Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/deec2e-0cd6-4113-b2b9-2a0cf13173d8/1/gKm7vDseh63AP9vWAvHQSyo9xW0.roa
File:                     gKm7vDseh63AP9vWAvHQSyo9xW0.roa (raw, json)
Hash identifier:          SNLKm/MMUzGxAauHrflUScArsN1mDoASex5cfaO+0hI=
Subject key identifier:   80:A9:BB:BC:3B:1E:87:AD:C0:3F:DB:D6:02:F1:D0:4B:2A:3D:C5:6D
Certificate issuer:       /CN=70dbea0753df083e5782bb9f380b5d799cb78a06
Certificate serial:       018CC26CEF3A71C4FA91CBBF78B3AE54BA30
Authority key identifier: 70:DB:EA:07:53:DF:08:3E:57:82:BB:9F:38:0B:5D:79:9C:B7:8A:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cNvqB1PfCD5XgrufOAtdeZy3igY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/deec2e-0cd6-4113-b2b9-2a0cf13173d8/1/gKm7vDseh63AP9vWAvHQSyo9xW0.roa
Signing time:             Mon 01 Jan 2024 00:29:28 +0000
ROA not before:           Mon 01 Jan 2024 00:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        132.252.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/deec2e-0cd6-4113-b2b9-2a0cf13173d8/1/cNvqB1PfCD5XgrufOAtdeZy3igY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/deec2e-0cd6-4113-b2b9-2a0cf13173d8/1/cNvqB1PfCD5XgrufOAtdeZy3igY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cNvqB1PfCD5XgrufOAtdeZy3igY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:ef:3a:71:c4:fa:91:cb:bf:78:b3:ae:54:ba:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70dbea0753df083e5782bb9f380b5d799cb78a06
        Validity
            Not Before: Jan  1 00:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80a9bbbc3b1e87adc03fdbd602f1d04b2a3dc56d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:64:01:b3:3f:8c:54:af:bf:85:1d:6d:0b:d2:
                    c2:e9:ec:c9:4c:8a:6a:6c:34:32:1b:2d:72:75:af:
                    62:47:57:5b:48:37:d7:9f:55:2d:90:76:8a:c5:03:
                    b5:30:da:9e:ff:a5:35:c2:cd:84:b2:25:4c:18:99:
                    fd:1d:d2:f0:1b:65:1b:e0:81:2f:79:38:ef:e9:42:
                    e7:83:21:05:a0:95:b0:a8:af:82:18:a0:90:9c:4a:
                    a8:1c:3f:04:83:3f:cc:08:d3:94:e1:61:61:27:fc:
                    1e:98:a9:30:06:da:d4:72:6d:bc:9b:52:27:a4:cb:
                    7e:4a:d6:1c:5d:f8:ff:27:6e:ce:63:3f:a2:ea:5e:
                    cb:54:28:3e:6e:0d:41:5b:91:fe:4a:b9:4a:c4:b8:
                    4f:d0:0c:12:cb:54:b9:68:ca:d3:55:56:78:cf:e0:
                    19:85:6c:8b:97:dd:33:2b:32:b7:e9:17:77:4b:c9:
                    c8:2c:5d:fc:c1:7e:0e:b8:48:16:d9:16:67:68:af:
                    a1:e3:33:79:37:c1:ec:7b:d4:26:1c:e9:a8:d6:4c:
                    a6:cc:34:12:40:d6:c5:93:a6:6f:a8:cf:da:fa:e9:
                    b9:a8:4f:29:0e:d7:01:d8:c8:3a:36:49:7a:e1:76:
                    81:cd:13:e8:06:8f:e4:b2:34:af:50:5a:e4:e0:0b:
                    44:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:A9:BB:BC:3B:1E:87:AD:C0:3F:DB:D6:02:F1:D0:4B:2A:3D:C5:6D
            X509v3 Authority Key Identifier:
