Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/gyAmN4ZKuYwMXqwn6HRJdVKSVhA.roa
File:                     gyAmN4ZKuYwMXqwn6HRJdVKSVhA.roa (raw, json)
Hash identifier:          MvvbPBe5zbXYJFODmg6zX8SoH1DXf8sv5VZ8i52gg3s=
Subject key identifier:   83:20:26:37:86:4A:B9:8C:0C:5E:AC:27:E8:74:49:75:52:92:56:10
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       018CC801249F497B0111FEB9AAAC1E08C840
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/gyAmN4ZKuYwMXqwn6HRJdVKSVhA.roa
Signing time:             Tue 02 Jan 2024 02:29:27 +0000
ROA not before:           Tue 02 Jan 2024 02:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20548
IP address blocks:        159.148.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:24:9f:49:7b:01:11:fe:b9:aa:ac:1e:08:c8:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  2 02:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83202637864ab98c0c5eac27e874497552925610
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b0:9c:1f:b0:f8:0e:bc:2c:77:08:25:e2:a0:
                    1c:c2:fa:f8:e1:d0:13:a1:a4:7f:62:9f:86:33:3f:
                    41:78:3f:cd:5a:7a:87:02:90:90:6d:95:9b:54:3e:
                    27:4f:44:3c:5d:76:56:33:7f:18:01:64:02:96:28:
                    3e:b4:13:0e:d0:10:1d:b4:fe:4d:e8:d2:66:cf:77:
                    a4:6e:81:7e:c9:cb:a3:29:5e:51:cc:85:d4:45:54:
                    29:3d:fb:40:c0:c7:ad:5a:ca:19:5e:5b:11:40:47:
                    85:c7:85:ae:50:70:1b:4d:68:31:b7:ec:27:22:8f:
                    79:5d:03:10:86:b1:66:10:4e:b5:10:e6:6d:b6:bc:
                    91:56:20:3a:b9:b4:79:43:45:31:41:3e:5b:d5:6c:
                    51:83:31:c0:58:56:49:e0:39:7e:3b:62:0d:9f:18:
                    0b:8a:e3:4b:57:d5:9c:bc:b1:f4:47:fd:d6:d7:ff:
                    b8:7c:e7:1b:93:89:d2:59:c4:67:ad:7f:85:e8:8e:
                    33:5c:3f:34:0c:95:f1:f6:72:08:24:ea:1f:37:79:
                    cb:66:91:36:3f:40:dc:c0:54:c1:80:30:22:bc:f0:
                    a6:9e:5b:55:1d:0b:b4:43:98:4d:35:75:34:93:c4:
                    66:52:df:64:0d:f9:fa:96:03:0b:c6:ea:0c:5a:41:
                    36:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:20:26:37:86:4A:B9:8C:0C:5E:AC:27:E8:74:49:75:52:92:56:10
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/gyAmN4ZKuYwMXqwn6HRJdVKSVhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.148.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:99:84:4f:5d:ea:ca:c1:6d:58:0d:e9:70:af:98:3b:8f:9b:
         71:60:f4:8c:e1:8a:7d:28:1e:38:5e:7c:ed:6a:8d:74:35:7d:
         c2:f8:7b:c3:01:9b:12:0d:17:92:8b:ca:3e:8e:92:bc:49:fc:
         61:53:23:2f:36:70:26:11:7d:1e:2b:ec:7a:f2:d8:2b:3d:44:
         68:6c:09:0c:34:2a:de:53:67:c4:93:d8:1c:5c:71:86:97:e4:
         8f:4e:1e:5d:39:11:7f:70:b4:5a:44:f2:ef:51:5d:10:e1:69:
         af:1d:1a:fd:04:3b:8a:85:43:5e:79:14:e5:93:c0:be:f6:96:
         0b:05:69:0f:63:12:f0:1b:bc:76:7e:26:c7:66:24:c0:4a:63:
         dc:a4:81:f5:72:2a:90:50:ad:7c:01:ed:04:14:72:65:20:28:
         34:f5:22:3c:cd:1e:ee:b7:5b:c2:34:70:47:48:0b:55:78:bf:
         23:78:39:fd:b8:45:05:13:17:08:3c:0b:2f:0b:78:36:50:ac:
         c3:26:e5:d1:1b:96:1d:b8:5d:33:79:e0:dd:15:a7:7f:11:0f:
         e7:6b:29:b9:c8:e5:2f:e4:88:60:1f:a1:76:90:ca:f1:b5:66:
         c1:92:5e:2c:00:fb:30:b5:7b:66:8f:74:92:a6:58:a3:d1:25:
         7b:b9:21:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIASSfSXsBEf65qqweCMhAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwMTAyMDIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzIwMjYzNzg2NGFiOThjMGM1ZWFjMjdlODc0NDk3NTUyOTI1NjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLCcH7D4Drwsdwgl4qAcwvr44dAT
oaR/Yp+GMz9BeD/NWnqHApCQbZWbVD4nT0Q8XXZWM38YAWQClig+tBMO0BAdtP5N
6NJmz3ekboF+ycujKV5RzIXURVQpPftAwMetWsoZXlsRQEeFx4WuUHAbTWgxt+wn
Io95XQMQhrFmEE61EOZttryRViA6ubR5Q0UxQT5b1WxRgzHAWFZJ4Dl+O2INnxgL
iuNLV9WcvLH0R/3W1/+4fOcbk4nSWcRnrX+F6I4zXD80DJXx9nIIJOofN3nLZpE2
P0DcwFTBgDAivPCmnltVHQu0Q5hNNXU0k8RmUt9kDfn6lgMLxuoMWkE2gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIMgJjeGSrmMDF6sJ+h0SXVSklYQMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvZ3lBbU40Wkt1WXdNWHF3bjZIUkpkVktTVmhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn5QXMA0G
CSqGSIb3DQEBCwUAA4IBAQAimYRPXerKwW1YDelwr5g7j5txYPSM4Yp9KB44Xnzt
ao10NX3C+HvDAZsSDReSi8o+jpK8SfxhUyMvNnAmEX0eK+x68tgrPURobAkMNCre
U2fEk9gcXHGGl+SPTh5dORF/cLRaRPLvUV0Q4WmvHRr9BDuKhUNeeRTlk8C+9pYL
BWkPYxLwG7x2fibHZiTASmPcpIH1ciqQUK18Ae0EFHJlICg09SI8zR7ut1vCNHBH
SAtVeL8jeDn9uEUFExcIPAsvC3g2UKzDJuXRG5YduF0zeeDdFad/EQ/naym5yOUv
5IhgH6F2kMrxtWbBkl4sAPswtXtmj3SSplij0SV7uSGy
-----END CERTIFICATE-----