Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/7835c2-204c-4dde-8ef9-f6dd3b5161f5/1/g8V0xjoTOHXFyyuEB9AKhfs0Yy4.roa
File:                     g8V0xjoTOHXFyyuEB9AKhfs0Yy4.roa (raw, json)
Hash identifier:          gXrCVvrV3JldxRqCghN2fzhZJSlTF/nPxJCwmbAM9y8=
Subject key identifier:   83:C5:74:C6:3A:13:38:75:C5:CB:2B:84:07:D0:0A:85:FB:34:63:2E
Certificate issuer:       /CN=f6bace78fc90278d82f1e8668a8a19ee9982cdc3
Certificate serial:       018CC2DB5E45D27A2BABC1F6DF7486EF6112
Authority key identifier: F6:BA:CE:78:FC:90:27:8D:82:F1:E8:66:8A:8A:19:EE:99:82:CD:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9rrOePyQJ42C8ehmiooZ7pmCzcM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/7835c2-204c-4dde-8ef9-f6dd3b5161f5/1/g8V0xjoTOHXFyyuEB9AKhfs0Yy4.roa
Signing time:             Mon 01 Jan 2024 02:30:05 +0000
ROA not before:           Mon 01 Jan 2024 02:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50198
IP address blocks:        185.223.64.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/7835c2-204c-4dde-8ef9-f6dd3b5161f5/1/9rrOePyQJ42C8ehmiooZ7pmCzcM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/7835c2-204c-4dde-8ef9-f6dd3b5161f5/1/9rrOePyQJ42C8ehmiooZ7pmCzcM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9rrOePyQJ42C8ehmiooZ7pmCzcM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5e:45:d2:7a:2b:ab:c1:f6:df:74:86:ef:61:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6bace78fc90278d82f1e8668a8a19ee9982cdc3
        Validity
            Not Before: Jan  1 02:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83c574c63a133875c5cb2b8407d00a85fb34632e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:71:12:40:02:8e:32:3a:e7:dd:10:fc:f6:cd:
                    5e:3d:fd:6d:5b:11:4a:98:10:d3:93:91:8d:67:a1:
                    ac:70:47:da:50:d5:b6:16:e2:fa:0a:a9:64:b0:8e:
                    e9:c8:97:77:31:76:d4:68:f0:d5:f4:87:31:00:c4:
                    48:d7:2d:f2:a5:93:79:d3:ef:54:c0:5c:4c:40:58:
                    3b:ad:06:61:53:d3:08:ee:89:1b:b3:ed:2e:3b:20:
                    0c:fb:60:fd:fc:b1:eb:2e:56:e6:9f:71:8c:b9:be:
                    cd:29:d1:3d:d0:b3:6a:0a:62:f2:cc:67:73:43:fb:
                    df:fa:cd:cd:c1:9b:84:7e:b9:96:ce:55:e2:f5:c3:
                    be:5c:35:d6:13:05:5d:8a:ba:bb:3a:39:b3:6d:63:
                    83:23:6e:f1:d7:32:c1:60:53:cc:da:24:d7:ad:da:
                    3f:23:ee:f6:c8:41:6f:dd:58:67:83:fc:ab:16:0d:
                    17:18:10:49:7c:7b:15:00:75:6e:fe:40:27:55:18:
                    e7:fd:66:a8:a3:0d:1e:6b:67:2c:92:9d:6a:8a:9f:
                    cd:74:da:1d:71:3e:28:9e:e3:40:21:1d:ea:f3:4f:
                    04:3b:4e:25:0b:dc:47:d8:f5:65:97:02:95:8a:8a:
                    cd:42:81:fc:0a:97:80:74:ab:f1:d0:71:2e:02:c7:
                    4b:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:C5:74:C6:3A:13:38:75:C5:CB:2B:84:07:D0:0A:85:FB:34:63:2E
            X509v3 Authority Key Identifier:
