Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/23bdd0-5bf1-4d44-b4aa-a06136b2dc72/1/gw9REL2xabQACsS7ff0PD750vtk.roa
File:                     gw9REL2xabQACsS7ff0PD750vtk.roa (raw, json)
Hash identifier:          iOqU0ZgtSVI7aLnOhjrsLmpBHe0EhdpZKv0lFROGnO0=
Subject key identifier:   83:0F:51:10:BD:B1:69:B4:00:0A:C4:BB:7D:FD:0F:0F:BE:74:BE:D9
Certificate issuer:       /CN=7aa606117bb5f7e4160ef268f9f4aa0457380441
Certificate serial:       018CC726ABB615F5C3B5C28A85977BDB74B0
Authority key identifier: 7A:A6:06:11:7B:B5:F7:E4:16:0E:F2:68:F9:F4:AA:04:57:38:04:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eqYGEXu19-QWDvJo-fSqBFc4BEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/23bdd0-5bf1-4d44-b4aa-a06136b2dc72/1/gw9REL2xabQACsS7ff0PD750vtk.roa
Signing time:             Mon 01 Jan 2024 22:30:49 +0000
ROA not before:           Mon 01 Jan 2024 22:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211637
IP address blocks:        185.190.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/23bdd0-5bf1-4d44-b4aa-a06136b2dc72/1/eqYGEXu19-QWDvJo-fSqBFc4BEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/23bdd0-5bf1-4d44-b4aa-a06136b2dc72/1/eqYGEXu19-QWDvJo-fSqBFc4BEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eqYGEXu19-QWDvJo-fSqBFc4BEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:ab:b6:15:f5:c3:b5:c2:8a:85:97:7b:db:74:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aa606117bb5f7e4160ef268f9f4aa0457380441
        Validity
            Not Before: Jan  1 22:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=830f5110bdb169b4000ac4bb7dfd0f0fbe74bed9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:f8:1a:49:c3:5f:82:66:e2:92:28:50:c6:ae:
                    d9:60:bb:43:ee:41:0c:a4:58:c0:c0:8e:b6:2b:2b:
                    7d:ca:12:92:f1:22:da:59:c2:8a:f1:20:66:f7:48:
                    6a:53:d3:31:49:85:82:82:96:f8:45:80:d4:7c:e8:
                    c7:90:ce:fb:f2:52:13:8f:1a:90:1d:06:ca:93:bc:
                    ef:63:bd:9f:e0:31:f2:1e:90:96:45:44:77:f0:1e:
                    bb:f7:aa:bf:91:d2:26:a5:c1:1f:f2:a1:8e:b4:98:
                    75:81:79:ca:01:8d:95:cf:eb:e4:42:ac:6b:51:ea:
                    b1:4d:b0:47:40:87:6c:8f:8d:c3:69:c8:0a:8a:e3:
                    ea:73:3f:ea:1d:5c:80:76:64:a0:70:58:ce:73:29:
                    a6:2c:9a:b9:b3:e5:c9:52:91:a5:09:a2:f3:e9:61:
                    fb:9a:8e:3e:1e:2c:61:44:4e:82:7f:05:3a:ac:ba:
                    7e:9d:b8:8c:5c:4e:18:95:95:aa:ac:70:58:46:26:
                    04:52:c3:79:5a:49:29:81:f6:1b:48:09:31:af:91:
                    8c:2d:08:78:ba:69:e9:d3:3d:94:38:55:cf:1c:87:
                    ae:f1:b5:c9:f3:b1:35:ac:02:2a:62:59:80:4a:ac:
                    35:59:11:98:89:bc:75:54:57:3b:30:88:d3:78:54:
                    17:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:0F:51:10:BD:B1:69:B4:00:0A:C4:BB:7D:FD:0F:0F:BE:74:BE:D9
            X509v3 Authority Key Identifier:
                keyid:7A:A6:06:11:7B:B5:F7:E4:16:0E:F2:68:F9:F4:AA:04:57:38:04:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eqYGEXu19-QWDvJo-fSqBFc4BEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/23bdd0-5bf1-4d44-b4aa-a06136b2dc72/1/gw9REL2xabQACsS7ff0PD750vtk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/23bdd0-5bf1-4d44-b4aa-a06136b2dc72/1/eqYGEXu19-QWDvJo-fSqBFc4BEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:78:4b:bf:c4:11:4c:43:d7:52:53:c6:ed:bc:a2:b4:94:99:
         9e:57:5d:17:30:57:cf:08:9d:78:61:4b:71:0e:63:6e:2e:56:
         e1:30:15:6f:80:5d:8e:54:e9:db:b6:c3:2c:56:3f:fc:56:01:
         d7:d3:5d:86:e2:f7:c7:a3:92:83:e4:43:aa:bb:e6:07:19:db:
         a6:2e:ff:34:17:bf:0e:30:96:c5:45:ab:b7:3f:05:00:55:0d:
         9d:02:c1:83:6e:3a:55:3a:70:3b:68:cc:65:c5:a8:c1:b0:6b:
         45:22:2a:50:8e:56:78:da:1b:68:97:61:e9:8c:fd:4a:0b:8d:
         e7:e1:57:2c:9d:60:c4:e9:58:59:e7:22:57:2f:12:ce:ad:d5:
         f2:bf:26:b5:1b:89:e4:5b:0a:08:3f:b5:b8:e5:52:88:59:95:
         3e:de:65:40:5c:7c:4a:e4:10:22:a0:72:f5:47:8d:4e:81:6d:
         e4:c9:4c:8c:9c:c9:59:92:66:d3:39:51:2e:f4:b3:1f:0a:5f:
         ce:37:00:ac:3e:58:d0:16:c4:93:51:0b:c3:d6:56:86:d9:68:
         60:95:f5:f6:da:d5:53:1f:c8:f7:cd:6c:49:ad:13:ef:3c:ea:
         fe:cb:6d:94:70:d9:1d:d4:2f:de:64:0c:36:07:90:f8:ce:c4:
         b8:bf:e0:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJqu2FfXDtcKKhZd723SwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhYTYwNjExN2JiNWY3ZTQxNjBlZjI2OGY5ZjRhYTA0NTcz
ODA0NDEwHhcNMjQwMTAxMjIzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzBmNTExMGJkYjE2OWI0MDAwYWM0YmI3ZGZkMGYwZmJlNzRiZWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvgaScNfgmbikihQxq7ZYLtD7kEM
pFjAwI62Kyt9yhKS8SLaWcKK8SBm90hqU9MxSYWCgpb4RYDUfOjHkM778lITjxqQ
HQbKk7zvY72f4DHyHpCWRUR38B6796q/kdImpcEf8qGOtJh1gXnKAY2Vz+vkQqxr
UeqxTbBHQIdsj43DacgKiuPqcz/qHVyAdmSgcFjOcymmLJq5s+XJUpGlCaLz6WH7
mo4+HixhRE6CfwU6rLp+nbiMXE4YlZWqrHBYRiYEUsN5WkkpgfYbSAkxr5GMLQh4
umnp0z2UOFXPHIeu8bXJ87E1rAIqYlmASqw1WRGYibx1VFc7MIjTeFQXMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIMPURC9sWm0AArEu339Dw++dL7ZMB8GA1UdIwQY
MBaAFHqmBhF7tffkFg7yaPn0qgRXOARBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXFZR0VYdTE5LVFXRHZKby1mU3FCRmM0QkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8yM2JkZDAtNWJmMS00ZDQ0LWI0YWEt
YTA2MTM2YjJkYzcyLzEvZ3c5UkVMMnhhYlFBQ3NTN2ZmMFBENzUwdnRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8yM2JkZDAtNWJmMS00ZDQ0LWI0YWEtYTA2MTM2YjJkYzcy
LzEvZXFZR0VYdTE5LVFXRHZKby1mU3FCRmM0QkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub5rMA0G
CSqGSIb3DQEBCwUAA4IBAQBeeEu/xBFMQ9dSU8btvKK0lJmeV10XMFfPCJ14YUtx
DmNuLlbhMBVvgF2OVOnbtsMsVj/8VgHX012G4vfHo5KD5EOqu+YHGdumLv80F78O
MJbFRau3PwUAVQ2dAsGDbjpVOnA7aMxlxajBsGtFIipQjlZ42htol2HpjP1KC43n
4VcsnWDE6VhZ5yJXLxLOrdXyvya1G4nkWwoIP7W45VKIWZU+3mVAXHxK5BAioHL1
R41OgW3kyUyMnMlZkmbTOVEu9LMfCl/ONwCsPljQFsSTUQvD1laG2WhglfX22tVT
H8j3zWxJrRPvPOr+y22UcNkd1C/eZAw2B5D4zsS4v+Bk
-----END CERTIFICATE-----