Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/37fb4a-5c96-4d17-86a0-ebb63a454a91/1/GY81azgW0NCrctpOyyb1MiwcnV8.roa
File:                     GY81azgW0NCrctpOyyb1MiwcnV8.roa (raw, json)
Hash identifier:          C+gxBEbVGocogl7dShWtAZxxdOQZw9WUwp+kz37vNMQ=
Subject key identifier:   19:8F:35:6B:38:16:D0:D0:AB:72:DA:4E:CB:26:F5:32:2C:1C:9D:5F
Certificate issuer:       /CN=c1c05ece6c908ad8882513da3a25a160703bb7f6
Certificate serial:       018CC801D548B87AA816BAFFCDD8973B2210
Authority key identifier: C1:C0:5E:CE:6C:90:8A:D8:88:25:13:DA:3A:25:A1:60:70:3B:B7:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wcBezmyQitiIJRPaOiWhYHA7t_Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/37fb4a-5c96-4d17-86a0-ebb63a454a91/1/GY81azgW0NCrctpOyyb1MiwcnV8.roa
Signing time:             Tue 02 Jan 2024 02:30:12 +0000
ROA not before:           Tue 02 Jan 2024 02:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        141.4.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/37fb4a-5c96-4d17-86a0-ebb63a454a91/1/wcBezmyQitiIJRPaOiWhYHA7t_Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/37fb4a-5c96-4d17-86a0-ebb63a454a91/1/wcBezmyQitiIJRPaOiWhYHA7t_Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wcBezmyQitiIJRPaOiWhYHA7t_Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:d5:48:b8:7a:a8:16:ba:ff:cd:d8:97:3b:22:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1c05ece6c908ad8882513da3a25a160703bb7f6
        Validity
            Not Before: Jan  2 02:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=198f356b3816d0d0ab72da4ecb26f5322c1c9d5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:e4:cf:37:c6:51:de:15:e9:de:89:47:08:d4:
                    19:1a:31:cd:5d:00:f1:02:ed:e8:00:c0:bc:f2:ec:
                    e2:dc:db:7b:eb:c0:ba:9c:f1:73:e0:44:0a:0c:2f:
                    1d:47:9d:5e:cd:d5:a6:52:4f:d4:d1:1a:37:bd:54:
                    d0:9b:7a:ea:3c:a5:6a:90:87:a2:07:98:8c:48:aa:
                    94:fd:2f:31:8e:54:0b:83:c4:28:6e:26:3e:ec:95:
                    c5:11:f9:69:3b:3d:c3:26:eb:86:73:0c:14:1c:71:
                    7c:5e:cb:5a:3b:8b:36:04:ee:87:79:7a:ee:6a:d4:
                    8b:02:d2:68:f2:af:26:a9:9b:c2:b5:f7:e9:17:c2:
                    a7:45:9a:c0:88:18:46:b2:83:f8:4f:f0:87:ec:d8:
                    e6:68:07:f6:bf:0e:97:9d:92:07:c8:d2:5f:e3:47:
                    20:93:7e:ce:d1:5e:7f:7a:46:4b:2b:68:d2:cb:52:
                    ac:de:94:8d:22:b5:dc:f2:99:01:14:fe:24:60:80:
                    27:4b:06:ad:ee:e1:68:82:95:fa:1f:6b:d4:83:e2:
                    ec:4b:93:79:2c:48:bf:cb:3a:09:20:f2:de:03:77:
                    f5:d8:ba:72:df:e6:b1:58:c3:d6:ee:74:cc:82:57:
                    28:a4:cb:03:0b:2d:d3:17:2a:3a:1d:d9:ca:7d:7e:
                    be:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:8F:35:6B:38:16:D0:D0:AB:72:DA:4E:CB:26:F5:32:2C:1C:9D:5F
            X509v3 Authority Key Identifier:
                keyid:C1:C0:5E:CE:6C:90:8A:D8:88:25:13:DA:3A:25:A1:60:70:3B:B7:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wcBezmyQitiIJRPaOiWhYHA7t_Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/37fb4a-5c96-4d17-86a0-ebb63a454a91/1/GY81azgW0NCrctpOyyb1MiwcnV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/37fb4a-5c96-4d17-86a0-ebb63a454a91/1/wcBezmyQitiIJRPaOiWhYHA7t_Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.4.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         34:24:7c:82:80:f3:88:54:11:b2:77:7e:06:87:0d:96:4f:e7:
         41:b6:4c:b1:35:8e:4c:94:54:ef:13:ec:a9:03:72:47:97:a0:
         9d:a3:41:e9:f0:40:14:c9:68:8f:0a:63:46:35:3c:2c:32:c1:
         ce:d6:c0:55:96:f4:ce:e4:fa:ed:97:d8:95:18:6c:cb:5e:21:
         ee:18:3d:f5:74:70:cf:da:f9:25:5e:a6:d4:5a:ed:56:d3:d8:
         e3:ff:52:df:78:21:f7:2c:2b:4f:c9:5d:c1:88:62:37:52:4b:
         8a:3c:e7:c2:21:51:a0:f0:ee:d7:b8:60:c2:18:11:e3:db:f8:
         d0:0d:8a:3c:0a:6e:6c:d0:14:5c:f2:00:3d:d8:29:95:58:5e:
         f1:0e:3b:42:f8:54:30:c0:6d:38:14:1a:2f:8d:9b:b6:6b:f0:
         74:03:c3:da:4d:33:bc:f5:e1:dd:fe:e6:74:c8:65:61:ed:31:
         88:4e:c3:12:75:87:23:e8:f2:2b:f0:55:18:57:59:06:43:08:
         33:94:35:71:d2:a5:ad:88:03:c5:b4:35:b3:c5:c7:1f:29:4e:
         5d:fe:f5:34:4b:43:74:56:d2:96:49:50:5f:0b:4e:d9:57:ce:
         8d:1d:ce:f5:fd:e4:d2:0b:c6:0f:ca:95:5f:cc:16:06:fe:f5:
         b2:cb:48:e3
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzIAdVIuHqoFrr/zdiXOyIQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYzA1ZWNlNmM5MDhhZDg4ODI1MTNkYTNhMjVhMTYwNzAz
YmI3ZjYwHhcNMjQwMTAyMDIzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOThmMzU2YjM4MTZkMGQwYWI3MmRhNGVjYjI2ZjUzMjJjMWM5ZDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+TPN8ZR3hXp3olHCNQZGjHNXQDx
Au3oAMC88uzi3Nt768C6nPFz4EQKDC8dR51ezdWmUk/U0Ro3vVTQm3rqPKVqkIei
B5iMSKqU/S8xjlQLg8QobiY+7JXFEflpOz3DJuuGcwwUHHF8XstaO4s2BO6HeXru
atSLAtJo8q8mqZvCtffpF8KnRZrAiBhGsoP4T/CH7NjmaAf2vw6XnZIHyNJf40cg
k37O0V5/ekZLK2jSy1Ks3pSNIrXc8pkBFP4kYIAnSwat7uFogpX6H2vUg+LsS5N5
LEi/yzoJIPLeA3f12Lpy3+axWMPW7nTMglcopMsDCy3TFyo6HdnKfX6+lQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFBmPNWs4FtDQq3LaTssm9TIsHJ1fMB8GA1UdIwQY
MBaAFMHAXs5skIrYiCUT2joloWBwO7f2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2NCZXpteVFpdGlJSlJQYU9pV2hZSEE3dF9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8zN2ZiNGEtNWM5Ni00ZDE3LTg2YTAt
ZWJiNjNhNDU0YTkxLzEvR1k4MWF6Z1cwTkNyY3RwT3l5YjFNaXdjblY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8zN2ZiNGEtNWM5Ni00ZDE3LTg2YTAtZWJiNjNhNDU0YTkx
LzEvd2NCZXpteVFpdGlJSlJQYU9pV2hZSEE3dF9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjQQwDQYJ
KoZIhvcNAQELBQADggEBADQkfIKA84hUEbJ3fgaHDZZP50G2TLE1jkyUVO8T7KkD
ckeXoJ2jQenwQBTJaI8KY0Y1PCwywc7WwFWW9M7k+u2X2JUYbMteIe4YPfV0cM/a
+SVeptRa7VbT2OP/Ut94IfcsK0/JXcGIYjdSS4o858IhUaDw7te4YMIYEePb+NAN
ijwKbmzQFFzyAD3YKZVYXvEOO0L4VDDAbTgUGi+Nm7Zr8HQDw9pNM7z14d3+5nTI
ZWHtMYhOwxJ1hyPo8ivwVRhXWQZDCDOUNXHSpa2IA8W0NbPFxx8pTl3+9TRLQ3RW
0pZJUF8LTtlXzo0dzvX95NILxg/KlV/MFgb+9bLLSOM=
-----END CERTIFICATE-----