Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/b01513-c61f-47ab-aba5-f77b6d164c72/1/gnZ3ec2tzjZ8N5uoFQq3H5JNDJg.roa
File:                     gnZ3ec2tzjZ8N5uoFQq3H5JNDJg.roa (raw, json)
Hash identifier:          FfXAIxdASOeIUwUGtRptck4sFfHj/a/5uvU6Jc3+HMI=
Subject key identifier:   82:76:77:79:CD:AD:CE:36:7C:37:9B:A8:15:0A:B7:1F:92:4D:0C:98
Certificate issuer:       /CN=da828487183840993c01acf9d4005239484c42a0
Certificate serial:       018CC2DB1A997CA605E698E4AF9816F097A0
Authority key identifier: DA:82:84:87:18:38:40:99:3C:01:AC:F9:D4:00:52:39:48:4C:42:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2oKEhxg4QJk8Aaz51ABSOUhMQqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/b01513-c61f-47ab-aba5-f77b6d164c72/1/gnZ3ec2tzjZ8N5uoFQq3H5JNDJg.roa
Signing time:             Mon 01 Jan 2024 02:29:48 +0000
ROA not before:           Mon 01 Jan 2024 02:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        176.105.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/b01513-c61f-47ab-aba5-f77b6d164c72/1/2oKEhxg4QJk8Aaz51ABSOUhMQqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/b01513-c61f-47ab-aba5-f77b6d164c72/1/2oKEhxg4QJk8Aaz51ABSOUhMQqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2oKEhxg4QJk8Aaz51ABSOUhMQqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:1a:99:7c:a6:05:e6:98:e4:af:98:16:f0:97:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da828487183840993c01acf9d4005239484c42a0
        Validity
            Not Before: Jan  1 02:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82767779cdadce367c379ba8150ab71f924d0c98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:3a:a7:fb:ea:c9:07:2a:68:c4:88:70:95:65:
                    01:bb:ab:6a:79:9b:53:82:ad:22:79:78:ec:05:66:
                    32:e8:f2:87:2f:37:96:28:8e:a0:5a:01:0c:0e:69:
                    1b:bd:4b:65:b0:65:77:24:09:68:23:dd:9e:cf:f0:
                    dc:17:7d:78:ad:0a:06:13:2a:b0:00:bd:0b:81:5e:
                    00:67:4b:87:4b:35:72:48:5c:e0:19:55:46:d9:99:
                    9a:36:7d:5d:f2:30:98:55:3e:c1:8f:f9:a5:72:8d:
                    15:de:db:7d:74:43:08:5b:28:69:87:6f:60:77:98:
                    96:00:d5:12:88:e2:7b:53:68:a3:d0:49:70:05:b2:
                    75:58:8c:7a:c4:e6:c7:02:63:a8:0d:36:d1:be:37:
                    00:46:7c:b4:07:a9:9a:ea:c8:d0:7c:01:59:3d:d5:
                    e7:b3:9f:bb:42:ea:8a:3a:48:f8:39:a4:c3:66:03:
                    e9:ea:94:d9:7d:4f:81:54:87:78:8a:56:59:67:f1:
                    75:44:f3:3c:7e:af:0d:fb:ec:4a:26:1e:be:5c:6b:
                    ab:ce:c9:e9:24:53:47:0c:31:b2:e7:46:40:49:ba:
                    9e:f5:84:98:ca:a9:a2:80:96:4c:94:3d:b4:f3:4c:
                    f9:cf:5c:45:8d:c6:b8:79:9c:12:42:8b:b5:73:4e:
                    4c:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:76:77:79:CD:AD:CE:36:7C:37:9B:A8:15:0A:B7:1F:92:4D:0C:98
            X509v3 Authority Key Identifier:
                keyid:DA:82:84:87:18:38:40:99:3C:01:AC:F9:D4:00:52:39:48:4C:42:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2oKEhxg4QJk8Aaz51ABSOUhMQqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/b01513-c61f-47ab-aba5-f77b6d164c72/1/gnZ3ec2tzjZ8N5uoFQq3H5JNDJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/b01513-c61f-47ab-aba5-f77b6d164c72/1/2oKEhxg4QJk8Aaz51ABSOUhMQqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.105.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:1e:08:d3:8d:d4:cc:95:24:74:c0:18:b4:1d:c5:3c:62:77:
         47:fe:20:67:4b:58:75:35:38:41:28:9a:f4:52:20:57:2c:74:
         4b:75:9d:5d:3f:0a:af:a3:43:32:f3:51:e5:5e:f7:c0:10:98:
         b2:3e:52:91:98:fa:3a:52:65:a7:2f:d1:83:4b:08:3f:e8:84:
         f9:b7:3a:58:42:87:27:90:be:73:8c:d8:28:96:15:c5:6f:e9:
         c5:0f:da:f0:47:20:87:bc:3f:b0:34:9c:f4:45:d6:bc:ca:b7:
         00:37:9e:c8:d4:ec:8d:df:fb:92:15:13:07:e6:43:43:f8:6c:
         60:2e:46:9f:20:3b:f3:f0:6b:0b:d6:4c:12:fb:51:6b:55:5a:
         b7:c6:30:60:78:5d:26:ce:49:0d:2a:10:7f:72:d4:ee:f1:40:
         e4:06:9d:28:e5:d8:2b:35:fe:54:b7:d1:20:0f:6b:6d:6a:95:
         f7:22:af:e0:c2:3b:7c:08:d7:6b:f2:6a:b5:8f:ac:14:a9:68:
         bc:0d:22:ac:a6:39:e1:c1:d1:c8:3b:f6:26:e8:6c:b5:02:40:
         e3:07:88:30:07:f5:12:fd:ae:33:32:0a:20:0f:f9:76:c1:8f:
         e0:7c:98:a9:c4:f7:58:85:2a:16:ac:38:58:31:80:bf:aa:25:
         74:a4:46:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2xqZfKYF5pjkr5gW8JegMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhODI4NDg3MTgzODQwOTkzYzAxYWNmOWQ0MDA1MjM5NDg0
YzQyYTAwHhcNMjQwMTAxMDIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mjc2Nzc3OWNkYWRjZTM2N2MzNzliYTgxNTBhYjcxZjkyNGQwYzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDqn++rJBypoxIhwlWUBu6tqeZtT
gq0ieXjsBWYy6PKHLzeWKI6gWgEMDmkbvUtlsGV3JAloI92ez/DcF314rQoGEyqw
AL0LgV4AZ0uHSzVySFzgGVVG2ZmaNn1d8jCYVT7Bj/mlco0V3tt9dEMIWyhph29g
d5iWANUSiOJ7U2ij0ElwBbJ1WIx6xObHAmOoDTbRvjcARny0B6ma6sjQfAFZPdXn
s5+7QuqKOkj4OaTDZgPp6pTZfU+BVId4ilZZZ/F1RPM8fq8N++xKJh6+XGurzsnp
JFNHDDGy50ZASbqe9YSYyqmigJZMlD2080z5z1xFjca4eZwSQou1c05MswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIJ2d3nNrc42fDebqBUKtx+STQyYMB8GA1UdIwQY
MBaAFNqChIcYOECZPAGs+dQAUjlITEKgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm9LRWh4ZzRRSms4QWF6NTFBQlNPVWhNUXFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9iMDE1MTMtYzYxZi00N2FiLWFiYTUt
Zjc3YjZkMTY0YzcyLzEvZ25aM2VjMnR6alo4TjV1b0ZRcTNINUpOREpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9iMDE1MTMtYzYxZi00N2FiLWFiYTUtZjc3YjZkMTY0Yzcy
LzEvMm9LRWh4ZzRRSms4QWF6NTFBQlNPVWhNUXFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGn0MA0G
CSqGSIb3DQEBCwUAA4IBAQAqHgjTjdTMlSR0wBi0HcU8YndH/iBnS1h1NThBKJr0
UiBXLHRLdZ1dPwqvo0My81HlXvfAEJiyPlKRmPo6UmWnL9GDSwg/6IT5tzpYQocn
kL5zjNgolhXFb+nFD9rwRyCHvD+wNJz0Rda8yrcAN57I1OyN3/uSFRMH5kND+Gxg
LkafIDvz8GsL1kwS+1FrVVq3xjBgeF0mzkkNKhB/ctTu8UDkBp0o5dgrNf5Ut9Eg
D2ttapX3Iq/gwjt8CNdr8mq1j6wUqWi8DSKspjnhwdHIO/Ym6Gy1AkDjB4gwB/US
/a4zMgogD/l2wY/gfJipxPdYhSoWrDhYMYC/qiV0pEZo
-----END CERTIFICATE-----