Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/efbed8-9ff0-4455-a07e-3cad37067405/1/gQVERu1mDiOlAaYqDspaUhbcDYQ.roa
File:                     gQVERu1mDiOlAaYqDspaUhbcDYQ.roa (raw, json)
Hash identifier:          Yp4vk+g55fF0GyXDoF9n7ld4PdMwc6WR3uDh2iXW+vs=
Subject key identifier:   81:05:44:46:ED:66:0E:23:A5:01:A6:2A:0E:CA:5A:52:16:DC:0D:84
Certificate issuer:       /CN=da0ffdbc933178d7a1bbf99608e3a95d4dee8ae6
Certificate serial:       018CC8017D678C37F932331A49410C494C8A
Authority key identifier: DA:0F:FD:BC:93:31:78:D7:A1:BB:F9:96:08:E3:A9:5D:4D:EE:8A:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2g_9vJMxeNehu_mWCOOpXU3uiuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/efbed8-9ff0-4455-a07e-3cad37067405/1/gQVERu1mDiOlAaYqDspaUhbcDYQ.roa
Signing time:             Tue 02 Jan 2024 02:29:50 +0000
ROA not before:           Tue 02 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47803
IP address blocks:        185.130.192.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/efbed8-9ff0-4455-a07e-3cad37067405/1/2g_9vJMxeNehu_mWCOOpXU3uiuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/efbed8-9ff0-4455-a07e-3cad37067405/1/2g_9vJMxeNehu_mWCOOpXU3uiuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2g_9vJMxeNehu_mWCOOpXU3uiuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:7d:67:8c:37:f9:32:33:1a:49:41:0c:49:4c:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da0ffdbc933178d7a1bbf99608e3a95d4dee8ae6
        Validity
            Not Before: Jan  2 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81054446ed660e23a501a62a0eca5a5216dc0d84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:75:cf:41:3d:38:e0:10:af:1b:a7:41:64:de:
                    18:ff:94:a0:aa:f1:b1:b6:9a:90:02:dc:27:3b:2a:
                    26:5c:54:db:e8:39:03:7c:67:0d:af:20:ae:3f:d5:
                    dd:0e:a6:75:76:dd:21:e3:43:2d:23:32:d2:e1:56:
                    c2:2b:86:08:57:d3:fb:ee:3a:ca:a4:b5:9b:f7:cf:
                    de:c1:e6:d6:8c:7a:c5:99:72:51:24:64:18:44:aa:
                    65:cf:d5:07:93:e0:f6:90:67:1b:4b:04:bf:ba:17:
                    ee:cf:3e:51:14:38:d5:25:71:d0:24:13:97:8f:70:
                    7c:75:03:08:69:2f:c6:c3:d6:61:85:e1:f4:fb:1e:
                    26:cd:65:6d:97:c1:70:9b:6d:68:af:ce:49:e2:52:
                    23:25:b5:e8:6c:53:bb:59:e5:1f:31:64:79:1e:79:
                    9f:6b:92:ce:ba:b6:7b:de:ee:fc:21:cd:3c:92:da:
                    87:61:b4:42:67:f5:cb:a6:7d:fe:eb:6d:22:7e:5f:
                    5a:1b:fc:92:4d:e7:f9:6f:4e:98:50:87:fe:fc:a1:
                    4c:62:74:bd:24:a6:59:ea:8f:94:4b:c1:cf:14:65:
                    4b:65:02:e3:b7:1c:34:16:f4:c8:da:a5:c3:87:f1:
                    99:21:54:79:61:3e:94:0c:60:63:2c:13:fa:1c:1f:
                    d7:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:05:44:46:ED:66:0E:23:A5:01:A6:2A:0E:CA:5A:52:16:DC:0D:84
            X509v3 Authority Key Identifier:
                keyid:DA:0F:FD:BC:93:31:78:D7:A1:BB:F9:96:08:E3:A9:5D:4D:EE:8A:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2g_9vJMxeNehu_mWCOOpXU3uiuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/efbed8-9ff0-4455-a07e-3cad37067405/1/gQVERu1mDiOlAaYqDspaUhbcDYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/efbed8-9ff0-4455-a07e-3cad37067405/1/2g_9vJMxeNehu_mWCOOpXU3uiuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.130.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:9d:59:53:65:d0:13:bc:68:8b:64:d3:d5:81:60:55:46:f9:
         1c:ad:20:02:5c:7d:44:59:a6:43:96:82:0f:11:7f:fe:8e:c2:
         ee:0c:a7:01:da:6c:13:34:50:6b:e7:8b:da:50:16:cb:75:b4:
         01:78:00:4d:b5:b0:1a:0f:01:79:7c:32:00:88:d0:1b:18:49:
         da:2a:57:c9:46:1a:43:46:c4:74:f7:7c:b7:63:e5:b1:6a:d1:
         a8:11:23:99:21:36:91:4f:cc:ee:66:fb:b4:b2:a3:05:72:3e:
         c6:5b:0c:b4:63:d9:d8:2b:f4:1b:31:bb:7d:c7:b2:29:94:fc:
         b2:23:eb:6c:06:11:f7:83:4c:3f:e5:96:72:de:50:a7:78:9c:
         98:ac:a7:c5:df:6d:81:82:76:86:ba:55:3a:1d:20:5b:a5:e6:
         25:28:8a:c5:e6:71:26:ff:21:76:97:cf:8c:79:ec:7b:05:68:
         c1:5b:67:96:d9:b9:1a:f8:9d:67:ec:95:c4:08:11:4c:95:ee:
         d7:19:04:9b:b3:4a:77:bb:58:72:9b:62:b3:9a:70:3a:97:30:
         2a:0c:36:47:43:ae:d2:04:8c:9c:3f:e6:b3:eb:a2:54:51:fe:
         0c:35:7c:49:ca:bf:8d:d3:2e:89:b1:75:13:2a:82:d8:00:fb:
         8e:69:d7:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAX1njDf5MjMaSUEMSUyKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMGZmZGJjOTMzMTc4ZDdhMWJiZjk5NjA4ZTNhOTVkNGRl
ZThhZTYwHhcNMjQwMTAyMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTA1NDQ0NmVkNjYwZTIzYTUwMWE2MmEwZWNhNWE1MjE2ZGMwZDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXXPQT044BCvG6dBZN4Y/5SgqvGx
tpqQAtwnOyomXFTb6DkDfGcNryCuP9XdDqZ1dt0h40MtIzLS4VbCK4YIV9P77jrK
pLWb98/ewebWjHrFmXJRJGQYRKplz9UHk+D2kGcbSwS/uhfuzz5RFDjVJXHQJBOX
j3B8dQMIaS/Gw9ZhheH0+x4mzWVtl8Fwm21or85J4lIjJbXobFO7WeUfMWR5Hnmf
a5LOurZ73u78Ic08ktqHYbRCZ/XLpn3+620ifl9aG/ySTef5b06YUIf+/KFMYnS9
JKZZ6o+US8HPFGVLZQLjtxw0FvTI2qXDh/GZIVR5YT6UDGBjLBP6HB/XbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIEFREbtZg4jpQGmKg7KWlIW3A2EMB8GA1UdIwQY
MBaAFNoP/byTMXjXobv5lgjjqV1N7ormMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdfOXZKTXhlTmVodV9tV0NPT3BYVTN1aXVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lZmJlZDgtOWZmMC00NDU1LWEwN2Ut
M2NhZDM3MDY3NDA1LzEvZ1FWRVJ1MW1EaU9sQWFZcURzcGFVaGJjRFlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lZmJlZDgtOWZmMC00NDU1LWEwN2UtM2NhZDM3MDY3NDA1
LzEvMmdfOXZKTXhlTmVodV9tV0NPT3BYVTN1aXVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYLAMA0G
CSqGSIb3DQEBCwUAA4IBAQBInVlTZdATvGiLZNPVgWBVRvkcrSACXH1EWaZDloIP
EX/+jsLuDKcB2mwTNFBr54vaUBbLdbQBeABNtbAaDwF5fDIAiNAbGEnaKlfJRhpD
RsR093y3Y+WxatGoESOZITaRT8zuZvu0sqMFcj7GWwy0Y9nYK/QbMbt9x7IplPyy
I+tsBhH3g0w/5ZZy3lCneJyYrKfF322BgnaGulU6HSBbpeYlKIrF5nEm/yF2l8+M
eex7BWjBW2eW2bka+J1n7JXECBFMle7XGQSbs0p3u1hym2KzmnA6lzAqDDZHQ67S
BIycP+az66JUUf4MNXxJyr+N0y6JsXUTKoLYAPuOadcT
-----END CERTIFICATE-----