Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/Gx7OkGWWTGl1oOg0iNnT7Ci2jHU.roa
File:                     Gx7OkGWWTGl1oOg0iNnT7Ci2jHU.roa (raw, json)
Hash identifier:          haYSGVQZ+QJEhN5KxxjAEBW6p+tWAT1hJY2kH/N/s6c=
Subject key identifier:   1B:1E:CE:90:65:96:4C:69:75:A0:E8:34:88:D9:D3:EC:28:B6:8C:75
Certificate issuer:       /CN=841f36fcbf7334eff6b91e80297ea5b25c4ecfd2
Certificate serial:       018CC26D6BDC3D4A7D5689C80F017629E065
Authority key identifier: 84:1F:36:FC:BF:73:34:EF:F6:B9:1E:80:29:7E:A5:B2:5C:4E:CF:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hB82_L9zNO_2uR6AKX6lslxOz9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/Gx7OkGWWTGl1oOg0iNnT7Ci2jHU.roa
Signing time:             Mon 01 Jan 2024 00:30:00 +0000
ROA not before:           Mon 01 Jan 2024 00:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35334
IP address blocks:        176.57.80.0/21 maxlen: 24
                          185.218.172.0/22 maxlen: 24
                          2a00:ef80::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/hB82_L9zNO_2uR6AKX6lslxOz9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/hB82_L9zNO_2uR6AKX6lslxOz9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hB82_L9zNO_2uR6AKX6lslxOz9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:6b:dc:3d:4a:7d:56:89:c8:0f:01:76:29:e0:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=841f36fcbf7334eff6b91e80297ea5b25c4ecfd2
        Validity
            Not Before: Jan  1 00:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b1ece9065964c6975a0e83488d9d3ec28b68c75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:f5:a3:05:36:1b:98:b8:db:52:11:03:7b:a4:
                    83:79:04:3a:eb:2c:ac:56:b7:7f:4e:f0:4f:53:9e:
                    32:a1:7f:dc:fc:fa:4b:40:91:1a:9e:b7:f6:4c:cb:
                    a0:15:ed:f2:e7:8d:bf:2b:98:ac:c6:a3:49:be:5b:
                    16:e2:ce:09:48:0b:1b:11:da:35:8c:8a:7d:0c:17:
                    1d:79:68:b5:cc:97:a7:f3:3b:bc:70:24:4c:c1:a4:
                    81:43:d0:7f:49:00:36:f4:78:2d:1d:09:1b:61:25:
                    86:5b:91:59:5b:b9:54:5b:7f:7a:52:f8:5c:0c:ce:
                    86:07:ae:63:de:c0:4f:6a:02:e3:ba:60:ce:17:77:
                    3f:0f:8a:c0:84:e9:8c:9a:0e:14:1d:89:38:05:b8:
                    44:a2:71:42:41:cb:ce:82:c8:64:d2:ff:12:75:04:
                    00:49:85:e4:9d:34:aa:52:8b:2f:cd:e0:29:ec:55:
                    1c:1d:6c:84:4d:65:ff:c9:c8:ac:6a:d4:74:a2:03:
                    7e:04:7a:f2:92:fe:c8:1b:3b:25:11:b1:f2:66:cf:
                    ab:eb:59:15:32:54:76:e2:c2:d1:32:53:83:70:8a:
                    73:eb:28:d2:ff:da:1a:ae:9d:12:d9:30:a4:62:03:
                    2b:04:88:de:15:f1:32:a2:ac:2e:89:ec:77:fc:50:
                    ce:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:1E:CE:90:65:96:4C:69:75:A0:E8:34:88:D9:D3:EC:28:B6:8C:75
            X509v3 Authority Key Identifier:
                keyid:84:1F:36:FC:BF:73:34:EF:F6:B9:1E:80:29:7E:A5:B2:5C:4E:CF:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hB82_L9zNO_2uR6AKX6lslxOz9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/Gx7OkGWWTGl1oOg0iNnT7Ci2jHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/hB82_L9zNO_2uR6AKX6lslxOz9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.80.0/21
                  185.218.172.0/22
                IPv6:
                  2a00:ef80::/32

    Signature Algorithm: sha256WithRSAEncryption
         96:13:af:94:e5:a7:ab:a0:07:05:57:49:c5:ce:5d:5f:4e:e6:
         7f:7c:35:a0:a8:b2:20:98:76:33:40:1b:3d:8e:68:c4:08:c1:
         3a:9f:72:d7:82:9c:b0:30:89:d6:64:77:3b:94:a2:0b:cc:fd:
         22:5a:2d:75:f2:20:43:ac:1b:78:69:06:8e:7f:13:35:0f:20:
         8f:e4:c5:dd:fe:2a:29:e9:89:0a:3b:33:7f:8f:76:aa:8c:42:
         5c:ee:68:3a:c4:99:64:8a:1a:f3:99:e0:7c:cd:b9:9c:44:19:
         64:9e:7b:c4:9e:31:63:fa:48:9b:48:b6:f5:e0:92:1a:0a:c2:
         a3:4d:76:37:25:03:1e:81:f8:14:99:d2:c9:64:64:b2:06:90:
         d7:86:20:a2:6c:f5:e2:23:7b:b5:54:98:44:be:6c:74:ec:16:
         85:44:5b:0d:1f:46:29:3c:6b:35:da:08:7f:14:95:64:f3:22:
         cd:39:ba:1c:7d:4e:8e:25:db:1d:b3:ac:08:59:0d:35:1d:a9:
         c1:ac:03:16:f1:b6:dd:46:38:84:df:33:05:81:af:05:87:48:
         b3:bc:a7:c7:d8:a8:da:2e:50:05:5f:d8:03:c5:27:c4:01:a8:
         4d:ec:42:4c:e4:93:a4:f3:8e:d0:b2:3f:7f:97:fe:48:9c:ad:
         0a:84:33:a1
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzCbWvcPUp9VonIDwF2KeBlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0MWYzNmZjYmY3MzM0ZWZmNmI5MWU4MDI5N2VhNWIyNWM0
ZWNmZDIwHhcNMjQwMTAxMDAzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjFlY2U5MDY1OTY0YzY5NzVhMGU4MzQ4OGQ5ZDNlYzI4YjY4Yzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgfWjBTYbmLjbUhEDe6SDeQQ66yys
Vrd/TvBPU54yoX/c/PpLQJEanrf2TMugFe3y542/K5isxqNJvlsW4s4JSAsbEdo1
jIp9DBcdeWi1zJen8zu8cCRMwaSBQ9B/SQA29HgtHQkbYSWGW5FZW7lUW396Uvhc
DM6GB65j3sBPagLjumDOF3c/D4rAhOmMmg4UHYk4BbhEonFCQcvOgshk0v8SdQQA
SYXknTSqUosvzeAp7FUcHWyETWX/ycisatR0ogN+BHrykv7IGzslEbHyZs+r61kV
MlR24sLRMlODcIpz6yjS/9oarp0S2TCkYgMrBIjeFfEyoqwuiex3/FDOMwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBsezpBllkxpdaDoNIjZ0+wotox1MB8GA1UdIwQY
MBaAFIQfNvy/czTv9rkegCl+pbJcTs/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEI4Ml9MOXpOT18ydVI2QUtYNmxzbHhPejlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9jMzdjMTYtMDYwMy00ODQ1LWI0ZDQt
OTVkZGIwOTc0ZTRiLzEvR3g3T2tHV1dUR2wxb09nMGlOblQ3Q2kyakhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9jMzdjMTYtMDYwMy00ODQ1LWI0ZDQtOTVkZGIwOTc0ZTRi
LzEvaEI4Ml9MOXpOT18ydVI2QUtYNmxzbHhPejlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDsDlQAwQC
udqsMA0EAgACMAcDBQAqAO+AMA0GCSqGSIb3DQEBCwUAA4IBAQCWE6+U5aeroAcF
V0nFzl1fTuZ/fDWgqLIgmHYzQBs9jmjECME6n3LXgpywMInWZHc7lKILzP0iWi11
8iBDrBt4aQaOfxM1DyCP5MXd/iop6YkKOzN/j3aqjEJc7mg6xJlkihrzmeB8zbmc
RBlknnvEnjFj+kibSLb14JIaCsKjTXY3JQMegfgUmdLJZGSyBpDXhiCibPXiI3u1
VJhEvmx07BaFRFsNH0YpPGs12gh/FJVk8yLNObocfU6OJdsds6wIWQ01HanBrAMW
8bbdRjiE3zMFga8Fh0izvKfH2KjaLlAFX9gDxSfEAahN7EJM5JOk847Qsj9/l/5I
nK0KhDOh
-----END CERTIFICATE-----