Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/gdysErM6mUKPV5y0qXDfJYaKs7c.roa
File:                     gdysErM6mUKPV5y0qXDfJYaKs7c.roa (raw, json)
Hash identifier:          gQXQtxTOiQ3WanX94sA65rTDhydiozAnSrZL/WLCFZ4=
Subject key identifier:   81:DC:AC:12:B3:3A:99:42:8F:57:9C:B4:A9:70:DF:25:86:8A:B3:B7
Certificate issuer:       /CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
Certificate serial:       018CCA2A9D696FE2B6426390949B6B33A9F7
Authority key identifier: 5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/gdysErM6mUKPV5y0qXDfJYaKs7c.roa
Signing time:             Tue 02 Jan 2024 12:33:59 +0000
ROA not before:           Tue 02 Jan 2024 12:33:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48076
IP address blocks:        185.62.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:9d:69:6f:e2:b6:42:63:90:94:9b:6b:33:a9:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
        Validity
            Not Before: Jan  2 12:33:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81dcac12b33a99428f579cb4a970df25868ab3b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:8a:f7:32:70:7d:cf:15:1d:a7:ae:a4:9f:e8:
                    74:53:67:25:84:79:33:62:22:9e:07:e9:fe:a4:17:
                    b6:80:8c:84:65:93:6a:25:4b:ce:3c:ff:e0:e5:4a:
                    a9:8a:98:c0:01:cd:ce:20:6f:39:9d:5e:bf:a8:07:
                    a4:4a:82:5b:51:4a:06:a8:69:ce:c1:da:95:be:80:
                    e7:e6:d7:4b:4b:ff:e8:46:8f:93:9e:59:38:c2:d6:
                    87:e2:5f:70:58:0f:cd:97:94:83:ab:1a:39:fa:9a:
                    6d:ac:a0:68:7e:fc:d0:30:59:e5:81:73:3a:a8:9f:
                    d3:9b:e7:b6:ef:e1:b5:e4:af:46:c1:7a:76:66:e8:
                    e3:a8:dd:5b:8f:b4:90:cd:30:f1:de:3d:3c:9a:73:
                    22:39:77:b0:6c:4f:23:9b:b8:d9:12:42:55:d4:da:
                    22:c9:c0:0b:e1:3e:7a:c6:d7:c3:0a:82:3d:df:97:
                    b6:78:f0:40:5c:4c:ae:e0:59:a6:bc:fb:da:f8:ed:
                    cb:90:b2:73:54:80:61:6b:16:c7:5e:e2:42:4a:18:
                    05:f9:8f:fc:42:53:87:3c:e2:75:ea:fa:ba:18:cf:
                    eb:3a:62:70:12:7f:8a:ae:a3:e3:ed:d4:d0:cc:c5:
                    96:c5:8e:13:41:6f:38:7a:40:33:51:f9:f8:7e:55:
                    67:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:DC:AC:12:B3:3A:99:42:8F:57:9C:B4:A9:70:DF:25:86:8A:B3:B7
            X509v3 Authority Key Identifier:
                keyid:5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/gdysErM6mUKPV5y0qXDfJYaKs7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.62.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:e6:5a:24:86:7f:d7:11:9e:84:14:d5:6b:6f:48:c1:5d:fc:
         40:4b:7d:ef:9d:cb:ec:6a:7c:c0:c9:f3:6e:7c:6e:a1:5e:b9:
         a8:61:dd:09:5a:5e:dc:a6:71:7c:d3:a5:7e:94:38:9e:94:f9:
         22:8e:91:ea:ac:4a:eb:c8:b4:0b:4a:de:d8:88:d0:a8:85:4e:
         f0:bf:a2:95:92:c7:fe:b6:e2:52:0a:e5:b1:35:40:7d:8e:24:
         33:b3:95:b9:1d:25:11:68:79:d4:9b:84:7b:90:ed:4c:57:13:
         fa:e3:8b:30:52:66:66:19:bf:fe:12:49:dc:5a:7d:42:d2:34:
         30:20:1e:b0:62:35:46:27:0c:1b:0d:25:05:fe:f7:b0:0f:60:
         13:18:d4:c0:72:ad:24:94:47:7b:67:4c:60:8f:b5:62:2e:b1:
         96:78:ad:57:13:ad:f2:89:ab:5d:29:4d:68:7c:6e:b8:cf:cc:
         8a:3a:39:b8:d7:08:f5:a6:3b:0d:b5:9f:02:08:97:06:0e:a1:
         9e:b6:c2:90:86:65:6a:87:1d:8c:c3:19:12:b7:8e:3d:57:7b:
         80:2d:c8:a9:3b:5a:6f:d4:3c:cf:6e:01:db:7c:26:1f:c5:eb:
         a2:2e:2a:e5:69:10:c9:21:9b:9f:23:f5:ea:b6:85:51:57:2e:
         78:d0:0f:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKp1pb+K2QmOQlJtrM6n3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTQzMmE0ZWMzYjBhYzRjYTRlNGVjZWMwZTlmNGQ0NmI0
OTdhZjAwHhcNMjQwMTAyMTIzMzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWRjYWMxMmIzM2E5OTQyOGY1NzljYjRhOTcwZGYyNTg2OGFiM2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnYr3MnB9zxUdp66kn+h0U2clhHkz
YiKeB+n+pBe2gIyEZZNqJUvOPP/g5UqpipjAAc3OIG85nV6/qAekSoJbUUoGqGnO
wdqVvoDn5tdLS//oRo+Tnlk4wtaH4l9wWA/Nl5SDqxo5+pptrKBofvzQMFnlgXM6
qJ/Tm+e27+G15K9GwXp2ZujjqN1bj7SQzTDx3j08mnMiOXewbE8jm7jZEkJV1Noi
ycAL4T56xtfDCoI935e2ePBAXEyu4FmmvPva+O3LkLJzVIBhaxbHXuJCShgF+Y/8
QlOHPOJ16vq6GM/rOmJwEn+KrqPj7dTQzMWWxY4TQW84ekAzUfn4flVncwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIHcrBKzOplCj1ectKlw3yWGirO3MB8GA1UdIwQY
MBaAFF2kMqTsOwrEyk5OzsDp9NRrSXrwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFReXBPdzdDc1RLVGs3T3dPbjAxR3RKZXZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85ZTg0N2YtNDE0Ni00NTY2LThjM2Ut
MWJhNTQzZWVhZWQ3LzEvZ2R5c0VyTTZtVUtQVjV5MHFYRGZKWWFLczdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85ZTg0N2YtNDE0Ni00NTY2LThjM2UtMWJhNTQzZWVhZWQ3
LzEvWGFReXBPdzdDc1RLVGs3T3dPbjAxR3RKZXZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuT5mMA0G
CSqGSIb3DQEBCwUAA4IBAQBX5lokhn/XEZ6EFNVrb0jBXfxAS33vncvsanzAyfNu
fG6hXrmoYd0JWl7cpnF806V+lDielPkijpHqrErryLQLSt7YiNCohU7wv6KVksf+
tuJSCuWxNUB9jiQzs5W5HSURaHnUm4R7kO1MVxP644swUmZmGb/+EkncWn1C0jQw
IB6wYjVGJwwbDSUF/vewD2ATGNTAcq0klEd7Z0xgj7ViLrGWeK1XE63yiatdKU1o
fG64z8yKOjm41wj1pjsNtZ8CCJcGDqGetsKQhmVqhx2MwxkSt449V3uALcipO1pv
1DzPbgHbfCYfxeuiLirlaRDJIZufI/XqtoVRVy540A9R
-----END CERTIFICATE-----