Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/gn-jR7be6w1iE80WvQkian-eTjQ.roa
File:                     gn-jR7be6w1iE80WvQkian-eTjQ.roa (raw, json)
Hash identifier:          xZgC7ILrZrkDMQTWihAFqJy/OJDryfmUBlrC6qm4oUY=
Subject key identifier:   82:7F:A3:47:B6:DE:EB:0D:62:13:CD:16:BD:09:22:6A:7F:9E:4E:34
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8016886F63027084BB65A9B9FD57E9F
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/gn-jR7be6w1iE80WvQkian-eTjQ.roa
Signing time:             Tue 02 Jan 2024 02:29:44 +0000
ROA not before:           Tue 02 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208709
IP address blocks:        194.28.97.0/24 maxlen: 24
                          2a0c:b641:400::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:68:86:f6:30:27:08:4b:b6:5a:9b:9f:d5:7e:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=827fa347b6deeb0d6213cd16bd09226a7f9e4e34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:b0:9a:3a:38:63:8c:62:9c:9b:fb:86:bc:60:
                    15:73:af:14:f0:d8:62:44:84:9d:52:62:c5:8d:33:
                    35:84:30:46:57:2a:00:0a:15:1a:a3:f7:91:b9:3c:
                    00:11:e6:63:b9:62:bf:66:a6:e5:f8:89:5d:9f:19:
                    06:39:15:f1:2b:a2:e8:9a:c0:02:11:c7:e4:33:00:
                    a9:55:5e:89:32:9a:55:f9:13:19:ff:6c:6f:b2:38:
                    d8:42:eb:b2:b4:40:3e:c1:d4:3c:cb:7f:c6:14:17:
                    d7:bd:20:ca:2e:27:7e:42:9e:fd:dc:b3:25:6d:cc:
                    5f:01:a6:3f:9a:83:c8:95:e9:31:97:9e:c0:50:43:
                    35:b6:c1:62:15:46:fc:0e:5f:87:7a:3a:3e:f6:8c:
                    ea:40:4e:1c:b1:8d:c7:49:b0:30:ee:f8:ef:b1:24:
                    5e:1f:61:38:ed:33:02:2a:b7:ad:99:95:33:8f:74:
                    ed:35:71:b2:27:29:39:aa:af:03:cb:0f:d2:c2:bc:
                    14:1f:9c:6a:a4:f0:45:8e:f8:b5:a2:05:31:4d:8a:
                    40:8c:5e:0c:e7:63:7b:39:7b:5e:4d:de:f5:e9:7a:
                    9c:10:57:3b:92:0e:80:a3:3d:bc:ac:6b:09:02:f7:
                    0b:ec:90:a7:f3:8a:dd:3b:df:50:1b:af:7c:a7:27:
                    22:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:7F:A3:47:B6:DE:EB:0D:62:13:CD:16:BD:09:22:6A:7F:9E:4E:34
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/gn-jR7be6w1iE80WvQkian-eTjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.28.97.0/24
                IPv6:
                  2a0c:b641:400::/44

    Signature Algorithm: sha256WithRSAEncryption
         71:69:d1:b5:8d:59:2e:e8:b6:19:b2:af:0d:98:d6:87:67:26:
         6d:e0:14:90:7c:df:5a:90:fe:84:e8:b7:f2:b9:25:6d:f3:fe:
         d4:12:ed:fa:c2:6a:64:42:68:5b:5f:5a:aa:f8:f2:21:ab:f6:
         ec:08:82:6f:4a:f9:96:c4:a8:98:32:61:e4:57:76:88:97:d8:
         ee:08:3f:75:94:e2:1e:25:eb:29:b1:e9:17:8b:57:0d:b8:d7:
         20:72:f6:56:88:00:fb:ac:e7:f4:7e:ad:b8:57:c3:fb:f1:3d:
         52:37:c9:91:16:25:df:4f:a7:1e:aa:ea:f2:58:3e:6b:f6:9e:
         3a:ca:ee:1c:71:35:db:56:2f:44:e4:cb:21:3d:97:67:f7:ec:
         14:1c:df:be:4d:0c:c4:ae:3c:a4:4f:9f:52:f9:b8:f7:c8:75:
         74:21:e1:79:ba:01:5d:f7:b7:b7:46:e7:0d:d2:2e:63:42:12:
         f1:f9:27:93:6e:e9:08:cb:12:66:ba:63:46:63:42:68:74:b3:
         b5:41:ea:48:5f:64:bb:ee:cd:47:61:2b:1c:31:7b:62:c3:0a:
         e5:f1:82:ff:2b:a0:1b:41:4b:aa:3c:c0:d4:0b:46:63:c9:1d:
         2b:d5:cb:d4:0a:27:4b:0a:29:e2:26:43:96:ab:39:00:1b:83:
         e6:e3:40:8c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIAWiG9jAnCEu2Wpuf1X6fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjdmYTM0N2I2ZGVlYjBkNjIxM2NkMTZiZDA5MjI2YTdmOWU0ZTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhrCaOjhjjGKcm/uGvGAVc68U8Nhi
RISdUmLFjTM1hDBGVyoAChUao/eRuTwAEeZjuWK/Zqbl+IldnxkGORXxK6LomsAC
EcfkMwCpVV6JMppV+RMZ/2xvsjjYQuuytEA+wdQ8y3/GFBfXvSDKLid+Qp793LMl
bcxfAaY/moPIlekxl57AUEM1tsFiFUb8Dl+Hejo+9ozqQE4csY3HSbAw7vjvsSRe
H2E47TMCKretmZUzj3TtNXGyJyk5qq8Dyw/SwrwUH5xqpPBFjvi1ogUxTYpAjF4M
52N7OXteTd716XqcEFc7kg6Aoz28rGsJAvcL7JCn84rdO99QG698pyci0QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIJ/o0e23usNYhPNFr0JImp/nk40MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvZ24talI3YmU2dzFpRTgwV3ZRa2lhbi1lVGpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwhxhMA8E
AgACMAkDBwQqDLZBBAAwDQYJKoZIhvcNAQELBQADggEBAHFp0bWNWS7othmyrw2Y
1odnJm3gFJB831qQ/oTot/K5JW3z/tQS7frCamRCaFtfWqr48iGr9uwIgm9K+ZbE
qJgyYeRXdoiX2O4IP3WU4h4l6ymx6ReLVw241yBy9laIAPus5/R+rbhXw/vxPVI3
yZEWJd9Ppx6q6vJYPmv2njrK7hxxNdtWL0TkyyE9l2f37BQc375NDMSuPKRPn1L5
uPfIdXQh4Xm6AV33t7dG5w3SLmNCEvH5J5Nu6QjLEma6Y0ZjQmh0s7VB6khfZLvu
zUdhKxwxe2LDCuXxgv8roBtBS6o8wNQLRmPJHSvVy9QKJ0sKKeImQ5arOQAbg+bj
QIw=
-----END CERTIFICATE-----