Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/0da8f7-fe22-42fb-a329-7d45a9fc4ffc/1/gpB-CZWDELZoCtVnW7otJNclZCE.roa
File:                     gpB-CZWDELZoCtVnW7otJNclZCE.roa (raw, json)
Hash identifier:          bzSNiTkIh+O2n7lk49UiVyxiE5zOT+DzhN2Sc03Ondg=
Subject key identifier:   82:90:7E:09:95:83:10:B6:68:0A:D5:67:5B:BA:2D:24:D7:25:64:21
Certificate issuer:       /CN=05c8a3faa18b6d717aa2f7622181bad8be5b55a3
Certificate serial:       018CC5009FA90DFB1D15FD6ACCD416398DD7
Authority key identifier: 05:C8:A3:FA:A1:8B:6D:71:7A:A2:F7:62:21:81:BA:D8:BE:5B:55:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Bcij-qGLbXF6ovdiIYG62L5bVaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/0da8f7-fe22-42fb-a329-7d45a9fc4ffc/1/gpB-CZWDELZoCtVnW7otJNclZCE.roa
Signing time:             Mon 01 Jan 2024 12:30:01 +0000
ROA not before:           Mon 01 Jan 2024 12:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47381
IP address blocks:        185.51.64.0/22 maxlen: 24
                          2a01:ae20::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/0da8f7-fe22-42fb-a329-7d45a9fc4ffc/1/Bcij-qGLbXF6ovdiIYG62L5bVaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/0da8f7-fe22-42fb-a329-7d45a9fc4ffc/1/Bcij-qGLbXF6ovdiIYG62L5bVaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Bcij-qGLbXF6ovdiIYG62L5bVaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:9f:a9:0d:fb:1d:15:fd:6a:cc:d4:16:39:8d:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05c8a3faa18b6d717aa2f7622181bad8be5b55a3
        Validity
            Not Before: Jan  1 12:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82907e09958310b6680ad5675bba2d24d7256421
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:de:08:89:1e:a5:59:48:89:6e:68:d1:cd:b0:
                    3e:fd:82:ae:1e:c7:81:0d:47:52:45:12:d2:1a:d1:
                    e7:ca:46:b9:67:7b:c9:81:5c:33:6f:24:33:0f:50:
                    6d:b1:41:1a:4f:c9:0e:35:ed:eb:42:98:29:8a:f1:
                    21:22:71:37:74:b2:5b:f5:69:d0:c6:54:1f:fc:f1:
                    24:76:4b:a5:e9:32:50:da:6d:7e:fe:f0:3a:72:22:
                    01:5f:6c:90:21:f5:68:0b:f9:a1:6b:4c:c4:31:99:
                    82:ec:25:15:0c:87:d1:42:77:0a:ac:1d:b1:96:96:
                    06:f9:1b:db:35:3d:a7:38:22:3e:73:7d:ad:7a:62:
                    3f:11:94:d7:3b:bb:cb:52:01:d6:db:4d:f8:73:4d:
                    7c:48:2f:2d:29:6f:d1:68:31:d8:af:1f:57:4d:ab:
                    6d:9c:63:8e:92:87:2e:72:66:94:7c:33:07:8d:54:
                    bf:df:26:ba:a0:d9:e9:0a:fd:50:a8:04:c3:1c:79:
                    3f:6e:4c:8a:b6:07:28:95:4b:c8:d9:bf:7d:3e:6e:
                    9a:5b:56:4e:1c:be:70:99:c0:32:d3:b8:82:b2:39:
                    f4:8b:36:b5:09:31:f4:f8:62:2a:66:05:ca:25:64:
                    00:e0:ca:a1:52:26:eb:d8:53:ff:8c:47:59:66:6b:
                    47:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:90:7E:09:95:83:10:B6:68:0A:D5:67:5B:BA:2D:24:D7:25:64:21
            X509v3 Authority Key Identifier:
                keyid:05:C8:A3:FA:A1:8B:6D:71:7A:A2:F7:62:21:81:BA:D8:BE:5B:55:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Bcij-qGLbXF6ovdiIYG62L5bVaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/0da8f7-fe22-42fb-a329-7d45a9fc4ffc/1/gpB-CZWDELZoCtVnW7otJNclZCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/0da8f7-fe22-42fb-a329-7d45a9fc4ffc/1/Bcij-qGLbXF6ovdiIYG62L5bVaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.51.64.0/22
                IPv6:
                  2a01:ae20::/32

    Signature Algorithm: sha256WithRSAEncryption
         79:24:9f:62:00:41:3e:47:59:d6:b8:d1:95:1a:d6:ba:56:d7:
         fc:bd:77:fc:ac:f0:0e:3b:5d:a5:19:b2:ea:9f:f3:d7:0b:c5:
         54:47:b0:8d:ce:0a:f6:75:49:98:19:e0:c0:58:f8:45:da:ec:
         54:9a:66:02:09:19:ff:93:a9:33:41:8f:27:23:ec:79:f7:69:
         5d:41:5d:22:d3:01:47:44:0f:84:ca:6c:ff:fc:8d:56:49:46:
         d5:f7:8c:c8:12:dd:30:4d:bb:3d:11:7e:08:db:b3:da:c6:6d:
         b5:92:a9:b1:2b:b0:45:f2:74:bc:b6:b4:50:93:87:90:fc:d2:
         fd:60:c4:0d:37:a5:a4:32:f2:be:33:0c:e5:b5:ef:c9:51:e4:
         ef:d2:c7:17:79:ef:8d:42:ae:ba:89:a8:be:ea:29:3d:f3:7b:
         2b:a6:ab:0a:5b:d0:0d:ff:c2:5b:3c:4a:12:f2:c4:20:27:12:
         e3:eb:e7:f4:4a:00:cb:39:8f:b6:49:8f:c3:be:44:82:bc:49:
         a7:43:85:2e:08:c0:85:83:da:79:d1:15:45:ce:55:e9:99:a2:
         72:f2:a0:6b:6f:f9:7a:dc:cc:7d:a1:80:8c:a8:d7:57:5b:52:
         a4:d3:37:c3:c1:16:00:18:e7:3b:11:df:26:c2:af:fa:a0:45:
         a7:62:a6:b5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAJ+pDfsdFf1qzNQWOY3XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YzhhM2ZhYTE4YjZkNzE3YWEyZjc2MjIxODFiYWQ4YmU1
YjU1YTMwHhcNMjQwMTAxMTIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjkwN2UwOTk1ODMxMGI2NjgwYWQ1Njc1YmJhMmQyNGQ3MjU2NDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAht4IiR6lWUiJbmjRzbA+/YKuHseB
DUdSRRLSGtHnyka5Z3vJgVwzbyQzD1BtsUEaT8kONe3rQpgpivEhInE3dLJb9WnQ
xlQf/PEkdkul6TJQ2m1+/vA6ciIBX2yQIfVoC/mha0zEMZmC7CUVDIfRQncKrB2x
lpYG+RvbNT2nOCI+c32temI/EZTXO7vLUgHW2034c018SC8tKW/RaDHYrx9XTatt
nGOOkocucmaUfDMHjVS/3ya6oNnpCv1QqATDHHk/bkyKtgcolUvI2b99Pm6aW1ZO
HL5wmcAy07iCsjn0iza1CTH0+GIqZgXKJWQA4MqhUibr2FP/jEdZZmtHZQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIKQfgmVgxC2aArVZ1u6LSTXJWQhMB8GA1UdIwQY
MBaAFAXIo/qhi21xeqL3YiGButi+W1WjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmNpai1xR0xiWEY2b3ZkaUlZRzYyTDViVmFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8wZGE4ZjctZmUyMi00MmZiLWEzMjkt
N2Q0NWE5ZmM0ZmZjLzEvZ3BCLUNaV0RFTFpvQ3RWblc3b3RKTmNsWkNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8wZGE4ZjctZmUyMi00MmZiLWEzMjktN2Q0NWE5ZmM0ZmZj
LzEvQmNpai1xR0xiWEY2b3ZkaUlZRzYyTDViVmFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTNAMA0E
AgACMAcDBQAqAa4gMA0GCSqGSIb3DQEBCwUAA4IBAQB5JJ9iAEE+R1nWuNGVGta6
Vtf8vXf8rPAOO12lGbLqn/PXC8VUR7CNzgr2dUmYGeDAWPhF2uxUmmYCCRn/k6kz
QY8nI+x592ldQV0i0wFHRA+Eymz//I1WSUbV94zIEt0wTbs9EX4I27Paxm21kqmx
K7BF8nS8trRQk4eQ/NL9YMQNN6WkMvK+Mwzlte/JUeTv0scXee+NQq66iai+6ik9
83srpqsKW9AN/8JbPEoS8sQgJxLj6+f0SgDLOY+2SY/DvkSCvEmnQ4UuCMCFg9p5
0RVFzlXpmaJy8qBrb/l63Mx9oYCMqNdXW1Kk0zfDwRYAGOc7Ed8mwq/6oEWnYqa1
-----END CERTIFICATE-----