Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/5abb3a-b1b6-4d70-b098-8aea1f68b79b/1/gu8BgqfW0cxWsNgZxX9LYK2fydA.roa
File:                     gu8BgqfW0cxWsNgZxX9LYK2fydA.roa (raw, json)
Hash identifier:          KQ2QYOvbI4Bv9zKDyuthHD7d/J7rloVHkaNOqC0kViw=
Subject key identifier:   82:EF:01:82:A7:D6:D1:CC:56:B0:D8:19:C5:7F:4B:60:AD:9F:C9:D0
Certificate issuer:       /CN=f57331288d908dd762e4b56f003b448f01881d24
Certificate serial:       018CC5015438762EDE7939473E30ADB8FFD1
Authority key identifier: F5:73:31:28:8D:90:8D:D7:62:E4:B5:6F:00:3B:44:8F:01:88:1D:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9XMxKI2Qjddi5LVvADtEjwGIHSQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/5abb3a-b1b6-4d70-b098-8aea1f68b79b/1/gu8BgqfW0cxWsNgZxX9LYK2fydA.roa
Signing time:             Mon 01 Jan 2024 12:30:47 +0000
ROA not before:           Mon 01 Jan 2024 12:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42244
IP address blocks:        185.191.196.0/22 maxlen: 22
                          2a0a:2540::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/5abb3a-b1b6-4d70-b098-8aea1f68b79b/1/9XMxKI2Qjddi5LVvADtEjwGIHSQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/5abb3a-b1b6-4d70-b098-8aea1f68b79b/1/9XMxKI2Qjddi5LVvADtEjwGIHSQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9XMxKI2Qjddi5LVvADtEjwGIHSQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:54:38:76:2e:de:79:39:47:3e:30:ad:b8:ff:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f57331288d908dd762e4b56f003b448f01881d24
        Validity
            Not Before: Jan  1 12:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82ef0182a7d6d1cc56b0d819c57f4b60ad9fc9d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:df:74:c3:c7:35:85:c8:b4:bd:31:cf:67:f5:
                    fd:8a:47:52:60:a7:77:fc:8b:c3:91:32:fd:d1:24:
                    d6:a5:da:69:84:a0:f3:9e:7b:83:57:aa:56:90:d7:
                    ee:e2:4d:43:8f:3e:3e:e1:04:fe:93:ae:82:29:ed:
                    bd:76:10:40:22:11:e4:bc:08:38:b1:7b:e1:85:fb:
                    51:41:2f:de:74:bc:af:64:86:62:53:68:b1:50:a7:
                    3a:50:42:67:97:55:a9:e9:4c:36:e7:8f:36:70:a3:
                    1f:0d:04:01:5a:15:48:66:27:0c:8c:4f:a3:8f:82:
                    fa:d3:d9:8a:65:6e:ad:dc:85:6c:c7:d6:5e:c1:da:
                    73:47:dc:00:01:89:bf:69:75:a2:c6:ca:ab:e4:44:
                    69:e9:7b:96:8a:3c:bd:f9:e5:78:a4:80:12:df:44:
                    e6:94:12:a8:6e:67:80:34:f0:b3:d5:27:2d:2e:81:
                    bb:c4:cc:2d:08:55:56:29:9e:ce:02:06:de:10:43:
                    3c:90:5f:56:ba:a8:b5:e4:7a:b7:67:32:e4:88:b7:
                    67:a4:d1:b2:56:7f:c8:a0:9b:e2:b3:72:88:71:60:
                    5a:36:75:e6:df:2d:80:42:3a:0f:fb:c1:fc:98:42:
                    ca:91:f3:97:71:fe:e8:30:24:00:d6:75:01:5a:7e:
                    0b:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:EF:01:82:A7:D6:D1:CC:56:B0:D8:19:C5:7F:4B:60:AD:9F:C9:D0
            X509v3 Authority Key Identifier:
                keyid:F5:73:31:28:8D:90:8D:D7:62:E4:B5:6F:00:3B:44:8F:01:88:1D:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9XMxKI2Qjddi5LVvADtEjwGIHSQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/5abb3a-b1b6-4d70-b098-8aea1f68b79b/1/gu8BgqfW0cxWsNgZxX9LYK2fydA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/5abb3a-b1b6-4d70-b098-8aea1f68b79b/1/9XMxKI2Qjddi5LVvADtEjwGIHSQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.196.0/22
                IPv6:
                  2a0a:2540::/29

    Signature Algorithm: sha256WithRSAEncryption
         c9:ab:23:0b:08:58:d8:cd:be:11:e9:d0:f5:92:64:3c:42:83:
         36:67:3b:7f:ca:ab:bd:3c:e4:32:c1:96:31:55:35:4c:25:cc:
         c8:4b:6a:cf:5b:b6:8b:02:91:76:d9:c2:f7:15:aa:26:51:92:
         2c:24:a8:c3:01:37:ca:cb:bd:fa:b7:f5:7a:2f:82:8b:d5:df:
         f3:a9:39:8f:01:15:73:5a:8d:f7:b3:cd:50:c8:1e:93:2d:85:
         3b:4b:aa:e3:6a:91:ea:7d:a8:ef:3e:d9:2a:0a:63:79:bc:5b:
         c4:31:95:78:ea:af:8e:4a:d0:0d:b9:58:92:d8:c7:c8:69:e6:
         ea:2d:34:98:3f:05:96:63:e4:7b:4d:37:e1:01:c9:44:df:75:
         27:96:40:1b:d3:4d:23:25:68:89:11:1e:14:1b:e7:ea:2b:9f:
         22:9f:0d:67:46:e9:57:9d:25:61:e1:d9:be:3c:bf:13:25:78:
         09:87:93:48:89:8e:d4:0f:54:b8:6e:46:35:05:43:fb:c0:15:
         d4:6d:d4:b9:c3:89:10:20:3b:89:eb:dd:27:85:6c:6c:b3:45:
         73:e6:1b:6a:95:3a:ba:94:b8:33:de:08:94:f0:33:f6:0e:a2:
         b5:bc:80:28:b8:37:7b:7b:7d:26:36:4d:1e:4f:45:07:c5:be:
         66:0e:17:cd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAVQ4di7eeTlHPjCtuP/RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1NzMzMTI4OGQ5MDhkZDc2MmU0YjU2ZjAwM2I0NDhmMDE4
ODFkMjQwHhcNMjQwMTAxMTIzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmVmMDE4MmE3ZDZkMWNjNTZiMGQ4MTljNTdmNGI2MGFkOWZjOWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwd90w8c1hci0vTHPZ/X9ikdSYKd3
/IvDkTL90STWpdpphKDznnuDV6pWkNfu4k1Djz4+4QT+k66CKe29dhBAIhHkvAg4
sXvhhftRQS/edLyvZIZiU2ixUKc6UEJnl1Wp6Uw25482cKMfDQQBWhVIZicMjE+j
j4L609mKZW6t3IVsx9ZewdpzR9wAAYm/aXWixsqr5ERp6XuWijy9+eV4pIAS30Tm
lBKobmeANPCz1SctLoG7xMwtCFVWKZ7OAgbeEEM8kF9Wuqi15Hq3ZzLkiLdnpNGy
Vn/IoJvis3KIcWBaNnXm3y2AQjoP+8H8mELKkfOXcf7oMCQA1nUBWn4LVwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFILvAYKn1tHMVrDYGcV/S2Ctn8nQMB8GA1UdIwQY
MBaAFPVzMSiNkI3XYuS1bwA7RI8BiB0kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVhNeEtJMlFqZGRpNUxWdkFEdEVqd0dJSFNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy81YWJiM2EtYjFiNi00ZDcwLWIwOTgt
OGFlYTFmNjhiNzliLzEvZ3U4QmdxZlcwY3hXc05nWnhYOUxZSzJmeWRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy81YWJiM2EtYjFiNi00ZDcwLWIwOTgtOGFlYTFmNjhiNzli
LzEvOVhNeEtJMlFqZGRpNUxWdkFEdEVqd0dJSFNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCub/EMA0E
AgACMAcDBQMqCiVAMA0GCSqGSIb3DQEBCwUAA4IBAQDJqyMLCFjYzb4R6dD1kmQ8
QoM2Zzt/yqu9POQywZYxVTVMJczIS2rPW7aLApF22cL3FaomUZIsJKjDATfKy736
t/V6L4KL1d/zqTmPARVzWo33s81QyB6TLYU7S6rjapHqfajvPtkqCmN5vFvEMZV4
6q+OStANuViS2MfIaebqLTSYPwWWY+R7TTfhAclE33UnlkAb000jJWiJER4UG+fq
K58inw1nRulXnSVh4dm+PL8TJXgJh5NIiY7UD1S4bkY1BUP7wBXUbdS5w4kQIDuJ
690nhWxss0Vz5htqlTq6lLgz3giU8DP2DqK1vIAouDd7e30mNk0eT0UHxb5mDhfN
-----END CERTIFICATE-----