Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/glXP9O9UxY2TcMmS7Nj-poirZO8.roa
File:                     glXP9O9UxY2TcMmS7Nj-poirZO8.roa (raw, json)
Hash identifier:          1Zk23Q/0TlEORkhQzTVqScqv28eV2rDXLqVJPpWcTL4=
Subject key identifier:   82:55:CF:F4:EF:54:C5:8D:93:70:C9:92:EC:D8:FE:A6:88:AB:64:EF
Certificate issuer:       /CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
Certificate serial:       019111C712C8ECFC34BD354A38E36573FB58
Authority key identifier: C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/glXP9O9UxY2TcMmS7Nj-poirZO8.roa
Signing time:             Fri 02 Aug 2024 06:29:04 +0000
ROA not before:           Fri 02 Aug 2024 06:29:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398395
IP address blocks:        185.121.26.0/23 maxlen: 32
                          185.187.155.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Oct 2024 16:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:11:c7:12:c8:ec:fc:34:bd:35:4a:38:e3:65:73:fb:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
        Validity
            Not Before: Aug  2 06:29:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8255cff4ef54c58d9370c992ecd8fea688ab64ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ab:25:ed:4a:d3:27:69:9e:6f:80:73:d4:a0:
                    e1:99:af:45:0f:3e:67:7a:6e:5e:70:12:4f:18:50:
                    a2:4e:7c:41:ec:b4:a4:7c:7d:73:b3:e0:a0:a9:a7:
                    15:cd:a3:b8:02:c4:fa:57:99:23:f5:c5:b8:bb:bc:
                    0e:bc:54:45:85:53:79:b7:30:28:6b:20:87:17:da:
                    a8:6e:bf:1c:a2:55:2e:18:fa:58:cd:99:2d:17:04:
                    ef:22:31:eb:0a:d4:48:77:d2:46:e0:39:85:72:09:
                    ee:ac:92:4b:34:75:31:6c:44:59:fc:45:9a:02:22:
                    9f:57:6c:1c:a1:10:f7:6e:4d:a6:88:ab:18:6b:2e:
                    d3:14:c3:5b:a7:c7:16:eb:61:00:89:05:cf:4d:c3:
                    9e:d8:26:73:ef:21:82:9c:2e:52:ba:17:b9:e9:8e:
                    18:42:7d:bf:76:bb:2d:88:8d:69:a4:d4:bb:68:50:
                    44:ab:f2:86:c7:83:bc:08:80:f0:7a:ed:e7:dc:55:
                    db:4e:a4:96:b4:52:86:a1:1e:3e:5b:7b:77:fb:63:
                    df:5d:a0:19:fb:fc:34:f6:cd:5b:50:11:f9:10:9a:
                    60:97:db:64:6e:0b:42:83:cc:35:3a:75:03:ca:5d:
                    bc:aa:44:bf:ec:84:0a:ca:33:8e:65:47:88:e0:87:
                    8d:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:55:CF:F4:EF:54:C5:8D:93:70:C9:92:EC:D8:FE:A6:88:AB:64:EF
            X509v3 Authority Key Identifier:
                keyid:C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/glXP9O9UxY2TcMmS7Nj-poirZO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.26.0/23
                  185.187.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:58:8f:ae:0c:3e:51:1c:1e:f7:bf:ee:ac:df:44:d0:83:4b:
         76:d3:fc:b8:fe:06:97:56:87:a4:e7:a8:c6:22:6f:46:fa:4b:
         c9:08:f7:41:76:d4:9d:60:1d:71:82:7a:57:ea:78:be:72:f5:
         7a:cc:5c:7a:c2:f8:4e:f8:6a:95:f6:05:de:57:e0:8c:42:7b:
         dd:25:68:c1:92:51:37:dd:e2:72:94:ce:2e:64:65:60:01:c2:
         b1:b0:25:c5:3e:49:de:6b:f3:3c:ad:bb:9e:6b:24:15:7d:56:
         7a:a1:7a:6a:86:22:b2:a1:0c:86:0a:61:c6:d4:c0:ad:7c:a0:
         fe:1d:12:d8:90:e7:f9:b7:ca:aa:62:45:d0:7b:65:f3:c2:fe:
         8a:90:90:a9:62:f9:f7:21:0e:fc:a3:0e:4f:25:8e:20:22:60:
         9d:98:99:b8:b1:8f:3a:70:a5:d4:10:8e:7a:6c:79:b1:36:b1:
         b7:ef:ad:98:bf:27:cd:13:ae:82:d2:60:69:1d:fb:df:9b:d2:
         4a:76:6e:58:64:68:76:bc:4f:4a:ab:e8:71:72:60:9b:ce:39:
         e3:26:47:d2:4d:c7:b9:d6:85:85:17:dd:f9:9f:e3:08:4d:c4:
         9e:17:c2:49:07:37:3b:bd:57:6e:be:cf:d8:c7:5d:24:a4:82:
         a4:a9:a9:0e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZERxxLI7Pw0vTVKOONlc/tYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMjgzNDhlOTA1NDk3M2Q3YTVmODE5M2JkNGU1YzQ0ZjY3
Mzk5ZTEwHhcNMjQwODAyMDYyOTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjU1Y2ZmNGVmNTRjNThkOTM3MGM5OTJlY2Q4ZmVhNjg4YWI2NGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6sl7UrTJ2meb4Bz1KDhma9FDz5n
em5ecBJPGFCiTnxB7LSkfH1zs+CgqacVzaO4AsT6V5kj9cW4u7wOvFRFhVN5tzAo
ayCHF9qobr8colUuGPpYzZktFwTvIjHrCtRId9JG4DmFcgnurJJLNHUxbERZ/EWa
AiKfV2wcoRD3bk2miKsYay7TFMNbp8cW62EAiQXPTcOe2CZz7yGCnC5Suhe56Y4Y
Qn2/drstiI1ppNS7aFBEq/KGx4O8CIDweu3n3FXbTqSWtFKGoR4+W3t3+2PfXaAZ
+/w09s1bUBH5EJpgl9tkbgtCg8w1OnUDyl28qkS/7IQKyjOOZUeI4IeNnQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIJVz/TvVMWNk3DJkuzY/qaIq2TvMB8GA1UdIwQY
MBaAFMIoNI6QVJc9el+Bk71OXET2c5nhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMt
ZTg4ZmZmODJkNTUzLzEvZ2xYUDlPOVV4WTJUY01tUzdOai1wb2lyWk84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMtZTg4ZmZmODJkNTUz
LzEvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuXkaAwQA
ububMA0GCSqGSIb3DQEBCwUAA4IBAQAjWI+uDD5RHB73v+6s30TQg0t20/y4/gaX
Voek56jGIm9G+kvJCPdBdtSdYB1xgnpX6ni+cvV6zFx6wvhO+GqV9gXeV+CMQnvd
JWjBklE33eJylM4uZGVgAcKxsCXFPknea/M8rbueayQVfVZ6oXpqhiKyoQyGCmHG
1MCtfKD+HRLYkOf5t8qqYkXQe2Xzwv6KkJCpYvn3IQ78ow5PJY4gImCdmJm4sY86
cKXUEI56bHmxNrG3762YvyfNE66C0mBpHfvfm9JKdm5YZGh2vE9Kq+hxcmCbzjnj
JkfSTce51oWFF935n+MITcSeF8JJBzc7vVduvs/Yx10kpIKkqakO
-----END CERTIFICATE-----