Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gJfiLK_JtF7dCh4dVFeRe11Q7wI.roa
File:                     gJfiLK_JtF7dCh4dVFeRe11Q7wI.roa (raw, json)
Hash identifier:          mCv8QpT5/sYCCXX0TG28ty2LhMHvFrI4iu38KifZVdI=
Subject key identifier:   80:97:E2:2C:AF:C9:B4:5E:DD:0A:1E:1D:54:57:91:7B:5D:50:EF:02
Certificate issuer:       /CN=827603a93bca31b018f511f6d4b0b7546e963362
Certificate serial:       018E14A4B1DFBFCC032B42918ECC53CC1900
Authority key identifier: 82:76:03:A9:3B:CA:31:B0:18:F5:11:F6:D4:B0:B7:54:6E:96:33:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gJfiLK_JtF7dCh4dVFeRe11Q7wI.roa
Signing time:             Wed 06 Mar 2024 16:42:01 +0000
ROA not before:           Wed 06 Mar 2024 16:42:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212609
IP address blocks:        212.60.0.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:14:a4:b1:df:bf:cc:03:2b:42:91:8e:cc:53:cc:19:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=827603a93bca31b018f511f6d4b0b7546e963362
        Validity
            Not Before: Mar  6 16:42:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8097e22cafc9b45edd0a1e1d5457917b5d50ef02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:12:37:6c:ba:c9:41:ba:d8:fd:83:8f:60:28:
                    ce:5f:d4:ce:27:58:f4:25:20:05:a1:dc:7b:08:8c:
                    9e:76:ae:f4:dc:ef:39:b2:61:9c:e9:22:9c:ad:bf:
                    46:78:a5:24:a1:09:b8:bd:30:45:59:c1:a3:ac:ec:
                    72:91:f9:2f:f2:7b:38:49:6c:95:18:c4:ba:17:a0:
                    63:a2:1c:43:dd:03:40:12:3a:fc:b8:03:ac:8e:7c:
                    38:87:6c:eb:e8:ab:0b:e6:fb:cc:3c:30:ee:52:3d:
                    14:20:c6:57:e9:d8:16:81:3a:51:c0:ad:dd:f2:2e:
                    19:b2:ba:54:a7:ba:ed:8b:0a:dd:6a:4e:9f:2a:d7:
                    88:81:7a:a1:2d:a3:f6:a3:89:9f:0b:11:e1:7e:8b:
                    6a:b7:12:e6:20:eb:fe:35:2c:99:8a:e4:ce:98:62:
                    1f:45:71:e7:6c:39:9e:8f:94:74:76:89:00:1f:dd:
                    89:09:9c:51:c6:4a:55:ad:46:85:8e:6c:3e:bc:09:
                    82:62:09:d6:7f:4e:cd:57:ab:a0:27:a9:61:cf:96:
                    f2:8a:e0:e0:c9:fc:3e:04:28:8e:a7:45:42:a4:c9:
                    20:0e:e2:8b:99:e9:d3:d7:af:99:1a:32:be:8a:0d:
                    bd:aa:d6:7d:d8:57:7a:10:17:bc:bf:e9:93:3b:3d:
                    52:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:97:E2:2C:AF:C9:B4:5E:DD:0A:1E:1D:54:57:91:7B:5D:50:EF:02
            X509v3 Authority Key Identifier:
                keyid:82:76:03:A9:3B:CA:31:B0:18:F5:11:F6:D4:B0:B7:54:6E:96:33:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gJfiLK_JtF7dCh4dVFeRe11Q7wI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.60.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:97:e0:73:7d:69:59:1b:2f:60:e8:0a:c9:ec:a5:06:69:21:
         d5:d3:34:20:c6:dc:1f:a0:7e:16:10:8c:be:cf:39:9f:79:6e:
         82:63:c3:82:09:95:3b:90:6f:47:6f:21:60:8b:2e:f1:d8:5e:
         fb:17:d1:df:e1:87:42:8e:9c:1e:62:3e:b4:35:2a:3f:95:a0:
         92:7d:28:0a:24:73:8c:42:4e:3c:5b:c7:3c:dd:f2:f1:16:14:
         5a:17:d4:41:26:16:56:bd:c2:61:c2:a9:5b:ef:d4:18:29:33:
         9f:a5:0c:b7:80:33:58:e2:70:25:ec:91:4c:b7:4e:65:4a:15:
         04:ae:7c:24:74:20:45:41:59:09:02:86:c0:ac:77:17:db:a4:
         b7:f6:99:f6:69:a3:09:cf:b5:b3:0a:b0:64:c8:91:12:00:a5:
         4c:c6:f7:d0:13:28:55:09:67:03:79:3f:d5:ae:a1:71:7a:12:
         98:ad:5a:ba:22:5b:a6:dd:05:0a:d0:06:99:1a:3e:f7:fc:94:
         59:47:67:e2:54:84:b8:4e:66:9a:dc:0f:47:48:40:05:c8:e8:
         dc:af:da:db:f1:ef:c9:c2:0e:eb:12:ef:de:93:6c:2e:48:ad:
         7c:35:7b:21:7b:54:94:27:62:d5:08:c4:9b:69:09:01:c8:1b:
         6f:f1:dc:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4UpLHfv8wDK0KRjsxTzBkAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNzYwM2E5M2JjYTMxYjAxOGY1MTFmNmQ0YjBiNzU0NmU5
NjMzNjIwHhcNMjQwMzA2MTY0MjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDk3ZTIyY2FmYzliNDVlZGQwYTFlMWQ1NDU3OTE3YjVkNTBlZjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRI3bLrJQbrY/YOPYCjOX9TOJ1j0
JSAFodx7CIyedq703O85smGc6SKcrb9GeKUkoQm4vTBFWcGjrOxykfkv8ns4SWyV
GMS6F6BjohxD3QNAEjr8uAOsjnw4h2zr6KsL5vvMPDDuUj0UIMZX6dgWgTpRwK3d
8i4ZsrpUp7rtiwrdak6fKteIgXqhLaP2o4mfCxHhfotqtxLmIOv+NSyZiuTOmGIf
RXHnbDmej5R0dokAH92JCZxRxkpVrUaFjmw+vAmCYgnWf07NV6ugJ6lhz5byiuDg
yfw+BCiOp0VCpMkgDuKLmenT16+ZGjK+ig29qtZ92Fd6EBe8v+mTOz1SbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFICX4iyvybRe3QoeHVRXkXtdUO8CMB8GA1UdIwQY
MBaAFIJ2A6k7yjGwGPUR9tSwt1RuljNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ25ZRHFUdktNYkFZOVJIMjFMQzNWRzZXTTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi85MWFmNjYtZDM5NC00MmZhLWEwYzYt
YjE2Y2I0ZGZhZGQzLzEvZ0pmaUxLX0p0RjdkQ2g0ZFZGZVJlMTFRN3dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi85MWFmNjYtZDM5NC00MmZhLWEwYzYtYjE2Y2I0ZGZhZGQz
LzEvZ25ZRHFUdktNYkFZOVJIMjFMQzNWRzZXTTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1DwAMA0G
CSqGSIb3DQEBCwUAA4IBAQB6l+BzfWlZGy9g6ArJ7KUGaSHV0zQgxtwfoH4WEIy+
zzmfeW6CY8OCCZU7kG9HbyFgiy7x2F77F9Hf4YdCjpweYj60NSo/laCSfSgKJHOM
Qk48W8c83fLxFhRaF9RBJhZWvcJhwqlb79QYKTOfpQy3gDNY4nAl7JFMt05lShUE
rnwkdCBFQVkJAobArHcX26S39pn2aaMJz7WzCrBkyJESAKVMxvfQEyhVCWcDeT/V
rqFxehKYrVq6Ilum3QUK0AaZGj73/JRZR2fiVIS4Tmaa3A9HSEAFyOjcr9rb8e/J
wg7rEu/ek2wuSK18NXshe1SUJ2LVCMSbaQkByBtv8dxt
-----END CERTIFICATE-----