Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/352431-e694-4412-a766-73f7d110b82a/1/g4HPIAkIk5f_sy3be6ZpZncm-WY.roa
File:                     g4HPIAkIk5f_sy3be6ZpZncm-WY.roa (raw, json)
Hash identifier:          REQtMb6s274Q1pWUxRtiiCgcApeQvsZFnwIU8ye40fc=
Subject key identifier:   83:81:CF:20:09:08:93:97:FF:B3:2D:DB:7B:A6:69:66:77:26:F9:66
Certificate issuer:       /CN=20aa60cb0024332a2db68993f3357158af60c8de
Certificate serial:       018DC66B58E590AF5C798A774F6251DB5DF3
Authority key identifier: 20:AA:60:CB:00:24:33:2A:2D:B6:89:93:F3:35:71:58:AF:60:C8:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IKpgywAkMyottomT8zVxWK9gyN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/352431-e694-4412-a766-73f7d110b82a/1/g4HPIAkIk5f_sy3be6ZpZncm-WY.roa
Signing time:             Tue 20 Feb 2024 12:09:00 +0000
ROA not before:           Tue 20 Feb 2024 12:09:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        2a02:3100:3202::/47 maxlen: 47

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/352431-e694-4412-a766-73f7d110b82a/1/IKpgywAkMyottomT8zVxWK9gyN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/352431-e694-4412-a766-73f7d110b82a/1/IKpgywAkMyottomT8zVxWK9gyN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IKpgywAkMyottomT8zVxWK9gyN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c6:6b:58:e5:90:af:5c:79:8a:77:4f:62:51:db:5d:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20aa60cb0024332a2db68993f3357158af60c8de
        Validity
            Not Before: Feb 20 12:09:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8381cf2009089397ffb32ddb7ba669667726f966
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:a5:74:a8:e1:ee:65:c8:fe:3e:07:71:a4:08:
                    a3:5f:f8:d5:ce:9f:16:29:03:c5:57:7b:e9:34:59:
                    2a:e6:ba:da:c4:19:32:93:d8:85:1a:d1:02:07:f2:
                    5c:02:84:9e:a1:75:ec:11:26:48:a8:d5:a5:d5:fc:
                    a3:a0:86:5d:d5:b9:ab:5b:49:06:7e:18:1b:55:f3:
                    84:e3:c9:fb:7b:ba:b2:60:d5:74:3a:87:b4:d7:1f:
                    56:7c:88:f9:09:ca:eb:b4:49:df:aa:ac:95:99:2d:
                    c4:63:86:b8:a4:03:aa:67:e4:e1:99:4e:2c:69:3e:
                    7e:c4:6e:58:49:3a:1f:f2:cd:3f:72:9d:e5:97:f8:
                    4d:a2:cf:bd:f3:30:44:fa:44:4c:77:92:d5:9c:7b:
                    05:53:a6:8f:78:61:87:51:1c:aa:e3:8f:b2:b0:18:
                    f2:3e:99:6a:9c:44:a0:b2:c6:ce:df:a2:1d:44:34:
                    12:72:65:4b:63:1e:97:6a:5b:7e:37:e9:79:ab:87:
                    8d:4a:2a:07:0b:43:6a:26:3b:5e:73:36:00:4a:77:
                    96:55:de:99:74:7b:8f:02:a3:50:ea:89:4a:09:55:
                    72:f0:d7:64:b4:18:e0:73:3c:8e:7e:51:5a:f9:a7:
                    58:5a:f3:e8:64:01:e2:0f:5a:76:67:47:ac:91:b5:
                    e3:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:81:CF:20:09:08:93:97:FF:B3:2D:DB:7B:A6:69:66:77:26:F9:66
            X509v3 Authority Key Identifier:
                keyid:20:AA:60:CB:00:24:33:2A:2D:B6:89:93:F3:35:71:58:AF:60:C8:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IKpgywAkMyottomT8zVxWK9gyN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/352431-e694-4412-a766-73f7d110b82a/1/g4HPIAkIk5f_sy3be6ZpZncm-WY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/352431-e694-4412-a766-73f7d110b82a/1/IKpgywAkMyottomT8zVxWK9gyN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:3100:3202::/47

    Signature Algorithm: sha256WithRSAEncryption
         74:64:c8:d8:99:4f:49:da:aa:1a:90:c8:8a:26:d2:96:b4:52:
         f3:e5:8a:74:c6:1f:40:fd:ff:8f:2e:a9:f4:95:4e:d8:0e:89:
         96:e4:74:f5:6a:ae:95:c1:a9:02:59:08:40:15:0b:55:20:31:
         ce:c3:40:44:18:f5:8e:e0:57:bf:ea:70:55:5d:b4:e6:16:50:
         f6:6c:e4:ce:98:33:f8:e8:d9:11:6e:2e:ac:db:57:44:b7:96:
         b2:ad:a7:a5:03:75:66:97:24:c3:e3:88:de:71:01:57:23:f1:
         74:4a:cd:f7:47:57:b9:dd:f0:60:8c:85:5b:d4:9f:45:61:45:
         60:ee:3b:8f:ce:d7:df:3c:11:37:b4:c0:30:54:89:cc:33:1f:
         8d:f9:2f:94:c1:d0:d0:33:31:79:76:7e:d2:cc:4b:da:8b:5a:
         7e:ad:10:76:a0:78:a4:4b:c6:18:4e:ab:09:a8:3c:c1:66:6e:
         67:32:28:70:9c:eb:bb:f5:00:64:f8:99:84:34:93:00:4f:c6:
         d0:72:4b:c9:21:81:73:69:66:d9:4d:fe:bc:cb:2b:a0:ec:75:
         78:bb:26:a9:80:0f:d0:81:2a:82:91:bf:2d:27:dc:e3:55:08:
         6b:36:0d:37:39:81:9f:3d:21:7a:a2:32:cb:32:a9:f2:ab:e8:
         77:62:8a:cb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY3Ga1jlkK9ceYp3T2JR213zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYWE2MGNiMDAyNDMzMmEyZGI2ODk5M2YzMzU3MTU4YWY2
MGM4ZGUwHhcNMjQwMjIwMTIwOTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzgxY2YyMDA5MDg5Mzk3ZmZiMzJkZGI3YmE2Njk2Njc3MjZmOTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKV0qOHuZcj+PgdxpAijX/jVzp8W
KQPFV3vpNFkq5rraxBkyk9iFGtECB/JcAoSeoXXsESZIqNWl1fyjoIZd1bmrW0kG
fhgbVfOE48n7e7qyYNV0Ooe01x9WfIj5CcrrtEnfqqyVmS3EY4a4pAOqZ+ThmU4s
aT5+xG5YSTof8s0/cp3ll/hNos+98zBE+kRMd5LVnHsFU6aPeGGHURyq44+ysBjy
PplqnESgssbO36IdRDQScmVLYx6Xalt+N+l5q4eNSioHC0NqJjteczYASneWVd6Z
dHuPAqNQ6olKCVVy8NdktBjgczyOflFa+adYWvPoZAHiD1p2Z0eskbXj3QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIOBzyAJCJOX/7Mt23umaWZ3JvlmMB8GA1UdIwQY
MBaAFCCqYMsAJDMqLbaJk/M1cVivYMjeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUtwZ3l3QWtNeW90dG9tVDh6VnhXSzlneU40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8zNTI0MzEtZTY5NC00NDEyLWE3NjYt
NzNmN2QxMTBiODJhLzEvZzRIUElBa0lrNWZfc3kzYmU2WnBabmNtLVdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8zNTI0MzEtZTY5NC00NDEyLWE3NjYtNzNmN2QxMTBiODJh
LzEvSUtwZ3l3QWtNeW90dG9tVDh6VnhXSzlneU40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgIxADIC
MA0GCSqGSIb3DQEBCwUAA4IBAQB0ZMjYmU9J2qoakMiKJtKWtFLz5Yp0xh9A/f+P
Lqn0lU7YDomW5HT1aq6VwakCWQhAFQtVIDHOw0BEGPWO4Fe/6nBVXbTmFlD2bOTO
mDP46NkRbi6s21dEt5ayraelA3VmlyTD44jecQFXI/F0Ss33R1e53fBgjIVb1J9F
YUVg7juPztffPBE3tMAwVInMMx+N+S+UwdDQMzF5dn7SzEvai1p+rRB2oHikS8YY
TqsJqDzBZm5nMihwnOu79QBk+JmENJMAT8bQckvJIYFzaWbZTf68yyug7HV4uyap
gA/QgSqCkb8tJ9zjVQhrNg03OYGfPSF6ojLLMqnyq+h3YorL
-----END CERTIFICATE-----