Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/368a8d-eff2-49c2-a963-a1861e53544d/1/gV6A4z183QZs5jUD0HFeTNH7IGE.roa
File:                     gV6A4z183QZs5jUD0HFeTNH7IGE.roa (raw, json)
Hash identifier:          2AbNM6cxcfwhY8ZITxaBLu+Y0g7qmqm5aGOZWOuIodQ=
Subject key identifier:   81:5E:80:E3:3D:7C:DD:06:6C:E6:35:03:D0:71:5E:4C:D1:FB:20:61
Certificate issuer:       /CN=b8d3ecb8f711e0b92b505b8a0f7a5ee042291395
Certificate serial:       018CC4254294E398F2290BFBC55990F6BCAC
Authority key identifier: B8:D3:EC:B8:F7:11:E0:B9:2B:50:5B:8A:0F:7A:5E:E0:42:29:13:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uNPsuPcR4LkrUFuKD3pe4EIpE5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/368a8d-eff2-49c2-a963-a1861e53544d/1/gV6A4z183QZs5jUD0HFeTNH7IGE.roa
Signing time:             Mon 01 Jan 2024 08:30:25 +0000
ROA not before:           Mon 01 Jan 2024 08:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58909
IP address blocks:        188.42.96.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/368a8d-eff2-49c2-a963-a1861e53544d/1/uNPsuPcR4LkrUFuKD3pe4EIpE5U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/368a8d-eff2-49c2-a963-a1861e53544d/1/uNPsuPcR4LkrUFuKD3pe4EIpE5U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uNPsuPcR4LkrUFuKD3pe4EIpE5U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 07:02:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:42:94:e3:98:f2:29:0b:fb:c5:59:90:f6:bc:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8d3ecb8f711e0b92b505b8a0f7a5ee042291395
        Validity
            Not Before: Jan  1 08:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=815e80e33d7cdd066ce63503d0715e4cd1fb2061
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:4e:e0:06:6f:0a:dd:61:40:5b:dd:0f:0a:60:
                    6d:fc:ac:71:70:3a:81:0f:58:66:65:fe:3f:0a:d2:
                    80:e9:1a:88:90:66:7f:09:9a:96:96:d3:75:c9:a7:
                    da:20:b5:13:7d:a9:5c:b9:b1:0d:a3:5e:3c:b8:ea:
                    c1:0d:5e:62:53:f3:fe:7a:29:24:09:ed:4c:52:69:
                    ea:87:57:71:d8:e9:d7:18:29:14:8b:7f:96:8e:cb:
                    38:ab:fe:48:19:54:8a:3a:dd:cd:d2:34:75:bd:d4:
                    3e:92:0e:c6:1f:07:da:e5:b8:27:4f:ea:99:c8:2b:
                    e9:11:2c:c2:a8:73:5a:f7:04:9f:2f:28:5b:48:ac:
                    62:6c:d2:7d:e8:7c:8f:5b:4e:f1:7b:a4:71:a3:d8:
                    8e:23:1a:88:46:99:05:12:56:e6:d8:46:0c:82:ba:
                    1a:e7:12:e3:ca:55:c1:72:c9:da:cf:74:a3:d1:45:
                    18:fa:75:f5:51:44:dd:19:11:08:60:61:56:7d:21:
                    f4:ab:30:5f:17:e0:27:dd:db:7a:fc:9c:68:46:da:
                    61:6c:c9:42:a5:54:79:92:fe:66:24:52:43:b1:36:
                    31:41:05:ab:50:39:4d:3a:d1:0a:cc:be:de:e9:e0:
                    ee:5a:ae:42:6f:d4:8c:0a:29:bf:18:4e:ea:ae:79:
                    cc:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:5E:80:E3:3D:7C:DD:06:6C:E6:35:03:D0:71:5E:4C:D1:FB:20:61
            X509v3 Authority Key Identifier:
                keyid:B8:D3:EC:B8:F7:11:E0:B9:2B:50:5B:8A:0F:7A:5E:E0:42:29:13:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uNPsuPcR4LkrUFuKD3pe4EIpE5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/368a8d-eff2-49c2-a963-a1861e53544d/1/gV6A4z183QZs5jUD0HFeTNH7IGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/368a8d-eff2-49c2-a963-a1861e53544d/1/uNPsuPcR4LkrUFuKD3pe4EIpE5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.42.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7e:50:40:32:e9:78:06:38:90:15:cc:06:79:62:4c:49:8c:7e:
         1b:2f:3f:ab:6f:83:dc:53:86:f8:45:f6:c8:48:f0:be:d9:95:
         45:10:41:eb:a1:50:bb:84:81:f7:be:c7:8d:5f:4b:d7:a8:2a:
         96:1a:2b:f3:73:6a:e0:86:7e:2c:4d:02:da:62:91:20:e9:46:
         60:81:bd:fb:85:56:c1:56:8f:5b:2b:42:a6:69:06:f3:79:4a:
         3f:84:b5:7e:3b:ce:72:22:1b:87:ec:5b:6f:35:0e:77:13:42:
         61:f7:cc:ca:72:71:66:50:f0:14:db:92:26:6e:4a:c6:4f:89:
         c2:cc:3d:8b:71:dc:0d:73:be:da:7f:2f:08:c5:40:9e:62:b2:
         f2:59:48:21:17:80:fd:49:3e:75:6e:a7:e3:24:8f:6d:9d:26:
         f5:1f:e4:f7:de:98:70:40:5c:cb:bd:5f:61:aa:93:5c:67:64:
         ac:13:fe:cc:ba:33:99:e7:2f:99:14:a1:bf:19:87:87:86:82:
         61:eb:67:50:4f:af:0b:b1:5b:8a:14:3d:7b:89:18:85:11:e8:
         a1:4b:dd:46:d5:a5:06:44:f5:cc:47:73:60:07:9f:80:81:6c:
         19:26:1b:88:82:2c:c5:d1:bb:fe:a8:73:0e:a4:ee:cb:c5:92:
         4b:2b:f9:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJUKU45jyKQv7xVmQ9rysMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4ZDNlY2I4ZjcxMWUwYjkyYjUwNWI4YTBmN2E1ZWUwNDIy
OTEzOTUwHhcNMjQwMTAxMDgzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTVlODBlMzNkN2NkZDA2NmNlNjM1MDNkMDcxNWU0Y2QxZmIyMDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhE7gBm8K3WFAW90PCmBt/KxxcDqB
D1hmZf4/CtKA6RqIkGZ/CZqWltN1yafaILUTfalcubENo148uOrBDV5iU/P+eikk
Ce1MUmnqh1dx2OnXGCkUi3+Wjss4q/5IGVSKOt3N0jR1vdQ+kg7GHwfa5bgnT+qZ
yCvpESzCqHNa9wSfLyhbSKxibNJ96HyPW07xe6Rxo9iOIxqIRpkFElbm2EYMgroa
5xLjylXBcsnaz3Sj0UUY+nX1UUTdGREIYGFWfSH0qzBfF+An3dt6/JxoRtphbMlC
pVR5kv5mJFJDsTYxQQWrUDlNOtEKzL7e6eDuWq5Cb9SMCim/GE7qrnnMPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIFegOM9fN0GbOY1A9BxXkzR+yBhMB8GA1UdIwQY
MBaAFLjT7Lj3EeC5K1Bbig96XuBCKROVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU5Qc3VQY1I0TGtyVUZ1S0QzcGU0RUlwRTVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zNjhhOGQtZWZmMi00OWMyLWE5NjMt
YTE4NjFlNTM1NDRkLzEvZ1Y2QTR6MTgzUVpzNWpVRDBIRmVUTkg3SUdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8zNjhhOGQtZWZmMi00OWMyLWE5NjMtYTE4NjFlNTM1NDRk
LzEvdU5Qc3VQY1I0TGtyVUZ1S0QzcGU0RUlwRTVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBvCpgMA0G
CSqGSIb3DQEBCwUAA4IBAQB+UEAy6XgGOJAVzAZ5YkxJjH4bLz+rb4PcU4b4RfbI
SPC+2ZVFEEHroVC7hIH3vseNX0vXqCqWGivzc2rghn4sTQLaYpEg6UZggb37hVbB
Vo9bK0KmaQbzeUo/hLV+O85yIhuH7FtvNQ53E0Jh98zKcnFmUPAU25ImbkrGT4nC
zD2LcdwNc77afy8IxUCeYrLyWUghF4D9ST51bqfjJI9tnSb1H+T33phwQFzLvV9h
qpNcZ2SsE/7MujOZ5y+ZFKG/GYeHhoJh62dQT68LsVuKFD17iRiFEeihS91G1aUG
RPXMR3NgB5+AgWwZJhuIgizF0bv+qHMOpO7LxZJLK/n1
-----END CERTIFICATE-----