Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/gOJj2smQhFOlOiLQZeStq8ANlSo.roa
File:                     gOJj2smQhFOlOiLQZeStq8ANlSo.roa (raw, json)
Hash identifier:          agLe2wQtDjR1OU0uD3p4d//Z48g4lLvgLqvTJGfM7WA=
Subject key identifier:   80:E2:63:DA:C9:90:84:53:A5:3A:22:D0:65:E4:AD:AB:C0:0D:95:2A
Certificate issuer:       /CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
Certificate serial:       018CC26D30A15B925258314C6E8D8A1DEC48
Authority key identifier: 29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/gOJj2smQhFOlOiLQZeStq8ANlSo.roa
Signing time:             Mon 01 Jan 2024 00:29:44 +0000
ROA not before:           Mon 01 Jan 2024 00:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202861
IP address blocks:        185.107.226.0/23 maxlen: 23
                          2a05:1500:300::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:30:a1:5b:92:52:58:31:4c:6e:8d:8a:1d:ec:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
        Validity
            Not Before: Jan  1 00:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80e263dac9908453a53a22d065e4adabc00d952a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:a7:97:ee:6b:38:ca:07:de:02:82:4a:17:d3:
                    9a:ff:9e:76:ae:0a:bb:43:2a:76:91:eb:44:39:ab:
                    9a:c8:45:9d:03:4d:84:ea:5e:a8:e5:40:71:ae:a1:
                    51:c4:2e:9b:90:41:b3:35:7c:a9:f7:35:e4:6a:af:
                    02:9e:10:f7:37:de:3a:a5:b3:f0:28:c7:bb:74:a2:
                    03:8c:ae:e9:8d:17:8e:c9:26:ae:02:51:f1:1f:76:
                    5e:19:81:72:32:5e:37:2d:e5:ad:6f:d0:78:3d:67:
                    59:70:24:ea:9c:45:28:f4:50:09:ab:bd:db:4d:4c:
                    6b:4b:d3:4a:f2:93:4f:b9:dc:82:1e:a8:34:54:b8:
                    1f:7f:85:ee:8f:ad:96:d2:4a:56:73:b9:07:6f:96:
                    24:1c:31:94:75:af:93:1f:8f:04:9e:ab:af:39:2b:
                    b3:14:a6:24:96:7c:40:17:64:d4:be:74:ff:d8:a5:
                    39:4f:2e:b8:1f:e8:d0:a0:d8:d3:66:0f:5b:c7:c0:
                    84:02:2f:cf:9b:83:ce:f6:03:fc:22:53:23:54:38:
                    34:df:d5:75:f9:60:96:f5:d5:2c:c7:6d:89:74:c3:
                    8c:61:c0:76:aa:65:84:34:d9:ca:e2:69:c8:0e:02:
                    e7:01:d2:f2:6e:c8:b3:e8:3a:5c:9b:0c:40:0c:9a:
                    e3:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:E2:63:DA:C9:90:84:53:A5:3A:22:D0:65:E4:AD:AB:C0:0D:95:2A
            X509v3 Authority Key Identifier:
                keyid:29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/gOJj2smQhFOlOiLQZeStq8ANlSo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.107.226.0/23
                IPv6:
                  2a05:1500:300::/40

    Signature Algorithm: sha256WithRSAEncryption
         8c:fd:20:c3:57:aa:84:c9:5f:91:c3:90:f0:4d:48:75:6b:a6:
         6e:38:db:70:2c:82:5b:34:c5:ff:28:8d:48:f6:51:52:1e:da:
         48:5c:d3:e8:c4:b6:61:07:6e:66:b0:a5:f6:6b:49:d5:b6:5b:
         04:9f:a3:c3:57:dd:ca:22:68:cd:16:2f:9e:73:5d:f1:53:ff:
         f8:f1:1e:28:2d:fe:0b:e3:33:3a:df:74:06:fe:cf:d1:a8:21:
         57:67:84:02:3b:fc:02:93:23:e6:b1:cd:3b:72:a4:48:34:a1:
         e1:a4:9d:68:a4:fe:3c:66:c1:73:8f:4f:57:7a:27:e0:a2:22:
         b6:73:df:c7:7c:4d:95:ee:24:31:fb:74:17:60:30:4b:a4:8a:
         99:f3:6f:95:5d:e6:ef:80:7b:96:5b:e9:46:7c:bb:6b:64:ed:
         b5:e0:11:f2:14:52:6e:23:87:55:9a:60:5a:b9:e4:00:1c:64:
         42:17:1e:93:92:f3:5b:f3:75:cc:8b:20:46:0e:8f:75:83:70:
         db:5d:9c:e4:46:f0:50:fe:46:95:d7:39:fb:c6:1b:f1:fe:5f:
         ef:e7:dc:3f:41:d9:59:45:61:61:82:9b:a1:f7:91:48:26:7f:
         1d:25:74:61:21:62:ec:e0:7c:c9:ab:56:b9:5e:77:40:0b:7b:
         bf:52:ac:12
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzCbTChW5JSWDFMbo2KHexIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MDlmZmZjZDgxYTY2YmM5OGI2MjlkNGMwNTc5MjQ3NjQ1
ZjBmZTQwHhcNMjQwMTAxMDAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGUyNjNkYWM5OTA4NDUzYTUzYTIyZDA2NWU0YWRhYmMwMGQ5NTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApqeX7ms4ygfeAoJKF9Oa/552rgq7
Qyp2ketEOauayEWdA02E6l6o5UBxrqFRxC6bkEGzNXyp9zXkaq8CnhD3N946pbPw
KMe7dKIDjK7pjReOySauAlHxH3ZeGYFyMl43LeWtb9B4PWdZcCTqnEUo9FAJq73b
TUxrS9NK8pNPudyCHqg0VLgff4Xuj62W0kpWc7kHb5YkHDGUda+TH48EnquvOSuz
FKYklnxAF2TUvnT/2KU5Ty64H+jQoNjTZg9bx8CEAi/Pm4PO9gP8IlMjVDg039V1
+WCW9dUsx22JdMOMYcB2qmWENNnK4mnIDgLnAdLybsiz6DpcmwxADJrjkwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFIDiY9rJkIRTpToi0GXkravADZUqMB8GA1UdIwQY
MBaAFCkJ//zYGma8mLYp1MBXkkdkXw/kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2Qt
ZjJhZTdiYzdlY2M1LzEvZ09KajJzbVFoRk9sT2lMUVplU3RxOEFObFNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2QtZjJhZTdiYzdlY2M1
LzEvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQBuWviMA4E
AgACMAgDBgAqBRUAAzANBgkqhkiG9w0BAQsFAAOCAQEAjP0gw1eqhMlfkcOQ8E1I
dWumbjjbcCyCWzTF/yiNSPZRUh7aSFzT6MS2YQduZrCl9mtJ1bZbBJ+jw1fdyiJo
zRYvnnNd8VP/+PEeKC3+C+MzOt90Bv7P0aghV2eEAjv8ApMj5rHNO3KkSDSh4aSd
aKT+PGbBc49PV3on4KIitnPfx3xNle4kMft0F2AwS6SKmfNvlV3m74B7llvpRny7
a2TtteAR8hRSbiOHVZpgWrnkABxkQhcek5LzW/N1zIsgRg6PdYNw212c5EbwUP5G
ldc5+8Yb8f5f7+fcP0HZWUVhYYKbofeRSCZ/HSV0YSFi7OB8yatWuV53QAt7v1Ks
Eg==
-----END CERTIFICATE-----