Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/da2447-b252-4b6a-a82f-dcbe53da7860/1/gEg17zjd8Impd_QAPuJWyy1TOg0.roa
File:                     gEg17zjd8Impd_QAPuJWyy1TOg0.roa (raw, json)
Hash identifier:          D2Z9g2ahEoFrpW4aztWeZEDsKrRhT3xm8LQ7rlt1GM8=
Subject key identifier:   80:48:35:EF:38:DD:F0:89:A9:77:F4:00:3E:E2:56:CB:2D:53:3A:0D
Certificate issuer:       /CN=9bc6fd3f32ca4594c96075659a7089b27ae3fef3
Certificate serial:       018CC72732CA83987EC8A2BCF447100EC469
Authority key identifier: 9B:C6:FD:3F:32:CA:45:94:C9:60:75:65:9A:70:89:B2:7A:E3:FE:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m8b9PzLKRZTJYHVlmnCJsnrj_vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/da2447-b252-4b6a-a82f-dcbe53da7860/1/gEg17zjd8Impd_QAPuJWyy1TOg0.roa
Signing time:             Mon 01 Jan 2024 22:31:24 +0000
ROA not before:           Mon 01 Jan 2024 22:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        194.115.212.0/24 maxlen: 24
                          194.115.212.0/22 maxlen: 22
                          194.115.213.0/24 maxlen: 24
                          194.115.215.0/24 maxlen: 24
                          194.115.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/da2447-b252-4b6a-a82f-dcbe53da7860/1/m8b9PzLKRZTJYHVlmnCJsnrj_vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/da2447-b252-4b6a-a82f-dcbe53da7860/1/m8b9PzLKRZTJYHVlmnCJsnrj_vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m8b9PzLKRZTJYHVlmnCJsnrj_vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jul 2024 04:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:32:ca:83:98:7e:c8:a2:bc:f4:47:10:0e:c4:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bc6fd3f32ca4594c96075659a7089b27ae3fef3
        Validity
            Not Before: Jan  1 22:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=804835ef38ddf089a977f4003ee256cb2d533a0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:f6:92:0b:c6:c2:c9:ce:71:17:14:c3:3c:77:
                    fe:c2:fe:49:39:aa:af:2e:eb:79:df:2f:e3:83:87:
                    b3:1d:82:4a:cb:41:b8:40:55:39:eb:cb:24:52:23:
                    d7:32:76:51:90:43:36:4c:ef:c3:27:dd:73:ab:f5:
                    fd:8e:f3:df:9a:eb:99:91:76:e0:fe:ea:8f:b1:05:
                    71:5f:d7:aa:e8:55:1b:c0:f3:3a:1d:33:a4:bf:1e:
                    61:32:b6:17:c4:8e:a4:c7:f6:c6:d7:85:b2:3c:b1:
                    cf:71:d2:1f:3c:e7:31:75:3d:7a:4e:2e:09:cc:4b:
                    56:90:88:60:90:3c:ee:c5:8d:3a:da:46:2b:c2:9b:
                    93:b6:ba:2f:f9:d6:98:4e:29:fe:2f:a1:73:0f:08:
                    4d:6c:92:2c:d2:e8:c4:73:5d:91:12:63:18:2f:61:
                    6a:3c:95:25:ab:31:bd:cd:35:08:d2:58:c4:19:36:
                    7c:19:3c:80:5b:74:77:2c:e4:62:fd:9a:b4:ab:dd:
                    79:79:c1:c0:d4:5c:f6:82:e3:a1:f8:18:f8:b5:3b:
                    e3:9a:e2:1e:12:f9:44:5e:1b:6f:47:af:a4:4c:5a:
                    af:9a:ab:32:d5:7a:b5:b6:d6:b9:5a:d6:7d:ea:af:
                    b0:e3:46:1c:10:0a:8c:1c:cc:9d:06:96:94:fc:6d:
                    98:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:48:35:EF:38:DD:F0:89:A9:77:F4:00:3E:E2:56:CB:2D:53:3A:0D
