Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/gICPhcTsoI0YK3iOPq-o_7f9fls.roa
File:                     gICPhcTsoI0YK3iOPq-o_7f9fls.roa (raw, json)
Hash identifier:          K7UF3wrsSvyCn4ea12qY9ZcQL+bzMHsZZGLPE3oFOeQ=
Subject key identifier:   80:80:8F:85:C4:EC:A0:8D:18:2B:78:8E:3E:AF:A8:FF:B7:FD:7E:5B
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       01945EC62504B37E88869F0FBDE6B11F5C4A
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/gICPhcTsoI0YK3iOPq-o_7f9fls.roa
Signing time:             Mon 13 Jan 2025 08:27:11 +0000
ROA not before:           Mon 13 Jan 2025 08:27:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202364
IP address blocks:        217.180.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:5e:c6:25:04:b3:7e:88:86:9f:0f:bd:e6:b1:1f:5c:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Jan 13 08:27:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80808f85c4eca08d182b788e3eafa8ffb7fd7e5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:56:07:93:4f:a4:38:40:fb:7f:e4:c9:70:ca:
                    6e:39:11:6f:be:f3:03:dd:19:50:6c:a1:77:c8:33:
                    9f:c8:b9:11:15:a0:65:57:72:22:6d:07:98:9a:d8:
                    18:b7:4f:a4:70:5d:f0:49:08:db:a4:88:1a:5e:9b:
                    da:2d:62:7d:5b:40:93:03:fb:cb:96:7d:51:3f:77:
                    4c:c5:7a:f2:a2:b6:eb:f9:b9:ab:ab:ca:aa:6f:0d:
                    cd:54:ce:9b:bc:f1:a7:51:c0:29:cd:c5:37:b2:85:
                    d0:2d:45:53:ee:b3:8d:aa:aa:15:69:ee:2d:d6:2c:
                    89:5d:8c:cb:48:ec:db:87:b2:18:a2:ed:f7:06:a1:
                    c5:4d:c7:25:cb:9b:14:39:fd:f7:4a:36:7d:72:c1:
                    52:94:84:b2:64:d7:d7:fd:df:7c:3c:cf:92:df:78:
                    2e:4d:ef:7d:39:87:2b:d7:ee:86:62:ca:29:b1:c5:
                    31:73:a4:ac:2e:30:8c:d5:62:44:82:8a:72:66:a6:
                    26:40:c0:77:fd:02:6f:51:db:f4:06:36:9b:2d:51:
                    89:0d:3d:b3:58:82:5c:be:80:35:81:31:a0:3b:1e:
                    e2:07:93:cc:71:e5:40:45:d5:7f:81:0b:66:14:39:
                    99:26:d4:e3:a4:b1:5d:05:49:25:fc:4c:b0:73:51:
                    84:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:80:8F:85:C4:EC:A0:8D:18:2B:78:8E:3E:AF:A8:FF:B7:FD:7E:5B
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/gICPhcTsoI0YK3iOPq-o_7f9fls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.180.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:19:72:fb:81:3f:cc:6e:77:35:d1:3d:27:60:25:22:e7:b6:
         a2:09:c5:1b:c0:d0:5b:bc:fb:8a:42:21:ad:66:2e:a3:c9:bc:
         c5:ef:d7:5b:fd:21:42:3c:4f:14:15:44:29:df:44:3f:27:15:
         2c:23:5a:0e:0f:c5:2e:e5:2c:e2:6b:c4:d2:d4:4a:34:78:95:
         fb:d7:df:9b:de:d1:7a:5b:15:34:07:82:b1:18:aa:b1:92:cc:
         c2:72:b8:0b:eb:30:20:ab:92:80:38:f2:23:c5:48:22:7b:3e:
         78:71:56:67:e8:2d:ed:2f:4f:2c:a5:a6:8c:e3:5b:06:12:1f:
         ef:ab:49:d9:00:69:34:94:21:08:9c:e2:11:78:c8:70:6a:48:
         6c:01:56:37:4e:5d:bf:de:8e:b7:71:eb:18:f8:b7:c8:31:13:
         76:a9:56:16:3d:4a:bd:6e:c3:5e:80:63:34:d2:1a:5b:da:6c:
         a4:6e:9c:e2:64:d1:55:24:79:99:72:b3:67:db:20:18:c8:a2:
         c1:ff:d3:94:68:8a:16:bc:fb:42:56:3c:51:39:d7:62:e1:11:
         29:2e:1d:fc:69:84:2d:40:4b:9a:02:bd:02:9d:79:bd:ff:ef:
         23:df:56:11:d8:d5:bc:68:f7:86:70:0e:85:2a:cb:0c:47:98:
         50:3a:fb:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRexiUEs36Ihp8PveaxH1xKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjUwMTEzMDgyNzExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDgwOGY4NWM0ZWNhMDhkMTgyYjc4OGUzZWFmYThmZmI3ZmQ3ZTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVYHk0+kOED7f+TJcMpuORFvvvMD
3RlQbKF3yDOfyLkRFaBlV3IibQeYmtgYt0+kcF3wSQjbpIgaXpvaLWJ9W0CTA/vL
ln1RP3dMxXryorbr+bmrq8qqbw3NVM6bvPGnUcApzcU3soXQLUVT7rONqqoVae4t
1iyJXYzLSOzbh7IYou33BqHFTccly5sUOf33SjZ9csFSlISyZNfX/d98PM+S33gu
Te99OYcr1+6GYsopscUxc6SsLjCM1WJEgopyZqYmQMB3/QJvUdv0BjabLVGJDT2z
WIJcvoA1gTGgOx7iB5PMceVARdV/gQtmFDmZJtTjpLFdBUkl/Eywc1GE2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFICAj4XE7KCNGCt4jj6vqP+3/X5bMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvZ0lDUGhjVHNvSTBZSzNpT1BxLW9fN2Y5ZmxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2bQuMA0G
CSqGSIb3DQEBCwUAA4IBAQC7GXL7gT/Mbnc10T0nYCUi57aiCcUbwNBbvPuKQiGt
Zi6jybzF79db/SFCPE8UFUQp30Q/JxUsI1oOD8Uu5Szia8TS1Eo0eJX719+b3tF6
WxU0B4KxGKqxkszCcrgL6zAgq5KAOPIjxUgiez54cVZn6C3tL08spaaM41sGEh/v
q0nZAGk0lCEInOIReMhwakhsAVY3Tl2/3o63cesY+LfIMRN2qVYWPUq9bsNegGM0
0hpb2mykbpziZNFVJHmZcrNn2yAYyKLB/9OUaIoWvPtCVjxROddi4REpLh38aYQt
QEuaAr0CnXm9/+8j31YR2NW8aPeGcA6FKssMR5hQOvuT
-----END CERTIFICATE-----