Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/4a64cb-a7f5-42b0-ac15-ce29fd3526a8/1/gMpTInTqdtB7pj6MZ68qjsurvUw.roa
File:                     gMpTInTqdtB7pj6MZ68qjsurvUw.roa (raw, json)
Hash identifier:          cwnuoHULVDwBTRHISosdYISepxzWd2ya6RvGbFf/j9w=
Subject key identifier:   80:CA:53:22:74:EA:76:D0:7B:A6:3E:8C:67:AF:2A:8E:CB:AB:BD:4C
Certificate issuer:       /CN=b7f39e3670b43f57f1511b78dde2085964017455
Certificate serial:       018CC801D584D12C58E1BD3716FCCD221512
Authority key identifier: B7:F3:9E:36:70:B4:3F:57:F1:51:1B:78:DD:E2:08:59:64:01:74:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t_OeNnC0P1fxURt43eIIWWQBdFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/4a64cb-a7f5-42b0-ac15-ce29fd3526a8/1/gMpTInTqdtB7pj6MZ68qjsurvUw.roa
Signing time:             Tue 02 Jan 2024 02:30:12 +0000
ROA not before:           Tue 02 Jan 2024 02:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43326
IP address blocks:        185.124.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/4a64cb-a7f5-42b0-ac15-ce29fd3526a8/1/t_OeNnC0P1fxURt43eIIWWQBdFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/4a64cb-a7f5-42b0-ac15-ce29fd3526a8/1/t_OeNnC0P1fxURt43eIIWWQBdFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t_OeNnC0P1fxURt43eIIWWQBdFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:d5:84:d1:2c:58:e1:bd:37:16:fc:cd:22:15:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7f39e3670b43f57f1511b78dde2085964017455
        Validity
            Not Before: Jan  2 02:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80ca532274ea76d07ba63e8c67af2a8ecbabbd4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:24:1e:ed:4a:f0:a6:81:5e:22:fe:b6:d0:7b:
                    f4:5e:ad:bb:d5:18:0f:6d:18:2a:29:98:c2:9b:25:
                    dd:db:cf:de:36:ec:db:a8:d4:c3:95:c5:14:30:52:
                    27:31:d5:20:61:6c:38:02:ce:3a:7c:5e:bb:0d:53:
                    54:19:02:a0:7f:cc:43:16:c6:37:f2:14:02:67:a3:
                    65:2a:26:86:8b:e9:b0:41:9c:19:8e:4f:7e:6a:1f:
                    d9:89:d4:2a:26:25:2a:30:d5:bd:b8:ae:57:7a:c6:
                    5e:88:11:42:29:ff:23:e8:3a:d9:66:f7:25:64:a8:
                    b1:16:8f:cc:df:54:22:91:08:0b:6c:e2:bc:49:06:
                    a2:4a:b1:ca:13:0c:97:bb:38:33:f7:5f:b8:5d:22:
                    4b:60:2b:18:ae:f0:e7:57:6b:da:14:34:dc:9c:8d:
                    e2:dc:c4:64:44:c2:f9:4c:f7:38:6d:04:f7:48:ac:
                    c9:04:46:a4:2e:75:70:cc:a1:2f:ab:0d:88:27:26:
                    9c:56:ca:7e:9e:6d:97:cf:60:1a:46:ca:ac:ec:54:
                    5b:1b:86:f4:5d:d5:ea:3b:8b:58:d6:8a:9a:41:af:
                    61:fd:bb:75:38:3e:d6:d0:86:4d:8c:a5:f4:ab:c7:
                    bd:7b:37:27:b9:ee:47:26:14:1e:85:e0:76:02:82:
                    98:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:CA:53:22:74:EA:76:D0:7B:A6:3E:8C:67:AF:2A:8E:CB:AB:BD:4C
            X509v3 Authority Key Identifier:
                keyid:B7:F3:9E:36:70:B4:3F:57:F1:51:1B:78:DD:E2:08:59:64:01:74:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t_OeNnC0P1fxURt43eIIWWQBdFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a64cb-a7f5-42b0-ac15-ce29fd3526a8/1/gMpTInTqdtB7pj6MZ68qjsurvUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a64cb-a7f5-42b0-ac15-ce29fd3526a8/1/t_OeNnC0P1fxURt43eIIWWQBdFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:38:b3:55:8d:16:be:d8:00:9e:bd:a9:25:50:ab:75:d0:9b:
         60:28:b2:89:ef:59:d3:9b:d0:c8:39:46:d1:51:de:f8:96:9d:
         d2:f0:05:02:9b:51:34:7e:e3:90:93:d7:29:4a:1d:64:3b:85:
         ac:5e:52:09:00:26:55:42:8e:23:66:74:88:56:9d:95:b6:6b:
         27:7d:b1:e4:eb:01:3c:ca:c8:d9:00:8a:8d:3d:1e:4b:fd:c6:
         cc:9a:88:dc:e2:90:73:ae:c7:6c:5a:81:a0:07:66:b8:77:b1:
         22:7c:27:0b:79:f0:6a:c7:4b:f7:3f:fa:91:17:c9:9b:6e:bd:
         fd:0b:74:0e:34:4f:ff:ae:a4:3f:d8:93:83:13:27:43:47:65:
         4a:f6:d6:a9:13:36:20:1b:0b:21:ac:e9:b6:bc:7e:b1:87:6b:
         b0:24:46:a4:cb:ac:71:4f:f2:fb:4a:f0:37:bf:d4:83:ec:1b:
         33:ba:11:7f:13:e4:cf:fb:33:7d:19:16:08:9e:35:47:ca:83:
         9d:40:3e:3c:bd:b8:d5:33:dc:8a:d5:29:4d:ac:fc:89:a2:a7:
         e8:da:1a:1c:c7:97:55:3a:0f:29:67:8c:b5:1e:fe:8d:55:88:
         f6:3c:53:25:f6:c7:de:07:66:81:29:ea:84:26:8c:c6:f3:21:
         5e:3f:cd:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAdWE0SxY4b03FvzNIhUSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3ZjM5ZTM2NzBiNDNmNTdmMTUxMWI3OGRkZTIwODU5NjQw
MTc0NTUwHhcNMjQwMTAyMDIzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGNhNTMyMjc0ZWE3NmQwN2JhNjNlOGM2N2FmMmE4ZWNiYWJiZDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCQe7UrwpoFeIv620Hv0Xq271RgP
bRgqKZjCmyXd28/eNuzbqNTDlcUUMFInMdUgYWw4As46fF67DVNUGQKgf8xDFsY3
8hQCZ6NlKiaGi+mwQZwZjk9+ah/ZidQqJiUqMNW9uK5XesZeiBFCKf8j6DrZZvcl
ZKixFo/M31QikQgLbOK8SQaiSrHKEwyXuzgz91+4XSJLYCsYrvDnV2vaFDTcnI3i
3MRkRML5TPc4bQT3SKzJBEakLnVwzKEvqw2IJyacVsp+nm2Xz2AaRsqs7FRbG4b0
XdXqO4tY1oqaQa9h/bt1OD7W0IZNjKX0q8e9ezcnue5HJhQeheB2AoKY9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIDKUyJ06nbQe6Y+jGevKo7Lq71MMB8GA1UdIwQY
MBaAFLfznjZwtD9X8VEbeN3iCFlkAXRVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdF9PZU5uQzBQMWZ4VVJ0NDNlSUlXV1FCZEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi80YTY0Y2ItYTdmNS00MmIwLWFjMTUt
Y2UyOWZkMzUyNmE4LzEvZ01wVEluVHFkdEI3cGo2TVo2OHFqc3VydlV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi80YTY0Y2ItYTdmNS00MmIwLWFjMTUtY2UyOWZkMzUyNmE4
LzEvdF9PZU5uQzBQMWZ4VVJ0NDNlSUlXV1FCZEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXzyMA0G
CSqGSIb3DQEBCwUAA4IBAQCTOLNVjRa+2ACevaklUKt10JtgKLKJ71nTm9DIOUbR
Ud74lp3S8AUCm1E0fuOQk9cpSh1kO4WsXlIJACZVQo4jZnSIVp2VtmsnfbHk6wE8
ysjZAIqNPR5L/cbMmojc4pBzrsdsWoGgB2a4d7EifCcLefBqx0v3P/qRF8mbbr39
C3QONE//rqQ/2JODEydDR2VK9tapEzYgGwshrOm2vH6xh2uwJEaky6xxT/L7SvA3
v9SD7BszuhF/E+TP+zN9GRYInjVHyoOdQD48vbjVM9yK1SlNrPyJoqfo2hocx5dV
Og8pZ4y1Hv6NVYj2PFMl9sfeB2aBKeqEJozG8yFeP81K
-----END CERTIFICATE-----