Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/6c83e7-a352-4e21-a731-157b5ad6ab7b/1/gsyZLqS490-s76BuTlEKIm9rO-I.roa
File:                     gsyZLqS490-s76BuTlEKIm9rO-I.roa (raw, json)
Hash identifier:          4D0+4GqD9wwcvDqoHfqGQ9f2rBEDbW8ZwzAkmuWo0xg=
Subject key identifier:   82:CC:99:2E:A4:B8:F7:4F:AC:EF:A0:6E:4E:51:0A:22:6F:6B:3B:E2
Certificate issuer:       /CN=bf628b93661e905887359fc8e9a1888075db3cd8
Certificate serial:       018CC7949D9A459CAA2408F57DB3198DE8E1
Authority key identifier: BF:62:8B:93:66:1E:90:58:87:35:9F:C8:E9:A1:88:80:75:DB:3C:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v2KLk2YekFiHNZ_I6aGIgHXbPNg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/6c83e7-a352-4e21-a731-157b5ad6ab7b/1/gsyZLqS490-s76BuTlEKIm9rO-I.roa
Signing time:             Tue 02 Jan 2024 00:30:54 +0000
ROA not before:           Tue 02 Jan 2024 00:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25540
IP address blocks:        185.52.84.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/6c83e7-a352-4e21-a731-157b5ad6ab7b/1/v2KLk2YekFiHNZ_I6aGIgHXbPNg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/6c83e7-a352-4e21-a731-157b5ad6ab7b/1/v2KLk2YekFiHNZ_I6aGIgHXbPNg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v2KLk2YekFiHNZ_I6aGIgHXbPNg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:9d:9a:45:9c:aa:24:08:f5:7d:b3:19:8d:e8:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf628b93661e905887359fc8e9a1888075db3cd8
        Validity
            Not Before: Jan  2 00:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82cc992ea4b8f74facefa06e4e510a226f6b3be2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:17:67:bc:df:d3:a9:0e:51:74:1d:e0:56:8a:
                    8d:de:c1:1c:66:88:4c:c7:74:29:73:60:20:11:eb:
                    1f:a3:a4:fd:c3:0d:2f:cf:04:63:6b:0b:70:9e:c4:
                    da:0b:03:14:33:25:eb:7b:80:c3:0d:76:23:ea:c8:
                    55:38:b2:5f:c7:17:25:b3:93:34:30:ca:6d:a7:67:
                    fe:77:53:3b:b5:3e:79:6a:9e:d3:99:e3:21:d1:96:
                    e7:d6:54:67:5b:ac:58:6e:9b:0a:3e:ad:7c:a4:02:
                    69:a3:47:47:a0:ce:b3:45:df:5d:40:96:b9:dc:51:
                    46:65:8c:5c:dd:4a:03:de:22:80:60:c5:42:9e:81:
                    01:73:7a:80:1b:d2:eb:d4:02:06:d3:4f:c0:70:ed:
                    88:3b:c5:c7:3d:c9:0e:36:5b:8d:a5:5d:1f:fa:59:
                    b4:c9:ff:0f:a5:48:bf:a0:a0:69:ba:79:5d:65:0e:
                    0f:8e:94:ad:2e:72:7a:e5:d2:bb:4a:12:3a:aa:da:
                    e6:45:83:e3:56:fb:03:14:3c:6b:8b:a5:ff:4a:f5:
                    05:d2:ca:af:f1:a3:36:38:66:60:77:f8:86:ee:32:
                    81:8f:04:71:80:02:8f:fa:38:44:c2:f4:59:18:81:
                    30:e1:32:e6:d1:46:99:fd:86:f8:a8:55:89:d9:e1:
                    92:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:CC:99:2E:A4:B8:F7:4F:AC:EF:A0:6E:4E:51:0A:22:6F:6B:3B:E2
            X509v3 Authority Key Identifier:
