Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/ecda3d-a2db-4908-862f-111056369a23/1/cgf-zS-5JS1jlTjEemFU8o8jilY.roa
File:                     cgf-zS-5JS1jlTjEemFU8o8jilY.roa (raw, json)
Hash identifier:          m0Njn+arexlq04Dy3aaK2j8YCTKd6cUrfWZxTpdG+Iw=
Subject key identifier:   72:07:FE:CD:2F:B9:25:2D:63:95:38:C4:7A:61:54:F2:8F:23:8A:56
Certificate issuer:       /CN=340bea3fcc3cbcedc82919cf57c74108baea369e
Certificate serial:       018CC5000F2D1AB9759A4E56813124CA6B49
Authority key identifier: 34:0B:EA:3F:CC:3C:BC:ED:C8:29:19:CF:57:C7:41:08:BA:EA:36:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NAvqP8w8vO3IKRnPV8dBCLrqNp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/ecda3d-a2db-4908-862f-111056369a23/1/cgf-zS-5JS1jlTjEemFU8o8jilY.roa
Signing time:             Mon 01 Jan 2024 12:29:24 +0000
ROA not before:           Mon 01 Jan 2024 12:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     133757
IP address blocks:        185.100.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/ecda3d-a2db-4908-862f-111056369a23/1/NAvqP8w8vO3IKRnPV8dBCLrqNp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/ecda3d-a2db-4908-862f-111056369a23/1/NAvqP8w8vO3IKRnPV8dBCLrqNp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NAvqP8w8vO3IKRnPV8dBCLrqNp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:0f:2d:1a:b9:75:9a:4e:56:81:31:24:ca:6b:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=340bea3fcc3cbcedc82919cf57c74108baea369e
        Validity
            Not Before: Jan  1 12:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7207fecd2fb9252d639538c47a6154f28f238a56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:23:97:75:8f:b0:8c:1d:14:dc:b6:38:c9:16:
                    a0:40:c6:ae:88:bc:29:09:ad:ec:22:96:4a:6e:89:
                    1c:75:86:74:02:90:24:77:d2:c7:86:b9:08:59:70:
                    d4:76:9d:27:32:01:49:58:2f:0a:40:2d:41:91:50:
                    d7:69:35:d7:c7:4e:f3:56:24:77:9b:96:10:80:27:
                    15:56:bd:cd:f5:b3:77:53:09:44:13:4f:58:50:9a:
                    f8:64:af:a6:5a:3f:a4:68:84:14:17:41:f7:35:d8:
                    74:5e:5c:25:3f:6b:09:52:90:fb:c3:a7:e1:1f:33:
                    e1:0f:a4:36:89:60:63:a3:df:af:95:b6:9c:d8:a6:
                    11:00:df:5c:88:ca:85:98:da:08:9e:7e:d7:58:a0:
                    4e:3b:11:70:0c:33:e6:87:28:03:6f:c6:d8:e4:c3:
                    30:0f:50:05:72:3e:03:7a:31:b8:54:13:40:6b:95:
                    e4:1a:88:8e:3c:1e:14:41:9f:11:9f:1f:d3:b5:5f:
                    b7:f4:bf:1a:16:b2:b0:07:00:90:60:b6:5d:ab:c2:
                    19:e7:53:e6:21:eb:ad:06:44:aa:39:e0:c3:01:d4:
                    1f:87:99:17:52:7e:6d:f7:d6:aa:10:49:6f:57:43:
                    37:54:41:05:b3:18:02:1c:2b:45:40:e4:c6:f6:4d:
                    2c:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:07:FE:CD:2F:B9:25:2D:63:95:38:C4:7A:61:54:F2:8F:23:8A:56
            X509v3 Authority Key Identifier:
