Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b0587c-31e8-4a9b-af69-794c9d928cdc/1/gGN8DGM9_0Gm8BEp2388b8jQp5E.roa
File:                     gGN8DGM9_0Gm8BEp2388b8jQp5E.roa (raw, json)
Hash identifier:          B9SV+ptEiA0I4SlejzjRXn4FRXZEQoOgksLFAcJAtXo=
Subject key identifier:   80:63:7C:0C:63:3D:FF:41:A6:F0:11:29:DB:7F:3C:6F:C8:D0:A7:91
Certificate issuer:       /CN=8acd2eb2f0618b72c646d997d3c95dd836bdd006
Certificate serial:       018CC4938899FFE287A9410135F07F883291
Authority key identifier: 8A:CD:2E:B2:F0:61:8B:72:C6:46:D9:97:D3:C9:5D:D8:36:BD:D0:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/is0usvBhi3LGRtmX08ld2Da90AY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b0587c-31e8-4a9b-af69-794c9d928cdc/1/gGN8DGM9_0Gm8BEp2388b8jQp5E.roa
Signing time:             Mon 01 Jan 2024 10:30:52 +0000
ROA not before:           Mon 01 Jan 2024 10:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15517
IP address blocks:        213.133.240.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b0587c-31e8-4a9b-af69-794c9d928cdc/1/is0usvBhi3LGRtmX08ld2Da90AY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b0587c-31e8-4a9b-af69-794c9d928cdc/1/is0usvBhi3LGRtmX08ld2Da90AY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/is0usvBhi3LGRtmX08ld2Da90AY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:88:99:ff:e2:87:a9:41:01:35:f0:7f:88:32:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8acd2eb2f0618b72c646d997d3c95dd836bdd006
        Validity
            Not Before: Jan  1 10:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80637c0c633dff41a6f01129db7f3c6fc8d0a791
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:79:84:01:6e:38:1a:75:2a:e2:2a:eb:b5:68:
                    7e:89:c5:de:4e:68:84:8f:a1:1d:41:5d:7f:b5:a4:
                    d9:e6:29:e5:ec:7c:c3:7a:9c:89:56:34:b1:72:92:
                    60:04:de:dc:56:e5:ad:b3:41:59:d1:67:36:a9:22:
                    4d:ad:de:50:cf:84:50:c3:30:97:e9:19:d6:d2:b9:
                    bc:e9:2d:0b:6f:b3:eb:9d:14:ec:8e:04:80:e7:b7:
                    72:3e:ca:5a:44:cb:1a:0e:23:ea:8e:15:fb:e6:1a:
                    44:d3:b1:b0:bb:2e:73:70:24:b1:4a:85:d5:62:07:
                    14:8c:02:86:ad:61:df:68:80:e7:9c:eb:e4:7f:1f:
                    5a:fc:d1:a4:7f:7c:7f:10:bf:52:19:5a:3c:a0:f1:
                    c4:58:ed:db:f9:8d:64:b8:18:1a:14:75:82:9c:eb:
                    22:9a:fd:f7:42:ea:ae:2f:46:25:c8:90:4f:be:d1:
                    be:5a:5d:b5:df:a1:84:1f:a7:72:0c:cf:d7:c9:cb:
                    36:08:04:20:10:6f:e6:e5:18:87:62:10:7c:77:87:
                    ae:b6:c4:3c:c2:b8:78:90:49:e5:68:34:e0:01:39:
                    bf:11:a9:dc:db:84:63:40:26:82:5e:29:93:f8:eb:
                    49:08:48:c0:89:15:15:c8:ae:4a:46:a8:01:c5:8a:
                    3a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:63:7C:0C:63:3D:FF:41:A6:F0:11:29:DB:7F:3C:6F:C8:D0:A7:91
            X509v3 Authority Key Identifier:
                keyid:8A:CD:2E:B2:F0:61:8B:72:C6:46:D9:97:D3:C9:5D:D8:36:BD:D0:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/is0usvBhi3LGRtmX08ld2Da90AY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b0587c-31e8-4a9b-af69-794c9d928cdc/1/gGN8DGM9_0Gm8BEp2388b8jQp5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b0587c-31e8-4a9b-af69-794c9d928cdc/1/is0usvBhi3LGRtmX08ld2Da90AY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.133.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         82:f7:e3:6f:a7:08:5e:61:fc:80:a1:25:1e:c9:f2:ed:3a:a5:
         50:18:c3:95:4c:00:35:3a:dc:5f:f2:81:42:f9:98:59:21:84:
         ca:ed:fd:ea:a5:2e:d1:d7:eb:c8:84:12:5b:a2:9b:93:f6:27:
         0c:9a:e1:91:66:1a:15:03:ad:ff:a3:04:32:f8:0a:4c:96:b4:
         be:f8:d5:03:89:64:da:ee:80:e6:c1:19:d3:09:b6:b9:cd:17:
         53:28:df:4f:e6:90:ba:c3:29:72:40:e3:0b:3b:c0:74:d0:ef:
         29:24:ca:93:2c:d7:88:27:19:f7:62:d4:13:35:06:e0:e6:87:
         71:a7:7a:b6:1d:ad:72:a7:0d:04:09:6f:a1:d7:27:c3:21:69:
         f7:bc:94:a0:3a:5c:df:4e:e7:8f:e7:bf:7e:c6:a4:af:c2:5b:
         e3:07:75:be:ef:e1:12:f3:a1:6b:ca:dc:0c:fd:97:28:8b:d3:
         2d:af:7f:0e:06:b9:8a:5a:93:01:50:00:88:e0:2d:61:79:b7:
         1a:e0:c4:ec:8e:b3:51:aa:af:6c:29:14:93:9d:0d:57:2e:75:
         80:6f:d1:5a:a5:84:2d:1c:af:1a:d4:d7:26:60:1c:66:d1:3e:
         a8:b6:27:0a:a2:5e:ba:21:79:b3:30:2a:5b:7f:e1:83:92:c4:
         5f:91:23:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk4iZ/+KHqUEBNfB/iDKRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhY2QyZWIyZjA2MThiNzJjNjQ2ZDk5N2QzYzk1ZGQ4MzZi
ZGQwMDYwHhcNMjQwMTAxMTAzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDYzN2MwYzYzM2RmZjQxYTZmMDExMjlkYjdmM2M2ZmM4ZDBhNzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh3mEAW44GnUq4irrtWh+icXeTmiE
j6EdQV1/taTZ5inl7HzDepyJVjSxcpJgBN7cVuWts0FZ0Wc2qSJNrd5Qz4RQwzCX
6RnW0rm86S0Lb7PrnRTsjgSA57dyPspaRMsaDiPqjhX75hpE07Gwuy5zcCSxSoXV
YgcUjAKGrWHfaIDnnOvkfx9a/NGkf3x/EL9SGVo8oPHEWO3b+Y1kuBgaFHWCnOsi
mv33QuquL0YlyJBPvtG+Wl2136GEH6dyDM/Xycs2CAQgEG/m5RiHYhB8d4eutsQ8
wrh4kEnlaDTgATm/Eanc24RjQCaCXimT+OtJCEjAiRUVyK5KRqgBxYo60QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIBjfAxjPf9BpvARKdt/PG/I0KeRMB8GA1UdIwQY
MBaAFIrNLrLwYYtyxkbZl9PJXdg2vdAGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXMwdXN2QmhpM0xHUnRtWDA4bGQyRGE5MEFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iMDU4N2MtMzFlOC00YTliLWFmNjkt
Nzk0YzlkOTI4Y2RjLzEvZ0dOOERHTTlfMEdtOEJFcDIzODhiOGpRcDVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iMDU4N2MtMzFlOC00YTliLWFmNjktNzk0YzlkOTI4Y2Rj
LzEvaXMwdXN2QmhpM0xHUnRtWDA4bGQyRGE5MEFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD1YXwMA0G
CSqGSIb3DQEBCwUAA4IBAQCC9+NvpwheYfyAoSUeyfLtOqVQGMOVTAA1Otxf8oFC
+ZhZIYTK7f3qpS7R1+vIhBJbopuT9icMmuGRZhoVA63/owQy+ApMlrS++NUDiWTa
7oDmwRnTCba5zRdTKN9P5pC6wylyQOMLO8B00O8pJMqTLNeIJxn3YtQTNQbg5odx
p3q2Ha1ypw0ECW+h1yfDIWn3vJSgOlzfTueP579+xqSvwlvjB3W+7+ES86FrytwM
/Zcoi9Mtr38OBrmKWpMBUACI4C1hebca4MTsjrNRqq9sKRSTnQ1XLnWAb9FapYQt
HK8a1NcmYBxm0T6oticKol66IXmzMCpbf+GDksRfkSOc
-----END CERTIFICATE-----