                keyid:BF:62:8B:93:66:1E:90:58:87:35:9F:C8:E9:A1:88:80:75:DB:3C:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v2KLk2YekFiHNZ_I6aGIgHXbPNg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/6c83e7-a352-4e21-a731-157b5ad6ab7b/1/gsyZLqS490-s76BuTlEKIm9rO-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/6c83e7-a352-4e21-a731-157b5ad6ab7b/1/v2KLk2YekFiHNZ_I6aGIgHXbPNg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.52.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1f:aa:05:2a:f9:74:3b:a0:99:65:1b:20:ed:0f:7f:c7:8f:3b:
         0e:c1:b0:01:02:38:66:8d:b0:7a:93:ec:a4:60:a6:1c:b6:33:
         ba:d0:d7:62:b0:5a:10:25:0e:1e:d9:b5:60:1d:33:22:8f:54:
         a2:45:99:a0:37:16:d3:20:7e:41:d7:ff:16:b0:36:87:72:d7:
         75:2e:23:dc:c5:01:07:85:0d:bc:14:86:06:e3:37:41:06:e4:
         6e:d0:34:a9:9c:14:7e:05:62:0e:9a:45:fd:d7:1a:ea:5c:1e:
         da:93:0e:54:63:ac:20:87:82:fd:1f:d9:f1:d0:d2:21:5b:08:
         2a:e3:ad:f9:17:a2:1e:04:0c:4a:58:d9:75:4d:40:f3:4e:1b:
         10:d1:2c:20:02:a3:7e:43:1e:11:4d:9b:ae:ee:df:94:b2:91:
         11:d8:e6:d0:bf:0b:fc:8c:65:08:47:eb:49:1c:90:d2:3e:b5:
         53:77:eb:f0:66:08:42:4c:3c:7b:69:87:49:5e:37:84:71:44:
         ee:0b:d1:56:5e:a3:c1:b7:0a:38:94:bd:a1:d7:ea:95:c7:bd:
         d9:fd:a5:b1:a4:08:84:1b:ae:8c:da:1d:89:f9:6c:27:9d:31:
         1d:86:6b:83:f6:f7:fc:ec:9e:e9:d4:65:2a:96:8f:f3:83:c8:
         d6:97:80:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlJ2aRZyqJAj1fbMZjejhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmNjI4YjkzNjYxZTkwNTg4NzM1OWZjOGU5YTE4ODgwNzVk
YjNjZDgwHhcNMjQwMTAyMDAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmNjOTkyZWE0YjhmNzRmYWNlZmEwNmU0ZTUxMGEyMjZmNmIzYmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhdnvN/TqQ5RdB3gVoqN3sEcZohM
x3Qpc2AgEesfo6T9ww0vzwRjawtwnsTaCwMUMyXre4DDDXYj6shVOLJfxxcls5M0
MMptp2f+d1M7tT55ap7TmeMh0Zbn1lRnW6xYbpsKPq18pAJpo0dHoM6zRd9dQJa5
3FFGZYxc3UoD3iKAYMVCnoEBc3qAG9Lr1AIG00/AcO2IO8XHPckONluNpV0f+lm0
yf8PpUi/oKBpunldZQ4PjpStLnJ65dK7ShI6qtrmRYPjVvsDFDxri6X/SvUF0sqv
8aM2OGZgd/iG7jKBjwRxgAKP+jhEwvRZGIEw4TLm0UaZ/Yb4qFWJ2eGSxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFILMmS6kuPdPrO+gbk5RCiJvazviMB8GA1UdIwQY
MBaAFL9ii5NmHpBYhzWfyOmhiIB12zzYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjJLTGsyWWVrRmlITlpfSTZhR0lnSFhiUE5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi82YzgzZTctYTM1Mi00ZTIxLWE3MzEt
MTU3YjVhZDZhYjdiLzEvZ3N5WkxxUzQ5MC1zNzZCdVRsRUtJbTlyTy1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi82YzgzZTctYTM1Mi00ZTIxLWE3MzEtMTU3YjVhZDZhYjdi
LzEvdjJLTGsyWWVrRmlITlpfSTZhR0lnSFhiUE5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTRUMA0G
CSqGSIb3DQEBCwUAA4IBAQAfqgUq+XQ7oJllGyDtD3/HjzsOwbABAjhmjbB6k+yk
YKYctjO60NdisFoQJQ4e2bVgHTMij1SiRZmgNxbTIH5B1/8WsDaHctd1LiPcxQEH
hQ28FIYG4zdBBuRu0DSpnBR+BWIOmkX91xrqXB7akw5UY6wgh4L9H9nx0NIhWwgq
4635F6IeBAxKWNl1TUDzThsQ0SwgAqN+Qx4RTZuu7t+UspER2ObQvwv8jGUIR+tJ
HJDSPrVTd+vwZghCTDx7aYdJXjeEcUTuC9FWXqPBtwo4lL2h1+qVx73Z/aWxpAiE
G66M2h2J+WwnnTEdhmuD9vf87J7p1GUqlo/zg8jWl4AG
-----END CERTIFICATE-----