Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/57860a-dd5e-46e8-9ecb-d078eec82b2a/1/CxGrnZQdsjC5mgUbFDz4sPGZO8o.roa
File:                     CxGrnZQdsjC5mgUbFDz4sPGZO8o.roa (raw, json)
Hash identifier:          RbS4slcuK0E0TXD80WNFPXAumdbJWVjag6AIK2idQf8=
Subject key identifier:   0B:11:AB:9D:94:1D:B2:30:B9:9A:05:1B:14:3C:F8:B0:F1:99:3B:CA
Certificate issuer:       /CN=1b982883e1dfbf4633e08c0b58c85e89ffc32101
Certificate serial:       018CC7276FEA1DFB3FF43AAD691050AB1698
Authority key identifier: 1B:98:28:83:E1:DF:BF:46:33:E0:8C:0B:58:C8:5E:89:FF:C3:21:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G5gog-Hfv0Yz4IwLWMheif_DIQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/57860a-dd5e-46e8-9ecb-d078eec82b2a/1/CxGrnZQdsjC5mgUbFDz4sPGZO8o.roa
Signing time:             Mon 01 Jan 2024 22:31:39 +0000
ROA not before:           Mon 01 Jan 2024 22:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61424
IP address blocks:        185.48.248.0/23 maxlen: 23
                          2a04:b540::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/57860a-dd5e-46e8-9ecb-d078eec82b2a/1/G5gog-Hfv0Yz4IwLWMheif_DIQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/57860a-dd5e-46e8-9ecb-d078eec82b2a/1/G5gog-Hfv0Yz4IwLWMheif_DIQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G5gog-Hfv0Yz4IwLWMheif_DIQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:6f:ea:1d:fb:3f:f4:3a:ad:69:10:50:ab:16:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b982883e1dfbf4633e08c0b58c85e89ffc32101
        Validity
            Not Before: Jan  1 22:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b11ab9d941db230b99a051b143cf8b0f1993bca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:9a:af:f5:b7:d1:3d:a0:93:12:f2:ba:d5:b6:
                    e6:cb:b6:4d:f4:dc:17:1a:e8:ad:49:26:cc:84:1b:
                    83:95:96:bd:0b:cc:86:6a:3c:ee:18:d5:b1:1d:01:
                    07:bb:1c:bd:e1:6a:54:7a:0b:0c:85:31:2d:a8:1e:
                    7f:8b:47:85:8b:c1:a2:db:98:61:a7:cf:e3:02:da:
                    cf:18:d8:1c:99:e9:c0:b9:2f:6d:86:a2:26:71:34:
                    c0:5c:f4:2c:2a:a2:db:af:f8:41:0a:68:fe:d5:8f:
                    89:73:02:ef:47:49:de:7a:e6:4f:02:34:c8:16:e9:
                    3e:b3:7b:7d:65:a6:4b:83:18:e3:f0:b5:b1:ac:76:
                    c0:1c:35:60:6a:71:16:c7:23:f2:9b:e6:a5:e0:18:
                    b3:3b:95:8d:68:18:a8:d3:8b:a9:84:b8:99:8b:ec:
                    1d:bf:c7:10:b1:c8:3f:6d:77:32:0d:22:40:a1:1a:
                    2d:49:40:79:62:20:26:be:1f:cf:21:58:60:12:e5:
                    a4:ef:d9:a8:82:ad:21:e6:d6:2e:64:e0:c9:87:e1:
                    7d:fa:5f:0e:79:0a:93:26:91:9f:e6:93:86:a4:f3:
                    77:2f:e9:ab:a6:8b:9c:fb:b7:08:c3:80:4c:82:65:
                    ee:4c:f6:e7:13:c3:df:c9:83:de:68:9b:7b:d9:b0:
                    40:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:11:AB:9D:94:1D:B2:30:B9:9A:05:1B:14:3C:F8:B0:F1:99:3B:CA
            X509v3 Authority Key Identifier:
