Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/gxlNBg5J2bUH0tV0APYjP0IjwiM.roa
File:                     gxlNBg5J2bUH0tV0APYjP0IjwiM.roa (raw, json)
Hash identifier:          FTkJHSgP8RtgoiI8ejcg25mn/yKKjBe1XL9lFa+flSs=
Subject key identifier:   83:19:4D:06:0E:49:D9:B5:07:D2:D5:74:00:F6:23:3F:42:23:C2:23
Certificate issuer:       /CN=9f0743496c7ff3effb870601139cad9d2f271e10
Certificate serial:       018CC500DF45D5FB9D5F6B393B1B87A515B6
Authority key identifier: 9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/gxlNBg5J2bUH0tV0APYjP0IjwiM.roa
Signing time:             Mon 01 Jan 2024 12:30:17 +0000
ROA not before:           Mon 01 Jan 2024 12:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40676
IP address blocks:        185.92.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:df:45:d5:fb:9d:5f:6b:39:3b:1b:87:a5:15:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0743496c7ff3effb870601139cad9d2f271e10
        Validity
            Not Before: Jan  1 12:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83194d060e49d9b507d2d57400f6233f4223c223
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:96:65:d5:74:59:b6:fa:f2:a9:66:bb:38:bb:
                    d1:93:f3:31:07:53:1b:d3:b2:73:b5:da:d2:fc:23:
                    1a:61:5a:37:f7:56:d5:c5:13:09:e0:5f:ae:70:01:
                    85:6f:f1:22:63:f9:3d:b4:0b:a3:69:41:19:10:fc:
                    e1:33:54:3f:bb:92:b8:68:b4:07:55:4e:7b:0e:bc:
                    77:a6:12:f7:f7:ee:62:f2:5a:5d:be:ab:77:de:69:
                    e2:45:dc:f5:cc:2e:ef:32:00:c7:a9:72:1f:10:55:
                    e4:57:1a:5b:52:f8:41:57:fa:a2:65:82:3b:66:fc:
                    c9:c3:58:b2:5b:f1:ed:8c:de:c5:4f:99:dc:e7:b0:
                    50:48:37:38:10:5b:67:64:34:62:05:3b:51:4d:26:
                    6d:13:7b:b5:8f:11:08:2f:2e:f6:42:2d:af:19:67:
                    77:8c:fb:ed:ce:b0:7d:e2:f1:2d:2c:aa:0f:0a:df:
                    77:29:90:a9:c9:13:c0:f9:e4:08:ea:0d:39:ec:7d:
                    e6:da:50:44:f3:95:6d:00:2a:53:53:2d:86:08:ed:
                    e5:2b:76:51:a8:48:85:2f:f8:5a:83:a4:30:df:48:
                    d7:b2:2c:1d:60:5b:68:04:ba:d0:af:fc:cc:5a:cd:
                    95:43:63:d9:84:d8:e5:96:d0:32:8e:5c:06:9e:6d:
                    0c:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:19:4D:06:0E:49:D9:B5:07:D2:D5:74:00:F6:23:3F:42:23:C2:23
            X509v3 Authority Key Identifier:
                keyid:9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/gxlNBg5J2bUH0tV0APYjP0IjwiM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.92.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:f9:93:df:09:03:e5:64:c3:8e:2a:85:f3:be:fc:96:aa:87:
         9e:ab:32:50:82:d7:f0:52:66:76:6b:f7:a6:50:4f:36:d7:87:
         bd:b4:da:fd:2c:4c:99:53:55:9b:78:d4:7f:d6:04:7b:4b:e3:
         47:f7:45:db:df:19:c1:0b:9d:bd:5d:a2:94:c0:99:18:e2:b2:
         d8:73:46:53:0a:3a:54:f3:5b:2c:18:f4:f5:5f:79:3a:35:c9:
         4e:57:c8:24:6b:93:af:a0:4f:33:bd:1a:59:f3:bf:73:b8:99:
         64:3d:35:01:97:02:d3:c6:b1:3f:6d:18:c9:4f:67:30:8f:dc:
         84:3f:92:e2:02:a5:e4:f4:7e:ef:e4:07:44:bb:57:d0:13:13:
         6d:d9:41:fe:6c:a9:dc:ed:6a:f5:a4:c2:97:f2:62:0c:7f:80:
         93:04:88:33:5f:ee:8e:cf:20:46:7a:b1:13:a3:53:81:38:83:
         65:94:0f:40:67:e3:79:a1:44:af:89:ee:90:dc:c4:57:37:b4:
         55:49:86:1f:ae:91:bb:a6:e2:05:a4:ee:ad:be:96:e0:9f:f1:
         3d:d6:c5:e2:d6:11:a8:e6:f1:ce:57:83:3c:ad:80:1d:50:e2:
         88:85:7e:da:d7:20:1c:ed:0a:f9:41:68:03:ea:04:90:52:f4:
         9d:9e:d4:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAN9F1fudX2s5OxuHpRW2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMDc0MzQ5NmM3ZmYzZWZmYjg3MDYwMTEzOWNhZDlkMmYy
NzFlMTAwHhcNMjQwMTAxMTIzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzE5NGQwNjBlNDlkOWI1MDdkMmQ1NzQwMGY2MjMzZjQyMjNjMjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJZl1XRZtvryqWa7OLvRk/MxB1Mb
07JztdrS/CMaYVo391bVxRMJ4F+ucAGFb/EiY/k9tAujaUEZEPzhM1Q/u5K4aLQH
VU57Drx3phL39+5i8lpdvqt33mniRdz1zC7vMgDHqXIfEFXkVxpbUvhBV/qiZYI7
ZvzJw1iyW/HtjN7FT5nc57BQSDc4EFtnZDRiBTtRTSZtE3u1jxEILy72Qi2vGWd3
jPvtzrB94vEtLKoPCt93KZCpyRPA+eQI6g057H3m2lBE85VtACpTUy2GCO3lK3ZR
qEiFL/hag6Qw30jXsiwdYFtoBLrQr/zMWs2VQ2PZhNjlltAyjlwGnm0MewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIMZTQYOSdm1B9LVdAD2Iz9CI8IjMB8GA1UdIwQY
MBaAFJ8HQ0lsf/Pv+4cGAROcrZ0vJx4QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2Mt
NjM0MTEzNjdkOTBhLzEvZ3hsTkJnNUoyYlVIMHRWMEFQWWpQMElqd2lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2MtNjM0MTEzNjdkOTBh
LzEvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVwYMA0G
CSqGSIb3DQEBCwUAA4IBAQB4+ZPfCQPlZMOOKoXzvvyWqoeeqzJQgtfwUmZ2a/em
UE8214e9tNr9LEyZU1WbeNR/1gR7S+NH90Xb3xnBC529XaKUwJkY4rLYc0ZTCjpU
81ssGPT1X3k6NclOV8gka5OvoE8zvRpZ879zuJlkPTUBlwLTxrE/bRjJT2cwj9yE
P5LiAqXk9H7v5AdEu1fQExNt2UH+bKnc7Wr1pMKX8mIMf4CTBIgzX+6OzyBGerET
o1OBOINllA9AZ+N5oUSvie6Q3MRXN7RVSYYfrpG7puIFpO6tvpbgn/E91sXi1hGo
5vHOV4M8rYAdUOKIhX7a1yAc7Qr5QWgD6gSQUvSdntRR
-----END CERTIFICATE-----