY3Zjk5OWY2NTE4ZTQ1YTc5ODFjZjI5Y2RjMmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgcbJgWB3m411xpKpyU0eSNrZgLF0
R3GwaAyQBB9O3b7aa8WfrCREFYf755nYo7KiVzLB98p5bLqyp1G/F7x1XqynnxFq
yTqaVHfEVr2vQBJxrHE6l2N8ad4kKV0BkasTVhAljdGqIiwatvs7gwmS7nFuTyiJ
Vlh0NZ3coEGEW/GjK7TInMs85FvZqD8LWt6romoZt2lWHsuU9rzmVoKksv19Khq+
mo0abwpQA+EloVinNtzuvivzPrVCqF5osdZaCitguDWxn9Ppmldiu3JxBjzNpY51
k5ktj+oDOexMLTxE0KwMWSK2W49QOLtByqM3sy8VvUN+6MZPvCAX21z8mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOfU8tgT33+Zn2UY5Fp5gc8pzcLYMB8GA1UdIwQY
MBaAFM6KjUDkN630rNfNs44EAkd6LlGmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvem9xTlFPUTNyZlNzMTgyempnUUNSM291VWFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS84MjJiMjItOGNhMy00NjlkLTkwODMt
MzQ1YjJhYjBkYjE4LzEvNTlUeTJCUGZmNW1mWlJqa1dubUJ6eW5Od3RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS84MjJiMjItOGNhMy00NjlkLTkwODMtMzQ1YjJhYjBkYjE4
LzEvem9xTlFPUTNyZlNzMTgyempnUUNSM291VWFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhp2MA0G
CSqGSIb3DQEBCwUAA4IBAQAoyDsIITuseP4XHzs7pwL4o5vjIwgW7x2Wn/QDm2pB
JBrq3HbmtWHJky+zUxcFan+mZxOcKY2IrRH2Ed2QAy7+zY4k+oJGo1I6U1id9i1a
cMJkNaZR0pJa5q0iS3FIDnlh2RTJTX1L2xOyaa0Vu6++OOgN2AC0eI7q6hFT+QjR
Imem28OWrRr3Rp7hwgdjtd00zIAQMmqt9IIPcMiAGbnEEu9MGh8JeTyC4wE1iH8D
BC5ynGO45YesPGPOYfug5WeZlvzcIvRblfq8dhicOm2cFYvzhK2OqIJDU74lw6Pl
gq/czX7GCm5c0NP1N/BQFOCCoKJJojxZp9jO92t6xWjI
-----END CERTIFICATE-----