                keyid:1B:98:28:83:E1:DF:BF:46:33:E0:8C:0B:58:C8:5E:89:FF:C3:21:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G5gog-Hfv0Yz4IwLWMheif_DIQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/57860a-dd5e-46e8-9ecb-d078eec82b2a/1/CxGrnZQdsjC5mgUbFDz4sPGZO8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/57860a-dd5e-46e8-9ecb-d078eec82b2a/1/G5gog-Hfv0Yz4IwLWMheif_DIQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.48.248.0/23
                IPv6:
                  2a04:b540::/36

    Signature Algorithm: sha256WithRSAEncryption
         7d:0b:14:fb:88:d1:f5:6e:df:da:1f:49:f4:81:de:01:27:06:
         dd:89:52:cb:6d:a8:c1:b8:f0:fd:72:cc:62:84:ab:2f:81:91:
         e7:a2:e3:a6:88:d0:22:5e:88:d7:0f:52:25:84:2d:36:89:02:
         7f:28:1d:11:2b:c0:c2:d6:98:69:2d:4d:97:7a:a7:d1:1b:75:
         22:84:bb:47:7a:d4:96:06:68:dd:f6:5a:78:08:57:53:bb:ba:
         f1:2f:91:5c:9a:d4:75:5b:4b:f3:c2:94:ac:93:b8:4e:8b:2a:
         24:41:b4:62:25:35:b3:51:7b:cc:fa:61:9d:43:be:17:ed:4c:
         4b:79:92:39:1a:e1:91:be:d3:99:04:41:71:2d:4a:aa:6f:1e:
         c0:fa:70:85:5b:67:bd:6a:9e:4f:a1:44:43:f9:89:d7:4f:27:
         2c:72:f1:2f:3d:86:76:b2:b1:a0:27:95:15:c6:3e:86:c5:12:
         c6:8d:f4:23:eb:22:e2:ed:d9:dd:eb:df:58:9e:bf:07:41:7e:
         15:ec:a7:79:65:62:f9:b1:9d:ed:d9:e8:65:7d:1d:7d:cf:7e:
         91:bb:e5:cc:5a:91:cc:46:f6:51:65:a7:3c:35:5a:d5:7b:e5:
         5b:07:85:99:13:ca:fa:5c:4b:69:28:a7:ea:0f:eb:bd:6f:cd:
         76:73:3f:e5
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzHJ2/qHfs/9DqtaRBQqxaYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOTgyODgzZTFkZmJmNDYzM2UwOGMwYjU4Yzg1ZTg5ZmZj
MzIxMDEwHhcNMjQwMTAxMjIzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjExYWI5ZDk0MWRiMjMwYjk5YTA1MWIxNDNjZjhiMGYxOTkzYmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzpqv9bfRPaCTEvK61bbmy7ZN9NwX
GuitSSbMhBuDlZa9C8yGajzuGNWxHQEHuxy94WpUegsMhTEtqB5/i0eFi8Gi25hh
p8/jAtrPGNgcmenAuS9thqImcTTAXPQsKqLbr/hBCmj+1Y+JcwLvR0neeuZPAjTI
Fuk+s3t9ZaZLgxjj8LWxrHbAHDVganEWxyPym+al4BizO5WNaBio04uphLiZi+wd
v8cQscg/bXcyDSJAoRotSUB5YiAmvh/PIVhgEuWk79mogq0h5tYuZODJh+F9+l8O
eQqTJpGf5pOGpPN3L+mrpouc+7cIw4BMgmXuTPbnE8PfyYPeaJt72bBAiwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFAsRq52UHbIwuZoFGxQ8+LDxmTvKMB8GA1UdIwQY
MBaAFBuYKIPh379GM+CMC1jIXon/wyEBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzVnb2ctSGZ2MFl6NEl3TFdNaGVpZl9ESVFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS81Nzg2MGEtZGQ1ZS00NmU4LTllY2It
ZDA3OGVlYzgyYjJhLzEvQ3hHcm5aUWRzakM1bWdVYkZEejRzUEdaTzhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS81Nzg2MGEtZGQ1ZS00NmU4LTllY2ItZDA3OGVlYzgyYjJh
LzEvRzVnb2ctSGZ2MFl6NEl3TFdNaGVpZl9ESVFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQBuTD4MA4E
AgACMAgDBgQqBLVAADANBgkqhkiG9w0BAQsFAAOCAQEAfQsU+4jR9W7f2h9J9IHe
AScG3YlSy22owbjw/XLMYoSrL4GR56LjpojQIl6I1w9SJYQtNokCfygdESvAwtaY
aS1Nl3qn0Rt1IoS7R3rUlgZo3fZaeAhXU7u68S+RXJrUdVtL88KUrJO4TosqJEG0
YiU1s1F7zPphnUO+F+1MS3mSORrhkb7TmQRBcS1Kqm8ewPpwhVtnvWqeT6FEQ/mJ
108nLHLxLz2GdrKxoCeVFcY+hsUSxo30I+si4u3Z3evfWJ6/B0F+FeyneWVi+bGd
7dnoZX0dfc9+kbvlzFqRzEb2UWWnPDVa1XvlWweFmRPK+lxLaSin6g/rvW/NdnM/
5Q==
-----END CERTIFICATE-----