Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/dbe50a-2ca1-4362-b5e7-6683c8fc9e5b/1/GxKBjFD30qvY4v70Wfak-1MIC8Y.roa
File:                     GxKBjFD30qvY4v70Wfak-1MIC8Y.roa (raw, json)
Hash identifier:          uodzRvB6hfk8yPVql4R6W+zYLvSo08amElKFC5rESpg=
Subject key identifier:   1B:12:81:8C:50:F7:D2:AB:D8:E2:FE:F4:59:F6:A4:FB:53:08:0B:C6
Certificate issuer:       /CN=09ee7ee0f75b7164ac7596197c7f121d6fca1576
Certificate serial:       018CC4245CFE900D7BAC617FDCAE199ADAF1
Authority key identifier: 09:EE:7E:E0:F7:5B:71:64:AC:75:96:19:7C:7F:12:1D:6F:CA:15:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ce5-4PdbcWSsdZYZfH8SHW_KFXY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/dbe50a-2ca1-4362-b5e7-6683c8fc9e5b/1/GxKBjFD30qvY4v70Wfak-1MIC8Y.roa
Signing time:             Mon 01 Jan 2024 08:29:26 +0000
ROA not before:           Mon 01 Jan 2024 08:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13009
IP address blocks:        216.245.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/dbe50a-2ca1-4362-b5e7-6683c8fc9e5b/1/Ce5-4PdbcWSsdZYZfH8SHW_KFXY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/dbe50a-2ca1-4362-b5e7-6683c8fc9e5b/1/Ce5-4PdbcWSsdZYZfH8SHW_KFXY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ce5-4PdbcWSsdZYZfH8SHW_KFXY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:5c:fe:90:0d:7b:ac:61:7f:dc:ae:19:9a:da:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09ee7ee0f75b7164ac7596197c7f121d6fca1576
        Validity
            Not Before: Jan  1 08:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b12818c50f7d2abd8e2fef459f6a4fb53080bc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:b2:73:d5:c4:11:dd:17:26:c5:a1:7f:5a:59:
                    c3:94:78:ec:c9:da:42:0d:96:e8:b1:70:0c:7f:71:
                    53:8a:75:68:11:1d:6b:b5:45:50:ba:8f:9f:a9:70:
                    6e:69:f6:e5:56:e9:3e:4e:9e:9c:b8:71:fc:3b:79:
                    e4:9e:db:12:d2:fb:a2:ef:10:7c:4f:1b:15:85:42:
                    88:a1:75:0a:88:8d:e4:da:b0:87:b2:bb:cf:2e:2b:
                    f3:e1:0b:d1:c9:a9:15:fe:4a:12:27:3f:8d:e2:ba:
                    21:5a:4c:a8:70:c5:bf:19:f8:24:83:7d:3d:7f:ab:
                    7f:2a:8e:5b:52:b2:f9:c8:f3:51:c7:46:06:21:88:
                    e6:c3:62:af:5d:8e:b0:bb:ed:fc:0c:b3:63:f9:59:
                    23:0a:f8:ee:14:8f:13:34:c0:ac:13:bb:0d:aa:df:
                    a4:5f:e6:df:18:62:60:53:fc:0e:14:8b:69:4c:6e:
                    40:19:a5:48:91:4b:18:7c:b7:a6:1c:84:81:a8:79:
                    94:50:2f:4c:d4:c2:a9:bf:51:cd:a3:20:ca:27:eb:
                    be:e6:a0:1d:10:2d:f3:61:30:30:c2:8a:14:82:d2:
                    c1:c5:0b:b4:f1:90:60:a1:33:d3:35:49:ce:2a:37:
                    9f:12:92:fa:80:08:93:59:f5:47:08:de:d6:69:62:
                    e6:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:12:81:8C:50:F7:D2:AB:D8:E2:FE:F4:59:F6:A4:FB:53:08:0B:C6
            X509v3 Authority Key Identifier:
                keyid:09:EE:7E:E0:F7:5B:71:64:AC:75:96:19:7C:7F:12:1D:6F:CA:15:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ce5-4PdbcWSsdZYZfH8SHW_KFXY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/dbe50a-2ca1-4362-b5e7-6683c8fc9e5b/1/GxKBjFD30qvY4v70Wfak-1MIC8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/dbe50a-2ca1-4362-b5e7-6683c8fc9e5b/1/Ce5-4PdbcWSsdZYZfH8SHW_KFXY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.245.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:c2:15:5d:29:68:21:a0:1f:1e:79:9e:e8:9b:ff:34:dd:64:
         17:51:3b:d2:0b:93:68:10:bd:ad:5e:39:fc:70:0b:30:b7:23:
         3b:ad:0b:d2:23:cb:c6:1c:5b:f3:0d:1a:50:39:48:55:23:f6:
         ed:28:69:4a:c5:33:a6:43:c0:21:e0:f0:db:4a:f6:13:55:83:
         e7:56:1c:41:94:ec:dc:37:be:cb:d2:ff:d8:41:f4:c2:8a:c5:
         86:52:16:d5:66:02:53:48:f8:73:f7:a2:96:14:7b:ee:75:3f:
         e2:0c:64:96:5a:ab:1b:2c:bf:9e:fd:2d:37:1b:fd:ce:48:28:
         09:ec:db:ff:fa:6f:5c:73:10:02:a4:3a:5d:19:8e:4e:56:6a:
         6f:6a:79:34:3a:88:03:41:8e:17:75:e2:21:05:d9:6f:cf:81:
         c9:0c:d5:b6:6d:bf:fd:28:07:f3:b7:9e:43:82:39:71:cd:ad:
         3d:49:2d:1c:3f:f9:c0:3f:85:d1:46:e0:33:a3:11:81:35:e5:
         b7:42:5a:7e:a8:47:f6:57:b4:1d:dc:69:f6:0b:00:37:47:dd:
         4d:14:e9:c8:1a:25:eb:6b:45:8d:46:76:da:6a:0f:fa:71:17:
         f7:07:4b:5f:63:99:5a:85:f8:2f:ad:8d:49:f0:f0:2d:31:df:
         84:5c:74:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFz+kA17rGF/3K4ZmtrxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZWU3ZWUwZjc1YjcxNjRhYzc1OTYxOTdjN2YxMjFkNmZj
YTE1NzYwHhcNMjQwMTAxMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjEyODE4YzUwZjdkMmFiZDhlMmZlZjQ1OWY2YTRmYjUzMDgwYmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkbJz1cQR3RcmxaF/WlnDlHjsydpC
DZbosXAMf3FTinVoER1rtUVQuo+fqXBuafblVuk+Tp6cuHH8O3nkntsS0vui7xB8
TxsVhUKIoXUKiI3k2rCHsrvPLivz4QvRyakV/koSJz+N4rohWkyocMW/Gfgkg309
f6t/Ko5bUrL5yPNRx0YGIYjmw2KvXY6wu+38DLNj+VkjCvjuFI8TNMCsE7sNqt+k
X+bfGGJgU/wOFItpTG5AGaVIkUsYfLemHISBqHmUUC9M1MKpv1HNoyDKJ+u+5qAd
EC3zYTAwwooUgtLBxQu08ZBgoTPTNUnOKjefEpL6gAiTWfVHCN7WaWLm9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBsSgYxQ99Kr2OL+9Fn2pPtTCAvGMB8GA1UdIwQY
MBaAFAnufuD3W3FkrHWWGXx/Eh1vyhV2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2U1LTRQZGJjV1NzZFpZWmZIOFNIV19LRlhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9kYmU1MGEtMmNhMS00MzYyLWI1ZTct
NjY4M2M4ZmM5ZTViLzEvR3hLQmpGRDMwcXZZNHY3MFdmYWstMU1JQzhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9kYmU1MGEtMmNhMS00MzYyLWI1ZTctNjY4M2M4ZmM5ZTVi
LzEvQ2U1LTRQZGJjV1NzZFpZWmZIOFNIV19LRlhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2PVQMA0G
CSqGSIb3DQEBCwUAA4IBAQBgwhVdKWghoB8eeZ7om/803WQXUTvSC5NoEL2tXjn8
cAswtyM7rQvSI8vGHFvzDRpQOUhVI/btKGlKxTOmQ8Ah4PDbSvYTVYPnVhxBlOzc
N77L0v/YQfTCisWGUhbVZgJTSPhz96KWFHvudT/iDGSWWqsbLL+e/S03G/3OSCgJ
7Nv/+m9ccxACpDpdGY5OVmpvank0OogDQY4XdeIhBdlvz4HJDNW2bb/9KAfzt55D
gjlxza09SS0cP/nAP4XRRuAzoxGBNeW3Qlp+qEf2V7Qd3Gn2CwA3R91NFOnIGiXr
a0WNRnbaag/6cRf3B0tfY5lahfgvrY1J8PAtMd+EXHRb
-----END CERTIFICATE-----