Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/G5_fg3sVl7eqQYjYayqbsyNbuWg.roa
File:                     G5_fg3sVl7eqQYjYayqbsyNbuWg.roa (raw, json)
Hash identifier:          vFQnHhsLfFIgkg9WFcFt8U5vgjPf1pmmSYB7qMX7ZV8=
Subject key identifier:   1B:9F:DF:83:7B:15:97:B7:AA:41:88:D8:6B:2A:9B:B3:23:5B:B9:68
Certificate issuer:       /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial:       018CC72757BC609C8C37F6CB7EC75EDBCD78
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/G5_fg3sVl7eqQYjYayqbsyNbuWg.roa
Signing time:             Mon 01 Jan 2024 22:31:33 +0000
ROA not before:           Mon 01 Jan 2024 22:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211387
IP address blocks:        2a0b:6b86:f00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:57:bc:60:9c:8c:37:f6:cb:7e:c7:5e:db:cd:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
        Validity
            Not Before: Jan  1 22:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b9fdf837b1597b7aa4188d86b2a9bb3235bb968
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e5:e0:dc:99:66:9e:36:8a:98:ec:af:e2:37:
                    3a:d9:bd:34:1d:85:78:f8:70:b3:2a:d9:f5:f6:c4:
                    13:da:15:33:a0:41:65:76:e3:58:81:78:fd:af:b5:
                    6c:26:8b:a1:c2:72:03:b6:77:a3:f0:fc:6e:3f:80:
                    fb:aa:79:4b:05:f1:91:47:1a:9c:75:c8:fe:c8:c2:
                    1e:cd:83:5f:cc:c4:a9:dc:9c:80:19:84:5a:72:33:
                    24:dc:80:25:1e:5e:ae:89:3e:f3:b6:3a:5f:5c:72:
                    20:5d:fa:5c:ca:f2:eb:a6:40:c9:e7:b8:ff:1a:e8:
                    dc:69:9f:eb:58:2b:cf:a6:58:33:9b:ac:13:f0:bd:
                    e7:bd:ef:61:30:22:a3:31:27:b4:41:00:db:9d:88:
                    74:64:38:0c:c5:4b:cd:22:45:bc:2c:62:6b:fb:83:
                    34:0b:1a:7a:68:90:54:b1:56:a1:4a:26:65:fb:25:
                    d3:45:9d:8c:c1:58:5a:80:e2:64:13:43:b0:99:3e:
                    f4:22:bc:99:9d:10:4d:7d:57:7e:43:d7:f5:20:ec:
                    84:bf:e4:8b:53:34:80:de:de:ec:36:5a:05:65:65:
                    00:46:6a:db:c6:25:ba:f3:df:ef:92:04:1d:d6:d6:
                    bf:06:52:8d:54:15:fe:89:15:86:63:56:b9:9a:a4:
                    a0:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:9F:DF:83:7B:15:97:B7:AA:41:88:D8:6B:2A:9B:B3:23:5B:B9:68
            X509v3 Authority Key Identifier:
                keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/G5_fg3sVl7eqQYjYayqbsyNbuWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6b86:f00::/40

    Signature Algorithm: sha256WithRSAEncryption
         89:cb:60:9e:0c:a5:e1:dd:5f:7b:9d:78:b8:98:31:1f:60:11:
         91:bc:65:6f:61:25:37:dd:e3:68:8d:66:17:36:d3:cb:e5:5f:
         a9:f3:0e:ac:1b:6a:15:82:4e:68:4a:bb:a4:40:13:6e:35:ee:
         0d:ac:4c:25:69:e2:76:1d:35:ef:e7:a1:96:2f:7b:13:6a:f7:
         64:40:80:75:52:1a:30:30:7e:3c:01:ac:20:c4:e2:21:61:94:
         e8:0c:0d:40:21:2b:1f:6d:70:77:62:be:a2:11:e3:1f:d4:e9:
         42:4e:da:bc:df:92:27:b6:f8:d2:62:9c:bf:d2:e0:f8:f2:89:
         03:b6:97:51:e8:e7:e6:3c:f0:c3:d0:bb:97:f6:5b:d6:83:27:
         96:f5:70:97:17:94:2d:f6:7f:be:2e:c2:8c:c2:45:51:1c:20:
         15:6e:2c:0c:c4:1e:85:5b:d4:e0:19:f6:dc:f8:a2:1a:08:c7:
         39:78:41:78:91:71:9e:a6:6c:b7:42:24:f9:28:4f:04:04:fc:
         3a:bf:bc:7b:f4:ff:03:4f:59:cf:2a:79:31:da:ab:f6:d9:9f:
         51:29:b1:00:b3:e5:84:c1:ab:d3:4f:69:aa:09:6b:0e:da:83:
         fa:80:b7:2f:cc:2e:3e:64:73:3f:45:d3:83:83:11:8d:3c:06:
         65:37:93:b9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHJ1e8YJyMN/bLfsde2814MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWJjOWJiNTQ3ZTI3Nzg4ZDIyMWJjOGJiZDVmYjAyZTAy
NDQ4MGYwHhcNMjQwMTAxMjIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjlmZGY4MzdiMTU5N2I3YWE0MTg4ZDg2YjJhOWJiMzIzNWJiOTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsuXg3JlmnjaKmOyv4jc62b00HYV4
+HCzKtn19sQT2hUzoEFlduNYgXj9r7VsJouhwnIDtnej8PxuP4D7qnlLBfGRRxqc
dcj+yMIezYNfzMSp3JyAGYRacjMk3IAlHl6uiT7ztjpfXHIgXfpcyvLrpkDJ57j/
GujcaZ/rWCvPplgzm6wT8L3nve9hMCKjMSe0QQDbnYh0ZDgMxUvNIkW8LGJr+4M0
Cxp6aJBUsVahSiZl+yXTRZ2MwVhagOJkE0OwmT70IryZnRBNfVd+Q9f1IOyEv+SL
UzSA3t7sNloFZWUARmrbxiW689/vkgQd1ta/BlKNVBX+iRWGY1a5mqSgKwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBuf34N7FZe3qkGI2Gsqm7MjW7loMB8GA1UdIwQY
MBaAFINbybtUfid4jSIbyLvV+wLgJEgPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEt
YjM2YTI0ZDM5NDI3LzEvRzVfZmczc1ZsN2VxUVlqWWF5cWJzeU5idVdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEtYjM2YTI0ZDM5NDI3
LzEvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgtrhg8w
DQYJKoZIhvcNAQELBQADggEBAInLYJ4MpeHdX3udeLiYMR9gEZG8ZW9hJTfd42iN
Zhc208vlX6nzDqwbahWCTmhKu6RAE2417g2sTCVp4nYdNe/noZYvexNq92RAgHVS
GjAwfjwBrCDE4iFhlOgMDUAhKx9tcHdivqIR4x/U6UJO2rzfkie2+NJinL/S4Pjy
iQO2l1Ho5+Y88MPQu5f2W9aDJ5b1cJcXlC32f74uwozCRVEcIBVuLAzEHoVb1OAZ
9tz4ohoIxzl4QXiRcZ6mbLdCJPkoTwQE/Dq/vHv0/wNPWc8qeTHaq/bZn1EpsQCz
5YTBq9NPaaoJaw7ag/qAty/MLj5kcz9F04ODEY08BmU3k7k=
-----END CERTIFICATE-----