Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/7d3f00-d48c-416f-919e-dc0389f9167d/1/gXnm7OJj9FBnD6F4vIHLJowKXPA.roa
File:                     gXnm7OJj9FBnD6F4vIHLJowKXPA.roa (raw, json)
Hash identifier:          DEA3LN9SBpqoeGVPASt8J4vQQkDVGeMBj15plAUSAlk=
Subject key identifier:   81:79:E6:EC:E2:63:F4:50:67:0F:A1:78:BC:81:CB:26:8C:0A:5C:F0
Certificate issuer:       /CN=971a6cbb2df6e7faccc5853ba5400f1f470eab16
Certificate serial:       018CC8DF82D5AD21C55A16683CB44F974948
Authority key identifier: 97:1A:6C:BB:2D:F6:E7:FA:CC:C5:85:3B:A5:40:0F:1F:47:0E:AB:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lxpsuy325_rMxYU7pUAPH0cOqxY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/7d3f00-d48c-416f-919e-dc0389f9167d/1/gXnm7OJj9FBnD6F4vIHLJowKXPA.roa
Signing time:             Tue 02 Jan 2024 06:32:20 +0000
ROA not before:           Tue 02 Jan 2024 06:32:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35197
IP address blocks:        185.100.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/7d3f00-d48c-416f-919e-dc0389f9167d/1/lxpsuy325_rMxYU7pUAPH0cOqxY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/7d3f00-d48c-416f-919e-dc0389f9167d/1/lxpsuy325_rMxYU7pUAPH0cOqxY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lxpsuy325_rMxYU7pUAPH0cOqxY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:82:d5:ad:21:c5:5a:16:68:3c:b4:4f:97:49:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=971a6cbb2df6e7faccc5853ba5400f1f470eab16
        Validity
            Not Before: Jan  2 06:32:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8179e6ece263f450670fa178bc81cb268c0a5cf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:63:9f:28:57:ef:9a:64:58:19:ce:93:c3:88:
                    19:fd:87:9b:54:bd:8f:83:c8:61:dc:4d:00:fa:b9:
                    0f:8c:10:d9:82:25:bc:0b:f5:22:15:82:e2:d3:5a:
                    a4:85:df:9a:f4:9e:24:41:ad:77:80:91:3d:3b:52:
                    7c:75:5d:2c:0f:54:52:f5:37:27:5d:f3:ff:9f:af:
                    8f:c4:48:e4:a8:7d:80:a5:68:5d:47:f1:8c:61:d0:
                    88:50:2e:19:7e:6c:65:59:cc:fc:40:e8:93:9a:ea:
                    57:d3:f8:ca:69:e6:7f:b5:26:d1:6f:09:2f:56:87:
                    33:03:00:25:29:00:b7:b8:8a:4f:29:89:82:e3:09:
                    ad:a6:22:5a:b3:5d:01:12:41:a6:38:5e:e3:99:0e:
                    05:33:6f:07:a9:8e:92:33:2c:c4:43:b7:45:0f:77:
                    91:48:a3:fb:d9:0f:2d:34:e6:8a:c5:06:d6:48:f2:
                    04:dd:97:33:13:17:37:e0:85:4b:e3:36:69:ea:13:
                    8e:cc:41:9a:41:7f:5d:11:cf:58:f4:98:93:7a:8a:
                    4b:c5:fd:9c:a9:35:41:2a:7b:b0:41:68:ef:66:04:
                    02:3c:f6:26:fb:60:9c:b2:de:3e:c0:34:c7:c9:e6:
                    0b:60:4d:85:ee:30:ba:12:d0:96:b3:be:f1:2b:3c:
                    64:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:79:E6:EC:E2:63:F4:50:67:0F:A1:78:BC:81:CB:26:8C:0A:5C:F0
            X509v3 Authority Key Identifier:
                keyid:97:1A:6C:BB:2D:F6:E7:FA:CC:C5:85:3B:A5:40:0F:1F:47:0E:AB:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lxpsuy325_rMxYU7pUAPH0cOqxY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/7d3f00-d48c-416f-919e-dc0389f9167d/1/gXnm7OJj9FBnD6F4vIHLJowKXPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/7d3f00-d48c-416f-919e-dc0389f9167d/1/lxpsuy325_rMxYU7pUAPH0cOqxY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:fb:b4:88:f2:ab:6c:2e:40:4c:d1:46:6a:01:da:86:96:58:
         c7:39:10:f2:a5:38:03:a2:d4:5f:ff:aa:25:a1:cf:9c:46:35:
         26:ed:93:a4:50:87:91:28:ee:b6:5b:67:56:85:3b:d6:fa:68:
         32:73:18:b9:c7:8b:98:b0:61:95:3b:a4:7f:d5:ed:28:8a:51:
         85:b2:af:b9:6e:65:73:38:13:0b:05:53:fa:e8:c0:d9:40:29:
         86:c3:99:d6:45:b9:58:e1:c0:89:11:93:ea:31:17:c4:71:94:
         2a:04:07:62:1f:03:f3:a4:90:c8:45:dd:5e:53:04:61:46:d1:
         90:b1:88:0b:35:67:42:b9:db:e4:e9:4a:b9:e9:75:83:e0:15:
         41:b9:f5:77:5f:c2:07:50:de:83:45:66:25:87:dd:10:68:bf:
         92:bd:a1:00:01:1f:c8:1a:2c:52:90:8e:4b:48:8f:1f:77:1c:
         e5:c8:1c:41:34:79:3d:b6:aa:f9:c1:96:f3:7d:b0:73:87:ac:
         c7:9b:e0:63:72:b8:22:1b:62:9e:b8:07:78:0b:87:32:0b:00:
         d3:89:24:93:e9:0c:7b:13:72:ed:40:4b:15:be:0c:59:6d:9f:
         45:5f:ad:14:d2:18:78:09:bc:fd:80:ac:85:83:ad:8b:b6:16:
         88:d3:e2:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI34LVrSHFWhZoPLRPl0lIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MWE2Y2JiMmRmNmU3ZmFjY2M1ODUzYmE1NDAwZjFmNDcw
ZWFiMTYwHhcNMjQwMTAyMDYzMjIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTc5ZTZlY2UyNjNmNDUwNjcwZmExNzhiYzgxY2IyNjhjMGE1Y2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmOfKFfvmmRYGc6Tw4gZ/YebVL2P
g8hh3E0A+rkPjBDZgiW8C/UiFYLi01qkhd+a9J4kQa13gJE9O1J8dV0sD1RS9Tcn
XfP/n6+PxEjkqH2ApWhdR/GMYdCIUC4ZfmxlWcz8QOiTmupX0/jKaeZ/tSbRbwkv
VoczAwAlKQC3uIpPKYmC4wmtpiJas10BEkGmOF7jmQ4FM28HqY6SMyzEQ7dFD3eR
SKP72Q8tNOaKxQbWSPIE3ZczExc34IVL4zZp6hOOzEGaQX9dEc9Y9JiTeopLxf2c
qTVBKnuwQWjvZgQCPPYm+2Ccst4+wDTHyeYLYE2F7jC6EtCWs77xKzxk2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIF55uziY/RQZw+heLyByyaMClzwMB8GA1UdIwQY
MBaAFJcabLst9uf6zMWFO6VADx9HDqsWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHhwc3V5MzI1X3JNeFlVN3BVQVBIMGNPcXhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS83ZDNmMDAtZDQ4Yy00MTZmLTkxOWUt
ZGMwMzg5ZjkxNjdkLzEvZ1hubTdPSmo5RkJuRDZGNHZJSExKb3dLWFBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS83ZDNmMDAtZDQ4Yy00MTZmLTkxOWUtZGMwMzg5ZjkxNjdk
LzEvbHhwc3V5MzI1X3JNeFlVN3BVQVBIMGNPcXhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWTLMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ+7SI8qtsLkBM0UZqAdqGlljHORDypTgDotRf/6ol
oc+cRjUm7ZOkUIeRKO62W2dWhTvW+mgycxi5x4uYsGGVO6R/1e0oilGFsq+5bmVz
OBMLBVP66MDZQCmGw5nWRblY4cCJEZPqMRfEcZQqBAdiHwPzpJDIRd1eUwRhRtGQ
sYgLNWdCudvk6Uq56XWD4BVBufV3X8IHUN6DRWYlh90QaL+SvaEAAR/IGixSkI5L
SI8fdxzlyBxBNHk9tqr5wZbzfbBzh6zHm+BjcrgiG2KeuAd4C4cyCwDTiSST6Qx7
E3LtQEsVvgxZbZ9FX60U0hh4Cbz9gKyFg62LthaI0+LG
-----END CERTIFICATE-----