                keyid:34:0B:EA:3F:CC:3C:BC:ED:C8:29:19:CF:57:C7:41:08:BA:EA:36:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NAvqP8w8vO3IKRnPV8dBCLrqNp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/ecda3d-a2db-4908-862f-111056369a23/1/cgf-zS-5JS1jlTjEemFU8o8jilY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/ecda3d-a2db-4908-862f-111056369a23/1/NAvqP8w8vO3IKRnPV8dBCLrqNp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:da:45:31:5a:61:d9:5e:9e:f5:58:63:3f:3f:4a:24:89:e0:
         3c:02:72:fc:0a:66:0c:fd:40:26:41:6b:2b:3c:13:72:03:f8:
         6b:97:07:4c:cc:a4:6a:eb:2e:ea:75:29:82:a7:66:d6:1a:49:
         16:4a:1c:f5:c4:af:8d:bb:34:54:ac:54:11:03:96:d4:41:f3:
         a7:4b:8c:73:46:2f:fd:0d:24:6b:a9:5f:50:b7:82:21:6a:ae:
         19:7d:61:0c:bb:bf:56:03:35:42:1e:8d:19:42:8d:cf:01:16:
         49:b0:8b:67:78:68:d1:7b:f9:25:25:21:2a:bf:f1:c5:0d:f4:
         ed:59:49:4e:c5:2b:75:35:76:df:ee:c7:81:fc:f5:bf:ca:3b:
         b3:20:77:51:6a:c2:a3:18:dd:53:8b:46:3f:00:20:f0:12:e7:
         74:bc:5e:8b:2f:9c:b4:cb:13:b1:16:96:cc:14:29:8e:18:dc:
         95:bd:18:81:22:b6:47:6d:18:13:74:57:02:aa:68:9d:27:3d:
         dc:b3:d2:cd:b5:82:57:e8:d4:d0:ac:83:85:2f:cd:1f:e4:cd:
         75:9e:b5:26:6a:a0:59:64:19:9c:5a:b4:10:11:2e:42:35:37:
         77:19:05:62:a1:76:f5:c6:d4:7f:de:2e:e7:80:f4:71:9b:64:
         2a:2f:39:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAA8tGrl1mk5WgTEkymtJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MGJlYTNmY2MzY2JjZWRjODI5MTljZjU3Yzc0MTA4YmFl
YTM2OWUwHhcNMjQwMTAxMTIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjA3ZmVjZDJmYjkyNTJkNjM5NTM4YzQ3YTYxNTRmMjhmMjM4YTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSOXdY+wjB0U3LY4yRagQMauiLwp
Ca3sIpZKbokcdYZ0ApAkd9LHhrkIWXDUdp0nMgFJWC8KQC1BkVDXaTXXx07zViR3
m5YQgCcVVr3N9bN3UwlEE09YUJr4ZK+mWj+kaIQUF0H3Ndh0XlwlP2sJUpD7w6fh
HzPhD6Q2iWBjo9+vlbac2KYRAN9ciMqFmNoInn7XWKBOOxFwDDPmhygDb8bY5MMw
D1AFcj4DejG4VBNAa5XkGoiOPB4UQZ8Rnx/TtV+39L8aFrKwBwCQYLZdq8IZ51Pm
IeutBkSqOeDDAdQfh5kXUn5t99aqEElvV0M3VEEFsxgCHCtFQOTG9k0sYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHIH/s0vuSUtY5U4xHphVPKPI4pWMB8GA1UdIwQY
MBaAFDQL6j/MPLztyCkZz1fHQQi66jaeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkF2cVA4dzh2TzNJS1JuUFY4ZEJDTHJxTnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9lY2RhM2QtYTJkYi00OTA4LTg2MmYt
MTExMDU2MzY5YTIzLzEvY2dmLXpTLTVKUzFqbFRqRWVtRlU4bzhqaWxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9lY2RhM2QtYTJkYi00OTA4LTg2MmYtMTExMDU2MzY5YTIz
LzEvTkF2cVA4dzh2TzNJS1JuUFY4ZEJDTHJxTnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWRzMA0G
CSqGSIb3DQEBCwUAA4IBAQBF2kUxWmHZXp71WGM/P0okieA8AnL8CmYM/UAmQWsr
PBNyA/hrlwdMzKRq6y7qdSmCp2bWGkkWShz1xK+NuzRUrFQRA5bUQfOnS4xzRi/9
DSRrqV9Qt4Ihaq4ZfWEMu79WAzVCHo0ZQo3PARZJsItneGjRe/klJSEqv/HFDfTt
WUlOxSt1NXbf7seB/PW/yjuzIHdRasKjGN1Ti0Y/ACDwEud0vF6LL5y0yxOxFpbM
FCmOGNyVvRiBIrZHbRgTdFcCqmidJz3cs9LNtYJX6NTQrIOFL80f5M11nrUmaqBZ
ZBmcWrQQES5CNTd3GQVioXb1xtR/3i7ngPRxm2QqLzkx
-----END CERTIFICATE-----