Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/G0wYeVwTGmr4ZeOtrRfmqn2w_lA.roa
File:                     G0wYeVwTGmr4ZeOtrRfmqn2w_lA.roa (raw, json)
Hash identifier:          megmtTnnF7SY55BhFnwW56luUXduiWeVkSDyuWIX3HU=
Subject key identifier:   1B:4C:18:79:5C:13:1A:6A:F8:65:E3:AD:AD:17:E6:AA:7D:B0:FE:50
Certificate issuer:       /CN=279669579b3ce61ee8ee7d6af7e314b0f726361f
Certificate serial:       0192C0AE3C607633265057727F9CB1A9500D
Authority key identifier: 27:96:69:57:9B:3C:E6:1E:E8:EE:7D:6A:F7:E3:14:B0:F7:26:36:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J5ZpV5s85h7o7n1q9-MUsPcmNh8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/G0wYeVwTGmr4ZeOtrRfmqn2w_lA.roa
Signing time:             Thu 24 Oct 2024 22:38:17 +0000
ROA not before:           Thu 24 Oct 2024 22:38:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8400
IP address blocks:        185.129.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/J5ZpV5s85h7o7n1q9-MUsPcmNh8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/J5ZpV5s85h7o7n1q9-MUsPcmNh8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J5ZpV5s85h7o7n1q9-MUsPcmNh8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c0:ae:3c:60:76:33:26:50:57:72:7f:9c:b1:a9:50:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279669579b3ce61ee8ee7d6af7e314b0f726361f
        Validity
            Not Before: Oct 24 22:38:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b4c18795c131a6af865e3adad17e6aa7db0fe50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:b8:cb:46:8f:38:34:f9:58:7f:cb:5f:6a:9a:
                    4e:9e:c3:a7:47:4c:cf:e5:f7:12:55:0a:1c:08:ac:
                    9b:f2:c1:c3:6b:1f:0f:11:53:6c:47:60:13:43:29:
                    b2:ba:cc:e5:83:e0:b0:14:cd:6d:82:58:9b:a5:d7:
                    89:8e:5a:c6:f0:2e:75:9c:06:b0:c6:95:32:32:99:
                    57:b6:f9:3e:67:3c:77:29:14:e8:ea:8a:1f:65:0f:
                    20:91:8d:05:d7:09:2c:fc:31:95:b9:1c:3b:81:e0:
                    0a:af:e0:03:56:65:bf:50:f6:ac:2a:a2:44:4f:b7:
                    3f:48:51:1f:02:e9:e4:95:bb:4d:ee:9f:e8:cb:c4:
                    98:39:89:73:9e:43:30:fb:45:42:9c:de:41:de:e0:
                    fb:2f:9c:87:93:8d:31:73:da:7d:d9:04:f6:7e:c5:
                    6f:a8:6c:da:2e:81:db:0a:2e:6c:64:3d:99:00:18:
                    e3:10:6f:61:69:cd:5f:4a:a2:a1:6b:04:f2:b4:75:
                    e1:b8:82:d2:57:8b:e5:dd:87:4b:86:96:a6:e8:66:
                    ca:62:92:41:7b:58:78:0a:ef:c2:63:5f:c1:bc:14:
                    68:d4:4d:2a:0e:78:d3:0d:f6:f4:11:65:01:66:34:
                    ea:09:eb:5d:5e:01:ef:9c:81:cb:50:42:62:80:6d:
                    11:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:4C:18:79:5C:13:1A:6A:F8:65:E3:AD:AD:17:E6:AA:7D:B0:FE:50
            X509v3 Authority Key Identifier:
                keyid:27:96:69:57:9B:3C:E6:1E:E8:EE:7D:6A:F7:E3:14:B0:F7:26:36:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5ZpV5s85h7o7n1q9-MUsPcmNh8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/G0wYeVwTGmr4ZeOtrRfmqn2w_lA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/J5ZpV5s85h7o7n1q9-MUsPcmNh8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:72:55:ee:af:08:57:1f:ec:c6:7b:fe:46:99:03:16:a2:76:
         6b:35:31:82:e0:36:72:49:02:22:11:b8:97:4b:58:43:4e:f9:
         4a:38:6c:f1:57:f8:12:54:81:06:55:db:c7:04:bd:3b:cd:a0:
         b4:75:8f:df:a5:b6:93:18:02:b4:10:31:b3:38:ec:e7:a2:3a:
         96:c8:d2:5e:aa:d5:b3:ea:37:f9:2e:d8:33:bc:28:17:e8:5d:
         82:83:53:f2:af:4d:70:92:c1:6b:0d:51:91:af:0d:58:27:f5:
         fd:c1:a2:d0:de:4f:6c:c2:66:6c:04:c9:c8:53:59:d7:8b:dd:
         43:f2:bb:26:24:e8:20:97:c1:d9:f5:92:53:a1:24:45:bc:8d:
         37:58:16:f2:55:cd:15:67:70:69:e3:aa:be:df:a0:32:76:11:
         78:6b:d6:aa:52:9b:93:eb:91:d5:f3:ad:c0:7c:2a:6f:5d:ef:
         80:96:41:b6:6b:84:19:b5:bf:07:19:dd:86:5c:e8:60:21:ba:
         06:8d:60:6b:40:48:78:f3:4a:7a:16:08:51:bb:8e:82:fd:b5:
         87:ce:30:19:fb:4a:04:7e:0f:94:12:41:29:56:f7:13:c5:62:
         88:af:6a:8c:14:00:d3:84:8a:56:77:8e:f6:43:c3:fd:06:86:
         c5:28:f3:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLArjxgdjMmUFdyf5yxqVANMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OTY2OTU3OWIzY2U2MWVlOGVlN2Q2YWY3ZTMxNGIwZjcy
NjM2MWYwHhcNMjQxMDI0MjIzODE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjRjMTg3OTVjMTMxYTZhZjg2NWUzYWRhZDE3ZTZhYTdkYjBmZTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7jLRo84NPlYf8tfappOnsOnR0zP
5fcSVQocCKyb8sHDax8PEVNsR2ATQymyuszlg+CwFM1tglibpdeJjlrG8C51nAaw
xpUyMplXtvk+Zzx3KRTo6oofZQ8gkY0F1wks/DGVuRw7geAKr+ADVmW/UPasKqJE
T7c/SFEfAunklbtN7p/oy8SYOYlznkMw+0VCnN5B3uD7L5yHk40xc9p92QT2fsVv
qGzaLoHbCi5sZD2ZABjjEG9hac1fSqKhawTytHXhuILSV4vl3YdLhpam6GbKYpJB
e1h4Cu/CY1/BvBRo1E0qDnjTDfb0EWUBZjTqCetdXgHvnIHLUEJigG0ROQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBtMGHlcExpq+GXjra0X5qp9sP5QMB8GA1UdIwQY
MBaAFCeWaVebPOYe6O59avfjFLD3JjYfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVacFY1czg1aDdvN24xcTktTVVzUGNtTmg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8xMTg0MTMtYjdhYS00NTljLTk5ZmEt
NGRlMWI1MjBhNTk0LzEvRzB3WWVWd1RHbXI0WmVPdHJSZm1xbjJ3X2xBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8xMTg0MTMtYjdhYS00NTljLTk5ZmEtNGRlMWI1MjBhNTk0
LzEvSjVacFY1czg1aDdvN24xcTktTVVzUGNtTmg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYF4MA0G
CSqGSIb3DQEBCwUAA4IBAQB2clXurwhXH+zGe/5GmQMWonZrNTGC4DZySQIiEbiX
S1hDTvlKOGzxV/gSVIEGVdvHBL07zaC0dY/fpbaTGAK0EDGzOOznojqWyNJeqtWz
6jf5LtgzvCgX6F2Cg1Pyr01wksFrDVGRrw1YJ/X9waLQ3k9swmZsBMnIU1nXi91D
8rsmJOggl8HZ9ZJToSRFvI03WBbyVc0VZ3Bp46q+36AydhF4a9aqUpuT65HV863A
fCpvXe+AlkG2a4QZtb8HGd2GXOhgIboGjWBrQEh480p6FghRu46C/bWHzjAZ+0oE
fg+UEkEpVvcTxWKIr2qMFADThIpWd472Q8P9BobFKPPn
-----END CERTIFICATE-----