                keyid:F6:BA:CE:78:FC:90:27:8D:82:F1:E8:66:8A:8A:19:EE:99:82:CD:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9rrOePyQJ42C8ehmiooZ7pmCzcM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/7835c2-204c-4dde-8ef9-f6dd3b5161f5/1/g8V0xjoTOHXFyyuEB9AKhfs0Yy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/7835c2-204c-4dde-8ef9-f6dd3b5161f5/1/9rrOePyQJ42C8ehmiooZ7pmCzcM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         60:9f:70:2d:4b:26:9a:21:00:d7:3b:fc:fd:4b:3d:95:b1:84:
         d5:eb:ec:de:98:99:fe:f3:66:9d:3c:61:4c:33:a6:26:ae:b7:
         2a:96:93:e0:32:91:1f:62:3c:b4:60:03:f4:f3:c4:e6:f3:6f:
         90:1f:e8:af:d3:20:49:5f:a1:97:50:de:3d:05:1c:cd:fb:e7:
         92:37:c5:3a:ff:cc:e1:79:8f:1e:6f:c9:09:56:be:b9:35:a2:
         45:27:00:9b:71:b4:e4:da:ac:05:5e:4a:bd:7d:16:f2:96:da:
         81:9d:60:05:81:1b:78:f3:22:41:07:04:2f:f9:fc:b0:58:d7:
         a7:86:19:7f:be:ed:16:d1:fe:85:47:58:cc:08:6c:77:03:f2:
         2d:60:aa:2d:1a:e1:7f:73:a6:2f:b0:6d:08:e6:06:4c:5f:2d:
         44:d7:76:61:31:86:c1:2c:15:36:6b:47:0b:1e:7a:01:8d:72:
         f6:98:62:c8:67:ee:ba:9f:7d:0e:6c:2b:df:5d:4b:d8:3c:40:
         2f:27:cc:eb:8f:e9:78:d4:94:83:ff:e3:91:98:51:10:95:ca:
         a9:ce:91:f6:3b:7a:16:8d:92:8d:90:c0:60:83:5e:43:3b:e8:
         19:36:05:61:f9:a0:d3:f2:ff:56:bc:f6:df:01:4d:6a:7b:d1:
         4e:70:e6:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC215F0norq8H233SG72ESMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2YmFjZTc4ZmM5MDI3OGQ4MmYxZTg2NjhhOGExOWVlOTk4
MmNkYzMwHhcNMjQwMTAxMDIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2M1NzRjNjNhMTMzODc1YzVjYjJiODQwN2QwMGE4NWZiMzQ2MzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3ESQAKOMjrn3RD89s1ePf1tWxFK
mBDTk5GNZ6GscEfaUNW2FuL6CqlksI7pyJd3MXbUaPDV9IcxAMRI1y3ypZN50+9U
wFxMQFg7rQZhU9MI7okbs+0uOyAM+2D9/LHrLlbmn3GMub7NKdE90LNqCmLyzGdz
Q/vf+s3NwZuEfrmWzlXi9cO+XDXWEwVdirq7OjmzbWODI27x1zLBYFPM2iTXrdo/
I+72yEFv3Vhng/yrFg0XGBBJfHsVAHVu/kAnVRjn/Waoow0ea2cskp1qip/NdNod
cT4onuNAIR3q808EO04lC9xH2PVllwKViorNQoH8CpeAdKvx0HEuAsdLBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIPFdMY6Ezh1xcsrhAfQCoX7NGMuMB8GA1UdIwQY
MBaAFPa6znj8kCeNgvHoZoqKGe6Zgs3DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXJyT2VQeVFKNDJDOGVobWlvb1o3cG1DemNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC83ODM1YzItMjA0Yy00ZGRlLThlZjkt
ZjZkZDNiNTE2MWY1LzEvZzhWMHhqb1RPSFhGeXl1RUI5QUtoZnMwWXk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC83ODM1YzItMjA0Yy00ZGRlLThlZjktZjZkZDNiNTE2MWY1
LzEvOXJyT2VQeVFKNDJDOGVobWlvb1o3cG1DemNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCud9AMA0G
CSqGSIb3DQEBCwUAA4IBAQBgn3AtSyaaIQDXO/z9Sz2VsYTV6+zemJn+82adPGFM
M6YmrrcqlpPgMpEfYjy0YAP088Tm82+QH+iv0yBJX6GXUN49BRzN++eSN8U6/8zh
eY8eb8kJVr65NaJFJwCbcbTk2qwFXkq9fRbyltqBnWAFgRt48yJBBwQv+fywWNen
hhl/vu0W0f6FR1jMCGx3A/ItYKotGuF/c6YvsG0I5gZMXy1E13ZhMYbBLBU2a0cL
HnoBjXL2mGLIZ+66n30ObCvfXUvYPEAvJ8zrj+l41JSD/+ORmFEQlcqpzpH2O3oW
jZKNkMBgg15DO+gZNgVh+aDT8v9WvPbfAU1qe9FOcOaV
-----END CERTIFICATE-----