Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/gZ5Pzt7MNb_Hfa2C7BvypeoPIno.roa
File:                     gZ5Pzt7MNb_Hfa2C7BvypeoPIno.roa (raw, json)
Hash identifier:          n6ASLtmwnk1rrz5qFS4eIz7+1dgid5tdquxCDhhtEpA=
Subject key identifier:   81:9E:4F:CE:DE:CC:35:BF:C7:7D:AD:82:EC:1B:F2:A5:EA:0F:22:7A
Certificate issuer:       /CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
Certificate serial:       018CC26CF83C6627AF808383FB95829106D6
Authority key identifier: 17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/gZ5Pzt7MNb_Hfa2C7BvypeoPIno.roa
Signing time:             Mon 01 Jan 2024 00:29:30 +0000
ROA not before:           Mon 01 Jan 2024 00:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204086
IP address blocks:        82.160.86.0/23 maxlen: 23
                          82.160.138.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:03:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f8:3c:66:27:af:80:83:83:fb:95:82:91:06:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
        Validity
            Not Before: Jan  1 00:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=819e4fcedecc35bfc77dad82ec1bf2a5ea0f227a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:75:24:c0:9b:08:06:fd:ea:9c:ec:37:18:49:
                    ad:68:7a:47:76:36:6a:07:21:ac:e1:ae:e8:24:68:
                    99:ab:48:9b:0f:12:c7:56:00:db:b2:3a:7d:05:52:
                    8a:2a:68:69:1d:68:bc:a2:a0:27:b5:f2:28:40:a5:
                    30:63:be:d2:63:0f:18:6a:bf:ad:f0:da:d5:7f:29:
                    c6:17:95:e0:07:5e:a0:45:58:5f:ef:6c:32:f7:26:
                    2c:cc:7f:a9:85:f6:b7:0b:36:54:8b:b5:1f:7e:79:
                    fc:81:d0:c1:10:cf:e4:a6:46:4c:f6:17:3e:71:d6:
                    87:29:91:a1:4b:9d:98:c2:fa:34:ba:30:ae:89:31:
                    91:82:93:76:af:f4:fb:ad:8e:3e:2f:54:47:c0:11:
                    01:48:d1:a2:a3:6f:9a:d0:ec:54:e7:49:8b:6b:02:
                    78:00:f6:06:19:cd:2e:e0:00:3a:99:e0:55:79:17:
                    8c:63:05:39:86:23:0f:37:b5:15:55:a0:01:8c:92:
                    ed:74:56:3a:42:7b:b4:39:06:07:f9:8f:14:b1:3f:
                    fd:0b:4b:30:d0:d6:43:81:ec:90:70:a2:e7:45:8b:
                    7e:28:7f:f6:fe:7e:0a:bb:3d:e7:8e:c9:56:f1:90:
                    8a:11:b6:11:25:01:9e:0a:bf:4e:3a:49:61:9b:92:
                    c5:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:9E:4F:CE:DE:CC:35:BF:C7:7D:AD:82:EC:1B:F2:A5:EA:0F:22:7A
            X509v3 Authority Key Identifier:
                keyid:17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/gZ5Pzt7MNb_Hfa2C7BvypeoPIno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.160.86.0/23
                  82.160.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7b:24:f7:30:f7:89:b5:6d:5b:6e:66:0f:11:f6:50:87:a5:2a:
         89:67:78:58:47:dc:18:8e:99:e1:5b:c0:47:ef:b5:c5:84:a2:
         fd:55:8b:12:9a:55:40:1f:83:54:c1:fd:0f:83:91:83:93:de:
         f4:08:c6:ab:a6:0c:68:d2:71:3a:ec:42:f9:cf:9a:4d:2d:08:
         f3:3a:6e:fa:a6:3b:4f:f1:90:1a:b1:1d:fe:2f:b2:6f:e9:3c:
         bb:ee:27:b4:a7:5a:02:47:14:cd:38:24:d0:c5:0e:79:e4:1b:
         df:3f:1e:ec:5c:ac:6a:37:e7:5c:18:d5:96:52:f2:a9:8f:c8:
         64:aa:f1:9e:d8:91:b1:09:70:47:23:58:32:60:de:a8:b1:fd:
         0c:77:cd:36:c0:8a:7f:84:e9:ff:f3:01:4c:25:79:86:19:ae:
         3f:6a:db:8f:7c:ea:c8:d0:1b:90:ef:83:35:39:8c:e0:97:27:
         50:0f:c6:56:3f:39:f4:75:c8:44:2a:6b:ed:c8:b2:e9:b4:31:
         2c:09:f4:df:41:b0:03:9e:d7:af:0f:94:0d:10:70:dc:c3:89:
         69:4b:67:c0:43:56:f1:28:8d:90:af:37:7a:e1:6d:e6:18:57:
         7d:62:9f:a3:42:ce:ae:b2:c1:d1:67:2c:7c:db:a6:2c:d5:08:
         6b:dc:f0:03
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbPg8ZievgIOD+5WCkQbWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTMwMWRjYzdmYWU0ZjdjZTAxZTQ5ODdhNzdjYjgyYTMz
NmFiZmYwHhcNMjQwMTAxMDAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTllNGZjZWRlY2MzNWJmYzc3ZGFkODJlYzFiZjJhNWVhMGYyMjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunUkwJsIBv3qnOw3GEmtaHpHdjZq
ByGs4a7oJGiZq0ibDxLHVgDbsjp9BVKKKmhpHWi8oqAntfIoQKUwY77SYw8Yar+t
8NrVfynGF5XgB16gRVhf72wy9yYszH+phfa3CzZUi7Uffnn8gdDBEM/kpkZM9hc+
cdaHKZGhS52Ywvo0ujCuiTGRgpN2r/T7rY4+L1RHwBEBSNGio2+a0OxU50mLawJ4
APYGGc0u4AA6meBVeReMYwU5hiMPN7UVVaABjJLtdFY6Qnu0OQYH+Y8UsT/9C0sw
0NZDgeyQcKLnRYt+KH/2/n4Kuz3njslW8ZCKEbYRJQGeCr9OOklhm5LFXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIGeT87ezDW/x32tguwb8qXqDyJ6MB8GA1UdIwQY
MBaAFBeTAdzH+uT3zgHkmHp3y4KjNqv/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQt
YWZmOTJjMTZkOGUzLzEvZ1o1UHp0N01OYl9IZmEyQzdCdnlwZW9QSW5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQtYWZmOTJjMTZkOGUz
LzEvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBUqBWAwQB
UqCKMA0GCSqGSIb3DQEBCwUAA4IBAQB7JPcw94m1bVtuZg8R9lCHpSqJZ3hYR9wY
jpnhW8BH77XFhKL9VYsSmlVAH4NUwf0Pg5GDk970CMarpgxo0nE67EL5z5pNLQjz
Om76pjtP8ZAasR3+L7Jv6Ty77ie0p1oCRxTNOCTQxQ555BvfPx7sXKxqN+dcGNWW
UvKpj8hkqvGe2JGxCXBHI1gyYN6osf0Md802wIp/hOn/8wFMJXmGGa4/atuPfOrI
0BuQ74M1OYzglydQD8ZWPzn0dchEKmvtyLLptDEsCfTfQbADntevD5QNEHDcw4lp
S2fAQ1bxKI2Qrzd64W3mGFd9Yp+jQs6ussHRZyx826Ys1Qhr3PAD
-----END CERTIFICATE-----