Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/280ca9-f7d8-4ffa-ba34-a13f4481bc6c/1/d8Gzp6cS-EdJdRaPJzyzE63oHLA.roa
File:                     d8Gzp6cS-EdJdRaPJzyzE63oHLA.roa (raw, json)
Hash identifier:          4i0d9lKhGTiPFa5Uytqx5nWuZ1vmUf65C81Lekl/Rr8=
Subject key identifier:   77:C1:B3:A7:A7:12:F8:47:49:75:16:8F:27:3C:B3:13:AD:E8:1C:B0
Certificate issuer:       /CN=bb82b8d3c1b0f78c3a19f6164eb2821e230cfe4e
Certificate serial:       018CC50005E053292E1FD94A353D18B81D1C
Authority key identifier: BB:82:B8:D3:C1:B0:F7:8C:3A:19:F6:16:4E:B2:82:1E:23:0C:FE:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u4K408Gw94w6GfYWTrKCHiMM_k4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/280ca9-f7d8-4ffa-ba34-a13f4481bc6c/1/d8Gzp6cS-EdJdRaPJzyzE63oHLA.roa
Signing time:             Mon 01 Jan 2024 12:29:22 +0000
ROA not before:           Mon 01 Jan 2024 12:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25149
IP address blocks:        193.178.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/280ca9-f7d8-4ffa-ba34-a13f4481bc6c/1/u4K408Gw94w6GfYWTrKCHiMM_k4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/280ca9-f7d8-4ffa-ba34-a13f4481bc6c/1/u4K408Gw94w6GfYWTrKCHiMM_k4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u4K408Gw94w6GfYWTrKCHiMM_k4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:05:e0:53:29:2e:1f:d9:4a:35:3d:18:b8:1d:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb82b8d3c1b0f78c3a19f6164eb2821e230cfe4e
        Validity
            Not Before: Jan  1 12:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77c1b3a7a712f8474975168f273cb313ade81cb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:45:73:1c:67:b6:21:9a:98:83:9f:cb:7e:59:
                    d6:b2:3a:5b:54:8b:5f:cf:f7:76:76:f3:b6:0e:71:
                    08:7b:e5:9d:cd:5c:c6:fb:9c:69:c1:d6:68:fc:71:
                    c8:6b:7e:7b:e2:8c:27:d1:6d:f6:31:f3:0e:ab:e5:
                    f2:ff:21:e2:5f:39:ef:dc:42:f7:1c:c3:16:2a:4f:
                    79:d0:42:e7:83:a1:a2:8d:74:aa:70:31:13:d5:20:
                    7b:d4:1f:94:6c:53:28:1e:f6:d9:23:17:d8:d9:a7:
                    a9:6e:84:97:96:a7:d7:fb:17:38:e1:3f:80:3a:46:
                    80:82:c6:d2:2f:39:c0:33:26:c5:51:00:85:d8:0c:
                    9d:41:05:45:8e:72:76:37:c2:03:30:f7:05:5e:63:
                    72:b9:e3:c4:93:14:2a:ab:7c:ab:45:3d:d6:fd:3c:
                    1d:68:ac:ad:b7:07:73:5e:cc:4d:10:c6:9d:66:3c:
                    55:8d:77:fd:7b:a3:bb:c4:06:fe:7b:5d:59:7f:73:
                    f7:0c:4f:10:20:d2:2f:20:47:c8:a9:75:cc:0d:3d:
                    2a:a3:3b:a0:b0:b4:a9:bd:61:40:aa:90:2f:28:56:
                    d9:be:66:20:b8:e5:e4:54:a4:b2:0d:a6:f1:b0:2a:
                    eb:88:e0:31:99:6d:aa:d6:f8:da:f3:37:32:a9:00:
                    48:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:C1:B3:A7:A7:12:F8:47:49:75:16:8F:27:3C:B3:13:AD:E8:1C:B0
            X509v3 Authority Key Identifier:
                keyid:BB:82:B8:D3:C1:B0:F7:8C:3A:19:F6:16:4E:B2:82:1E:23:0C:FE:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u4K408Gw94w6GfYWTrKCHiMM_k4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/280ca9-f7d8-4ffa-ba34-a13f4481bc6c/1/d8Gzp6cS-EdJdRaPJzyzE63oHLA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/280ca9-f7d8-4ffa-ba34-a13f4481bc6c/1/u4K408Gw94w6GfYWTrKCHiMM_k4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:86:21:56:81:21:6b:a9:b7:82:35:48:08:8f:e1:81:ce:3a:
         77:8d:c7:08:87:81:7e:52:39:e2:ff:cd:97:ca:6e:54:2a:55:
         e5:63:b9:15:ff:76:72:4d:5e:8e:69:c4:fb:67:05:51:b7:c4:
         f0:90:8b:f9:2a:2c:7f:f4:4e:5d:f8:82:55:9b:1d:cd:5f:14:
         bc:c7:1a:3b:70:76:b5:f9:62:e7:a9:66:7f:a1:ff:5d:17:3d:
         1d:56:8c:5f:03:49:35:4c:bc:71:00:09:d7:98:35:fc:a5:52:
         87:89:8e:62:f3:32:17:79:1c:16:46:90:70:fb:a0:28:b0:d9:
         d9:22:a7:49:b6:fa:08:7d:a2:53:f7:ef:1f:cc:a1:7c:6f:1a:
         89:43:99:76:6d:d0:db:a0:a9:21:a1:19:e4:d5:99:38:aa:6b:
         bd:2e:fa:4f:82:ac:17:6a:95:6c:d5:86:2c:b3:45:76:21:d3:
         f0:f7:5f:57:d8:a9:8f:d0:83:cd:8f:63:d6:df:0e:fd:4e:a9:
         1e:2d:af:8e:09:78:5f:88:f6:3a:4e:d9:7a:aa:bb:ea:d9:47:
         8a:10:cd:4d:8d:c7:5b:8a:ec:c6:72:38:3f:c8:09:16:47:2a:
         71:d3:a4:1d:4c:87:27:56:c7:27:5e:d3:2f:8c:1f:ca:ee:27:
         e1:ab:36:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAAXgUykuH9lKNT0YuB0cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiODJiOGQzYzFiMGY3OGMzYTE5ZjYxNjRlYjI4MjFlMjMw
Y2ZlNGUwHhcNMjQwMTAxMTIyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2MxYjNhN2E3MTJmODQ3NDk3NTE2OGYyNzNjYjMxM2FkZTgxY2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEVzHGe2IZqYg5/LflnWsjpbVItf
z/d2dvO2DnEIe+WdzVzG+5xpwdZo/HHIa3574own0W32MfMOq+Xy/yHiXznv3EL3
HMMWKk950ELng6GijXSqcDET1SB71B+UbFMoHvbZIxfY2aepboSXlqfX+xc44T+A
OkaAgsbSLznAMybFUQCF2AydQQVFjnJ2N8IDMPcFXmNyuePEkxQqq3yrRT3W/Twd
aKyttwdzXsxNEMadZjxVjXf9e6O7xAb+e11Zf3P3DE8QINIvIEfIqXXMDT0qozug
sLSpvWFAqpAvKFbZvmYguOXkVKSyDabxsCrriOAxmW2q1vja8zcyqQBIHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHfBs6enEvhHSXUWjyc8sxOt6BywMB8GA1UdIwQY
MBaAFLuCuNPBsPeMOhn2Fk6ygh4jDP5OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTRLNDA4R3c5NHc2R2ZZV1RyS0NIaU1NX2s0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8yODBjYTktZjdkOC00ZmZhLWJhMzQt
YTEzZjQ0ODFiYzZjLzEvZDhHenA2Y1MtRWRKZFJhUEp6eXpFNjNvSExBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8yODBjYTktZjdkOC00ZmZhLWJhMzQtYTEzZjQ0ODFiYzZj
LzEvdTRLNDA4R3c5NHc2R2ZZV1RyS0NIaU1NX2s0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbK8MA0G
CSqGSIb3DQEBCwUAA4IBAQB1hiFWgSFrqbeCNUgIj+GBzjp3jccIh4F+Ujni/82X
ym5UKlXlY7kV/3ZyTV6OacT7ZwVRt8TwkIv5Kix/9E5d+IJVmx3NXxS8xxo7cHa1
+WLnqWZ/of9dFz0dVoxfA0k1TLxxAAnXmDX8pVKHiY5i8zIXeRwWRpBw+6AosNnZ
IqdJtvoIfaJT9+8fzKF8bxqJQ5l2bdDboKkhoRnk1Zk4qmu9LvpPgqwXapVs1YYs
s0V2IdPw919X2KmP0IPNj2PW3w79TqkeLa+OCXhfiPY6Ttl6qrvq2UeKEM1Njcdb
iuzGcjg/yAkWRypx06QdTIcnVscnXtMvjB/K7ifhqzY2
-----END CERTIFICATE-----