Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/tX3yUNbOxn93xBPiVZCcxDn8vWo.roa
File:                     tX3yUNbOxn93xBPiVZCcxDn8vWo.roa (raw, json)
Hash identifier:          +Vl63ny1ZHUytZWW7Odjv2qYEpRmTMW9FJ4Dr+hggCM=
Subject key identifier:   B5:7D:F2:50:D6:CE:C6:7F:77:C4:13:E2:55:90:9C:C4:39:FC:BD:6A
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       018CC794DB4C98B9BB1F8054C7416053C7D8
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/tX3yUNbOxn93xBPiVZCcxDn8vWo.roa
Signing time:             Tue 02 Jan 2024 00:31:10 +0000
ROA not before:           Tue 02 Jan 2024 00:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212384
IP address blocks:        109.122.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:db:4c:98:b9:bb:1f:80:54:c7:41:60:53:c7:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jan  2 00:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b57df250d6cec67f77c413e255909cc439fcbd6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:4f:19:91:41:db:61:20:f2:a4:43:e1:4a:f6:
                    79:45:60:61:82:b4:eb:e2:24:7f:01:f2:b4:22:b7:
                    d6:09:b8:25:5a:8f:7f:55:42:a5:8b:09:09:47:00:
                    63:43:e0:e9:84:34:39:ab:96:60:e9:42:c9:da:4e:
                    0e:7f:30:b1:57:fe:e1:83:60:16:39:03:85:4b:4b:
                    d5:27:40:f5:b4:79:28:62:99:cd:c9:9f:d1:45:be:
                    a7:89:e3:85:b7:22:0a:bc:77:4f:26:8c:bc:87:05:
                    05:c2:a1:ca:40:2a:ba:eb:a8:7d:29:25:47:50:80:
                    ed:86:a3:5e:a4:5d:5b:2b:17:ce:86:1c:0b:eb:f2:
                    df:c6:54:15:2d:42:88:84:67:50:26:27:ae:cc:f5:
                    28:61:83:2f:d1:d1:6c:87:c1:76:92:93:63:36:1b:
                    11:21:70:73:c1:d1:a1:21:a7:c8:bc:44:b2:93:9a:
                    f3:e7:e9:e9:f7:14:78:a0:0d:70:16:a6:b9:f8:f5:
                    ac:52:b3:dd:35:1b:55:45:f2:ba:b6:d0:13:f3:08:
                    5a:60:f0:14:ee:db:4d:eb:8b:16:9d:26:eb:da:6a:
                    c7:33:99:85:f4:28:ba:22:14:40:9f:f9:02:b7:4f:
                    08:f4:92:f7:ad:d3:63:70:1b:6b:8e:98:5d:51:b2:
                    62:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:7D:F2:50:D6:CE:C6:7F:77:C4:13:E2:55:90:9C:C4:39:FC:BD:6A
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/tX3yUNbOxn93xBPiVZCcxDn8vWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:06:a6:bb:c7:42:49:45:87:3b:25:20:7f:36:94:2b:43:88:
         42:65:05:94:ec:60:72:93:59:82:17:18:f6:30:5a:a6:95:8d:
         e5:33:87:f8:9f:4e:64:87:5b:1c:53:9f:8c:f4:e4:ef:35:f6:
         04:78:9c:0a:f8:af:80:f6:46:88:27:a1:e9:e1:aa:f6:34:2e:
         51:27:e5:31:01:5f:4e:49:0e:67:89:ac:93:58:92:64:6c:c5:
         be:b2:40:59:67:ab:e7:87:52:b1:20:c0:df:26:af:1f:2a:72:
         4d:10:7a:b7:a3:9b:e4:53:3d:42:b7:ac:04:9e:10:92:e0:b6:
         90:38:fd:fd:8a:51:54:2f:f9:fd:2c:35:2a:96:31:e6:aa:f1:
         60:dc:c7:c2:dd:b3:e0:02:b0:6c:35:be:bb:0e:f1:01:66:cb:
         d6:5f:ad:13:ca:6e:51:f6:71:9d:ad:d7:99:47:42:bd:61:05:
         d5:14:68:2c:7d:71:d8:55:fe:7a:e2:92:cd:08:ac:a7:4a:48:
         8e:ce:1a:3b:ed:f5:70:6b:72:68:6b:82:03:51:7a:42:fc:56:
         a2:9f:bb:35:74:61:9d:9e:0b:2b:69:59:c8:e3:c5:13:94:db:
         f9:49:75:43:0d:b3:fc:32:c2:99:6c:2e:c9:9b:74:ee:f5:9c:
         a5:29:24:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlNtMmLm7H4BUx0FgU8fYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQwMTAyMDAzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTdkZjI1MGQ2Y2VjNjdmNzdjNDEzZTI1NTkwOWNjNDM5ZmNiZDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgE8ZkUHbYSDypEPhSvZ5RWBhgrTr
4iR/AfK0IrfWCbglWo9/VUKliwkJRwBjQ+DphDQ5q5Zg6ULJ2k4OfzCxV/7hg2AW
OQOFS0vVJ0D1tHkoYpnNyZ/RRb6nieOFtyIKvHdPJoy8hwUFwqHKQCq666h9KSVH
UIDthqNepF1bKxfOhhwL6/LfxlQVLUKIhGdQJieuzPUoYYMv0dFsh8F2kpNjNhsR
IXBzwdGhIafIvESyk5rz5+np9xR4oA1wFqa5+PWsUrPdNRtVRfK6ttAT8whaYPAU
7ttN64sWnSbr2mrHM5mF9Ci6IhRAn/kCt08I9JL3rdNjcBtrjphdUbJiuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLV98lDWzsZ/d8QT4lWQnMQ5/L1qMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvdFgzeVVOYk94bjkzeEJQaVZaQ2N4RG44dldvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXovMA0G
CSqGSIb3DQEBCwUAA4IBAQAqBqa7x0JJRYc7JSB/NpQrQ4hCZQWU7GByk1mCFxj2
MFqmlY3lM4f4n05kh1scU5+M9OTvNfYEeJwK+K+A9kaIJ6Hp4ar2NC5RJ+UxAV9O
SQ5niayTWJJkbMW+skBZZ6vnh1KxIMDfJq8fKnJNEHq3o5vkUz1Ct6wEnhCS4LaQ
OP39ilFUL/n9LDUqljHmqvFg3MfC3bPgArBsNb67DvEBZsvWX60Tym5R9nGdrdeZ
R0K9YQXVFGgsfXHYVf564pLNCKynSkiOzho77fVwa3Joa4IDUXpC/Fain7s1dGGd
ngsraVnI48UTlNv5SXVDDbP8MsKZbC7Jm3Tu9ZylKSSW
-----END CERTIFICATE-----