Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/GO1Uwy9K7XTLbG888UqOR8xe1Hg.roa
File:                     GO1Uwy9K7XTLbG888UqOR8xe1Hg.roa (raw, json)
Hash identifier:          L4i2d3TsE2Os9pPtB0bLhksrFnlfglaJeZMUmH+TN68=
Subject key identifier:   18:ED:54:C3:2F:4A:ED:74:CB:6C:6F:3C:F1:4A:8E:47:CC:5E:D4:78
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018CC7941C24B88B6582EA61CD41ECAF9C58
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/GO1Uwy9K7XTLbG888UqOR8xe1Hg.roa
Signing time:             Tue 02 Jan 2024 00:30:21 +0000
ROA not before:           Tue 02 Jan 2024 00:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52000
IP address blocks:        109.248.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 16:15:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:1c:24:b8:8b:65:82:ea:61:cd:41:ec:af:9c:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 00:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18ed54c32f4aed74cb6c6f3cf14a8e47cc5ed478
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:1f:3f:e2:f5:fd:87:50:f3:d7:21:fa:3f:57:
                    74:92:a3:a9:d7:f9:85:e0:0b:aa:0e:2b:b3:8d:ba:
                    af:43:c8:ad:e2:a6:08:ba:6e:a3:57:20:bc:3c:44:
                    f2:52:63:c2:7f:7b:a3:2d:16:85:e2:9a:53:1f:01:
                    14:7a:e0:04:f4:89:01:18:87:4d:f6:e2:53:67:03:
                    b9:1e:e0:38:da:e4:d6:4a:b0:e5:45:46:07:bd:14:
                    3a:84:89:f4:2b:6d:56:8f:88:c7:65:b5:00:96:26:
                    92:94:f5:1e:e0:46:f5:c1:b5:14:70:9a:c0:70:57:
                    af:60:09:16:3d:2f:f5:9a:42:2c:7c:f7:d1:bb:18:
                    7e:b2:9c:08:34:dd:ff:d5:2b:de:8f:ab:ed:7c:be:
                    8c:7f:3d:33:16:55:e5:1d:73:6d:65:db:d9:3d:79:
                    0e:57:6b:be:3b:7e:d8:bc:62:87:e0:ee:8c:8a:95:
                    2d:5f:08:c6:8a:0c:30:b8:32:27:10:04:f7:d7:71:
                    7f:90:54:bf:e1:f9:c5:e5:0e:b9:35:02:31:73:f2:
                    9d:b7:05:67:c7:9f:e0:21:20:c7:ab:93:1e:b5:b9:
                    c7:43:8b:3d:13:ff:00:d7:eb:95:4f:0d:c2:c8:59:
                    bb:77:a8:aa:6b:26:82:e6:ac:4e:90:1b:1e:50:82:
                    ca:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:ED:54:C3:2F:4A:ED:74:CB:6C:6F:3C:F1:4A:8E:47:CC:5E:D4:78
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/GO1Uwy9K7XTLbG888UqOR8xe1Hg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:63:49:cd:f2:96:5a:2d:a8:49:fa:dd:4f:a4:cb:9c:05:0e:
         c9:f2:2b:c5:20:3c:bb:78:37:f1:54:fb:0c:41:a5:c7:9d:03:
         01:94:92:32:3b:62:0f:47:1b:55:75:50:1b:19:a4:4a:e0:35:
         54:63:2f:b8:1c:e6:22:1e:87:ed:b2:d0:d7:55:d5:d0:3b:e2:
         85:9a:32:9e:e7:3e:11:b5:54:86:92:9c:8a:0e:20:0c:04:f4:
         1e:6c:5a:8c:4f:bd:3c:86:6b:b9:03:cb:e5:69:d4:ff:8a:12:
         6f:51:de:bf:be:4a:09:fe:be:b9:40:66:40:c1:96:99:a9:ad:
         7b:74:0c:d1:5e:69:0c:ac:78:fa:46:f5:05:be:23:b6:73:0a:
         e9:21:67:c0:10:97:ba:8f:b1:7b:3d:a5:5c:29:a0:c4:78:38:
         11:0a:10:00:8e:88:e9:e3:76:dd:03:8e:5c:99:fc:83:bc:5a:
         e1:d9:5d:d0:26:3f:f6:d0:ea:97:ee:b1:66:5c:f5:ae:8b:7a:
         d8:53:2e:95:ab:f4:67:30:bc:31:2c:0e:67:81:0a:39:19:db:
         10:17:42:85:f6:37:d1:9f:b5:65:15:1c:c2:a1:9b:df:f5:4d:
         39:66:2c:3a:f2:8a:28:ba:a7:ad:51:11:76:06:72:b2:40:bf:
         5a:0c:7a:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlBwkuItlguphzUHsr5xYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwMTAyMDAzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGVkNTRjMzJmNGFlZDc0Y2I2YzZmM2NmMTRhOGU0N2NjNWVkNDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvB8/4vX9h1Dz1yH6P1d0kqOp1/mF
4AuqDiuzjbqvQ8it4qYIum6jVyC8PETyUmPCf3ujLRaF4ppTHwEUeuAE9IkBGIdN
9uJTZwO5HuA42uTWSrDlRUYHvRQ6hIn0K21Wj4jHZbUAliaSlPUe4Eb1wbUUcJrA
cFevYAkWPS/1mkIsfPfRuxh+spwINN3/1Svej6vtfL6Mfz0zFlXlHXNtZdvZPXkO
V2u+O37YvGKH4O6MipUtXwjGigwwuDInEAT313F/kFS/4fnF5Q65NQIxc/KdtwVn
x5/gISDHq5MetbnHQ4s9E/8A1+uVTw3CyFm7d6iqayaC5qxOkBseUILKoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBjtVMMvSu10y2xvPPFKjkfMXtR4MB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvR08xVXd5OUs3WFRMYkc4ODhVcU9SOHhlMUhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbfgqMA0G
CSqGSIb3DQEBCwUAA4IBAQBCY0nN8pZaLahJ+t1PpMucBQ7J8ivFIDy7eDfxVPsM
QaXHnQMBlJIyO2IPRxtVdVAbGaRK4DVUYy+4HOYiHoftstDXVdXQO+KFmjKe5z4R
tVSGkpyKDiAMBPQebFqMT708hmu5A8vladT/ihJvUd6/vkoJ/r65QGZAwZaZqa17
dAzRXmkMrHj6RvUFviO2cwrpIWfAEJe6j7F7PaVcKaDEeDgRChAAjojp43bdA45c
mfyDvFrh2V3QJj/20OqX7rFmXPWui3rYUy6Vq/RnMLwxLA5ngQo5GdsQF0KF9jfR
n7VlFRzCoZvf9U05Ziw68ooouqetURF2BnKyQL9aDHrn
-----END CERTIFICATE-----