Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/760c0f-12ab-483d-8cdb-57e1d5b72b2d/1/gchC1IlI9ctNg-e1A2jW50TAdt8.roa
File:                     gchC1IlI9ctNg-e1A2jW50TAdt8.roa (raw, json)
Hash identifier:          6YS6u8gzcSd+us6SREM3tOPujRwtWk6E55yJ6pD7BCA=
Subject key identifier:   81:C8:42:D4:89:48:F5:CB:4D:83:E7:B5:03:68:D6:E7:44:C0:76:DF
Certificate issuer:       /CN=5d88e4f7a302412c316a3bb599cdd2042b5ff485
Certificate serial:       018CC49351145B3A2295C64C8790B41A8869
Authority key identifier: 5D:88:E4:F7:A3:02:41:2C:31:6A:3B:B5:99:CD:D2:04:2B:5F:F4:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XYjk96MCQSwxaju1mc3SBCtf9IU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/760c0f-12ab-483d-8cdb-57e1d5b72b2d/1/gchC1IlI9ctNg-e1A2jW50TAdt8.roa
Signing time:             Mon 01 Jan 2024 10:30:37 +0000
ROA not before:           Mon 01 Jan 2024 10:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35773
IP address blocks:        84.54.148.0/24 maxlen: 24
                          84.54.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/760c0f-12ab-483d-8cdb-57e1d5b72b2d/1/XYjk96MCQSwxaju1mc3SBCtf9IU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/760c0f-12ab-483d-8cdb-57e1d5b72b2d/1/XYjk96MCQSwxaju1mc3SBCtf9IU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XYjk96MCQSwxaju1mc3SBCtf9IU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:51:14:5b:3a:22:95:c6:4c:87:90:b4:1a:88:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d88e4f7a302412c316a3bb599cdd2042b5ff485
        Validity
            Not Before: Jan  1 10:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81c842d48948f5cb4d83e7b50368d6e744c076df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:58:7a:bf:50:9f:0a:57:db:ee:cc:9a:cf:ff:
                    41:48:b2:2b:8a:f2:e7:71:19:57:7c:a8:32:9a:29:
                    30:ec:b5:4e:c9:61:55:86:38:75:7a:4e:37:4b:e6:
                    be:c8:2d:bc:e0:c8:57:11:fc:27:f9:f1:f6:4a:f7:
                    98:da:a2:08:04:7c:2b:93:3c:f6:7d:7f:aa:53:9c:
                    ce:ea:09:b1:1e:e4:7e:6a:1f:47:de:71:55:41:a3:
                    8f:49:a4:bd:16:c0:fd:f2:8d:57:8a:a6:fc:ff:4d:
                    6c:1c:35:0a:ba:9f:8f:98:74:a9:1c:13:79:36:48:
                    17:01:5d:56:12:cc:0c:ff:32:35:d2:08:28:6e:01:
                    ec:5a:6b:91:de:68:12:86:db:1c:77:12:3b:89:43:
                    f8:15:3d:07:77:bd:59:52:f2:c3:68:f8:ab:7e:41:
                    c3:7f:5d:5e:f4:64:66:20:a6:86:70:fe:f9:d0:fe:
                    d4:d9:3a:5d:86:93:0e:ec:39:71:14:f0:62:96:1e:
                    82:31:57:b1:97:ee:59:c6:92:e8:2b:fa:63:71:a7:
                    0b:d6:55:b1:de:8e:7b:3f:c1:b9:f7:ab:9d:e4:a3:
                    9b:60:1d:d1:d4:6a:08:aa:fb:64:3c:d0:77:9f:ce:
                    71:c7:86:96:56:e9:2f:4c:80:01:51:ad:b9:e6:5f:
                    24:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:C8:42:D4:89:48:F5:CB:4D:83:E7:B5:03:68:D6:E7:44:C0:76:DF
            X509v3 Authority Key Identifier:
