Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/8cb1e6-e5f8-4fa0-97fe-924c29cf77c4/1/gkGEO5xuLate9S5eiC1ZlLAF5IU.roa
File:                     gkGEO5xuLate9S5eiC1ZlLAF5IU.roa (raw, json)
Hash identifier:          sZdoIKD+OGVMpI1aBavUKpzg7jKpNaMUgF/1lKW4jd4=
Subject key identifier:   82:41:84:3B:9C:6E:2D:AB:5E:F5:2E:5E:88:2D:59:94:B0:05:E4:85
Certificate issuer:       /CN=29edf2a4f20ac08235c40180de74ebc3935cfc22
Certificate serial:       018CC6B882A15CCE24542D0EE2ACB8937DD8
Authority key identifier: 29:ED:F2:A4:F2:0A:C0:82:35:C4:01:80:DE:74:EB:C3:93:5C:FC:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ke3ypPIKwII1xAGA3nTrw5Nc_CI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/8cb1e6-e5f8-4fa0-97fe-924c29cf77c4/1/gkGEO5xuLate9S5eiC1ZlLAF5IU.roa
Signing time:             Mon 01 Jan 2024 20:30:29 +0000
ROA not before:           Mon 01 Jan 2024 20:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     786
IP address blocks:        134.226.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/8cb1e6-e5f8-4fa0-97fe-924c29cf77c4/1/Ke3ypPIKwII1xAGA3nTrw5Nc_CI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/8cb1e6-e5f8-4fa0-97fe-924c29cf77c4/1/Ke3ypPIKwII1xAGA3nTrw5Nc_CI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ke3ypPIKwII1xAGA3nTrw5Nc_CI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:82:a1:5c:ce:24:54:2d:0e:e2:ac:b8:93:7d:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29edf2a4f20ac08235c40180de74ebc3935cfc22
        Validity
            Not Before: Jan  1 20:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8241843b9c6e2dab5ef52e5e882d5994b005e485
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:56:04:53:c7:f0:e1:52:30:21:ff:ad:29:04:
                    f8:07:c3:43:a4:a8:93:7f:f0:01:de:9a:79:90:08:
                    91:cf:80:93:d8:1d:2f:01:38:0c:44:4c:fd:be:38:
                    5e:d7:13:2f:5b:55:7f:1b:f3:a7:83:3b:73:ad:59:
                    94:8d:9d:4c:cb:4b:05:de:88:0f:00:28:8a:c9:27:
                    17:0e:7e:84:72:a8:4b:97:05:53:13:6b:3a:00:71:
                    21:59:e7:3a:0c:dc:f8:e9:2e:ba:94:02:94:ee:a0:
                    72:e5:76:60:f9:39:c4:1d:b1:b7:f6:a0:e1:aa:fe:
                    0f:a0:2a:69:57:33:3f:04:0b:df:ea:bf:e7:45:15:
                    f4:c3:a2:38:07:68:12:71:0b:da:c1:1c:98:cc:6d:
                    08:ab:3b:6d:f5:c9:6c:e3:ed:6a:81:57:1b:ee:b8:
                    97:ee:ce:3d:b5:b9:5c:4b:ca:0c:48:b9:62:93:b2:
                    08:ad:56:cc:9a:1d:52:a8:8d:ed:12:b5:3b:b6:1d:
                    d1:01:1b:ae:6e:b9:1a:58:cf:8c:99:1e:9c:c9:09:
                    dd:59:3d:89:9c:99:35:66:84:0d:9c:75:07:03:4d:
                    24:35:8f:80:82:2b:df:a9:a7:88:d0:41:bb:7d:36:
                    08:93:38:bb:e2:c7:2b:a0:31:0f:0b:1b:f8:44:55:
                    2b:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:41:84:3B:9C:6E:2D:AB:5E:F5:2E:5E:88:2D:59:94:B0:05:E4:85
            X509v3 Authority Key Identifier:
                keyid:29:ED:F2:A4:F2:0A:C0:82:35:C4:01:80:DE:74:EB:C3:93:5C:FC:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ke3ypPIKwII1xAGA3nTrw5Nc_CI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/8cb1e6-e5f8-4fa0-97fe-924c29cf77c4/1/gkGEO5xuLate9S5eiC1ZlLAF5IU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/8cb1e6-e5f8-4fa0-97fe-924c29cf77c4/1/Ke3ypPIKwII1xAGA3nTrw5Nc_CI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.226.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         41:cb:61:77:b8:a9:e9:e1:fb:aa:3a:c0:eb:33:15:d6:f3:b6:
         9d:98:eb:66:9e:ae:32:39:37:37:36:6b:fc:fb:5f:8c:5d:68:
         8a:f6:19:79:ff:17:1f:e5:56:46:43:5e:6a:84:44:40:e2:78:
         eb:6c:5d:2b:ad:bd:42:55:d9:a9:99:30:89:3e:e3:ae:ce:51:
         61:ee:c7:05:2f:f8:cb:a6:34:70:b5:0f:29:22:2b:d7:95:0f:
         70:ff:64:e0:3a:de:82:ac:c1:df:78:03:5b:13:76:90:0a:30:
         ec:82:fa:16:4e:0c:f4:f3:01:00:8f:ab:38:c7:a3:cf:f5:b6:
         a5:b1:fc:10:55:92:35:7f:ab:d4:8d:3c:67:ff:29:15:49:21:
         e8:fe:67:7c:f4:2e:e6:25:9d:2b:a9:e0:26:01:15:3b:16:6d:
         e7:01:28:a6:e5:a0:5a:bc:5c:ba:22:bc:45:8a:7b:be:6a:55:
         ac:e9:10:d9:7f:d0:f3:c3:92:a9:39:29:e2:c5:34:1e:71:bf:
         aa:31:a8:3b:4f:d4:a9:96:7a:67:36:52:66:16:c6:3a:ad:b8:
         ff:0e:e1:c7:22:96:4e:f5:f6:de:47:7d:c9:df:a6:2b:5f:89:
         12:76:63:ad:ba:a8:51:87:2b:d7:6c:b1:72:4b:47:4b:c1:47:
         f2:68:6e:8f
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzGuIKhXM4kVC0O4qy4k33YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZWRmMmE0ZjIwYWMwODIzNWM0MDE4MGRlNzRlYmMzOTM1
Y2ZjMjIwHhcNMjQwMTAxMjAzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjQxODQzYjljNmUyZGFiNWVmNTJlNWU4ODJkNTk5NGIwMDVlNDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFYEU8fw4VIwIf+tKQT4B8NDpKiT
f/AB3pp5kAiRz4CT2B0vATgMREz9vjhe1xMvW1V/G/OngztzrVmUjZ1My0sF3ogP
ACiKyScXDn6EcqhLlwVTE2s6AHEhWec6DNz46S66lAKU7qBy5XZg+TnEHbG39qDh
qv4PoCppVzM/BAvf6r/nRRX0w6I4B2gScQvawRyYzG0Iqztt9cls4+1qgVcb7riX
7s49tblcS8oMSLlik7IIrVbMmh1SqI3tErU7th3RARuubrkaWM+MmR6cyQndWT2J
nJk1ZoQNnHUHA00kNY+AgivfqaeI0EG7fTYIkzi74scroDEPCxv4RFUr1wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFIJBhDucbi2rXvUuXogtWZSwBeSFMB8GA1UdIwQY
MBaAFCnt8qTyCsCCNcQBgN5068OTXPwiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2UzeXBQSUt3SUkxeEFHQTNuVHJ3NU5jX0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi84Y2IxZTYtZTVmOC00ZmEwLTk3ZmUt
OTI0YzI5Y2Y3N2M0LzEvZ2tHRU81eHVMYXRlOVM1ZWlDMVpsTEFGNUlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi84Y2IxZTYtZTVmOC00ZmEwLTk3ZmUtOTI0YzI5Y2Y3N2M0
LzEvS2UzeXBQSUt3SUkxeEFHQTNuVHJ3NU5jX0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhuIwDQYJ
KoZIhvcNAQELBQADggEBAEHLYXe4qenh+6o6wOszFdbztp2Y62aerjI5Nzc2a/z7
X4xdaIr2GXn/Fx/lVkZDXmqEREDieOtsXSutvUJV2amZMIk+467OUWHuxwUv+Mum
NHC1DykiK9eVD3D/ZOA63oKswd94A1sTdpAKMOyC+hZODPTzAQCPqzjHo8/1tqWx
/BBVkjV/q9SNPGf/KRVJIej+Z3z0LuYlnSup4CYBFTsWbecBKKbloFq8XLoivEWK
e75qVazpENl/0PPDkqk5KeLFNB5xv6oxqDtP1KmWemc2UmYWxjqtuP8O4ccilk71
9t5HfcnfpitfiRJ2Y626qFGHK9dssXJLR0vBR/Jobo8=
-----END CERTIFICATE-----