Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0c0c65-9f82-4450-9165-f0c21f8186f0/1/gSnm-EZjHeRyWC-N13sHKCtwXD0.roa
File:                     gSnm-EZjHeRyWC-N13sHKCtwXD0.roa (raw, json)
Hash identifier:          XrWZ+sfl0uhI0A7flT+pooDC75mu7ML2+ANNnnH7UFo=
Subject key identifier:   81:29:E6:F8:46:63:1D:E4:72:58:2F:8D:D7:7B:07:28:2B:70:5C:3D
Certificate issuer:       /CN=d4ff0fecd7bf44148931788dfe7f20d67a67a0db
Certificate serial:       018CC2DAECF1E4B7B61E808533BA5BA10D7E
Authority key identifier: D4:FF:0F:EC:D7:BF:44:14:89:31:78:8D:FE:7F:20:D6:7A:67:A0:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1P8P7Ne_RBSJMXiN_n8g1npnoNs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/0c0c65-9f82-4450-9165-f0c21f8186f0/1/gSnm-EZjHeRyWC-N13sHKCtwXD0.roa
Signing time:             Mon 01 Jan 2024 02:29:36 +0000
ROA not before:           Mon 01 Jan 2024 02:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51424
IP address blocks:        212.4.132.0/24 maxlen: 24
                          212.96.184.0/24 maxlen: 24
                          213.211.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/0c0c65-9f82-4450-9165-f0c21f8186f0/1/1P8P7Ne_RBSJMXiN_n8g1npnoNs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/0c0c65-9f82-4450-9165-f0c21f8186f0/1/1P8P7Ne_RBSJMXiN_n8g1npnoNs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1P8P7Ne_RBSJMXiN_n8g1npnoNs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 13:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ec:f1:e4:b7:b6:1e:80:85:33:ba:5b:a1:0d:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4ff0fecd7bf44148931788dfe7f20d67a67a0db
        Validity
            Not Before: Jan  1 02:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8129e6f846631de472582f8dd77b07282b705c3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:0c:cf:00:6a:f1:eb:a2:9d:ca:d4:e3:0d:8b:
                    04:c6:59:e2:6d:3a:bb:f0:cd:a7:2f:7c:51:79:ff:
                    02:8a:d7:de:bb:aa:25:a7:01:70:f8:dd:12:28:bf:
                    c2:a4:91:64:cb:1a:58:fa:0f:75:d9:60:5a:7f:f3:
                    eb:b8:bb:c6:37:e2:77:0a:08:4d:83:0f:3a:51:83:
                    67:6d:d6:b9:f1:bf:ce:20:a2:63:86:fc:d2:f2:14:
                    4f:83:c4:f3:bb:8f:bc:02:0b:cf:64:8f:4a:3e:82:
                    77:cd:67:9c:ab:60:7c:3e:d0:2f:a7:21:9b:4f:78:
                    7c:5e:e9:cb:3f:4d:15:f5:54:98:d0:20:35:70:e5:
                    e7:64:76:8e:22:09:fd:37:70:20:23:67:5d:45:71:
                    6a:66:92:80:c6:55:68:3e:8f:08:0e:47:3d:db:20:
                    a8:d5:2c:4d:40:10:7f:1f:db:8e:51:61:13:92:be:
                    ee:8e:5e:16:95:53:8f:d7:e5:92:19:f3:11:b8:85:
                    9a:25:e6:bd:47:48:83:b4:33:97:1d:c5:7c:fc:46:
                    ca:b4:59:71:2f:ad:59:56:44:23:e1:e4:b1:25:58:
                    cc:84:89:0f:66:5a:aa:2b:6d:bb:b5:95:c0:94:d0:
                    21:4d:27:58:6c:ce:34:dd:fb:3b:b7:c8:4b:0f:f2:
                    f4:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:29:E6:F8:46:63:1D:E4:72:58:2F:8D:D7:7B:07:28:2B:70:5C:3D
            X509v3 Authority Key Identifier:
                keyid:D4:FF:0F:EC:D7:BF:44:14:89:31:78:8D:FE:7F:20:D6:7A:67:A0:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1P8P7Ne_RBSJMXiN_n8g1npnoNs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0c0c65-9f82-4450-9165-f0c21f8186f0/1/gSnm-EZjHeRyWC-N13sHKCtwXD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0c0c65-9f82-4450-9165-f0c21f8186f0/1/1P8P7Ne_RBSJMXiN_n8g1npnoNs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.4.132.0/24
                  212.96.184.0/24
                  213.211.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:ad:46:9c:15:c2:f0:ee:18:df:2c:aa:68:fa:66:ff:86:48:
         63:80:4f:40:81:20:e3:1b:0c:8e:af:52:b9:0b:1c:4c:db:22:
         f0:4b:e2:06:d4:22:8f:3c:d2:68:b4:f6:d7:04:e5:6d:5c:45:
         3d:69:73:37:b8:19:10:ae:61:14:bd:6b:90:af:9e:0a:4a:82:
         0a:cc:04:53:61:8c:3d:4d:ec:4a:0d:61:cf:e2:f8:f5:8b:54:
         a2:04:86:9a:0b:b2:b4:6f:66:b0:b7:f2:14:33:34:46:97:dc:
         dd:2c:e7:06:e8:b1:7f:91:b3:f7:80:c2:8c:a6:0c:6c:50:e8:
         ee:10:a1:aa:60:5f:49:ad:91:cf:75:26:18:fa:f7:c5:45:0b:
         51:17:79:45:5d:58:05:99:27:11:b6:86:d9:bb:05:03:a2:70:
         6d:e0:f1:76:bf:7d:40:8d:8b:ca:32:98:c7:79:ed:a3:64:ed:
         5a:e9:20:84:e3:99:c2:75:96:ae:eb:f2:79:a9:d1:31:fa:e1:
         46:74:67:14:7b:51:a5:cd:d1:c3:9a:5b:0c:13:da:95:bc:30:
         91:4f:5d:29:19:25:e9:80:eb:3f:1f:e9:31:5d:db:5e:52:5b:
         f6:93:cb:51:84:28:e7:46:84:36:2d:9e:58:bd:90:19:5e:c1:
         5a:c2:7f:36
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzC2uzx5Le2HoCFM7pboQ1+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ZmYwZmVjZDdiZjQ0MTQ4OTMxNzg4ZGZlN2YyMGQ2N2E2
N2EwZGIwHhcNMjQwMTAxMDIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTI5ZTZmODQ2NjMxZGU0NzI1ODJmOGRkNzdiMDcyODJiNzA1YzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkwzPAGrx66KdytTjDYsExlnibTq7
8M2nL3xRef8Citfeu6olpwFw+N0SKL/CpJFkyxpY+g912WBaf/PruLvGN+J3CghN
gw86UYNnbda58b/OIKJjhvzS8hRPg8Tzu4+8AgvPZI9KPoJ3zWecq2B8PtAvpyGb
T3h8XunLP00V9VSY0CA1cOXnZHaOIgn9N3AgI2ddRXFqZpKAxlVoPo8IDkc92yCo
1SxNQBB/H9uOUWETkr7ujl4WlVOP1+WSGfMRuIWaJea9R0iDtDOXHcV8/EbKtFlx
L61ZVkQj4eSxJVjMhIkPZlqqK227tZXAlNAhTSdYbM403fs7t8hLD/L0SwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIEp5vhGYx3kclgvjdd7BygrcFw9MB8GA1UdIwQY
MBaAFNT/D+zXv0QUiTF4jf5/INZ6Z6DbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVA4UDdOZV9SQlNKTVhpTl9uOGcxbnBub05zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wYzBjNjUtOWY4Mi00NDUwLTkxNjUt
ZjBjMjFmODE4NmYwLzEvZ1NubS1FWmpIZVJ5V0MtTjEzc0hLQ3R3WEQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wYzBjNjUtOWY4Mi00NDUwLTkxNjUtZjBjMjFmODE4NmYw
LzEvMVA4UDdOZV9SQlNKTVhpTl9uOGcxbnBub05zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1ASEAwQA
1GC4AwQA1dMkMA0GCSqGSIb3DQEBCwUAA4IBAQBTrUacFcLw7hjfLKpo+mb/hkhj
gE9AgSDjGwyOr1K5CxxM2yLwS+IG1CKPPNJotPbXBOVtXEU9aXM3uBkQrmEUvWuQ
r54KSoIKzARTYYw9TexKDWHP4vj1i1SiBIaaC7K0b2awt/IUMzRGl9zdLOcG6LF/
kbP3gMKMpgxsUOjuEKGqYF9JrZHPdSYY+vfFRQtRF3lFXVgFmScRtobZuwUDonBt
4PF2v31AjYvKMpjHee2jZO1a6SCE45nCdZau6/J5qdEx+uFGdGcUe1GlzdHDmlsM
E9qVvDCRT10pGSXpgOs/H+kxXdteUlv2k8tRhCjnRoQ2LZ5YvZAZXsFawn82
-----END CERTIFICATE-----