Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/e22fea-84d0-406a-8a6f-46f5fa2c9303/1/gle9Dwl_2Rccu4ZJ7r8miUITMaQ.roa
File:                     gle9Dwl_2Rccu4ZJ7r8miUITMaQ.roa (raw, json)
Hash identifier:          IiVszSxukdGa77+DJ73NbNH0TJ/hmheLlsRhxDN6aik=
Subject key identifier:   82:57:BD:0F:09:7F:D9:17:1C:BB:86:49:EE:BF:26:89:42:13:31:A4
Certificate issuer:       /CN=f0c49c2178e82fdc1f419f5a7c51721df53d7a48
Certificate serial:       018CC3495CC6F6C5113B8720BCABA045E85A
Authority key identifier: F0:C4:9C:21:78:E8:2F:DC:1F:41:9F:5A:7C:51:72:1D:F5:3D:7A:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8MScIXjoL9wfQZ9afFFyHfU9ekg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/e22fea-84d0-406a-8a6f-46f5fa2c9303/1/gle9Dwl_2Rccu4ZJ7r8miUITMaQ.roa
Signing time:             Mon 01 Jan 2024 04:30:14 +0000
ROA not before:           Mon 01 Jan 2024 04:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20495
IP address blocks:        185.52.60.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/e22fea-84d0-406a-8a6f-46f5fa2c9303/1/8MScIXjoL9wfQZ9afFFyHfU9ekg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/e22fea-84d0-406a-8a6f-46f5fa2c9303/1/8MScIXjoL9wfQZ9afFFyHfU9ekg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8MScIXjoL9wfQZ9afFFyHfU9ekg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:5c:c6:f6:c5:11:3b:87:20:bc:ab:a0:45:e8:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0c49c2178e82fdc1f419f5a7c51721df53d7a48
        Validity
            Not Before: Jan  1 04:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8257bd0f097fd9171cbb8649eebf2689421331a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:ff:99:7e:0b:6e:75:95:06:19:d5:19:17:5e:
                    8c:d7:54:8d:57:b1:24:bd:cb:a6:fa:0b:1a:fd:3e:
                    ea:80:af:6a:b3:7e:be:5f:71:72:b0:4b:3d:2a:1e:
                    81:c1:2f:ec:41:d6:97:c0:68:98:f1:04:f5:78:ba:
                    62:87:12:88:30:0b:55:55:e9:7c:07:8c:be:cf:d5:
                    4f:7c:af:a5:c1:09:92:73:ab:41:9c:fd:07:e3:0d:
                    7b:b3:3f:09:f2:17:2c:3c:26:64:44:94:ba:56:a5:
                    f0:a9:30:65:da:47:eb:c9:67:e9:7f:4a:e3:bb:54:
                    03:bb:62:b8:38:00:f1:86:e2:46:28:39:e9:51:34:
                    6c:e5:4a:78:31:50:2a:54:39:a2:a9:35:f2:94:ac:
                    60:f3:cd:51:ac:7a:62:64:b6:f2:88:39:64:e6:97:
                    24:ef:7f:8a:08:8c:15:50:16:59:6f:9a:d6:79:70:
                    71:96:8d:25:62:ae:2d:07:17:ec:4e:6b:f1:be:8e:
                    85:4c:21:ee:07:2c:3a:d7:d3:fc:22:4c:4c:4d:96:
                    9f:03:df:82:3f:f4:20:c2:f8:4e:6f:6e:3e:55:ad:
                    76:21:86:e1:05:e6:f2:a8:1f:20:f1:b2:74:a1:ba:
                    7d:1d:3b:99:d0:3a:59:c9:75:fa:8f:cd:52:59:86:
                    31:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:57:BD:0F:09:7F:D9:17:1C:BB:86:49:EE:BF:26:89:42:13:31:A4
            X509v3 Authority Key Identifier:
                keyid:F0:C4:9C:21:78:E8:2F:DC:1F:41:9F:5A:7C:51:72:1D:F5:3D:7A:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8MScIXjoL9wfQZ9afFFyHfU9ekg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/e22fea-84d0-406a-8a6f-46f5fa2c9303/1/gle9Dwl_2Rccu4ZJ7r8miUITMaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/e22fea-84d0-406a-8a6f-46f5fa2c9303/1/8MScIXjoL9wfQZ9afFFyHfU9ekg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.52.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:91:df:93:8d:bd:e5:31:72:9e:17:dc:15:5f:f5:27:92:ba:
         4a:3c:91:5a:e1:b1:08:14:f5:8b:35:77:b9:eb:98:95:4c:13:
         fb:57:a1:be:3a:cf:0f:c6:04:5c:8a:4d:02:b4:c7:5e:3b:0a:
         27:e6:a0:2f:f3:77:a3:ab:fd:53:d5:a0:5e:f3:74:3d:35:37:
         61:22:55:1c:f8:81:a8:e1:65:10:ed:b6:d4:09:ed:7d:72:64:
         36:e9:74:76:bf:fa:36:46:16:f1:5a:45:f7:f2:29:8c:5f:9e:
         0e:14:ea:40:b8:67:41:6e:4c:fe:ad:4a:c9:a0:20:c1:6a:1f:
         f6:3a:69:b9:b2:a2:10:09:91:d5:f7:87:30:22:0e:29:86:26:
         23:8b:2f:4d:bb:88:8a:d6:0b:4c:73:36:9d:4a:e6:67:8a:29:
         a1:66:07:f7:46:bc:f2:d9:29:4b:7e:94:0a:8d:ea:37:2b:d2:
         06:be:a6:9e:44:13:bf:ef:08:6c:28:88:50:d9:64:11:3d:06:
         76:f4:9a:0b:88:6c:f9:a6:24:9f:04:f7:f4:da:38:b2:99:22:
         cf:87:12:5b:9a:a8:90:85:2e:7c:df:2a:c7:4e:cf:8e:29:69:
         ea:01:ac:80:dc:f5:cd:8f:a2:4d:d1:1c:79:98:bc:ec:5c:aa:
         0c:e1:f2:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVzG9sURO4cgvKugRehaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwYzQ5YzIxNzhlODJmZGMxZjQxOWY1YTdjNTE3MjFkZjUz
ZDdhNDgwHhcNMjQwMTAxMDQzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjU3YmQwZjA5N2ZkOTE3MWNiYjg2NDllZWJmMjY4OTQyMTMzMWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzP+ZfgtudZUGGdUZF16M11SNV7Ek
vcum+gsa/T7qgK9qs36+X3FysEs9Kh6BwS/sQdaXwGiY8QT1eLpihxKIMAtVVel8
B4y+z9VPfK+lwQmSc6tBnP0H4w17sz8J8hcsPCZkRJS6VqXwqTBl2kfryWfpf0rj
u1QDu2K4OADxhuJGKDnpUTRs5Up4MVAqVDmiqTXylKxg881RrHpiZLbyiDlk5pck
73+KCIwVUBZZb5rWeXBxlo0lYq4tBxfsTmvxvo6FTCHuByw619P8IkxMTZafA9+C
P/QgwvhOb24+Va12IYbhBebyqB8g8bJ0obp9HTuZ0DpZyXX6j81SWYYx5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIJXvQ8Jf9kXHLuGSe6/JolCEzGkMB8GA1UdIwQY
MBaAFPDEnCF46C/cH0GfWnxRch31PXpIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE1TY0lYam9MOXdmUVo5YWZGRnlIZlU5ZWtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS9lMjJmZWEtODRkMC00MDZhLThhNmYt
NDZmNWZhMmM5MzAzLzEvZ2xlOUR3bF8yUmNjdTRaSjdyOG1pVUlUTWFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS9lMjJmZWEtODRkMC00MDZhLThhNmYtNDZmNWZhMmM5MzAz
LzEvOE1TY0lYam9MOXdmUVo5YWZGRnlIZlU5ZWtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTQ8MA0G
CSqGSIb3DQEBCwUAA4IBAQAvkd+Tjb3lMXKeF9wVX/UnkrpKPJFa4bEIFPWLNXe5
65iVTBP7V6G+Os8PxgRcik0CtMdeOwon5qAv83ejq/1T1aBe83Q9NTdhIlUc+IGo
4WUQ7bbUCe19cmQ26XR2v/o2RhbxWkX38imMX54OFOpAuGdBbkz+rUrJoCDBah/2
Omm5sqIQCZHV94cwIg4phiYjiy9Nu4iK1gtMczadSuZniimhZgf3Rrzy2SlLfpQK
jeo3K9IGvqaeRBO/7whsKIhQ2WQRPQZ29JoLiGz5piSfBPf02jiymSLPhxJbmqiQ
hS583yrHTs+OKWnqAayA3PXNj6JN0Rx5mLzsXKoM4fK1
-----END CERTIFICATE-----