Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/gGGcG4uttYts3x8BvsdJpUzxF-4.roa
File:                     gGGcG4uttYts3x8BvsdJpUzxF-4.roa (raw, json)
Hash identifier:          UMnx2rXcBW89Pc50XJtvN/p8T4qXKhsgnGKjtkI1aDo=
Subject key identifier:   80:61:9C:1B:8B:AD:B5:8B:6C:DF:1F:01:BE:C7:49:A5:4C:F1:17:EE
Certificate issuer:       /CN=dc11daefaff81c7e501278d87d9bc2b204d71155
Certificate serial:       018F19B39FDF8AA6D9C51FD8D0C372D76262
Authority key identifier: DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/gGGcG4uttYts3x8BvsdJpUzxF-4.roa
Signing time:             Fri 26 Apr 2024 09:19:13 +0000
ROA not before:           Fri 26 Apr 2024 09:19:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        94.154.44.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 11:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:19:b3:9f:df:8a:a6:d9:c5:1f:d8:d0:c3:72:d7:62:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc11daefaff81c7e501278d87d9bc2b204d71155
        Validity
            Not Before: Apr 26 09:19:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80619c1b8badb58b6cdf1f01bec749a54cf117ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:a5:f0:fa:1b:16:ef:0e:95:2f:4e:5d:74:e3:
                    49:e5:7a:1b:79:da:a5:44:c2:9b:2d:9a:6c:a8:47:
                    50:15:19:9d:2c:77:d4:f3:6d:6a:0d:34:4f:e7:df:
                    b1:79:21:30:20:e8:de:07:8a:bb:a9:92:62:b3:ce:
                    13:9e:00:a3:da:8b:ab:4d:16:a6:b9:4f:fb:56:62:
                    69:ed:23:7e:b5:bc:8e:3c:dc:a2:e7:f6:56:11:8b:
                    0a:aa:0d:bc:81:ff:cc:5a:11:7b:83:b5:ab:7c:71:
                    7b:7f:9d:bb:6a:cb:cd:5d:2c:1b:8d:e1:7b:dc:90:
                    cb:c1:f0:71:96:d3:f8:ab:10:2e:c1:a1:77:87:01:
                    84:53:5f:80:5e:88:cb:08:89:f6:00:e9:2e:53:ad:
                    67:80:06:ff:c7:68:1f:7e:18:93:79:26:c1:eb:31:
                    03:f0:75:59:7a:ad:59:96:9c:d1:a0:0c:c4:5b:3a:
                    45:00:68:1d:e2:23:f7:d2:99:8a:42:67:71:fe:ff:
                    2a:a8:93:0d:0c:d5:f3:db:ef:fc:ff:9a:6f:69:25:
                    bd:f4:39:31:c6:b2:5d:94:e6:5f:31:e7:2d:8d:9f:
                    59:ab:36:bb:b3:ba:70:9b:f4:16:2c:d2:e2:fa:15:
                    c7:9e:c7:2d:0d:aa:d6:e1:f3:cc:1b:e4:f6:6c:5e:
                    05:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:61:9C:1B:8B:AD:B5:8B:6C:DF:1F:01:BE:C7:49:A5:4C:F1:17:EE
            X509v3 Authority Key Identifier:
                keyid:DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/gGGcG4uttYts3x8BvsdJpUzxF-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:5c:f8:ad:f8:10:a1:74:0c:69:7a:41:b2:a5:ed:e2:18:b0:
         b8:59:b7:5d:a1:e4:d0:c6:6d:b5:73:ca:ff:6e:75:a9:67:fe:
         31:95:39:76:0f:c6:95:7e:db:df:c0:5e:43:50:79:04:b3:fe:
         f8:7b:2e:41:2f:3b:e5:9e:25:f7:db:21:bf:ab:f2:96:ec:7c:
         28:54:18:0c:d3:92:cf:01:58:46:98:8e:55:10:cc:d3:7c:8c:
         43:63:d8:d5:8f:de:d8:34:91:1b:2f:2f:4d:f2:dc:7b:09:f2:
         f9:0d:83:01:dc:93:6a:cc:fd:02:7a:5b:76:51:95:2c:a5:0c:
         37:33:16:b2:21:e8:80:de:e9:cf:6c:c2:51:06:c7:aa:48:bd:
         37:74:1f:58:10:c1:a9:d8:f9:fd:30:a2:86:cd:ba:3d:72:a9:
         16:f2:c0:51:75:b9:7a:88:5d:51:46:c8:55:81:fe:a7:d1:7a:
         a4:40:ee:23:2a:b3:ba:6b:8b:65:e9:f2:c6:51:5a:3a:f5:29:
         b8:83:8e:6c:ff:08:45:51:bb:be:2d:5e:dc:f1:a3:77:e7:93:
         66:c0:16:9d:bc:11:77:8a:b8:ff:16:26:e6:9a:f9:25:a7:3d:
         6f:a3:70:dc:67:4f:65:e4:16:25:ed:31:1c:d6:26:f5:c7:87:
         6e:9b:da:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8Zs5/fiqbZxR/Y0MNy12JiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMTFkYWVmYWZmODFjN2U1MDEyNzhkODdkOWJjMmIyMDRk
NzExNTUwHhcNMjQwNDI2MDkxOTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDYxOWMxYjhiYWRiNThiNmNkZjFmMDFiZWM3NDlhNTRjZjExN2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKXw+hsW7w6VL05ddONJ5Xobedql
RMKbLZpsqEdQFRmdLHfU821qDTRP59+xeSEwIOjeB4q7qZJis84TngCj2ourTRam
uU/7VmJp7SN+tbyOPNyi5/ZWEYsKqg28gf/MWhF7g7WrfHF7f527asvNXSwbjeF7
3JDLwfBxltP4qxAuwaF3hwGEU1+AXojLCIn2AOkuU61ngAb/x2gffhiTeSbB6zED
8HVZeq1ZlpzRoAzEWzpFAGgd4iP30pmKQmdx/v8qqJMNDNXz2+/8/5pvaSW99Dkx
xrJdlOZfMectjZ9Zqza7s7pwm/QWLNLi+hXHnsctDarW4fPMG+T2bF4FewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIBhnBuLrbWLbN8fAb7HSaVM8RfuMB8GA1UdIwQY
MBaAFNwR2u+v+Bx+UBJ42H2bwrIE1xFVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYt
NjUyNDljYmM1NzNjLzEvZ0dHY0c0dXR0WXRzM3g4QnZzZEpwVXp4Ri00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYtNjUyNDljYmM1NzNj
LzEvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXposMA0G
CSqGSIb3DQEBCwUAA4IBAQAWXPit+BChdAxpekGype3iGLC4WbddoeTQxm21c8r/
bnWpZ/4xlTl2D8aVftvfwF5DUHkEs/74ey5BLzvlniX32yG/q/KW7HwoVBgM05LP
AVhGmI5VEMzTfIxDY9jVj97YNJEbLy9N8tx7CfL5DYMB3JNqzP0Celt2UZUspQw3
MxayIeiA3unPbMJRBseqSL03dB9YEMGp2Pn9MKKGzbo9cqkW8sBRdbl6iF1RRshV
gf6n0XqkQO4jKrO6a4tl6fLGUVo69Sm4g45s/whFUbu+LV7c8aN355NmwBadvBF3
irj/Fibmmvklpz1vo3DcZ09l5BYl7TEc1ib1x4dum9pd
-----END CERTIFICATE-----