Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/4b2fb2-c0ab-4eec-8d01-33d18bf6df55/1/gloi6nfiHBbvcqayBZj1OHAVKH4.roa
File:                     gloi6nfiHBbvcqayBZj1OHAVKH4.roa (raw, json)
Hash identifier:          fiV/kc1MWso4M4sshErnFiJt8Ss23gZ/Lj2rQHTx/3I=
Subject key identifier:   82:5A:22:EA:77:E2:1C:16:EF:72:A6:B2:05:98:F5:38:70:15:28:7E
Certificate issuer:       /CN=4b3e596a24d43650cb60e8fcc9e44d6f8c929d35
Certificate serial:       018CC9BC9D75B030E1110EFB9AB1EAF9A19E
Authority key identifier: 4B:3E:59:6A:24:D4:36:50:CB:60:E8:FC:C9:E4:4D:6F:8C:92:9D:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sz5ZaiTUNlDLYOj8yeRNb4ySnTU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/4b2fb2-c0ab-4eec-8d01-33d18bf6df55/1/gloi6nfiHBbvcqayBZj1OHAVKH4.roa
Signing time:             Tue 02 Jan 2024 10:33:50 +0000
ROA not before:           Tue 02 Jan 2024 10:33:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     786
IP address blocks:        161.76.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/4b2fb2-c0ab-4eec-8d01-33d18bf6df55/1/Sz5ZaiTUNlDLYOj8yeRNb4ySnTU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/4b2fb2-c0ab-4eec-8d01-33d18bf6df55/1/Sz5ZaiTUNlDLYOj8yeRNb4ySnTU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sz5ZaiTUNlDLYOj8yeRNb4ySnTU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:9d:75:b0:30:e1:11:0e:fb:9a:b1:ea:f9:a1:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3e596a24d43650cb60e8fcc9e44d6f8c929d35
        Validity
            Not Before: Jan  2 10:33:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=825a22ea77e21c16ef72a6b20598f5387015287e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:d7:74:86:4a:ea:2d:9b:ae:cf:45:7d:57:4c:
                    4d:c5:ad:00:5e:75:5e:af:3c:e1:2f:fe:70:b5:66:
                    c3:2a:f6:46:53:4d:59:e3:93:e7:22:52:30:5c:f5:
                    34:a6:a5:4a:d9:32:87:bf:d9:f6:59:44:4d:23:0d:
                    66:ff:01:a1:06:5e:3f:38:10:30:cc:cb:f8:c6:f9:
                    d3:75:ab:00:88:6b:3d:91:97:e0:a7:84:b3:d5:22:
                    8f:d6:2f:db:35:c3:b4:5a:94:d9:ec:55:c2:49:85:
                    4f:3b:65:da:3b:ae:8e:ba:21:01:f0:f3:c7:3d:e5:
                    de:47:6f:ac:d3:9a:e8:ff:13:cc:51:77:1d:84:6c:
                    50:a1:05:44:27:41:58:f3:0f:81:b4:51:52:d1:37:
                    bb:bb:bf:cf:c7:9c:0e:78:bf:29:b8:b2:73:1e:65:
                    21:44:b0:66:4f:6a:74:0a:fb:30:3a:f1:42:98:cd:
                    4c:58:2f:6f:a3:4b:9b:85:1d:12:94:f7:0f:69:de:
                    93:44:73:bc:2e:79:6a:35:14:ee:21:f5:58:5a:b1:
                    35:e0:0e:67:b1:be:40:44:ae:8c:7e:f8:2f:e6:b3:
                    a4:cd:2e:7d:bb:39:c7:f1:bf:bc:2d:be:1f:7e:59:
                    b4:69:71:0b:1b:e5:26:36:24:5f:7d:2c:99:05:ed:
                    4c:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:5A:22:EA:77:E2:1C:16:EF:72:A6:B2:05:98:F5:38:70:15:28:7E
            X509v3 Authority Key Identifier:
                keyid:4B:3E:59:6A:24:D4:36:50:CB:60:E8:FC:C9:E4:4D:6F:8C:92:9D:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sz5ZaiTUNlDLYOj8yeRNb4ySnTU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/4b2fb2-c0ab-4eec-8d01-33d18bf6df55/1/gloi6nfiHBbvcqayBZj1OHAVKH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/4b2fb2-c0ab-4eec-8d01-33d18bf6df55/1/Sz5ZaiTUNlDLYOj8yeRNb4ySnTU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.76.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         30:fa:68:25:1c:d6:51:34:2d:b8:93:07:d6:36:32:dc:12:82:
         49:97:af:35:eb:73:5a:66:71:a2:b5:79:d7:e9:31:15:1b:0c:
         e6:52:34:61:3a:1f:cd:f0:6d:d3:09:08:f9:f7:9f:be:71:43:
         84:88:f9:c7:ac:36:82:e2:95:2f:0a:4c:ef:7f:a1:66:0c:e5:
         bb:2d:b1:51:45:64:f6:d4:39:19:43:54:a2:ff:45:b4:1f:64:
         c8:e5:23:18:aa:67:94:6f:ab:b4:80:ac:ee:db:8b:17:1a:77:
         6e:f2:ee:ec:73:80:8a:3c:fc:f5:a3:3b:26:b1:21:fb:45:68:
         c2:b6:c3:3a:6c:ae:06:66:77:ee:fb:bf:c7:a1:02:09:45:b4:
         f9:3a:fa:3c:c1:de:aa:4b:ee:a9:2c:ac:e9:a6:5e:5a:85:ca:
         bb:35:90:18:99:33:aa:13:99:0c:41:fe:71:b6:5a:72:8f:cc:
         e9:93:e1:26:71:22:2f:b8:4e:88:85:6a:50:72:68:38:f4:92:
         2f:4f:bb:ea:fa:f1:7e:73:a2:40:39:1b:35:64:a8:1b:9f:67:
         27:29:a4:09:b3:3f:33:f7:b7:f3:22:8e:dc:15:55:66:16:6c:
         51:f9:23:61:20:a3:30:c0:79:49:97:38:69:ec:ab:7e:67:d3:
         71:a0:9a:d3
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzJvJ11sDDhEQ77mrHq+aGeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiM2U1OTZhMjRkNDM2NTBjYjYwZThmY2M5ZTQ0ZDZmOGM5
MjlkMzUwHhcNMjQwMTAyMTAzMzUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjVhMjJlYTc3ZTIxYzE2ZWY3MmE2YjIwNTk4ZjUzODcwMTUyODdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9d0hkrqLZuuz0V9V0xNxa0AXnVe
rzzhL/5wtWbDKvZGU01Z45PnIlIwXPU0pqVK2TKHv9n2WURNIw1m/wGhBl4/OBAw
zMv4xvnTdasAiGs9kZfgp4Sz1SKP1i/bNcO0WpTZ7FXCSYVPO2XaO66OuiEB8PPH
PeXeR2+s05ro/xPMUXcdhGxQoQVEJ0FY8w+BtFFS0Te7u7/Px5wOeL8puLJzHmUh
RLBmT2p0CvswOvFCmM1MWC9vo0ubhR0SlPcPad6TRHO8LnlqNRTuIfVYWrE14A5n
sb5ARK6Mfvgv5rOkzS59uznH8b+8Lb4fflm0aXELG+UmNiRffSyZBe1MtwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFIJaIup34hwW73KmsgWY9ThwFSh+MB8GA1UdIwQY
MBaAFEs+WWok1DZQy2Do/MnkTW+Mkp01MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3o1WmFpVFVObERMWU9qOHllUk5iNHlTblRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My80YjJmYjItYzBhYi00ZWVjLThkMDEt
MzNkMThiZjZkZjU1LzEvZ2xvaTZuZmlIQmJ2Y3FheUJaajFPSEFWS0g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My80YjJmYjItYzBhYi00ZWVjLThkMDEtMzNkMThiZjZkZjU1
LzEvU3o1WmFpVFVObERMWU9qOHllUk5iNHlTblRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAoUwwDQYJ
KoZIhvcNAQELBQADggEBADD6aCUc1lE0LbiTB9Y2MtwSgkmXrzXrc1pmcaK1edfp
MRUbDOZSNGE6H83wbdMJCPn3n75xQ4SI+cesNoLilS8KTO9/oWYM5bstsVFFZPbU
ORlDVKL/RbQfZMjlIxiqZ5Rvq7SArO7bixcad27y7uxzgIo8/PWjOyaxIftFaMK2
wzpsrgZmd+77v8ehAglFtPk6+jzB3qpL7qksrOmmXlqFyrs1kBiZM6oTmQxB/nG2
WnKPzOmT4SZxIi+4ToiFalByaDj0ki9Pu+r68X5zokA5GzVkqBufZycppAmzPzP3
t/MijtwVVWYWbFH5I2EgozDAeUmXOGnsq35n03GgmtM=
-----END CERTIFICATE-----