Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/e7989a-0b5e-4a91-9dba-a42582070949/1/gBpXU6HMs3EdVnZKM3W9dtj0eWk.roa
File:                     gBpXU6HMs3EdVnZKM3W9dtj0eWk.roa (raw, json)
Hash identifier:          /5HDlgNXt08tmw8LTatvLunizw0Atkb/+jC9ix7IJ4k=
Subject key identifier:   80:1A:57:53:A1:CC:B3:71:1D:56:76:4A:33:75:BD:76:D8:F4:79:69
Certificate issuer:       /CN=8a601d2ea1f948ca018c335beda72dbec079d6e6
Certificate serial:       0194266B6BC4009CEBDF2CE0007043D146A5
Authority key identifier: 8A:60:1D:2E:A1:F9:48:CA:01:8C:33:5B:ED:A7:2D:BE:C0:79:D6:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/imAdLqH5SMoBjDNb7actvsB51uY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/e7989a-0b5e-4a91-9dba-a42582070949/1/gBpXU6HMs3EdVnZKM3W9dtj0eWk.roa
Signing time:             Thu 02 Jan 2025 09:49:21 +0000
ROA not before:           Thu 02 Jan 2025 09:49:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29608
IP address blocks:        193.227.228.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/e7989a-0b5e-4a91-9dba-a42582070949/1/imAdLqH5SMoBjDNb7actvsB51uY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/e7989a-0b5e-4a91-9dba-a42582070949/1/imAdLqH5SMoBjDNb7actvsB51uY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/imAdLqH5SMoBjDNb7actvsB51uY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:6b:c4:00:9c:eb:df:2c:e0:00:70:43:d1:46:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a601d2ea1f948ca018c335beda72dbec079d6e6
        Validity
            Not Before: Jan  2 09:49:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=801a5753a1ccb3711d56764a3375bd76d8f47969
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c5:9b:7c:77:e6:12:1c:7d:7c:b8:40:d0:4b:
                    b4:f2:73:65:1a:d6:fa:ce:34:91:89:fb:a9:b9:f0:
                    fd:99:18:82:60:52:00:4f:24:15:8e:4e:d5:7e:ba:
                    11:d1:e4:78:97:71:5c:a3:d5:49:18:84:3d:fe:12:
                    f0:de:f9:f8:7b:8f:8a:f6:7a:02:b7:79:b7:be:a4:
                    f6:76:65:30:8c:29:50:32:3f:40:59:78:5b:18:8b:
                    ab:b0:06:4e:3a:c8:f5:c7:97:2e:ea:d8:ab:c2:89:
                    64:fb:8c:53:52:6f:72:49:86:41:73:76:19:dd:67:
                    8f:f9:75:43:01:9e:9d:66:29:3a:fa:03:a1:c6:26:
                    cb:b8:b6:a1:b7:81:c8:3b:8b:e7:85:63:cf:95:77:
                    b7:86:a0:cd:df:49:9d:0f:b7:fc:de:8f:20:49:75:
                    c6:aa:9e:b1:16:63:f0:1d:80:96:d8:a6:e3:cb:f3:
                    d5:42:0c:ac:58:24:e3:c3:1c:38:5d:c3:6a:4b:ec:
                    17:a2:b8:52:df:9f:b6:1e:2c:2b:ca:66:57:85:01:
                    21:c1:ea:04:16:df:a6:b9:94:74:bc:35:e1:23:07:
                    d2:ef:a7:ea:21:f7:44:44:f0:3f:f9:21:c9:b1:df:
                    32:f6:88:f4:48:e2:65:9b:e9:eb:ba:91:82:15:59:
                    fc:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:1A:57:53:A1:CC:B3:71:1D:56:76:4A:33:75:BD:76:D8:F4:79:69
            X509v3 Authority Key Identifier:
                keyid:8A:60:1D:2E:A1:F9:48:CA:01:8C:33:5B:ED:A7:2D:BE:C0:79:D6:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/imAdLqH5SMoBjDNb7actvsB51uY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/e7989a-0b5e-4a91-9dba-a42582070949/1/gBpXU6HMs3EdVnZKM3W9dtj0eWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/e7989a-0b5e-4a91-9dba-a42582070949/1/imAdLqH5SMoBjDNb7actvsB51uY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.227.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         28:95:46:16:8e:87:7a:11:60:31:c3:f0:64:1d:d3:13:dc:ac:
         d8:ae:68:d9:9e:dc:d4:d0:dd:d1:c1:f4:bd:03:8a:ee:e7:cc:
         8d:e2:78:77:8a:52:be:c1:e8:45:c7:cb:0a:de:fd:dd:21:6a:
         ed:b3:d1:02:aa:4b:8d:af:0b:cd:97:81:70:b3:c6:c0:ba:bd:
         d8:82:50:c7:01:35:ce:60:ab:a1:20:af:29:19:cf:48:ba:8c:
         e7:a4:03:f4:1c:0f:bb:cb:b8:e2:7e:87:3a:d3:96:75:47:ed:
         15:c2:cb:bb:35:df:3f:27:16:8d:b5:41:ca:d6:26:19:fa:3e:
         54:f3:d4:41:22:6e:fd:a9:d7:61:ea:06:f4:c5:9a:c4:b6:32:
         4b:05:6b:e5:d6:8a:c8:89:41:c2:b9:9c:18:c4:17:d1:06:18:
         f5:6b:a8:32:9e:18:7b:79:b8:96:68:2a:ea:cc:96:e7:24:03:
         c2:6a:4d:3e:39:92:f1:7f:49:c9:ef:7e:5f:1a:9d:1e:32:4e:
         35:d9:65:b1:20:9c:ab:6e:80:c6:ab:a9:71:43:cd:b9:df:d2:
         74:ca:e8:76:24:e7:b4:59:63:a8:6a:dd:03:bb:6f:3b:73:88:
         b8:67:07:97:5d:06:59:1b:94:9f:02:64:7b:bd:7c:ed:1d:53:
         87:83:55:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma2vEAJzr3yzgAHBD0UalMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNjAxZDJlYTFmOTQ4Y2EwMThjMzM1YmVkYTcyZGJlYzA3
OWQ2ZTYwHhcNMjUwMTAyMDk0OTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDFhNTc1M2ExY2NiMzcxMWQ1Njc2NGEzMzc1YmQ3NmQ4ZjQ3OTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusWbfHfmEhx9fLhA0Eu08nNlGtb6
zjSRifupufD9mRiCYFIATyQVjk7VfroR0eR4l3Fco9VJGIQ9/hLw3vn4e4+K9noC
t3m3vqT2dmUwjClQMj9AWXhbGIursAZOOsj1x5cu6tirwolk+4xTUm9ySYZBc3YZ
3WeP+XVDAZ6dZik6+gOhxibLuLaht4HIO4vnhWPPlXe3hqDN30mdD7f83o8gSXXG
qp6xFmPwHYCW2Kbjy/PVQgysWCTjwxw4XcNqS+wXorhS35+2HiwrymZXhQEhweoE
Ft+muZR0vDXhIwfS76fqIfdERPA/+SHJsd8y9oj0SOJlm+nrupGCFVn8lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIAaV1OhzLNxHVZ2SjN1vXbY9HlpMB8GA1UdIwQY
MBaAFIpgHS6h+UjKAYwzW+2nLb7AedbmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaW1BZExxSDVTTW9CakROYjdhY3R2c0I1MXVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9lNzk4OWEtMGI1ZS00YTkxLTlkYmEt
YTQyNTgyMDcwOTQ5LzEvZ0JwWFU2SE1zM0VkVm5aS00zVzlkdGowZVdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9lNzk4OWEtMGI1ZS00YTkxLTlkYmEtYTQyNTgyMDcwOTQ5
LzEvaW1BZExxSDVTTW9CakROYjdhY3R2c0I1MXVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwePkMA0G
CSqGSIb3DQEBCwUAA4IBAQAolUYWjod6EWAxw/BkHdMT3KzYrmjZntzU0N3RwfS9
A4ru58yN4nh3ilK+wehFx8sK3v3dIWrts9ECqkuNrwvNl4Fws8bAur3YglDHATXO
YKuhIK8pGc9IuoznpAP0HA+7y7jifoc605Z1R+0Vwsu7Nd8/JxaNtUHK1iYZ+j5U
89RBIm79qddh6gb0xZrEtjJLBWvl1orIiUHCuZwYxBfRBhj1a6gynhh7ebiWaCrq
zJbnJAPCak0+OZLxf0nJ735fGp0eMk412WWxIJyrboDGq6lxQ82539J0yuh2JOe0
WWOoat0Du287c4i4ZweXXQZZG5SfAmR7vXztHVOHg1We
-----END CERTIFICATE-----