Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/b3d97e-5cc2-4669-b378-5875a4489dba/1/_Gj2g8PxU7DBazXANN4T2eg51Fc.roa
File:                     _Gj2g8PxU7DBazXANN4T2eg51Fc.roa (raw, json)
Hash identifier:          JJ48M5LcDG6EbyNCNtiIwZkPHnD+2A4icV3ONOqWeFQ=
Subject key identifier:   FC:68:F6:83:C3:F1:53:B0:C1:6B:35:C0:34:DE:13:D9:E8:39:D4:57
Certificate issuer:       /CN=d09a7f7fdd54a17ce5e12a4182eb652479f9d758
Certificate serial:       018CC348BAB8DE8076AAEB6734902810BB9D
Authority key identifier: D0:9A:7F:7F:DD:54:A1:7C:E5:E1:2A:41:82:EB:65:24:79:F9:D7:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Jp_f91UoXzl4SpBgutlJHn511g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/b3d97e-5cc2-4669-b378-5875a4489dba/1/_Gj2g8PxU7DBazXANN4T2eg51Fc.roa
Signing time:             Mon 01 Jan 2024 04:29:32 +0000
ROA not before:           Mon 01 Jan 2024 04:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203734
IP address blocks:        185.69.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/b3d97e-5cc2-4669-b378-5875a4489dba/1/0Jp_f91UoXzl4SpBgutlJHn511g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/b3d97e-5cc2-4669-b378-5875a4489dba/1/0Jp_f91UoXzl4SpBgutlJHn511g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Jp_f91UoXzl4SpBgutlJHn511g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ba:b8:de:80:76:aa:eb:67:34:90:28:10:bb:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d09a7f7fdd54a17ce5e12a4182eb652479f9d758
        Validity
            Not Before: Jan  1 04:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc68f683c3f153b0c16b35c034de13d9e839d457
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:53:df:08:82:a0:93:f7:cb:85:2f:37:f7:0f:
                    1c:2a:5a:68:e9:c7:0e:ba:18:cb:58:e6:1c:ed:ce:
                    cb:cc:94:9f:cf:4b:12:29:ae:df:d9:27:49:bc:10:
                    8b:b5:60:d5:9d:52:78:b6:c0:98:16:2a:7a:ee:fc:
                    16:46:89:fe:d6:5a:f9:41:37:86:00:3e:40:3a:9c:
                    14:39:aa:cb:ec:32:a5:de:b2:e5:69:cd:63:83:fa:
                    1d:6a:60:06:6f:c0:ac:9e:11:2d:31:a8:a2:97:8c:
                    18:55:57:9c:97:26:31:2f:68:80:91:36:8f:1b:e8:
                    54:04:d4:ad:59:51:18:00:50:52:f0:a9:e4:de:e9:
                    30:66:c5:41:4e:07:9f:7f:98:5c:c8:3e:08:f7:b7:
                    b2:2c:a1:10:6d:c9:4d:a5:85:b1:fa:a7:19:e5:25:
                    c4:7b:8a:c0:7a:76:eb:e6:d3:2f:91:34:a9:79:dd:
                    a2:6b:04:9b:8e:70:6f:1d:41:ae:9b:79:a4:cf:72:
                    4b:c6:72:d8:20:d8:44:c6:29:5a:d7:20:90:ec:95:
                    14:ee:d6:28:f5:68:69:b7:97:5e:12:e5:d2:9e:d2:
                    1c:a6:4a:b5:98:b3:63:1b:33:9b:a7:dc:f2:b4:d2:
                    de:a5:db:f0:97:61:33:66:3b:e6:ce:99:49:13:08:
                    19:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:68:F6:83:C3:F1:53:B0:C1:6B:35:C0:34:DE:13:D9:E8:39:D4:57
            X509v3 Authority Key Identifier:
                keyid:D0:9A:7F:7F:DD:54:A1:7C:E5:E1:2A:41:82:EB:65:24:79:F9:D7:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Jp_f91UoXzl4SpBgutlJHn511g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/b3d97e-5cc2-4669-b378-5875a4489dba/1/_Gj2g8PxU7DBazXANN4T2eg51Fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/b3d97e-5cc2-4669-b378-5875a4489dba/1/0Jp_f91UoXzl4SpBgutlJHn511g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.69.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:c0:40:95:f9:4c:49:f9:6c:4c:f4:cf:11:59:8e:84:19:f6:
         bc:59:f7:83:61:d0:7e:85:86:22:2f:f1:0a:6a:b6:4a:14:b6:
         12:9e:d5:66:ec:a5:73:37:be:d8:13:16:ca:82:41:64:86:0e:
         cf:c0:56:e0:5a:06:62:c3:25:fc:1c:79:fe:2f:62:25:05:1b:
         65:74:98:d6:bc:f9:e1:c1:bb:22:02:83:a3:e9:28:f5:79:5e:
         24:9b:22:5e:85:d3:b5:d5:16:5a:57:04:e6:32:ca:1a:f7:a8:
         1e:0b:3c:47:0b:e5:d8:9a:c5:9c:38:42:35:6a:75:1e:90:eb:
         53:f7:d3:ee:af:19:f2:71:ac:49:b1:b0:c9:63:58:9f:cd:5f:
         62:32:81:61:36:56:90:ee:d2:b0:59:df:42:7b:35:65:04:86:
         13:8b:fb:56:cc:46:ab:e3:c6:0a:18:b2:48:ea:64:20:76:7e:
         ed:91:d8:39:4b:27:03:0a:96:ca:7f:64:72:72:65:01:6a:32:
         7d:46:01:00:39:3b:49:83:25:fa:aa:2e:e7:3f:4f:c7:3f:6d:
         d8:6b:c8:c5:d4:f1:3c:ed:cf:44:41:e8:22:02:75:cd:aa:03:
         05:f3:f6:ce:2b:a2:c8:e3:42:86:f8:71:08:40:90:03:62:c4:
         7d:bc:e4:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSLq43oB2qutnNJAoELudMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOWE3ZjdmZGQ1NGExN2NlNWUxMmE0MTgyZWI2NTI0Nzlm
OWQ3NTgwHhcNMjQwMTAxMDQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzY4ZjY4M2MzZjE1M2IwYzE2YjM1YzAzNGRlMTNkOWU4MzlkNDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVPfCIKgk/fLhS839w8cKlpo6ccO
uhjLWOYc7c7LzJSfz0sSKa7f2SdJvBCLtWDVnVJ4tsCYFip67vwWRon+1lr5QTeG
AD5AOpwUOarL7DKl3rLlac1jg/odamAGb8CsnhEtMaiil4wYVVeclyYxL2iAkTaP
G+hUBNStWVEYAFBS8Knk3ukwZsVBTgeff5hcyD4I97eyLKEQbclNpYWx+qcZ5SXE
e4rAenbr5tMvkTSped2iawSbjnBvHUGum3mkz3JLxnLYINhExila1yCQ7JUU7tYo
9Whpt5deEuXSntIcpkq1mLNjGzObp9zytNLepdvwl2EzZjvmzplJEwgZPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPxo9oPD8VOwwWs1wDTeE9noOdRXMB8GA1UdIwQY
MBaAFNCaf3/dVKF85eEqQYLrZSR5+ddYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEpwX2Y5MVVvWHpsNFNwQmd1dGxKSG41MTFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9iM2Q5N2UtNWNjMi00NjY5LWIzNzgt
NTg3NWE0NDg5ZGJhLzEvX0dqMmc4UHhVN0RCYXpYQU5ONFQyZWc1MUZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9iM2Q5N2UtNWNjMi00NjY5LWIzNzgtNTg3NWE0NDg5ZGJh
LzEvMEpwX2Y5MVVvWHpsNFNwQmd1dGxKSG41MTFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUX7MA0G
CSqGSIb3DQEBCwUAA4IBAQBPwECV+UxJ+WxM9M8RWY6EGfa8WfeDYdB+hYYiL/EK
arZKFLYSntVm7KVzN77YExbKgkFkhg7PwFbgWgZiwyX8HHn+L2IlBRtldJjWvPnh
wbsiAoOj6Sj1eV4kmyJehdO11RZaVwTmMsoa96geCzxHC+XYmsWcOEI1anUekOtT
99PurxnycaxJsbDJY1ifzV9iMoFhNlaQ7tKwWd9CezVlBIYTi/tWzEar48YKGLJI
6mQgdn7tkdg5SycDCpbKf2RycmUBajJ9RgEAOTtJgyX6qi7nP0/HP23Ya8jF1PE8
7c9EQegiAnXNqgMF8/bOK6LI40KG+HEIQJADYsR9vOTM
-----END CERTIFICATE-----