            X509v3 Authority Key Identifier:
                keyid:9B:C6:FD:3F:32:CA:45:94:C9:60:75:65:9A:70:89:B2:7A:E3:FE:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m8b9PzLKRZTJYHVlmnCJsnrj_vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/da2447-b252-4b6a-a82f-dcbe53da7860/1/gEg17zjd8Impd_QAPuJWyy1TOg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/da2447-b252-4b6a-a82f-dcbe53da7860/1/m8b9PzLKRZTJYHVlmnCJsnrj_vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.115.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b7:71:1f:e8:3c:52:21:e6:55:f3:2a:63:28:af:c6:d8:b9:38:
         c3:82:29:51:4a:5c:71:3b:0f:34:f2:f7:14:0e:aa:9c:78:ff:
         d6:30:14:ff:78:4e:84:22:26:db:f1:7b:ac:fa:de:60:d6:0a:
         30:fb:0e:c7:5e:d4:c7:91:37:bc:d0:f5:1f:59:f2:c5:a7:40:
         19:05:00:79:6f:34:06:ad:5f:70:d7:63:28:f2:01:37:6c:70:
         0b:63:90:08:d0:e4:e0:df:11:b2:1c:71:79:f6:76:d2:33:a3:
         f6:b2:28:43:01:9c:3d:d2:62:bb:93:2c:1b:8f:18:35:73:f7:
         ac:2a:f7:33:0d:12:cf:96:24:c8:96:27:17:1b:40:06:12:1b:
         6f:0d:88:ed:39:48:c0:19:c9:07:b1:28:13:c6:88:d7:64:a1:
         cd:32:32:c4:a8:82:07:90:69:de:d2:6a:2b:eb:a0:18:2a:34:
         b0:eb:ce:0c:cc:ab:3e:b0:0b:38:a1:ad:04:f1:37:8a:37:ef:
         76:02:f8:b2:85:d8:ff:02:5f:63:86:7a:13:ed:63:88:fa:ec:
         af:60:3b:82:0a:ad:a4:64:2f:94:00:36:ea:7b:63:e0:96:8b:
         7d:fa:0e:52:09:c1:5b:af:a7:80:e5:07:ae:aa:92:22:e6:49:
         99:66:9a:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJzLKg5h+yKK89EcQDsRpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliYzZmZDNmMzJjYTQ1OTRjOTYwNzU2NTlhNzA4OWIyN2Fl
M2ZlZjMwHhcNMjQwMTAxMjIzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDQ4MzVlZjM4ZGRmMDg5YTk3N2Y0MDAzZWUyNTZjYjJkNTMzYTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPaSC8bCyc5xFxTDPHf+wv5JOaqv
Lut53y/jg4ezHYJKy0G4QFU568skUiPXMnZRkEM2TO/DJ91zq/X9jvPfmuuZkXbg
/uqPsQVxX9eq6FUbwPM6HTOkvx5hMrYXxI6kx/bG14WyPLHPcdIfPOcxdT16Ti4J
zEtWkIhgkDzuxY062kYrwpuTtrov+daYTin+L6FzDwhNbJIs0ujEc12REmMYL2Fq
PJUlqzG9zTUI0ljEGTZ8GTyAW3R3LORi/Zq0q915ecHA1Fz2guOh+Bj4tTvjmuIe
EvlEXhtvR6+kTFqvmqsy1Xq1tta5WtZ96q+w40YcEAqMHMydBpaU/G2Y4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIBINe843fCJqXf0AD7iVsstUzoNMB8GA1UdIwQY
MBaAFJvG/T8yykWUyWB1ZZpwibJ64/7zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbThiOVB6TEtSWlRKWUhWbG1uQ0pzbnJqX3ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9kYTI0NDctYjI1Mi00YjZhLWE4MmYt
ZGNiZTUzZGE3ODYwLzEvZ0VnMTd6amQ4SW1wZF9RQVB1Sld5eTFUT2cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9kYTI0NDctYjI1Mi00YjZhLWE4MmYtZGNiZTUzZGE3ODYw
LzEvbThiOVB6TEtSWlRKWUhWbG1uQ0pzbnJqX3ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwnPUMA0G
CSqGSIb3DQEBCwUAA4IBAQC3cR/oPFIh5lXzKmMor8bYuTjDgilRSlxxOw808vcU
DqqceP/WMBT/eE6EIibb8Xus+t5g1gow+w7HXtTHkTe80PUfWfLFp0AZBQB5bzQG
rV9w12Mo8gE3bHALY5AI0OTg3xGyHHF59nbSM6P2sihDAZw90mK7kywbjxg1c/es
KvczDRLPliTIlicXG0AGEhtvDYjtOUjAGckHsSgTxojXZKHNMjLEqIIHkGne0mor
66AYKjSw684MzKs+sAs4oa0E8TeKN+92Aviyhdj/Al9jhnoT7WOI+uyvYDuCCq2k
ZC+UADbqe2Pglot9+g5SCcFbr6eA5QeuqpIi5kmZZppb
-----END CERTIFICATE-----