Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/G4B5pXdw27NF4_DdkkBQKP6gjCk.roa
File:                     G4B5pXdw27NF4_DdkkBQKP6gjCk.roa (raw, json)
Hash identifier:          9RZyS5fZgEubZgHlTu+fTelD7OVf/Zpa5e8oo+h4nkw=
Subject key identifier:   1B:80:79:A5:77:70:DB:B3:45:E3:F0:DD:92:40:50:28:FE:A0:8C:29
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018CCA2A516142DDD1E60A5E53F65A511ACE
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/G4B5pXdw27NF4_DdkkBQKP6gjCk.roa
Signing time:             Tue 02 Jan 2024 12:33:40 +0000
ROA not before:           Tue 02 Jan 2024 12:33:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200753
IP address blocks:        185.133.210.0/24 maxlen: 24
                          2a06:e880:c0::/46 maxlen: 48
                          2a06:e880::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:51:61:42:dd:d1:e6:0a:5e:53:f6:5a:51:1a:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b8079a57770dbb345e3f0dd92405028fea08c29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:7b:d7:d5:e1:e9:1d:31:97:53:9a:14:22:e7:
                    16:e1:30:6d:96:12:67:28:76:f6:24:dd:60:70:eb:
                    6e:e4:4f:54:47:70:5e:71:78:f2:c1:1f:e6:06:17:
                    eb:df:74:f3:05:ec:7b:c2:e4:6c:4c:15:87:b7:2b:
                    af:d0:60:21:14:c7:79:15:7f:cf:52:c6:7a:07:e8:
                    e3:a7:30:f2:86:f3:7b:f0:2d:fd:a6:07:d6:90:ea:
                    ac:af:28:8a:cf:b6:0f:f4:f9:80:b4:fd:b0:47:2a:
                    5a:2f:8c:c8:56:a9:2e:b7:22:66:c6:d9:34:cd:df:
                    36:5f:6d:50:3a:16:36:1f:25:59:56:a0:24:b6:5e:
                    1f:2d:fa:1b:55:78:7e:b7:2e:5f:37:f7:04:75:61:
                    1c:b6:fd:cb:c9:9b:3b:22:a7:de:c8:26:cc:f5:84:
                    be:50:a5:2f:59:2a:7a:f2:c4:09:9c:17:da:9f:7a:
                    e8:56:12:39:0f:b4:04:58:96:23:3c:22:b2:38:03:
                    75:2e:2e:ef:cc:d4:a7:0d:d9:97:e5:d2:69:5b:cf:
                    50:89:62:54:31:db:04:b5:2c:37:70:e2:03:6a:c0:
                    17:f8:ff:04:d0:94:e6:e4:da:02:a6:e2:98:bd:7f:
                    7e:43:05:94:0d:04:52:8d:8b:d2:9d:11:35:16:f6:
                    f3:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:80:79:A5:77:70:DB:B3:45:E3:F0:DD:92:40:50:28:FE:A0:8C:29
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/G4B5pXdw27NF4_DdkkBQKP6gjCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.210.0/24
                IPv6:
                  2a06:e880::/32

    Signature Algorithm: sha256WithRSAEncryption
         7a:97:19:bf:76:c4:b7:9b:94:92:9d:1c:47:1b:9f:26:3a:97:
         e8:98:36:ec:4d:45:24:50:dc:5e:44:7b:1d:52:13:e0:4f:5b:
         84:f5:90:27:30:11:5f:70:b6:fd:90:c9:37:4b:af:83:2e:b7:
         32:cc:3d:38:59:7e:32:de:e9:c8:4b:38:76:85:b7:db:99:6e:
         c0:88:ff:de:5a:f9:b7:02:c3:13:8f:05:a8:77:f1:a3:6f:7d:
         1b:86:5f:ff:e3:7b:c0:e3:f5:c3:3f:84:7e:6e:b2:99:b3:c4:
         56:76:90:5d:66:60:a4:9e:79:7f:27:7f:b8:cd:2f:da:55:9c:
         ff:6a:38:d3:36:66:11:6c:a1:c2:46:eb:25:d1:a3:d6:a9:7a:
         d6:43:a4:4d:b3:c6:18:0d:cb:20:01:17:da:0a:10:04:a9:6d:
         68:fc:c3:f2:8f:60:3c:a8:17:1a:87:7c:a4:37:a9:cb:69:53:
         b0:8f:c2:76:17:4a:88:85:b3:0c:71:16:0e:9b:44:0b:be:e7:
         42:a1:30:a2:20:6b:c1:7a:78:4d:a5:74:ca:32:05:a9:8c:5d:
         c6:e5:96:9a:c5:19:dc:1a:37:3d:5f:7f:fd:3f:f8:52:0d:8f:
         7d:7b:4b:39:12:fd:77:5b:50:83:3f:9c:a4:05:ea:8d:8d:58:
         9b:60:a3:51
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKlFhQt3R5gpeU/ZaURrOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMTAyMTIzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjgwNzlhNTc3NzBkYmIzNDVlM2YwZGQ5MjQwNTAyOGZlYTA4YzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXvX1eHpHTGXU5oUIucW4TBtlhJn
KHb2JN1gcOtu5E9UR3BecXjywR/mBhfr33TzBex7wuRsTBWHtyuv0GAhFMd5FX/P
UsZ6B+jjpzDyhvN78C39pgfWkOqsryiKz7YP9PmAtP2wRypaL4zIVqkutyJmxtk0
zd82X21QOhY2HyVZVqAktl4fLfobVXh+ty5fN/cEdWEctv3LyZs7IqfeyCbM9YS+
UKUvWSp68sQJnBfan3roVhI5D7QEWJYjPCKyOAN1Li7vzNSnDdmX5dJpW89QiWJU
MdsEtSw3cOIDasAX+P8E0JTm5NoCpuKYvX9+QwWUDQRSjYvSnRE1FvbzSwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBuAeaV3cNuzRePw3ZJAUCj+oIwpMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvRzRCNXBYZHcyN05GNF9EZGtrQlFLUDZnakNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuYXSMA0E
AgACMAcDBQAqBuiAMA0GCSqGSIb3DQEBCwUAA4IBAQB6lxm/dsS3m5SSnRxHG58m
OpfomDbsTUUkUNxeRHsdUhPgT1uE9ZAnMBFfcLb9kMk3S6+DLrcyzD04WX4y3unI
Szh2hbfbmW7AiP/eWvm3AsMTjwWod/Gjb30bhl//43vA4/XDP4R+brKZs8RWdpBd
ZmCknnl/J3+4zS/aVZz/ajjTNmYRbKHCRusl0aPWqXrWQ6RNs8YYDcsgARfaChAE
qW1o/MPyj2A8qBcah3ykN6nLaVOwj8J2F0qIhbMMcRYOm0QLvudCoTCiIGvBenhN
pXTKMgWpjF3G5ZaaxRncGjc9X3/9P/hSDY99e0s5Ev13W1CDP5ykBeqNjVibYKNR
-----END CERTIFICATE-----