Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/32e776-8f36-4d16-956a-5af958ceaf6e/1/gJL2N-lpjfEGy9e3OPLBYnUsoGQ.roa
File:                     gJL2N-lpjfEGy9e3OPLBYnUsoGQ.roa (raw, json)
Hash identifier:          fDjV06E2/+/Vcn4UGYdhKNzKtDOcDDDtLLUoX40HEDo=
Subject key identifier:   80:92:F6:37:E9:69:8D:F1:06:CB:D7:B7:38:F2:C1:62:75:2C:A0:64
Certificate issuer:       /CN=4b8d822165e7f01f722c973967f7554605240802
Certificate serial:       018CCA2B6CB37327CEA49F8E14A4292784A2
Authority key identifier: 4B:8D:82:21:65:E7:F0:1F:72:2C:97:39:67:F7:55:46:05:24:08:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S42CIWXn8B9yLJc5Z_dVRgUkCAI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/32e776-8f36-4d16-956a-5af958ceaf6e/1/gJL2N-lpjfEGy9e3OPLBYnUsoGQ.roa
Signing time:             Tue 02 Jan 2024 12:34:52 +0000
ROA not before:           Tue 02 Jan 2024 12:34:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29802
IP address blocks:        185.242.80.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/32e776-8f36-4d16-956a-5af958ceaf6e/1/S42CIWXn8B9yLJc5Z_dVRgUkCAI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/32e776-8f36-4d16-956a-5af958ceaf6e/1/S42CIWXn8B9yLJc5Z_dVRgUkCAI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S42CIWXn8B9yLJc5Z_dVRgUkCAI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 01:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:6c:b3:73:27:ce:a4:9f:8e:14:a4:29:27:84:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b8d822165e7f01f722c973967f7554605240802
        Validity
            Not Before: Jan  2 12:34:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8092f637e9698df106cbd7b738f2c162752ca064
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c7:35:49:42:c2:cc:08:78:ad:bd:78:ae:ee:
                    38:bb:ee:e6:4f:09:1e:80:35:2c:55:37:1d:62:62:
                    7f:a8:e2:6e:97:7a:95:81:3f:da:4b:c7:da:05:85:
                    54:17:4c:91:d7:e7:fb:cd:0f:84:39:8d:ea:08:f6:
                    40:28:3a:bc:b4:00:6f:4f:4b:9f:cd:c2:4b:33:72:
                    5b:92:38:b5:e0:3c:bb:08:a3:5b:60:15:a9:5d:3f:
                    a5:07:0b:8a:fa:79:ea:05:b6:35:d4:f8:82:61:e1:
                    31:51:9b:b7:17:9f:d6:88:c0:6c:48:fc:0d:9f:95:
                    57:73:df:3b:54:73:0e:9f:63:76:0a:90:b3:61:37:
                    a9:ca:1c:e0:1b:db:a5:a9:b5:50:63:2c:d1:35:4e:
                    3f:69:6d:34:ac:6f:4d:2c:c7:08:32:40:41:24:4b:
                    9c:39:9b:04:02:6a:1f:ac:cc:e6:84:69:4d:52:0a:
                    3e:14:88:90:60:d7:1e:4a:14:6b:dd:b8:1b:1f:21:
                    9b:be:2c:fa:33:b0:f5:6b:08:2d:39:9c:db:96:b6:
                    2c:51:97:e6:df:38:7e:06:ee:99:e3:9f:4f:e3:2e:
                    33:a2:ee:e7:b2:fd:f5:d1:35:aa:6a:cc:8a:c0:f7:
                    e2:ce:c6:0a:e5:4c:70:2b:fc:c3:91:17:a5:6f:23:
                    59:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:92:F6:37:E9:69:8D:F1:06:CB:D7:B7:38:F2:C1:62:75:2C:A0:64
            X509v3 Authority Key Identifier:
                keyid:4B:8D:82:21:65:E7:F0:1F:72:2C:97:39:67:F7:55:46:05:24:08:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S42CIWXn8B9yLJc5Z_dVRgUkCAI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/32e776-8f36-4d16-956a-5af958ceaf6e/1/gJL2N-lpjfEGy9e3OPLBYnUsoGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/32e776-8f36-4d16-956a-5af958ceaf6e/1/S42CIWXn8B9yLJc5Z_dVRgUkCAI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:d7:50:f3:ff:1e:56:80:62:b2:61:35:36:0a:7e:d1:9b:77:
         23:f7:e5:3f:28:d3:f0:a0:02:dd:50:29:c7:49:13:a7:0b:37:
         77:4f:0b:66:39:40:86:d9:fc:30:59:cb:bf:52:34:6b:41:56:
         16:35:ad:8f:22:8f:75:e7:38:5e:fe:5a:95:b1:80:a2:1e:3a:
         6d:19:a4:26:b4:51:a7:de:80:81:c0:62:3b:e8:f8:8d:23:c9:
         54:ff:de:18:89:5f:6a:c2:33:ea:eb:60:6d:29:bf:61:36:ba:
         f4:c7:eb:a1:48:2c:a7:f8:37:73:b4:44:ed:68:2e:ad:e3:76:
         c5:d1:82:70:f6:cd:e1:19:82:7c:e3:2b:0c:78:c5:f7:44:56:
         44:30:2e:03:3c:8e:6c:7f:f7:d5:a1:45:25:1e:40:12:59:95:
         e1:2e:ab:0d:d3:6e:ae:6c:3c:eb:87:d1:00:0b:1d:b8:74:93:
         d5:2f:40:0a:2b:51:ab:0e:89:ad:1c:45:3b:be:dc:81:19:30:
         03:78:57:24:ca:c0:90:ea:4f:60:51:cf:58:dc:ee:c0:c6:91:
         53:40:b6:21:6d:a7:db:eb:d7:55:da:9a:f5:d9:6b:55:30:b1:
         d6:7c:31:3c:56:88:23:f0:da:8e:b0:4c:1b:da:a7:5b:eb:d5:
         83:af:9e:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK2yzcyfOpJ+OFKQpJ4SiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOGQ4MjIxNjVlN2YwMWY3MjJjOTczOTY3Zjc1NTQ2MDUy
NDA4MDIwHhcNMjQwMTAyMTIzNDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDkyZjYzN2U5Njk4ZGYxMDZjYmQ3YjczOGYyYzE2Mjc1MmNhMDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsc1SULCzAh4rb14ru44u+7mTwke
gDUsVTcdYmJ/qOJul3qVgT/aS8faBYVUF0yR1+f7zQ+EOY3qCPZAKDq8tABvT0uf
zcJLM3Jbkji14Dy7CKNbYBWpXT+lBwuK+nnqBbY11PiCYeExUZu3F5/WiMBsSPwN
n5VXc987VHMOn2N2CpCzYTepyhzgG9ulqbVQYyzRNU4/aW00rG9NLMcIMkBBJEuc
OZsEAmofrMzmhGlNUgo+FIiQYNceShRr3bgbHyGbviz6M7D1awgtOZzblrYsUZfm
3zh+Bu6Z459P4y4zou7nsv310TWqasyKwPfizsYK5UxwK/zDkRelbyNZ6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFICS9jfpaY3xBsvXtzjywWJ1LKBkMB8GA1UdIwQY
MBaAFEuNgiFl5/AfciyXOWf3VUYFJAgCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzQyQ0lXWG44Qjl5TEpjNVpfZFZSZ1VrQ0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8zMmU3NzYtOGYzNi00ZDE2LTk1NmEt
NWFmOTU4Y2VhZjZlLzEvZ0pMMk4tbHBqZkVHeTllM09QTEJZblVzb0dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8zMmU3NzYtOGYzNi00ZDE2LTk1NmEtNWFmOTU4Y2VhZjZl
LzEvUzQyQ0lXWG44Qjl5TEpjNVpfZFZSZ1VrQ0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufJQMA0G
CSqGSIb3DQEBCwUAA4IBAQAp11Dz/x5WgGKyYTU2Cn7Rm3cj9+U/KNPwoALdUCnH
SROnCzd3TwtmOUCG2fwwWcu/UjRrQVYWNa2PIo915zhe/lqVsYCiHjptGaQmtFGn
3oCBwGI76PiNI8lU/94YiV9qwjPq62BtKb9hNrr0x+uhSCyn+DdztETtaC6t43bF
0YJw9s3hGYJ84ysMeMX3RFZEMC4DPI5sf/fVoUUlHkASWZXhLqsN026ubDzrh9EA
Cx24dJPVL0AKK1GrDomtHEU7vtyBGTADeFckysCQ6k9gUc9Y3O7AxpFTQLYhbafb
69dV2pr12WtVMLHWfDE8Vogj8NqOsEwb2qdb69WDr54j
-----END CERTIFICATE-----