                keyid:5D:88:E4:F7:A3:02:41:2C:31:6A:3B:B5:99:CD:D2:04:2B:5F:F4:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XYjk96MCQSwxaju1mc3SBCtf9IU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/760c0f-12ab-483d-8cdb-57e1d5b72b2d/1/gchC1IlI9ctNg-e1A2jW50TAdt8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/760c0f-12ab-483d-8cdb-57e1d5b72b2d/1/XYjk96MCQSwxaju1mc3SBCtf9IU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.148.0/24
                  84.54.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:08:fa:34:58:cf:e9:2f:88:72:e7:75:18:9f:a3:6e:f7:91:
         b1:0d:d1:8e:2a:01:6d:49:30:84:eb:38:39:cf:07:a7:94:58:
         f1:9a:1f:70:9d:06:5b:e1:33:fa:57:56:fc:b7:d6:21:cc:3c:
         39:c7:00:75:1e:27:fd:03:00:94:d0:c0:91:e6:e5:ab:dc:7f:
         e1:71:1f:7b:8d:be:2c:ad:e4:bf:75:f6:a5:2a:b0:d0:ab:c3:
         a5:e0:b7:81:ac:3a:cc:9d:aa:09:bc:f3:83:b4:49:48:6a:b0:
         08:77:ab:01:d1:12:0b:53:a9:50:47:82:8f:6c:cf:6e:31:4a:
         95:0f:91:4b:f2:a0:8a:0d:a0:80:fb:11:39:4f:e2:b3:95:7e:
         2e:29:cc:7f:e2:17:9d:a4:9c:16:fa:e5:29:65:fe:e7:57:27:
         1e:38:b1:9b:49:e1:87:0f:9c:86:e4:8d:8b:03:46:93:28:5f:
         51:64:4f:48:64:82:47:1a:6e:3f:d9:7b:5f:28:32:5d:da:d7:
         50:7f:a7:79:3f:e1:fd:b9:f2:4c:30:a5:e0:08:2e:7f:1f:55:
         1c:eb:de:51:45:6e:b9:d7:d4:11:2a:3b:bc:44:5c:78:09:00:
         d0:b4:79:a8:67:9b:a4:60:95:0b:69:8e:97:6d:1c:0a:3b:8b:
         7d:e5:6a:7f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEk1EUWzoilcZMh5C0GohpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkODhlNGY3YTMwMjQxMmMzMTZhM2JiNTk5Y2RkMjA0MmI1
ZmY0ODUwHhcNMjQwMTAxMTAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWM4NDJkNDg5NDhmNWNiNGQ4M2U3YjUwMzY4ZDZlNzQ0YzA3NmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAslh6v1CfClfb7syaz/9BSLIrivLn
cRlXfKgymikw7LVOyWFVhjh1ek43S+a+yC284MhXEfwn+fH2SveY2qIIBHwrkzz2
fX+qU5zO6gmxHuR+ah9H3nFVQaOPSaS9FsD98o1Xiqb8/01sHDUKup+PmHSpHBN5
NkgXAV1WEswM/zI10ggobgHsWmuR3mgShtscdxI7iUP4FT0Hd71ZUvLDaPirfkHD
f11e9GRmIKaGcP750P7U2TpdhpMO7DlxFPBilh6CMVexl+5ZxpLoK/pjcacL1lWx
3o57P8G596ud5KObYB3R1GoIqvtkPNB3n85xx4aWVukvTIABUa255l8kQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIHIQtSJSPXLTYPntQNo1udEwHbfMB8GA1UdIwQY
MBaAFF2I5PejAkEsMWo7tZnN0gQrX/SFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFlqazk2TUNRU3d4YWp1MW1jM1NCQ3RmOUlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi83NjBjMGYtMTJhYi00ODNkLThjZGIt
NTdlMWQ1YjcyYjJkLzEvZ2NoQzFJbEk5Y3ROZy1lMUEyalc1MFRBZHQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi83NjBjMGYtMTJhYi00ODNkLThjZGItNTdlMWQ1YjcyYjJk
LzEvWFlqazk2TUNRU3d4YWp1MW1jM1NCQ3RmOUlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVDaUAwQA
VDaWMA0GCSqGSIb3DQEBCwUAA4IBAQC1CPo0WM/pL4hy53UYn6Nu95GxDdGOKgFt
STCE6zg5zwenlFjxmh9wnQZb4TP6V1b8t9YhzDw5xwB1Hif9AwCU0MCR5uWr3H/h
cR97jb4sreS/dfalKrDQq8Ol4LeBrDrMnaoJvPODtElIarAId6sB0RILU6lQR4KP
bM9uMUqVD5FL8qCKDaCA+xE5T+KzlX4uKcx/4hedpJwW+uUpZf7nVyceOLGbSeGH
D5yG5I2LA0aTKF9RZE9IZIJHGm4/2XtfKDJd2tdQf6d5P+H9ufJMMKXgCC5/H1Uc
695RRW6519QRKju8RFx4CQDQtHmoZ5ukYJULaY6XbRwKO4t95Wp/
-----END CERTIFICATE-----