Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/0Gf6nO0zFfsNIUZpv_O6FL30kdU.roa
File:                     0Gf6nO0zFfsNIUZpv_O6FL30kdU.roa (raw, json)
Hash identifier:          c4Shq2fDCtxBJs28xbcCy/1LNUI1wg5TDWPttX1Df24=
Subject key identifier:   D0:67:FA:9C:ED:33:15:FB:0D:21:46:69:BF:F3:BA:14:BD:F4:91:D5
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018F111E49F048E6135E97C28509D9DE5989
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/0Gf6nO0zFfsNIUZpv_O6FL30kdU.roa
Signing time:             Wed 24 Apr 2024 17:19:08 +0000
ROA not before:           Wed 24 Apr 2024 17:19:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        77.83.32.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:11:1e:49:f0:48:e6:13:5e:97:c2:85:09:d9:de:59:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Apr 24 17:19:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d067fa9ced3315fb0d214669bff3ba14bdf491d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:68:d9:b8:cd:09:51:9f:fd:72:eb:30:01:db:
                    0f:4b:af:c8:28:ca:2d:d9:2b:75:8e:f5:be:73:bf:
                    5c:fc:35:af:ac:be:11:59:2f:21:a4:b8:48:52:1d:
                    63:53:84:e8:40:fe:3a:f9:12:a1:75:ae:5b:6e:f4:
                    8a:56:2b:95:cd:b9:bc:2f:5e:4a:c1:ca:c7:2e:7f:
                    4d:bc:18:d8:ac:fd:fe:1f:81:69:90:f8:7f:a5:63:
                    06:9a:0c:48:ca:5f:06:59:d2:49:96:42:f7:49:29:
                    14:b3:08:65:47:5b:d1:fe:17:dc:12:85:fb:a9:80:
                    3b:f0:66:ca:8d:47:52:7b:46:c4:03:81:38:f6:55:
                    1c:65:f5:2d:ac:04:f9:c1:39:7e:49:23:f3:6e:b9:
                    47:f2:a3:d1:69:b4:fe:2e:00:ff:eb:ae:9b:1b:bd:
                    93:53:d7:2b:ca:3b:74:b9:25:cc:13:db:dd:91:c1:
                    8f:ea:ef:c6:be:8d:d8:5e:b0:42:3b:34:0f:f4:ce:
                    36:74:03:f4:7c:3b:33:ea:35:d4:4e:6b:86:4e:87:
                    af:df:34:c9:48:fb:31:f8:cc:6b:d4:91:5c:04:fc:
                    44:84:a1:a0:38:64:af:79:ca:60:93:ec:bc:f1:16:
                    f5:37:7d:00:7a:57:94:0a:f8:bc:5a:52:c6:26:6d:
                    82:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:67:FA:9C:ED:33:15:FB:0D:21:46:69:BF:F3:BA:14:BD:F4:91:D5
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/0Gf6nO0zFfsNIUZpv_O6FL30kdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:17:1b:89:a6:7c:bb:f4:b6:64:81:e9:43:0a:fb:66:bf:a7:
         3c:dc:6a:07:f1:cb:af:3e:cb:b3:d4:99:d4:7a:c0:d4:85:ed:
         fa:26:29:e8:d8:f7:df:5e:4f:4f:ac:4b:cc:b4:b6:fe:31:5e:
         1b:89:4d:60:21:7d:cc:93:c9:9f:2c:fa:c7:db:43:5e:34:87:
         3a:b9:4b:e1:5a:be:47:35:2a:26:ed:c3:e3:1e:b2:91:9e:77:
         87:59:ed:31:40:91:b6:ce:fd:33:7a:34:c3:6a:f2:a3:98:e6:
         6f:4d:36:e8:39:f5:77:a6:c5:1a:83:76:f2:ed:c9:b2:cb:89:
         a5:df:a4:33:1f:8d:b6:6e:b2:01:76:b1:c6:d2:5c:4f:4a:47:
         84:3c:e4:ed:6f:a3:e5:98:d1:a1:2a:ad:0c:e2:7a:1d:ec:19:
         85:2b:a2:18:ad:11:51:ad:50:ca:ec:16:02:bf:08:05:64:53:
         87:32:d0:5f:46:15:cb:ef:57:ca:06:6d:54:af:5e:0e:0b:50:
         89:f9:76:4f:07:1a:2c:9b:2c:f9:c5:8d:9c:56:32:02:12:0d:
         80:18:24:df:f0:db:59:82:d0:8f:80:f9:be:7a:44:82:c9:1a:
         a8:0b:db:fe:7b:17:c5:0e:8b:4d:80:56:e6:66:f7:59:5e:a2:
         ee:29:78:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8RHknwSOYTXpfChQnZ3lmJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwNDI0MTcxOTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDY3ZmE5Y2VkMzMxNWZiMGQyMTQ2NjliZmYzYmExNGJkZjQ5MWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2jZuM0JUZ/9cuswAdsPS6/IKMot
2St1jvW+c79c/DWvrL4RWS8hpLhIUh1jU4ToQP46+RKhda5bbvSKViuVzbm8L15K
wcrHLn9NvBjYrP3+H4FpkPh/pWMGmgxIyl8GWdJJlkL3SSkUswhlR1vR/hfcEoX7
qYA78GbKjUdSe0bEA4E49lUcZfUtrAT5wTl+SSPzbrlH8qPRabT+LgD/666bG72T
U9cryjt0uSXME9vdkcGP6u/Gvo3YXrBCOzQP9M42dAP0fDsz6jXUTmuGToev3zTJ
SPsx+Mxr1JFcBPxEhKGgOGSvecpgk+y88Rb1N30AeleUCvi8WlLGJm2C9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNBn+pztMxX7DSFGab/zuhS99JHVMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvMEdmNm5PMHpGZnNOSVVacHZfTzZGTDMwa2RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTVMgMA0G
CSqGSIb3DQEBCwUAA4IBAQAAFxuJpny79LZkgelDCvtmv6c83GoH8cuvPsuz1JnU
esDUhe36Jino2PffXk9PrEvMtLb+MV4biU1gIX3Mk8mfLPrH20NeNIc6uUvhWr5H
NSom7cPjHrKRnneHWe0xQJG2zv0zejTDavKjmOZvTTboOfV3psUag3by7cmyy4ml
36QzH422brIBdrHG0lxPSkeEPOTtb6PlmNGhKq0M4nod7BmFK6IYrRFRrVDK7BYC
vwgFZFOHMtBfRhXL71fKBm1Ur14OC1CJ+XZPBxosmyz5xY2cVjICEg2AGCTf8NtZ
gtCPgPm+ekSCyRqoC9v+exfFDotNgFbmZvdZXqLuKXiK
-----END CERTIFICATE-----