Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/779c09-f49a-4b38-a778-6bc390995cab/1/g_SxF-_E_VpwVrwNdmKsnzbOYaM.roa
File:                     g_SxF-_E_VpwVrwNdmKsnzbOYaM.roa (raw, json)
Hash identifier:          wSo0WU3KC/Wo2i+eQ7vlG4IlKtTmfnJLRouHYXZqnO4=
Subject key identifier:   83:F4:B1:17:EF:C4:FD:5A:70:56:BC:0D:76:62:AC:9F:36:CE:61:A3
Certificate issuer:       /CN=8b054485ee62c6f1939613cba20669eef4504f79
Certificate serial:       01942067BBDE81CDAF40D3184634BBDD240B
Authority key identifier: 8B:05:44:85:EE:62:C6:F1:93:96:13:CB:A2:06:69:EE:F4:50:4F:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iwVEhe5ixvGTlhPLogZp7vRQT3k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/779c09-f49a-4b38-a778-6bc390995cab/1/g_SxF-_E_VpwVrwNdmKsnzbOYaM.roa
Signing time:             Wed 01 Jan 2025 05:47:36 +0000
ROA not before:           Wed 01 Jan 2025 05:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200064
IP address blocks:        141.170.208.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/779c09-f49a-4b38-a778-6bc390995cab/1/iwVEhe5ixvGTlhPLogZp7vRQT3k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/779c09-f49a-4b38-a778-6bc390995cab/1/iwVEhe5ixvGTlhPLogZp7vRQT3k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iwVEhe5ixvGTlhPLogZp7vRQT3k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:bb:de:81:cd:af:40:d3:18:46:34:bb:dd:24:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b054485ee62c6f1939613cba20669eef4504f79
        Validity
            Not Before: Jan  1 05:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83f4b117efc4fd5a7056bc0d7662ac9f36ce61a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:96:e7:1d:92:c1:e5:58:8b:91:ec:1b:e2:42:
                    db:29:bb:ae:c6:e6:9d:6b:35:37:c3:fa:27:d3:e4:
                    53:b6:10:1c:80:97:ac:34:16:bb:04:f1:3d:3b:dd:
                    51:ec:9c:6e:b0:44:e8:d0:7d:c2:23:fe:ed:9e:00:
                    9c:7f:cc:8b:07:e8:2e:85:9a:94:8b:1c:b7:9c:37:
                    04:d3:eb:86:9a:c2:49:b8:e1:0f:b7:a9:98:a8:4d:
                    36:e3:f0:aa:f0:21:de:a1:5f:78:fd:9c:b8:89:0f:
                    a8:85:77:d1:65:78:c0:9d:ac:47:76:13:c1:13:5b:
                    67:f6:8b:60:8a:57:18:40:22:2c:b4:81:4f:e4:d8:
                    4d:19:5c:8a:46:bc:9f:90:09:f5:5a:8e:b0:c3:1f:
                    af:66:c5:4b:cd:85:eb:fd:c1:f2:06:da:49:60:7d:
                    8c:f4:da:70:c8:9c:21:33:10:cc:2b:c5:db:9b:f0:
                    1f:8a:88:8c:cd:2b:93:47:59:1a:fc:b0:1b:6d:40:
                    74:50:bd:6e:9d:52:bf:c3:44:07:49:b4:6d:68:19:
                    8f:ae:d0:0e:35:af:97:e8:db:35:4e:59:19:b6:de:
                    8f:ab:67:94:b6:35:05:9f:6a:aa:3e:0c:11:70:74:
                    f4:df:b6:22:46:0e:39:ec:9c:54:c7:93:3f:34:5b:
                    5b:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:F4:B1:17:EF:C4:FD:5A:70:56:BC:0D:76:62:AC:9F:36:CE:61:A3
            X509v3 Authority Key Identifier:
                keyid:8B:05:44:85:EE:62:C6:F1:93:96:13:CB:A2:06:69:EE:F4:50:4F:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iwVEhe5ixvGTlhPLogZp7vRQT3k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/779c09-f49a-4b38-a778-6bc390995cab/1/g_SxF-_E_VpwVrwNdmKsnzbOYaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/779c09-f49a-4b38-a778-6bc390995cab/1/iwVEhe5ixvGTlhPLogZp7vRQT3k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.170.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         17:86:a9:d2:c1:b5:99:47:9d:63:95:e7:dc:5b:35:bf:48:aa:
         8f:e9:29:6f:d7:31:83:c0:aa:73:43:40:74:65:85:89:4a:04:
         6d:3d:c5:b6:8c:41:e9:ab:18:4d:55:47:41:45:96:99:c1:52:
         b3:cb:60:e1:55:3e:49:f6:f9:f2:f9:72:67:2e:ee:8a:39:47:
         67:17:3a:26:a0:b3:82:6a:c0:df:14:4f:a5:5d:66:33:b7:be:
         09:0b:1e:f1:a0:b8:0d:ab:0c:e8:f0:f7:3e:93:54:5a:33:86:
         9a:17:dc:51:52:5f:42:31:90:3e:14:3a:3d:ad:64:a5:2f:eb:
         37:88:23:3a:ee:6a:ca:2d:5f:31:70:92:dd:23:30:6b:e3:13:
         83:80:ef:10:1e:ad:78:50:ca:d4:ee:34:5f:43:4a:20:47:6f:
         24:3e:75:b6:fe:84:c0:72:29:d6:59:26:e0:12:89:76:36:ca:
         83:58:48:ff:a8:83:61:8b:67:63:5a:93:3f:17:cb:fa:74:07:
         59:18:f4:97:90:d1:41:84:58:ad:b3:94:ca:3e:0d:db:41:28:
         fc:3b:43:d0:44:45:44:d0:35:4a:1f:97:29:46:f5:03:2c:be:
         af:d6:1e:79:f4:72:42:ca:c0:2e:d8:6a:1c:49:1d:7f:e8:84:
         3c:8c:b9:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ7vegc2vQNMYRjS73SQLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMDU0NDg1ZWU2MmM2ZjE5Mzk2MTNjYmEyMDY2OWVlZjQ1
MDRmNzkwHhcNMjUwMTAxMDU0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2Y0YjExN2VmYzRmZDVhNzA1NmJjMGQ3NjYyYWM5ZjM2Y2U2MWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJbnHZLB5ViLkewb4kLbKbuuxuad
azU3w/on0+RTthAcgJesNBa7BPE9O91R7JxusETo0H3CI/7tngCcf8yLB+guhZqU
ixy3nDcE0+uGmsJJuOEPt6mYqE024/Cq8CHeoV94/Zy4iQ+ohXfRZXjAnaxHdhPB
E1tn9otgilcYQCIstIFP5NhNGVyKRryfkAn1Wo6wwx+vZsVLzYXr/cHyBtpJYH2M
9NpwyJwhMxDMK8Xbm/AfioiMzSuTR1ka/LAbbUB0UL1unVK/w0QHSbRtaBmPrtAO
Na+X6Ns1TlkZtt6Pq2eUtjUFn2qqPgwRcHT037YiRg457JxUx5M/NFtbXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIP0sRfvxP1acFa8DXZirJ82zmGjMB8GA1UdIwQY
MBaAFIsFRIXuYsbxk5YTy6IGae70UE95MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXdWRWhlNWl4dkdUbGhQTG9nWnA3dlJRVDNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC83NzljMDktZjQ5YS00YjM4LWE3Nzgt
NmJjMzkwOTk1Y2FiLzEvZ19TeEYtX0VfVnB3VnJ3TmRtS3NuemJPWWFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC83NzljMDktZjQ5YS00YjM4LWE3NzgtNmJjMzkwOTk1Y2Fi
LzEvaXdWRWhlNWl4dkdUbGhQTG9nWnA3dlJRVDNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjarQMA0G
CSqGSIb3DQEBCwUAA4IBAQAXhqnSwbWZR51jlefcWzW/SKqP6Slv1zGDwKpzQ0B0
ZYWJSgRtPcW2jEHpqxhNVUdBRZaZwVKzy2DhVT5J9vny+XJnLu6KOUdnFzomoLOC
asDfFE+lXWYzt74JCx7xoLgNqwzo8Pc+k1RaM4aaF9xRUl9CMZA+FDo9rWSlL+s3
iCM67mrKLV8xcJLdIzBr4xODgO8QHq14UMrU7jRfQ0ogR28kPnW2/oTAcinWWSbg
Eol2NsqDWEj/qINhi2djWpM/F8v6dAdZGPSXkNFBhFits5TKPg3bQSj8O0PQREVE
0DVKH5cpRvUDLL6v1h559HJCysAu2GocSR1/6IQ8jLkP
-----END CERTIFICATE-----