Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/246b4d-4d3e-4e02-8c07-ac68a50d0c99/1/gi4j7tJDDSS1gUB8dWdAJ31D2Tc.roa
File:                     gi4j7tJDDSS1gUB8dWdAJ31D2Tc.roa (raw, json)
Hash identifier:          00efuo5gLACE9USCHCqnUWx+kuUYxwBH7cYFz8nCogI=
Subject key identifier:   82:2E:23:EE:D2:43:0D:24:B5:81:40:7C:75:67:40:27:7D:43:D9:37
Certificate issuer:       /CN=c8a4bbd78af363fa5beee632e8bdc48b6297343c
Certificate serial:       018CC7274D23D2F620F9F26EDC1192E5B5E2
Authority key identifier: C8:A4:BB:D7:8A:F3:63:FA:5B:EE:E6:32:E8:BD:C4:8B:62:97:34:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yKS714rzY_pb7uYy6L3Ei2KXNDw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/246b4d-4d3e-4e02-8c07-ac68a50d0c99/1/gi4j7tJDDSS1gUB8dWdAJ31D2Tc.roa
Signing time:             Mon 01 Jan 2024 22:31:30 +0000
ROA not before:           Mon 01 Jan 2024 22:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        198.151.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/246b4d-4d3e-4e02-8c07-ac68a50d0c99/1/yKS714rzY_pb7uYy6L3Ei2KXNDw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/246b4d-4d3e-4e02-8c07-ac68a50d0c99/1/yKS714rzY_pb7uYy6L3Ei2KXNDw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yKS714rzY_pb7uYy6L3Ei2KXNDw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 19:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:4d:23:d2:f6:20:f9:f2:6e:dc:11:92:e5:b5:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8a4bbd78af363fa5beee632e8bdc48b6297343c
        Validity
            Not Before: Jan  1 22:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=822e23eed2430d24b581407c756740277d43d937
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:13:c4:60:ac:2d:3d:d1:8c:b6:89:98:9c:6d:
                    df:44:d6:d5:db:0d:07:95:a4:2d:09:7d:63:72:63:
                    92:ec:47:38:67:2a:8f:c0:1d:0f:23:38:43:22:9b:
                    fd:02:a2:be:24:10:22:35:ab:d4:08:47:dc:72:dd:
                    55:75:66:4a:3d:fb:20:37:3a:ee:5b:55:00:ca:31:
                    d5:39:ab:05:f0:36:ae:eb:05:b3:2b:57:e1:d3:ed:
                    c5:4c:e0:7d:cb:aa:c4:f4:df:8c:cb:d0:ab:67:bc:
                    b4:f9:71:b7:4d:34:77:20:e3:9e:39:b8:e0:aa:f5:
                    c6:ba:f8:03:a7:d7:6d:ae:2e:84:23:32:7f:75:9a:
                    cc:eb:d3:2f:08:a2:b1:23:4a:37:12:24:94:ab:37:
                    84:ea:67:90:64:2b:fb:8d:eb:48:61:85:e6:1f:0d:
                    bf:d5:d1:24:17:8b:9d:f6:c7:f4:99:65:df:53:6a:
                    30:75:05:bb:fb:24:f5:dd:3b:a3:55:ed:9d:3d:68:
                    50:1d:93:be:16:f2:02:2c:a6:8e:e8:f7:2e:1f:3b:
                    a6:d7:47:30:96:cb:f9:b1:fe:60:0e:f8:68:07:c3:
                    d5:8f:9a:b4:97:d9:e6:91:aa:65:72:f8:77:76:a0:
                    e8:a6:69:ea:44:3b:ca:80:bc:5a:a8:e6:13:e6:0f:
                    d0:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:2E:23:EE:D2:43:0D:24:B5:81:40:7C:75:67:40:27:7D:43:D9:37
            X509v3 Authority Key Identifier:
                keyid:C8:A4:BB:D7:8A:F3:63:FA:5B:EE:E6:32:E8:BD:C4:8B:62:97:34:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yKS714rzY_pb7uYy6L3Ei2KXNDw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/246b4d-4d3e-4e02-8c07-ac68a50d0c99/1/gi4j7tJDDSS1gUB8dWdAJ31D2Tc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/246b4d-4d3e-4e02-8c07-ac68a50d0c99/1/yKS714rzY_pb7uYy6L3Ei2KXNDw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.151.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:1f:95:65:ec:24:06:a4:ec:ff:d6:74:72:c7:99:00:d6:21:
         0d:c4:8e:e4:38:a7:ab:cf:04:ab:5f:78:14:bc:a7:b3:de:a3:
         da:25:b6:c2:9c:55:6c:88:73:5e:e5:ac:d2:a4:74:9f:36:76:
         9b:eb:81:a3:07:52:a9:0f:69:84:47:32:c4:77:ca:ff:1a:53:
         ec:8c:70:c6:55:66:67:ef:37:31:df:d6:14:d7:83:7d:c1:07:
         c5:d0:8c:35:ca:48:8f:30:b5:8b:5a:e2:f5:52:d9:44:21:e8:
         7c:b0:03:2e:ae:29:33:2f:7f:d1:48:26:4b:63:7d:4d:cf:dd:
         18:bc:9b:22:be:9b:d1:c5:1f:f9:f0:ca:8c:f6:4c:e5:b6:f5:
         03:c3:79:60:d0:79:d2:29:df:e1:26:b9:a7:61:46:0a:f2:84:
         e6:fc:3a:ef:78:58:2a:6d:ea:86:e9:2b:44:f0:50:8d:d0:01:
         c3:29:63:74:b4:4f:54:73:18:d1:9a:07:07:2a:43:32:f0:9a:
         d5:c8:b7:92:0b:7d:7c:9d:bd:ad:79:13:df:b5:bb:07:dd:ff:
         d8:70:10:f3:c6:58:b8:1a:0f:9f:89:0f:7f:27:99:34:80:32:
         e1:db:73:21:29:a9:07:c5:fc:09:30:de:72:e2:99:4d:93:8c:
         23:e7:32:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ00j0vYg+fJu3BGS5bXiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4YTRiYmQ3OGFmMzYzZmE1YmVlZTYzMmU4YmRjNDhiNjI5
NzM0M2MwHhcNMjQwMTAxMjIzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjJlMjNlZWQyNDMwZDI0YjU4MTQwN2M3NTY3NDAyNzdkNDNkOTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhPEYKwtPdGMtomYnG3fRNbV2w0H
laQtCX1jcmOS7Ec4ZyqPwB0PIzhDIpv9AqK+JBAiNavUCEfcct1VdWZKPfsgNzru
W1UAyjHVOasF8Dau6wWzK1fh0+3FTOB9y6rE9N+My9CrZ7y0+XG3TTR3IOOeObjg
qvXGuvgDp9dtri6EIzJ/dZrM69MvCKKxI0o3EiSUqzeE6meQZCv7jetIYYXmHw2/
1dEkF4ud9sf0mWXfU2owdQW7+yT13TujVe2dPWhQHZO+FvICLKaO6PcuHzum10cw
lsv5sf5gDvhoB8PVj5q0l9nmkaplcvh3dqDopmnqRDvKgLxaqOYT5g/Q8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIIuI+7SQw0ktYFAfHVnQCd9Q9k3MB8GA1UdIwQY
MBaAFMiku9eK82P6W+7mMui9xItilzQ8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUtTNzE0cnpZX3BiN3VZeTZMM0VpMktYTkR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi8yNDZiNGQtNGQzZS00ZTAyLThjMDct
YWM2OGE1MGQwYzk5LzEvZ2k0ajd0SkREU1MxZ1VCOGRXZEFKMzFEMlRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi8yNDZiNGQtNGQzZS00ZTAyLThjMDctYWM2OGE1MGQwYzk5
LzEveUtTNzE0cnpZX3BiN3VZeTZMM0VpMktYTkR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAxpedMA0G
CSqGSIb3DQEBCwUAA4IBAQBHH5Vl7CQGpOz/1nRyx5kA1iENxI7kOKerzwSrX3gU
vKez3qPaJbbCnFVsiHNe5azSpHSfNnab64GjB1KpD2mERzLEd8r/GlPsjHDGVWZn
7zcx39YU14N9wQfF0Iw1ykiPMLWLWuL1UtlEIeh8sAMurikzL3/RSCZLY31Nz90Y
vJsivpvRxR/58MqM9kzltvUDw3lg0HnSKd/hJrmnYUYK8oTm/DrveFgqbeqG6StE
8FCN0AHDKWN0tE9UcxjRmgcHKkMy8JrVyLeSC318nb2teRPftbsH3f/YcBDzxli4
Gg+fiQ9/J5k0gDLh23MhKakHxfwJMN5y4plNk4wj5zKj
-----END CERTIFICATE-----