Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/754bd6-fd6a-4dc6-a927-769a0c5eea0d/1/Gb-iGp-DgH6_eO2l3rW60H86IWk.roa
File:                     Gb-iGp-DgH6_eO2l3rW60H86IWk.roa (raw, json)
Hash identifier:          0+hsxhSoPie5AKQVuFI9JJgHgEIUsG7orEiHSe2k9Gk=
Subject key identifier:   19:BF:A2:1A:9F:83:80:7E:BF:78:ED:A5:DE:B5:BA:D0:7F:3A:21:69
Certificate issuer:       /CN=3ec14cc607d1f0283848f9a815dbe675e2339a7e
Certificate serial:       018CC349103C7E233D9565D7F1DB1417CE5D
Authority key identifier: 3E:C1:4C:C6:07:D1:F0:28:38:48:F9:A8:15:DB:E6:75:E2:33:9A:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsFMxgfR8Cg4SPmoFdvmdeIzmn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/754bd6-fd6a-4dc6-a927-769a0c5eea0d/1/Gb-iGp-DgH6_eO2l3rW60H86IWk.roa
Signing time:             Mon 01 Jan 2024 04:29:54 +0000
ROA not before:           Mon 01 Jan 2024 04:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209327
IP address blocks:        85.209.116.0/22 maxlen: 22
                          2a09:94c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/754bd6-fd6a-4dc6-a927-769a0c5eea0d/1/PsFMxgfR8Cg4SPmoFdvmdeIzmn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/754bd6-fd6a-4dc6-a927-769a0c5eea0d/1/PsFMxgfR8Cg4SPmoFdvmdeIzmn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PsFMxgfR8Cg4SPmoFdvmdeIzmn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:10:3c:7e:23:3d:95:65:d7:f1:db:14:17:ce:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec14cc607d1f0283848f9a815dbe675e2339a7e
        Validity
            Not Before: Jan  1 04:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19bfa21a9f83807ebf78eda5deb5bad07f3a2169
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:53:9e:54:66:91:3f:5d:41:2b:50:59:b9:de:
                    c7:0b:b9:33:fa:7b:a7:27:a1:c8:bd:18:ee:36:1f:
                    2e:25:c3:0e:2d:41:79:0e:05:3b:47:d9:25:3a:36:
                    f1:52:19:5f:a4:08:a8:26:c7:1a:43:15:75:b5:ef:
                    d2:36:27:6c:59:ee:f5:ab:45:ae:c3:15:c9:5c:89:
                    da:16:74:8a:a0:5b:df:08:e4:27:dd:76:38:98:02:
                    4f:21:97:f7:03:22:f6:22:ac:cc:f0:5e:05:49:d5:
                    70:16:32:a4:b0:5c:ea:e4:c2:f5:9d:8f:3c:4e:0f:
                    51:39:9e:25:1b:8e:58:27:38:f1:46:0d:66:06:76:
                    54:12:d5:6b:8c:38:47:81:83:49:c8:d5:d0:2b:1c:
                    68:a0:23:76:ec:00:cc:d4:71:67:36:3a:74:10:4d:
                    17:16:0f:f7:56:75:25:b3:59:0e:8b:b3:34:0a:04:
                    c0:d1:86:b1:6e:6d:6c:3a:77:82:b0:f8:2f:f2:31:
                    30:aa:dc:bd:7d:b8:dd:3e:9c:8f:e2:3a:95:70:63:
                    28:69:5c:3f:c0:bd:41:e4:e8:46:81:f0:24:2a:04:
                    fc:13:9c:89:90:aa:3a:7f:45:f1:8e:ec:ee:ce:ab:
                    b7:bc:4a:15:07:42:33:88:65:c4:d0:50:70:4f:9d:
                    2b:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:BF:A2:1A:9F:83:80:7E:BF:78:ED:A5:DE:B5:BA:D0:7F:3A:21:69
            X509v3 Authority Key Identifier:
                keyid:3E:C1:4C:C6:07:D1:F0:28:38:48:F9:A8:15:DB:E6:75:E2:33:9A:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsFMxgfR8Cg4SPmoFdvmdeIzmn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/754bd6-fd6a-4dc6-a927-769a0c5eea0d/1/Gb-iGp-DgH6_eO2l3rW60H86IWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/754bd6-fd6a-4dc6-a927-769a0c5eea0d/1/PsFMxgfR8Cg4SPmoFdvmdeIzmn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.116.0/22
                IPv6:
                  2a09:94c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         82:82:7e:32:b0:25:73:19:c5:be:bc:27:86:58:6d:a2:b3:80:
         e2:53:87:9d:9e:6b:71:d1:42:36:d9:e2:b7:d2:80:a1:29:72:
         5d:b2:e9:b5:26:87:b3:de:3f:d2:ad:c2:df:74:12:90:14:48:
         87:5f:f4:dd:35:5a:05:d2:77:2f:2a:dd:e4:38:65:d9:d7:05:
         5f:10:d3:b6:b1:e8:48:00:d1:0f:97:ff:05:a8:a7:e4:c3:07:
         c7:0e:45:53:bf:75:26:c6:bc:f4:2b:4c:c6:0d:96:10:d0:85:
         b5:b8:1b:c1:ef:b0:7f:d4:8e:67:ad:94:b9:e7:4a:17:67:4b:
         5b:9f:99:75:53:77:72:f7:ed:61:c8:d4:e2:37:60:59:cc:40:
         30:32:cd:73:79:ae:b8:41:66:c7:7b:d5:a0:27:e1:12:4a:03:
         45:03:d7:aa:b9:00:16:13:21:09:fb:5a:11:bb:2b:ab:8d:61:
         a5:9a:60:74:7a:e8:e5:7f:83:bf:38:c7:6b:4a:a7:54:a8:cb:
         dd:ad:83:9e:ab:96:ad:0f:0e:60:7b:fa:f4:54:30:9b:d0:fd:
         7e:1e:b6:9f:36:67:f8:7e:95:92:98:8e:03:e1:49:54:3b:dd:
         ff:f7:7d:13:91:bd:a4:23:f7:e8:66:11:a2:78:d3:57:75:6d:
         fd:84:31:1a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSRA8fiM9lWXX8dsUF85dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzE0Y2M2MDdkMWYwMjgzODQ4ZjlhODE1ZGJlNjc1ZTIz
MzlhN2UwHhcNMjQwMTAxMDQyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWJmYTIxYTlmODM4MDdlYmY3OGVkYTVkZWI1YmFkMDdmM2EyMTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVOeVGaRP11BK1BZud7HC7kz+nun
J6HIvRjuNh8uJcMOLUF5DgU7R9klOjbxUhlfpAioJscaQxV1te/SNidsWe71q0Wu
wxXJXInaFnSKoFvfCOQn3XY4mAJPIZf3AyL2IqzM8F4FSdVwFjKksFzq5ML1nY88
Tg9ROZ4lG45YJzjxRg1mBnZUEtVrjDhHgYNJyNXQKxxooCN27ADM1HFnNjp0EE0X
Fg/3VnUls1kOi7M0CgTA0Yaxbm1sOneCsPgv8jEwqty9fbjdPpyP4jqVcGMoaVw/
wL1B5OhGgfAkKgT8E5yJkKo6f0Xxjuzuzqu3vEoVB0IziGXE0FBwT50rkwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBm/ohqfg4B+v3jtpd61utB/OiFpMB8GA1UdIwQY
MBaAFD7BTMYH0fAoOEj5qBXb5nXiM5p+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNGTXhnZlI4Q2c0U1Btb0Zkdm1kZUl6bW40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy83NTRiZDYtZmQ2YS00ZGM2LWE5Mjct
NzY5YTBjNWVlYTBkLzEvR2ItaUdwLURnSDZfZU8ybDNyVzYwSDg2SVdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy83NTRiZDYtZmQ2YS00ZGM2LWE5MjctNzY5YTBjNWVlYTBk
LzEvUHNGTXhnZlI4Q2c0U1Btb0Zkdm1kZUl6bW40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCVdF0MA0E
AgACMAcDBQMqCZTAMA0GCSqGSIb3DQEBCwUAA4IBAQCCgn4ysCVzGcW+vCeGWG2i
s4DiU4ednmtx0UI22eK30oChKXJdsum1Joez3j/SrcLfdBKQFEiHX/TdNVoF0ncv
Kt3kOGXZ1wVfENO2sehIANEPl/8FqKfkwwfHDkVTv3Umxrz0K0zGDZYQ0IW1uBvB
77B/1I5nrZS550oXZ0tbn5l1U3dy9+1hyNTiN2BZzEAwMs1zea64QWbHe9WgJ+ES
SgNFA9equQAWEyEJ+1oRuyurjWGlmmB0eujlf4O/OMdrSqdUqMvdrYOeq5atDw5g
e/r0VDCb0P1+HrafNmf4fpWSmI4D4UlUO93/930Tkb2kI/foZhGieNNXdW39hDEa
-----END CERTIFICATE-----