Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/857d9c-596e-4b89-9f1c-f92128be8b79/1/GD4xRGkK4GfFEwKtSl3jsCm-rJ4.roa
File:                     GD4xRGkK4GfFEwKtSl3jsCm-rJ4.roa (raw, json)
Hash identifier:          xm0ckSiwc8qyIKTRkB0OoVs2+sPp/Zt3n+yHJE2vics=
Subject key identifier:   18:3E:31:44:69:0A:E0:67:C5:13:02:AD:4A:5D:E3:B0:29:BE:AC:9E
Certificate issuer:       /CN=df7f5eb8817f2da97f665507683b5c45a74d0ca0
Certificate serial:       018CC86F10B62D6BA9E746D3D19549F8BD9E
Authority key identifier: DF:7F:5E:B8:81:7F:2D:A9:7F:66:55:07:68:3B:5C:45:A7:4D:0C:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/339euIF_Lal_ZlUHaDtcRadNDKA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/857d9c-596e-4b89-9f1c-f92128be8b79/1/GD4xRGkK4GfFEwKtSl3jsCm-rJ4.roa
Signing time:             Tue 02 Jan 2024 04:29:31 +0000
ROA not before:           Tue 02 Jan 2024 04:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35635
IP address blocks:        80.243.208.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/857d9c-596e-4b89-9f1c-f92128be8b79/1/339euIF_Lal_ZlUHaDtcRadNDKA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/857d9c-596e-4b89-9f1c-f92128be8b79/1/339euIF_Lal_ZlUHaDtcRadNDKA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/339euIF_Lal_ZlUHaDtcRadNDKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:10:b6:2d:6b:a9:e7:46:d3:d1:95:49:f8:bd:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df7f5eb8817f2da97f665507683b5c45a74d0ca0
        Validity
            Not Before: Jan  2 04:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=183e3144690ae067c51302ad4a5de3b029beac9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:2c:f2:f3:e2:bf:6a:19:b9:b5:8a:4a:79:a1:
                    a4:fd:f7:52:32:c2:2b:27:4c:25:38:cb:5a:51:fd:
                    42:3a:2d:06:dd:88:01:6f:19:b0:a3:54:27:f6:6b:
                    09:87:55:ae:09:3e:04:39:60:c7:f5:68:48:3d:73:
                    d1:35:03:04:e5:02:e8:5b:19:1e:5e:fd:6c:50:f5:
                    3e:47:ca:db:b3:52:32:33:08:d4:b1:e7:df:14:7f:
                    49:82:b6:e8:9c:4a:21:c7:d4:13:41:09:df:8c:12:
                    7d:e0:3d:e2:f1:3c:8e:dd:ec:0e:b4:76:a4:f8:a9:
                    3a:af:6e:fb:da:8a:80:b7:cc:41:48:6e:0f:9e:65:
                    b6:9e:14:ad:be:68:24:cd:ab:7f:c4:d8:f5:a9:40:
                    ac:63:c0:7f:5b:cd:82:a7:76:d6:91:ba:4a:ea:d0:
                    f4:89:59:d6:9d:6f:27:63:a1:15:29:0c:4b:5f:5a:
                    ae:d4:dc:4f:66:84:c9:4f:fe:d1:00:e0:67:e4:c0:
                    f1:65:97:32:c0:8b:71:2a:8c:ea:74:ab:a7:45:0c:
                    9f:bf:88:77:52:50:ff:21:e7:52:a0:27:ac:9b:21:
                    b7:67:6e:65:d3:7b:46:c7:ed:8d:c8:b6:15:8e:e6:
                    0c:98:24:bb:c7:89:64:90:ac:8c:18:41:e7:66:6d:
                    b4:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:3E:31:44:69:0A:E0:67:C5:13:02:AD:4A:5D:E3:B0:29:BE:AC:9E
            X509v3 Authority Key Identifier:
                keyid:DF:7F:5E:B8:81:7F:2D:A9:7F:66:55:07:68:3B:5C:45:A7:4D:0C:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/339euIF_Lal_ZlUHaDtcRadNDKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/857d9c-596e-4b89-9f1c-f92128be8b79/1/GD4xRGkK4GfFEwKtSl3jsCm-rJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/857d9c-596e-4b89-9f1c-f92128be8b79/1/339euIF_Lal_ZlUHaDtcRadNDKA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.243.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         23:15:36:77:b4:d4:ab:4a:2c:cd:0b:99:d9:cb:c3:8b:98:8a:
         f3:d3:2f:0a:a8:df:5b:a9:2d:ea:f7:12:d5:bf:70:72:40:bb:
         08:50:b9:d8:b4:55:1a:47:e8:97:30:84:45:de:d6:c3:da:5e:
         16:56:af:e2:27:7a:31:bb:52:0b:46:83:ae:02:83:cf:31:43:
         f4:a8:f3:9b:28:58:91:53:77:04:7c:e8:70:79:7b:3d:e6:77:
         95:9b:1f:96:07:73:f4:73:2b:3e:cc:68:be:78:ae:df:4d:4a:
         2f:50:5b:e6:46:92:28:0a:67:bd:08:5f:b1:a9:f4:ed:3e:f9:
         9e:b1:81:cc:12:4b:ae:61:27:22:71:0c:4c:0a:58:62:4e:08:
         4f:d3:a5:33:2a:1d:9c:c5:8f:39:46:0e:7b:e9:35:f8:2c:7c:
         ca:8c:b0:85:83:30:d6:27:2f:32:1f:5b:80:c9:94:3d:c7:66:
         89:a4:cb:0b:b3:1a:37:90:94:b2:27:82:ec:48:15:cf:29:1a:
         07:18:9f:7b:01:0e:45:f9:6c:55:63:1e:e5:03:5d:c4:26:0e:
         c5:52:44:f1:86:2a:de:ee:9e:b2:5d:f6:d0:7e:a4:1e:b4:4f:
         cd:df:6e:d5:10:ab:6a:0a:98:13:d3:88:00:29:eb:73:cf:09:
         4e:be:7a:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbxC2LWup50bT0ZVJ+L2eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmN2Y1ZWI4ODE3ZjJkYTk3ZjY2NTUwNzY4M2I1YzQ1YTc0
ZDBjYTAwHhcNMjQwMTAyMDQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODNlMzE0NDY5MGFlMDY3YzUxMzAyYWQ0YTVkZTNiMDI5YmVhYzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyzy8+K/ahm5tYpKeaGk/fdSMsIr
J0wlOMtaUf1COi0G3YgBbxmwo1Qn9msJh1WuCT4EOWDH9WhIPXPRNQME5QLoWxke
Xv1sUPU+R8rbs1IyMwjUseffFH9JgrbonEohx9QTQQnfjBJ94D3i8TyO3ewOtHak
+Kk6r2772oqAt8xBSG4PnmW2nhStvmgkzat/xNj1qUCsY8B/W82Cp3bWkbpK6tD0
iVnWnW8nY6EVKQxLX1qu1NxPZoTJT/7RAOBn5MDxZZcywItxKozqdKunRQyfv4h3
UlD/IedSoCesmyG3Z25l03tGx+2NyLYVjuYMmCS7x4lkkKyMGEHnZm208QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBg+MURpCuBnxRMCrUpd47ApvqyeMB8GA1UdIwQY
MBaAFN9/XriBfy2pf2ZVB2g7XEWnTQygMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzM5ZXVJRl9MYWxfWmxVSGFEdGNSYWROREtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC84NTdkOWMtNTk2ZS00Yjg5LTlmMWMt
ZjkyMTI4YmU4Yjc5LzEvR0Q0eFJHa0s0R2ZGRXdLdFNsM2pzQ20tcko0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC84NTdkOWMtNTk2ZS00Yjg5LTlmMWMtZjkyMTI4YmU4Yjc5
LzEvMzM5ZXVJRl9MYWxfWmxVSGFEdGNSYWROREtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUPPQMA0G
CSqGSIb3DQEBCwUAA4IBAQAjFTZ3tNSrSizNC5nZy8OLmIrz0y8KqN9bqS3q9xLV
v3ByQLsIULnYtFUaR+iXMIRF3tbD2l4WVq/iJ3oxu1ILRoOuAoPPMUP0qPObKFiR
U3cEfOhweXs95neVmx+WB3P0cys+zGi+eK7fTUovUFvmRpIoCme9CF+xqfTtPvme
sYHMEkuuYScicQxMClhiTghP06UzKh2cxY85Rg576TX4LHzKjLCFgzDWJy8yH1uA
yZQ9x2aJpMsLsxo3kJSyJ4LsSBXPKRoHGJ97AQ5F+WxVYx7lA13EJg7FUkTxhire
7p6yXfbQfqQetE/N327VEKtqCpgT04gAKetzzwlOvnoG
-----END CERTIFICATE-----