Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/8760ad-62c9-483f-bd2f-dc3b632e9e2b/1/gVFQC3-PiAgHdIjsGi9mlmICzRY.roa
File:                     gVFQC3-PiAgHdIjsGi9mlmICzRY.roa (raw, json)
Hash identifier:          knWqGtTk/fZsHddDpCscVW8GShL9cKgPegRItnHJuTQ=
Subject key identifier:   81:51:50:0B:7F:8F:88:08:07:74:88:EC:1A:2F:66:96:62:02:CD:16
Certificate issuer:       /CN=70e2b3417c39c0fe3bbbbc4d523ed437b29c5a1c
Certificate serial:       018CCA2B2B367D0BBEBB43F1B01DC871C38C
Authority key identifier: 70:E2:B3:41:7C:39:C0:FE:3B:BB:BC:4D:52:3E:D4:37:B2:9C:5A:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cOKzQXw5wP47u7xNUj7UN7KcWhw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/8760ad-62c9-483f-bd2f-dc3b632e9e2b/1/gVFQC3-PiAgHdIjsGi9mlmICzRY.roa
Signing time:             Tue 02 Jan 2024 12:34:35 +0000
ROA not before:           Tue 02 Jan 2024 12:34:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1930
IP address blocks:        192.68.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/8760ad-62c9-483f-bd2f-dc3b632e9e2b/1/cOKzQXw5wP47u7xNUj7UN7KcWhw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/8760ad-62c9-483f-bd2f-dc3b632e9e2b/1/cOKzQXw5wP47u7xNUj7UN7KcWhw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cOKzQXw5wP47u7xNUj7UN7KcWhw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:2b:36:7d:0b:be:bb:43:f1:b0:1d:c8:71:c3:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70e2b3417c39c0fe3bbbbc4d523ed437b29c5a1c
        Validity
            Not Before: Jan  2 12:34:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8151500b7f8f8808077488ec1a2f66966202cd16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:5b:d6:ef:44:e3:1f:f8:6d:71:86:14:c3:20:
                    92:d8:06:09:bf:0a:db:9a:4d:38:9a:10:5c:ca:58:
                    1c:68:99:3f:78:8e:8f:33:7d:c4:df:09:7e:37:47:
                    b3:c2:50:99:40:c3:da:e7:9d:c4:bd:9b:5b:2c:a2:
                    43:30:76:ec:b4:1a:58:19:c7:c6:b3:bf:ac:29:10:
                    01:61:69:15:d7:9b:03:fd:41:79:6e:a1:ca:16:e7:
                    4b:32:42:0b:69:8c:42:6d:62:8d:36:f5:75:10:85:
                    7f:b5:e0:dd:a0:20:41:59:8a:db:0b:29:a9:81:b5:
                    a3:60:a9:3d:f2:a5:68:25:ef:2d:95:49:02:ee:fe:
                    03:a7:76:a7:1a:55:54:42:da:5b:ce:4d:1d:bc:e0:
                    18:5c:49:ca:13:7f:4c:a6:76:55:11:49:80:a5:46:
                    0d:b6:03:1d:e5:18:6e:db:e0:25:bc:a1:75:26:ca:
                    6e:9a:e5:57:bf:f6:6f:34:95:b1:57:d1:30:7f:3d:
                    c5:e1:bf:fd:9c:16:23:ec:43:d9:56:ee:c8:54:95:
                    e2:0c:80:0f:ab:e1:5c:48:76:1d:15:b7:fa:07:d5:
                    4e:8e:99:da:a3:10:91:0f:9b:07:d5:72:39:b2:f4:
                    c7:f9:34:a1:2d:b6:d0:3c:1c:83:d1:56:0f:a5:d5:
                    22:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:51:50:0B:7F:8F:88:08:07:74:88:EC:1A:2F:66:96:62:02:CD:16
            X509v3 Authority Key Identifier:
                keyid:70:E2:B3:41:7C:39:C0:FE:3B:BB:BC:4D:52:3E:D4:37:B2:9C:5A:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cOKzQXw5wP47u7xNUj7UN7KcWhw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/8760ad-62c9-483f-bd2f-dc3b632e9e2b/1/gVFQC3-PiAgHdIjsGi9mlmICzRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/8760ad-62c9-483f-bd2f-dc3b632e9e2b/1/cOKzQXw5wP47u7xNUj7UN7KcWhw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.68.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:fe:b6:ee:86:78:ad:26:da:6e:58:eb:2b:f7:ce:25:1f:58:
         ca:6a:a5:e2:56:fb:b3:a0:9e:46:83:d4:57:03:6b:e3:13:58:
         6c:29:73:d3:a7:5a:91:32:30:93:72:76:f8:90:f3:89:7c:29:
         30:86:fa:53:de:1f:08:a6:6e:a0:97:de:81:c6:38:72:03:c4:
         23:64:c1:d0:1e:10:f7:f3:7e:84:f7:4d:02:2b:23:27:0b:01:
         80:d6:4e:83:24:45:91:79:b7:32:50:9e:ed:a5:50:25:38:45:
         c0:73:83:87:1b:e4:87:b1:7c:4d:91:a4:14:d1:49:22:9e:95:
         ea:6f:43:1b:a3:2c:c4:46:52:dd:a7:07:37:27:79:4b:c0:f8:
         b1:19:88:05:79:7c:6b:f3:b7:f1:bd:46:9f:66:9a:61:5b:30:
         b9:7c:fa:a3:92:03:bf:97:36:dc:51:6c:46:e5:30:e3:a8:08:
         60:2f:08:52:f8:aa:64:be:c1:87:71:37:1b:de:66:2d:30:f8:
         69:4b:13:1b:2b:c7:65:8b:4b:f1:a0:7f:48:49:e2:31:9d:75:
         cc:fe:23:95:08:eb:6b:10:dc:a5:6b:f3:25:ba:5d:49:85:3d:
         98:7a:89:95:cd:c4:02:57:3b:d6:51:d1:72:c6:1e:41:d3:59:
         21:e3:19:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKys2fQu+u0PxsB3IccOMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZTJiMzQxN2MzOWMwZmUzYmJiYmM0ZDUyM2VkNDM3YjI5
YzVhMWMwHhcNMjQwMTAyMTIzNDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTUxNTAwYjdmOGY4ODA4MDc3NDg4ZWMxYTJmNjY5NjYyMDJjZDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFvW70TjH/htcYYUwyCS2AYJvwrb
mk04mhBcylgcaJk/eI6PM33E3wl+N0ezwlCZQMPa553EvZtbLKJDMHbstBpYGcfG
s7+sKRABYWkV15sD/UF5bqHKFudLMkILaYxCbWKNNvV1EIV/teDdoCBBWYrbCymp
gbWjYKk98qVoJe8tlUkC7v4Dp3anGlVUQtpbzk0dvOAYXEnKE39MpnZVEUmApUYN
tgMd5Rhu2+AlvKF1JspumuVXv/ZvNJWxV9Ewfz3F4b/9nBYj7EPZVu7IVJXiDIAP
q+FcSHYdFbf6B9VOjpnaoxCRD5sH1XI5svTH+TShLbbQPByD0VYPpdUifwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIFRUAt/j4gIB3SI7BovZpZiAs0WMB8GA1UdIwQY
MBaAFHDis0F8OcD+O7u8TVI+1DeynFocMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY09LelFYdzV3UDQ3dTd4TlVqN1VON0tjV2h3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC84NzYwYWQtNjJjOS00ODNmLWJkMmYt
ZGMzYjYzMmU5ZTJiLzEvZ1ZGUUMzLVBpQWdIZElqc0dpOW1sbUlDelJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC84NzYwYWQtNjJjOS00ODNmLWJkMmYtZGMzYjYzMmU5ZTJi
LzEvY09LelFYdzV3UDQ3dTd4TlVqN1VON0tjV2h3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwETYMA0G
CSqGSIb3DQEBCwUAA4IBAQB7/rbuhnitJtpuWOsr984lH1jKaqXiVvuzoJ5Gg9RX
A2vjE1hsKXPTp1qRMjCTcnb4kPOJfCkwhvpT3h8Ipm6gl96BxjhyA8QjZMHQHhD3
836E900CKyMnCwGA1k6DJEWRebcyUJ7tpVAlOEXAc4OHG+SHsXxNkaQU0UkinpXq
b0MboyzERlLdpwc3J3lLwPixGYgFeXxr87fxvUafZpphWzC5fPqjkgO/lzbcUWxG
5TDjqAhgLwhS+KpkvsGHcTcb3mYtMPhpSxMbK8dli0vxoH9ISeIxnXXM/iOVCOtr
ENyla/Mlul1JhT2YeomVzcQCVzvWUdFyxh5B01kh4xla
-----END CERTIFICATE-----