Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/861c75-dd03-437b-9fc7-890522c6105b/1/hPLHuDpVGE1VM6eFG3E2xQr-gao.roa
File:                     hPLHuDpVGE1VM6eFG3E2xQr-gao.roa (raw, json)
Hash identifier:          lFQZb4kNrubxrZoc1ul/XEzHHbyjGLa/SehLsYMM/cI=
Subject key identifier:   84:F2:C7:B8:3A:55:18:4D:55:33:A7:85:1B:71:36:C5:0A:FE:81:AA
Certificate issuer:       /CN=430a5648e1d46b662f4d1dcc066d39427c65f0d1
Certificate serial:       018CC348A65818E82A661B945AE01FA64888
Authority key identifier: 43:0A:56:48:E1:D4:6B:66:2F:4D:1D:CC:06:6D:39:42:7C:65:F0:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QwpWSOHUa2YvTR3MBm05Qnxl8NE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/861c75-dd03-437b-9fc7-890522c6105b/1/hPLHuDpVGE1VM6eFG3E2xQr-gao.roa
Signing time:             Mon 01 Jan 2024 04:29:27 +0000
ROA not before:           Mon 01 Jan 2024 04:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2439
IP address blocks:        147.215.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/861c75-dd03-437b-9fc7-890522c6105b/1/QwpWSOHUa2YvTR3MBm05Qnxl8NE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/861c75-dd03-437b-9fc7-890522c6105b/1/QwpWSOHUa2YvTR3MBm05Qnxl8NE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QwpWSOHUa2YvTR3MBm05Qnxl8NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a6:58:18:e8:2a:66:1b:94:5a:e0:1f:a6:48:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=430a5648e1d46b662f4d1dcc066d39427c65f0d1
        Validity
            Not Before: Jan  1 04:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84f2c7b83a55184d5533a7851b7136c50afe81aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:0c:b5:9e:38:47:8a:25:9c:a8:6c:b3:41:7f:
                    08:ef:fb:82:ad:3f:c0:7c:de:73:9c:06:0c:ba:27:
                    16:b5:12:6b:6d:c9:d4:45:a8:11:2c:a5:8d:b5:18:
                    5e:03:de:3e:30:08:3b:6b:72:56:51:93:85:b7:5c:
                    02:c0:f4:cc:1f:96:27:c0:73:b0:48:87:2f:00:0f:
                    14:b3:ac:bf:59:d8:c9:3d:2f:f4:1a:a6:3f:68:6a:
                    b0:c2:0f:82:6d:12:7f:20:67:f0:5a:cf:89:83:7e:
                    57:80:70:c0:a7:4f:47:04:70:82:87:42:01:ed:86:
                    66:d8:61:fc:42:9d:2d:16:80:c2:cf:02:ee:f3:54:
                    1f:cd:c4:a9:64:8b:b4:56:88:c9:17:98:70:f4:a1:
                    12:3b:c5:b2:0d:60:bc:11:c4:bb:1e:4e:08:aa:5f:
                    47:ce:31:f7:23:0c:0e:24:ae:d5:cb:64:c0:a9:b9:
                    e9:6d:f8:7b:67:9b:cb:7a:e6:1a:07:d0:89:e9:fa:
                    14:88:d4:b8:90:52:86:c7:9e:6e:20:e6:1f:6b:7d:
                    3b:e1:2b:45:0c:b5:ec:40:39:93:68:ba:4e:72:c4:
                    7e:73:3e:67:04:f7:71:b3:d6:59:d3:1a:57:44:0c:
                    ae:36:07:c6:c3:13:17:1e:c9:90:cf:a2:93:a1:6c:
                    6d:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:F2:C7:B8:3A:55:18:4D:55:33:A7:85:1B:71:36:C5:0A:FE:81:AA
            X509v3 Authority Key Identifier:
                keyid:43:0A:56:48:E1:D4:6B:66:2F:4D:1D:CC:06:6D:39:42:7C:65:F0:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwpWSOHUa2YvTR3MBm05Qnxl8NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/861c75-dd03-437b-9fc7-890522c6105b/1/hPLHuDpVGE1VM6eFG3E2xQr-gao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/861c75-dd03-437b-9fc7-890522c6105b/1/QwpWSOHUa2YvTR3MBm05Qnxl8NE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.215.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9d:9d:ee:5e:ff:c7:a0:5c:11:b5:9e:e7:ba:f3:7d:41:54:1b:
         ce:82:33:cc:a5:fe:6e:8c:9a:00:e1:6e:67:6e:cf:b2:da:48:
         97:10:7e:4a:65:92:0a:eb:3b:e7:fb:3a:40:b5:f0:96:8d:ba:
         54:7a:b9:f4:19:18:c1:0c:c1:df:66:64:51:e9:81:d3:55:6d:
         5c:8a:51:19:37:b1:86:91:6d:7c:72:64:2e:f7:00:30:18:ee:
         a9:82:fe:6d:ca:91:60:ba:6a:01:4d:69:19:f8:49:0c:ec:1b:
         2f:76:70:5f:3a:68:74:6f:98:69:97:ae:60:99:77:b9:03:e5:
         d2:0a:19:2f:15:c0:d6:c8:b2:e7:cd:a7:0e:e9:96:9f:ef:38:
         60:bf:af:bc:f5:5a:b5:70:80:89:d9:ef:ce:dc:6d:41:71:15:
         c6:64:41:dc:e9:20:9e:9c:af:a9:6b:e7:a7:20:c0:bf:46:8a:
         f7:6e:ae:29:ce:d0:db:6d:f2:f1:f6:9f:d4:67:af:03:f1:bc:
         8e:3c:3b:34:0f:c5:50:97:a0:66:1b:3e:b2:ae:5f:65:27:dc:
         0d:02:88:75:45:83:e4:fb:05:63:57:b2:cd:01:96:4d:32:39:
         ff:c1:ba:03:d9:95:bc:20:ac:1e:2b:e9:d8:c7:1e:0e:8e:8b:
         b3:6e:c0:28
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzDSKZYGOgqZhuUWuAfpkiIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMGE1NjQ4ZTFkNDZiNjYyZjRkMWRjYzA2NmQzOTQyN2M2
NWYwZDEwHhcNMjQwMTAxMDQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGYyYzdiODNhNTUxODRkNTUzM2E3ODUxYjcxMzZjNTBhZmU4MWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQy1njhHiiWcqGyzQX8I7/uCrT/A
fN5znAYMuicWtRJrbcnURagRLKWNtRheA94+MAg7a3JWUZOFt1wCwPTMH5YnwHOw
SIcvAA8Us6y/WdjJPS/0GqY/aGqwwg+CbRJ/IGfwWs+Jg35XgHDAp09HBHCCh0IB
7YZm2GH8Qp0tFoDCzwLu81QfzcSpZIu0VojJF5hw9KESO8WyDWC8EcS7Hk4Iql9H
zjH3IwwOJK7Vy2TAqbnpbfh7Z5vLeuYaB9CJ6foUiNS4kFKGx55uIOYfa3074StF
DLXsQDmTaLpOcsR+cz5nBPdxs9ZZ0xpXRAyuNgfGwxMXHsmQz6KToWxtYwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFITyx7g6VRhNVTOnhRtxNsUK/oGqMB8GA1UdIwQY
MBaAFEMKVkjh1GtmL00dzAZtOUJ8ZfDRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdwV1NPSFVhMll2VFIzTUJtMDVRbnhsOE5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS84NjFjNzUtZGQwMy00MzdiLTlmYzct
ODkwNTIyYzYxMDViLzEvaFBMSHVEcFZHRTFWTTZlRkczRTJ4UXItZ2FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS84NjFjNzUtZGQwMy00MzdiLTlmYzctODkwNTIyYzYxMDVi
LzEvUXdwV1NPSFVhMll2VFIzTUJtMDVRbnhsOE5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAk9cwDQYJ
KoZIhvcNAQELBQADggEBAJ2d7l7/x6BcEbWe57rzfUFUG86CM8yl/m6MmgDhbmdu
z7LaSJcQfkplkgrrO+f7OkC18JaNulR6ufQZGMEMwd9mZFHpgdNVbVyKURk3sYaR
bXxyZC73ADAY7qmC/m3KkWC6agFNaRn4SQzsGy92cF86aHRvmGmXrmCZd7kD5dIK
GS8VwNbIsufNpw7plp/vOGC/r7z1WrVwgInZ787cbUFxFcZkQdzpIJ6cr6lr56cg
wL9GivdurinO0Ntt8vH2n9RnrwPxvI48OzQPxVCXoGYbPrKuX2Un3A0CiHVFg+T7
BWNXss0Blk0yOf/BugPZlbwgrB4r6djHHg6Oi7NuwCg=
-----END CERTIFICATE-----