                keyid:70:DB:EA:07:53:DF:08:3E:57:82:BB:9F:38:0B:5D:79:9C:B7:8A:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cNvqB1PfCD5XgrufOAtdeZy3igY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/deec2e-0cd6-4113-b2b9-2a0cf13173d8/1/gKm7vDseh63AP9vWAvHQSyo9xW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/deec2e-0cd6-4113-b2b9-2a0cf13173d8/1/cNvqB1PfCD5XgrufOAtdeZy3igY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.252.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7f:83:14:99:1e:24:50:8e:5e:cc:94:1f:0a:a7:e8:1a:03:34:
         6d:9c:24:1b:5e:20:21:30:8a:42:d9:fb:24:82:09:b1:cf:1f:
         2f:a8:0c:da:52:30:c1:2c:d8:da:9b:f8:10:16:cb:39:63:c6:
         5e:70:63:69:30:13:24:5d:51:ea:2f:a5:69:eb:7b:6e:81:0e:
         1e:cb:aa:9c:a2:ae:90:fc:56:5b:43:dd:ce:ec:67:b7:b4:ff:
         51:64:0c:54:a0:5b:23:c9:66:63:1b:2c:d5:c8:97:01:cd:4d:
         8d:90:a0:b3:0e:9a:90:e3:72:69:8d:62:a1:09:9d:76:08:9b:
         6a:e8:4e:f9:1c:76:e5:69:00:af:b5:d7:47:a2:ee:34:54:19:
         cb:61:36:ad:09:4c:7e:86:b8:c6:92:69:29:c6:2d:b5:32:1a:
         1f:9d:c4:8f:3a:f4:c0:49:77:af:67:6d:d3:26:fe:17:2e:84:
         3c:be:7a:3f:85:29:eb:f0:8b:49:77:d2:6e:61:a1:76:41:36:
         ee:f9:b5:1e:16:7b:e8:2d:6f:5c:a8:c5:09:61:d3:b3:f3:14:
         0f:cc:6d:b7:78:5a:b2:f0:ba:df:fb:8a:2d:32:89:8d:84:ee:
         e1:97:62:cb:be:aa:70:07:12:5d:b4:a7:0e:b7:28:a8:28:71:
         16:06:e7:ad
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzCbO86ccT6kcu/eLOuVLowMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZGJlYTA3NTNkZjA4M2U1NzgyYmI5ZjM4MGI1ZDc5OWNi
NzhhMDYwHhcNMjQwMTAxMDAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGE5YmJiYzNiMWU4N2FkYzAzZmRiZDYwMmYxZDA0YjJhM2RjNTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1GQBsz+MVK+/hR1tC9LC6ezJTIpq
bDQyGy1yda9iR1dbSDfXn1UtkHaKxQO1MNqe/6U1ws2EsiVMGJn9HdLwG2Ub4IEv
eTjv6ULngyEFoJWwqK+CGKCQnEqoHD8Egz/MCNOU4WFhJ/wemKkwBtrUcm28m1In
pMt+StYcXfj/J27OYz+i6l7LVCg+bg1BW5H+SrlKxLhP0AwSy1S5aMrTVVZ4z+AZ
hWyLl90zKzK36Rd3S8nILF38wX4OuEgW2RZnaK+h4zN5N8Hse9QmHOmo1kymzDQS
QNbFk6ZvqM/a+um5qE8pDtcB2Mg6Nkl64XaBzRPoBo/ksjSvUFrk4AtENQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFICpu7w7HoetwD/b1gLx0EsqPcVtMB8GA1UdIwQY
MBaAFHDb6gdT3wg+V4K7nzgLXXmct4oGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY052cUIxUGZDRDVYZ3J1Zk9BdGRlWnkzaWdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9kZWVjMmUtMGNkNi00MTEzLWIyYjkt
MmEwY2YxMzE3M2Q4LzEvZ0ttN3ZEc2VoNjNBUDl2V0F2SFFTeW85eFcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9kZWVjMmUtMGNkNi00MTEzLWIyYjktMmEwY2YxMzE3M2Q4
LzEvY052cUIxUGZDRDVYZ3J1Zk9BdGRlWnkzaWdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhPwwDQYJ
KoZIhvcNAQELBQADggEBAH+DFJkeJFCOXsyUHwqn6BoDNG2cJBteICEwikLZ+ySC
CbHPHy+oDNpSMMEs2Nqb+BAWyzljxl5wY2kwEyRdUeovpWnre26BDh7LqpyirpD8
VltD3c7sZ7e0/1FkDFSgWyPJZmMbLNXIlwHNTY2QoLMOmpDjcmmNYqEJnXYIm2ro
TvkcduVpAK+110ei7jRUGcthNq0JTH6GuMaSaSnGLbUyGh+dxI869MBJd69nbdMm
/hcuhDy+ej+FKevwi0l30m5hoXZBNu75tR4We+gtb1yoxQlh07PzFA/Mbbd4WrLw
ut/7ii0yiY2E7uGXYsu+qnAHEl20pw63KKgocRYG560=
-----END CERTIFICATE-----