Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/abac14-6eab-4985-867a-c8e863c1a8d1/1/gA5ufNfy6aAtQLo5xisFpgjmmIA.roa
File:                     gA5ufNfy6aAtQLo5xisFpgjmmIA.roa (raw, json)
Hash identifier:          lCTpbMWUn/qlWUO71NRhxJtdGqLbfBQ56mZ+Vhr5GVU=
Subject key identifier:   80:0E:6E:7C:D7:F2:E9:A0:2D:40:BA:39:C6:2B:05:A6:08:E6:98:80
Certificate issuer:       /CN=d2c2b0ee187928409065d19ee9c0858e8c17ea13
Certificate serial:       018CC8023DE5FC12475BDF2F6B0D83C2109A
Authority key identifier: D2:C2:B0:EE:18:79:28:40:90:65:D1:9E:E9:C0:85:8E:8C:17:EA:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0sKw7hh5KECQZdGe6cCFjowX6hM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/abac14-6eab-4985-867a-c8e863c1a8d1/1/gA5ufNfy6aAtQLo5xisFpgjmmIA.roa
Signing time:             Tue 02 Jan 2024 02:30:39 +0000
ROA not before:           Tue 02 Jan 2024 02:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210004
IP address blocks:        194.0.5.0/24 maxlen: 24
                          2001:678:8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/abac14-6eab-4985-867a-c8e863c1a8d1/1/0sKw7hh5KECQZdGe6cCFjowX6hM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/abac14-6eab-4985-867a-c8e863c1a8d1/1/0sKw7hh5KECQZdGe6cCFjowX6hM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0sKw7hh5KECQZdGe6cCFjowX6hM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:3d:e5:fc:12:47:5b:df:2f:6b:0d:83:c2:10:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2c2b0ee187928409065d19ee9c0858e8c17ea13
        Validity
            Not Before: Jan  2 02:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=800e6e7cd7f2e9a02d40ba39c62b05a608e69880
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ac:e0:72:77:7e:d5:be:3a:58:44:28:0c:d7:
                    84:2d:04:1e:75:1b:07:46:7b:8f:5c:84:3b:7b:4b:
                    4a:ca:6d:47:67:58:13:9a:24:4f:b3:4a:11:54:3a:
                    50:0a:37:64:64:09:8c:4e:46:8c:de:d1:6f:e5:84:
                    f9:4c:eb:c1:93:bc:3c:52:3b:af:a7:d3:b2:78:51:
                    99:2b:17:53:46:a8:81:ca:1a:1d:fe:60:b2:d5:21:
                    66:2c:0e:a1:8f:02:c1:b0:0f:44:d2:12:3b:34:f4:
                    e0:51:1b:ab:d9:16:be:f4:fe:dc:18:77:a9:9f:8f:
                    e3:fe:97:77:95:1a:ca:6d:b9:e6:27:5e:6d:71:82:
                    8f:7d:5c:d1:ce:35:75:62:95:00:6b:ea:e7:94:f4:
                    1f:b0:eb:a1:cf:0f:e2:22:93:78:25:ac:5e:cc:c9:
                    4d:b3:b2:15:2c:79:ef:c7:c5:2f:18:65:59:84:dc:
                    eb:a2:a3:fb:30:12:e6:17:3e:fa:72:9c:b0:e0:a6:
                    62:84:4e:f9:12:ac:dd:a3:4f:17:05:f3:0b:99:03:
                    39:52:51:33:66:ba:ed:fe:49:a3:89:14:49:fe:af:
                    40:f3:14:bf:fc:74:ae:e9:12:e0:f9:a2:b9:e9:12:
                    8f:27:ef:88:0b:08:92:8d:55:cf:77:1e:9d:f2:be:
                    c0:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:0E:6E:7C:D7:F2:E9:A0:2D:40:BA:39:C6:2B:05:A6:08:E6:98:80
            X509v3 Authority Key Identifier:
                keyid:D2:C2:B0:EE:18:79:28:40:90:65:D1:9E:E9:C0:85:8E:8C:17:EA:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0sKw7hh5KECQZdGe6cCFjowX6hM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/abac14-6eab-4985-867a-c8e863c1a8d1/1/gA5ufNfy6aAtQLo5xisFpgjmmIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/abac14-6eab-4985-867a-c8e863c1a8d1/1/0sKw7hh5KECQZdGe6cCFjowX6hM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.5.0/24
                IPv6:
                  2001:678:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         aa:eb:63:76:7e:67:91:1a:e6:7c:07:3e:a8:e6:94:6a:15:3d:
         7e:fc:17:34:f3:d0:0f:56:2f:f2:3b:17:1b:53:4b:56:2c:5e:
         ab:2f:04:e6:dd:87:b3:a9:07:2c:06:12:e0:20:fa:e2:76:74:
         a0:38:dd:70:35:ce:98:69:59:60:32:fe:98:c0:f8:bc:7f:c3:
         9d:95:12:00:99:84:1f:ca:0a:db:34:52:2e:4b:94:9b:a2:db:
         45:eb:f9:87:87:32:77:2a:96:6e:a9:c8:e7:5b:29:06:78:48:
         cf:5f:17:0d:6b:7c:ec:f8:58:01:fb:64:00:a3:58:73:29:a8:
         d2:ac:4f:d6:a3:2c:fc:c3:20:62:8a:5d:4d:5b:52:3b:42:20:
         7e:4d:66:2d:80:cc:e7:32:7b:cb:b6:5d:d2:99:e8:a8:01:41:
         da:e3:af:2d:d8:d8:89:bd:4d:74:53:2d:31:16:36:a8:ec:63:
         ac:3c:95:a0:7b:99:50:66:5c:78:a4:4c:ef:f0:2f:e2:7c:d1:
         c5:19:41:89:82:23:7d:53:c9:ab:b8:35:f0:ab:10:78:e8:ed:
         02:cc:1d:fb:fc:3e:07:19:02:05:14:1b:4d:df:da:b0:16:37:
         fe:cc:f7:06:ac:67:9e:49:fe:38:27:ed:de:86:a0:22:8e:d7:
         0a:41:8b:13
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIAj3l/BJHW98vaw2DwhCaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyYzJiMGVlMTg3OTI4NDA5MDY1ZDE5ZWU5YzA4NThlOGMx
N2VhMTMwHhcNMjQwMTAyMDIzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDBlNmU3Y2Q3ZjJlOWEwMmQ0MGJhMzljNjJiMDVhNjA4ZTY5ODgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlazgcnd+1b46WEQoDNeELQQedRsH
RnuPXIQ7e0tKym1HZ1gTmiRPs0oRVDpQCjdkZAmMTkaM3tFv5YT5TOvBk7w8Ujuv
p9OyeFGZKxdTRqiByhod/mCy1SFmLA6hjwLBsA9E0hI7NPTgURur2Ra+9P7cGHep
n4/j/pd3lRrKbbnmJ15tcYKPfVzRzjV1YpUAa+rnlPQfsOuhzw/iIpN4JaxezMlN
s7IVLHnvx8UvGGVZhNzroqP7MBLmFz76cpyw4KZihE75Eqzdo08XBfMLmQM5UlEz
Zrrt/kmjiRRJ/q9A8xS//HSu6RLg+aK56RKPJ++ICwiSjVXPdx6d8r7ALwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIAObnzX8umgLUC6OcYrBaYI5piAMB8GA1UdIwQY
MBaAFNLCsO4YeShAkGXRnunAhY6MF+oTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHNLdzdoaDVLRUNRWmRHZTZjQ0Zqb3dYNmhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9hYmFjMTQtNmVhYi00OTg1LTg2N2Et
YzhlODYzYzFhOGQxLzEvZ0E1dWZOZnk2YUF0UUxvNXhpc0ZwZ2ptbUlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9hYmFjMTQtNmVhYi00OTg1LTg2N2EtYzhlODYzYzFhOGQx
LzEvMHNLdzdoaDVLRUNRWmRHZTZjQ0Zqb3dYNmhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwgAFMA8E
AgACMAkDBwAgAQZ4AAgwDQYJKoZIhvcNAQELBQADggEBAKrrY3Z+Z5Ea5nwHPqjm
lGoVPX78FzTz0A9WL/I7FxtTS1YsXqsvBObdh7OpBywGEuAg+uJ2dKA43XA1zphp
WWAy/pjA+Lx/w52VEgCZhB/KCts0Ui5LlJui20Xr+YeHMncqlm6pyOdbKQZ4SM9f
Fw1rfOz4WAH7ZACjWHMpqNKsT9ajLPzDIGKKXU1bUjtCIH5NZi2AzOcye8u2XdKZ
6KgBQdrjry3Y2Im9TXRTLTEWNqjsY6w8laB7mVBmXHikTO/wL+J80cUZQYmCI31T
yau4NfCrEHjo7QLMHfv8PgcZAgUUG03f2rAWN/7M9wasZ55J/jgn7d6GoCKO1wpB
ixM=
-----END CERTIFICATE-----