Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/b361ef-5f69-4bcb-983c-21128027255d/1/gG-lPQ622H10sfCL0qaPUkC3QYk.roa
File:                     gG-lPQ622H10sfCL0qaPUkC3QYk.roa (raw, json)
Hash identifier:          5W8Zqrn9h3WK+YXGuS6JIHv25u2N6ndUsblb647vuA8=
Subject key identifier:   80:6F:A5:3D:0E:B6:D8:7D:74:B1:F0:8B:D2:A6:8F:52:40:B7:41:89
Certificate issuer:       /CN=f7977af580c850cc8bf90649f9bda8a6a48bf396
Certificate serial:       018D91A6F9AD6504F8A4D77990FD058253A3
Authority key identifier: F7:97:7A:F5:80:C8:50:CC:8B:F9:06:49:F9:BD:A8:A6:A4:8B:F3:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/95d69YDIUMyL-QZJ-b2opqSL85Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/b361ef-5f69-4bcb-983c-21128027255d/1/gG-lPQ622H10sfCL0qaPUkC3QYk.roa
Signing time:             Sat 10 Feb 2024 06:14:15 +0000
ROA not before:           Sat 10 Feb 2024 06:14:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213173
IP address blocks:        84.54.12.0/24 maxlen: 24
                          193.176.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/b361ef-5f69-4bcb-983c-21128027255d/1/95d69YDIUMyL-QZJ-b2opqSL85Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/b361ef-5f69-4bcb-983c-21128027255d/1/95d69YDIUMyL-QZJ-b2opqSL85Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/95d69YDIUMyL-QZJ-b2opqSL85Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:91:a6:f9:ad:65:04:f8:a4:d7:79:90:fd:05:82:53:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7977af580c850cc8bf90649f9bda8a6a48bf396
        Validity
            Not Before: Feb 10 06:14:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=806fa53d0eb6d87d74b1f08bd2a68f5240b74189
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c3:ba:30:20:5e:87:60:d1:9a:e3:8a:ed:27:
                    93:a3:dc:7b:6d:60:92:d1:21:b9:d0:df:ac:1b:12:
                    2a:61:b4:3f:bb:95:cd:18:9a:ba:32:c0:92:cf:c7:
                    f4:f1:67:8c:ba:ea:97:7b:7c:d4:b7:b7:63:b2:93:
                    30:94:17:a1:2d:ee:90:46:37:27:c3:fe:cc:83:41:
                    c2:14:18:d1:61:bb:29:a3:62:4e:8a:66:54:61:d4:
                    c7:14:b2:1c:cf:02:6a:c0:b2:77:ef:08:b4:fa:d7:
                    da:bb:76:1b:a2:ba:ad:df:81:57:3d:2d:9e:29:60:
                    ea:55:84:15:6c:32:98:33:98:ef:92:dc:6d:fa:f0:
                    b7:fd:2e:c4:9c:6f:bb:f7:ac:ff:26:7e:23:eb:34:
                    51:d4:b1:b3:84:27:ed:a9:c2:80:22:b7:a3:f4:c6:
                    a5:bf:16:95:cd:6b:fd:b9:15:3b:f7:8b:06:c5:ba:
                    82:b6:a2:6d:7e:ec:6c:8c:f7:b6:8b:fd:2b:e2:37:
                    f4:61:24:7d:6f:0c:ea:bb:7a:6a:d3:88:b2:25:d4:
                    65:da:0f:2a:65:7b:40:3b:c9:72:dc:0f:27:55:65:
                    d3:65:f0:de:6c:8c:b1:50:5e:ac:c2:1d:1f:7e:a5:
                    38:f5:24:a5:2f:54:cf:d6:b5:4a:3f:03:e9:b1:92:
                    63:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:6F:A5:3D:0E:B6:D8:7D:74:B1:F0:8B:D2:A6:8F:52:40:B7:41:89
            X509v3 Authority Key Identifier:
                keyid:F7:97:7A:F5:80:C8:50:CC:8B:F9:06:49:F9:BD:A8:A6:A4:8B:F3:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/95d69YDIUMyL-QZJ-b2opqSL85Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/b361ef-5f69-4bcb-983c-21128027255d/1/gG-lPQ622H10sfCL0qaPUkC3QYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/b361ef-5f69-4bcb-983c-21128027255d/1/95d69YDIUMyL-QZJ-b2opqSL85Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.12.0/24
                  193.176.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:b8:63:44:82:1e:25:5b:d7:f8:9c:a5:70:7a:4a:2d:73:ec:
         7b:7b:b4:48:4f:70:02:fd:0d:76:02:18:a4:7f:f7:e2:bb:0f:
         c8:e2:1d:ad:db:c9:a1:0d:c3:c2:74:0b:6d:39:79:79:d0:4b:
         70:f1:bb:96:be:e8:20:c2:35:53:97:97:48:4f:dd:8b:b2:9b:
         fb:0e:31:85:75:ad:f4:1d:4a:08:ae:fb:48:47:f2:07:1d:72:
         18:a0:82:e2:c0:05:da:cd:db:e3:21:fa:67:7d:d7:89:e1:5a:
         54:a8:70:92:c6:3b:4e:41:71:f7:bb:db:70:79:15:a6:d0:ba:
         dd:eb:2e:1d:a8:9f:36:19:2b:b2:ce:25:83:b0:22:77:47:0a:
         3d:a0:34:b5:b6:eb:d5:45:c6:01:04:ee:2c:5b:05:3f:e3:eb:
         a0:d2:70:26:da:a0:29:9b:e6:aa:9a:50:42:a0:2e:92:08:cc:
         76:0e:12:69:f4:bd:f3:8f:11:44:36:55:06:22:59:76:6e:77:
         eb:94:a0:bd:9d:8c:bd:9c:11:a5:f5:52:47:07:77:27:c0:f2:
         af:2a:cb:d9:0e:98:fa:ea:eb:7a:f6:51:15:da:74:d8:85:28:
         b4:e0:ac:66:fb:c3:e8:85:f0:9b:d8:02:e8:d6:25:41:2e:fb:
         f9:ac:d6:c9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2RpvmtZQT4pNd5kP0FglOjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3OTc3YWY1ODBjODUwY2M4YmY5MDY0OWY5YmRhOGE2YTQ4
YmYzOTYwHhcNMjQwMjEwMDYxNDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDZmYTUzZDBlYjZkODdkNzRiMWYwOGJkMmE2OGY1MjQwYjc0MTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAssO6MCBeh2DRmuOK7SeTo9x7bWCS
0SG50N+sGxIqYbQ/u5XNGJq6MsCSz8f08WeMuuqXe3zUt7djspMwlBehLe6QRjcn
w/7Mg0HCFBjRYbspo2JOimZUYdTHFLIczwJqwLJ37wi0+tfau3Yborqt34FXPS2e
KWDqVYQVbDKYM5jvktxt+vC3/S7EnG+796z/Jn4j6zRR1LGzhCftqcKAIrej9Mal
vxaVzWv9uRU794sGxbqCtqJtfuxsjPe2i/0r4jf0YSR9bwzqu3pq04iyJdRl2g8q
ZXtAO8ly3A8nVWXTZfDebIyxUF6swh0ffqU49SSlL1TP1rVKPwPpsZJjuQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIBvpT0Otth9dLHwi9Kmj1JAt0GJMB8GA1UdIwQY
MBaAFPeXevWAyFDMi/kGSfm9qKaki/OWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTVkNjlZRElVTXlMLVFaSi1iMm9wcVNMODVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9iMzYxZWYtNWY2OS00YmNiLTk4M2Mt
MjExMjgwMjcyNTVkLzEvZ0ctbFBRNjIySDEwc2ZDTDBxYVBVa0MzUVlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9iMzYxZWYtNWY2OS00YmNiLTk4M2MtMjExMjgwMjcyNTVk
LzEvOTVkNjlZRElVTXlMLVFaSi1iMm9wcVNMODVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVDYMAwQA
wbDvMA0GCSqGSIb3DQEBCwUAA4IBAQAnuGNEgh4lW9f4nKVwekotc+x7e7RIT3AC
/Q12Ahikf/fiuw/I4h2t28mhDcPCdAttOXl50Etw8buWvuggwjVTl5dIT92Lspv7
DjGFda30HUoIrvtIR/IHHXIYoILiwAXazdvjIfpnfdeJ4VpUqHCSxjtOQXH3u9tw
eRWm0Lrd6y4dqJ82GSuyziWDsCJ3Rwo9oDS1tuvVRcYBBO4sWwU/4+ug0nAm2qAp
m+aqmlBCoC6SCMx2DhJp9L3zjxFENlUGIll2bnfrlKC9nYy9nBGl9VJHB3cnwPKv
KsvZDpj66ut69lEV2nTYhSi04Kxm+8PohfCb2ALo1iVBLvv5rNbJ
-----END CERTIFICATE-----