Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/gwotoDJ7dgZNMANbEJ5M_PJxIsU.roa
File:                     gwotoDJ7dgZNMANbEJ5M_PJxIsU.roa (raw, json)
Hash identifier:          yuC1HItqsIORrnDpji+yxBFklr4xOHe+YG/mBEl77/Q=
Subject key identifier:   83:0A:2D:A0:32:7B:76:06:4D:30:03:5B:10:9E:4C:FC:F2:71:22:C5
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348D7320D6A1B6A5884F666184911D2
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/gwotoDJ7dgZNMANbEJ5M_PJxIsU.roa
Signing time:             Mon 01 Jan 2024 04:29:39 +0000
ROA not before:           Mon 01 Jan 2024 04:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30934
IP address blocks:        212.243.12.0/24 maxlen: 24
                          195.65.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:d7:32:0d:6a:1b:6a:58:84:f6:66:18:49:11:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=830a2da0327b76064d30035b109e4cfcf27122c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ec:a3:8f:68:7a:d4:ef:5b:0c:b0:03:8a:c5:
                    fb:4f:1b:13:0d:62:b8:e6:eb:43:da:d3:a3:09:0d:
                    84:a9:26:b1:03:a7:01:2a:a6:2b:4c:11:27:cd:41:
                    cf:ae:71:8b:14:f9:92:64:f9:e1:2a:56:b4:07:30:
                    2f:b4:41:0e:4b:ab:2f:31:25:62:8b:63:42:d9:bc:
                    dd:e0:fe:39:82:39:65:50:c9:c3:90:d9:e1:c2:9a:
                    9f:8d:12:b6:8e:2f:d8:36:b2:25:b0:3d:de:5e:a6:
                    92:cc:2a:a5:c2:7a:69:df:b0:eb:d6:5c:7d:c5:ec:
                    bf:3e:5e:5b:ed:d4:f2:82:d1:63:27:0d:f7:2d:fd:
                    74:dd:54:12:d9:e3:74:65:b5:49:ab:b8:09:f7:61:
                    ed:e2:c9:e3:b2:6f:53:02:ef:17:c1:70:cc:de:2e:
                    e9:7d:84:74:40:fb:ee:86:1c:fe:46:e7:61:9f:24:
                    da:74:c7:c3:0b:d6:82:d2:78:77:c7:50:75:3e:a7:
                    80:c2:93:8f:9e:9a:63:f8:c1:71:0b:ac:64:33:cd:
                    58:58:87:59:83:8d:10:a7:d8:57:a6:30:ee:db:8f:
                    18:8b:c1:99:06:a3:44:85:06:1a:e5:04:60:05:ee:
                    c2:44:9c:0f:fc:ed:33:26:d1:3f:d0:2e:5e:58:b3:
                    86:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:0A:2D:A0:32:7B:76:06:4D:30:03:5B:10:9E:4C:FC:F2:71:22:C5
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/gwotoDJ7dgZNMANbEJ5M_PJxIsU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.65.103.0/24
                  212.243.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:50:f6:5c:4e:fa:61:76:3f:fa:5a:e5:d5:ae:ba:49:89:8d:
         ab:4b:a8:4b:18:a1:31:f6:52:9b:6f:0f:76:ce:95:10:50:e8:
         17:41:ee:cb:85:dc:55:ac:de:7d:be:5e:95:d6:42:df:07:c1:
         36:2f:1f:3c:b9:43:b8:e5:6b:b6:09:ad:41:35:02:52:1d:b4:
         90:d8:54:7d:2a:18:c4:fd:77:e8:71:70:09:49:1f:0e:85:bf:
         63:df:fe:d5:5f:df:e2:1e:a8:a9:85:fc:d0:70:15:e0:6b:cd:
         9e:6b:24:21:3d:cd:61:41:cb:70:cb:6d:10:17:aa:91:37:69:
         6d:3e:71:9a:1c:72:c0:1e:f6:e4:ae:8b:6a:67:e9:23:9d:fa:
         f3:68:86:9f:ab:47:cb:f5:4f:2e:67:ce:e9:24:47:92:35:4e:
         d2:dc:3a:44:f6:89:9a:1a:66:fd:5e:67:78:9e:6b:0c:55:3d:
         28:62:ca:0e:32:6a:29:b3:36:db:55:fb:30:76:40:9d:1c:1f:
         60:ca:fc:f3:09:d8:d8:97:57:ac:0b:dd:e5:c5:7d:ed:06:f3:
         b3:89:9a:be:a8:0f:c9:d7:21:e6:ae:5f:3a:7b:7c:e8:46:7b:
         31:5a:93:36:9e:a7:4b:f3:20:3d:f5:8a:40:68:29:44:96:fe:
         d5:28:4f:a0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSNcyDWobaliE9mYYSRHSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzBhMmRhMDMyN2I3NjA2NGQzMDAzNWIxMDllNGNmY2YyNzEyMmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApeyjj2h61O9bDLADisX7TxsTDWK4
5utD2tOjCQ2EqSaxA6cBKqYrTBEnzUHPrnGLFPmSZPnhKla0BzAvtEEOS6svMSVi
i2NC2bzd4P45gjllUMnDkNnhwpqfjRK2ji/YNrIlsD3eXqaSzCqlwnpp37Dr1lx9
xey/Pl5b7dTygtFjJw33Lf103VQS2eN0ZbVJq7gJ92Ht4snjsm9TAu8XwXDM3i7p
fYR0QPvuhhz+RudhnyTadMfDC9aC0nh3x1B1PqeAwpOPnppj+MFxC6xkM81YWIdZ
g40Qp9hXpjDu248Yi8GZBqNEhQYa5QRgBe7CRJwP/O0zJtE/0C5eWLOGjQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIMKLaAye3YGTTADWxCeTPzycSLFMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvZ3dvdG9ESjdkZ1pOTUFOYkVKNU1fUEp4SXNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw0FnAwQA
1PMMMA0GCSqGSIb3DQEBCwUAA4IBAQBEUPZcTvphdj/6WuXVrrpJiY2rS6hLGKEx
9lKbbw92zpUQUOgXQe7LhdxVrN59vl6V1kLfB8E2Lx88uUO45Wu2Ca1BNQJSHbSQ
2FR9KhjE/XfocXAJSR8Ohb9j3/7VX9/iHqiphfzQcBXga82eayQhPc1hQctwy20Q
F6qRN2ltPnGaHHLAHvbkrotqZ+kjnfrzaIafq0fL9U8uZ87pJEeSNU7S3DpE9oma
Gmb9Xmd4nmsMVT0oYsoOMmopszbbVfswdkCdHB9gyvzzCdjYl1esC93lxX3tBvOz
iZq+qA/J1yHmrl86e3zoRnsxWpM2nqdL8yA99YpAaClElv7VKE+g
-----END CERTIFICATE-----