Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/goEnzwxsdhS-Ip9YSE4oqIVgzJs.roa
File:                     goEnzwxsdhS-Ip9YSE4oqIVgzJs.roa (raw, json)
Hash identifier:          qcHrRY7jb8ZAflCx4FpnInBN6l+eQZRBY8ruiCukHPQ=
Subject key identifier:   82:81:27:CF:0C:6C:76:14:BE:22:9F:58:48:4E:28:A8:85:60:CC:9B
Certificate issuer:       /CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
Certificate serial:       018F052D5813E43FA8EF1C144499DB90626B
Authority key identifier: F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/goEnzwxsdhS-Ip9YSE4oqIVgzJs.roa
Signing time:             Mon 22 Apr 2024 09:40:08 +0000
ROA not before:           Mon 22 Apr 2024 09:40:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203172
IP address blocks:        123.253.212.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:05:2d:58:13:e4:3f:a8:ef:1c:14:44:99:db:90:62:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
        Validity
            Not Before: Apr 22 09:40:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=828127cf0c6c7614be229f58484e28a88560cc9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d4:b8:bc:44:4c:5c:11:dd:87:f6:a2:b4:af:
                    8e:3e:04:61:cb:2f:58:3e:83:53:16:b2:76:55:a3:
                    c8:67:c3:e8:13:a7:b7:e9:b2:f0:53:b8:7e:28:1a:
                    a9:cd:12:bc:0c:11:06:4c:7a:ea:44:70:3d:a3:54:
                    a6:64:b9:6e:63:5d:7d:85:54:70:c5:c8:c8:33:67:
                    34:52:3f:b0:cd:24:cb:77:ba:12:15:c7:77:4b:78:
                    76:76:e6:97:71:12:b6:66:1f:34:46:52:62:79:06:
                    57:c3:e9:85:16:fe:9e:40:37:f1:3c:91:4f:c2:01:
                    a0:95:50:80:1a:7e:8f:47:97:67:a3:71:28:fa:ee:
                    9e:da:e9:6d:19:38:cf:fd:33:ae:30:97:6c:74:16:
                    f5:cf:73:cd:00:9a:51:5d:8d:b5:1d:8c:1f:ca:47:
                    19:e3:0f:74:d0:5e:91:4c:23:d4:43:b5:eb:ea:c2:
                    2a:36:73:c8:78:29:9c:3e:93:a6:60:21:28:1e:a8:
                    c0:35:d1:ac:b5:3e:0e:8b:e2:f7:bf:f4:40:95:f8:
                    35:a2:96:da:ea:e2:a7:84:6a:cb:56:fb:0d:fa:8d:
                    84:3f:53:47:09:76:6f:a7:4c:8b:9e:52:2e:4a:da:
                    01:81:e1:38:4a:53:56:8e:48:26:44:86:af:52:a5:
                    5c:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:81:27:CF:0C:6C:76:14:BE:22:9F:58:48:4E:28:A8:85:60:CC:9B
            X509v3 Authority Key Identifier:
                keyid:F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/goEnzwxsdhS-Ip9YSE4oqIVgzJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  123.253.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7f:bd:f5:59:8b:e3:75:63:43:de:ab:87:bf:b5:d2:e8:72:50:
         f7:1c:d4:33:95:17:2d:4e:a7:20:3a:d6:0b:51:e2:98:0d:6b:
         a4:c6:8a:fc:b4:99:4a:4e:fb:af:25:f3:b2:05:f0:e7:e8:a8:
         90:0d:73:1b:00:20:16:39:d2:c6:3a:6e:71:d4:1e:48:ac:1e:
         2f:79:8d:98:7b:94:40:68:f3:83:39:07:15:52:92:99:1e:47:
         9b:bd:87:c2:77:96:f1:ee:04:51:6d:8f:a6:71:82:54:07:56:
         97:1d:40:67:dc:84:fd:b1:78:e5:73:1a:a3:1e:6e:93:02:6a:
         f3:50:a1:f1:a9:66:05:13:7e:10:00:8a:a3:3d:fa:30:be:91:
         fc:ea:60:b2:06:3b:ed:f2:3b:81:0a:34:ea:f7:27:56:2e:5a:
         82:71:e9:73:83:f0:62:d3:00:2e:e4:c2:fb:e6:86:63:97:24:
         d6:f0:e2:c6:48:83:ea:15:5f:c3:9c:7c:23:67:68:99:09:4d:
         c1:cf:69:e8:7b:49:85:07:12:dc:77:b1:87:7a:b9:f6:91:bb:
         8b:44:63:93:2e:68:ad:2d:e3:1f:82:1c:ee:dc:d3:84:4f:00:
         ad:59:dc:42:7f:40:8f:d7:57:d7:c1:39:55:33:d9:e4:2b:2a:
         84:6d:13:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8FLVgT5D+o7xwURJnbkGJrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGViMjA0ZjM1ODAwNDc4ODIyNGUyZmIxOGU0ZDVlNzRi
ZWJmOGQwHhcNMjQwNDIyMDk0MDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjgxMjdjZjBjNmM3NjE0YmUyMjlmNTg0ODRlMjhhODg1NjBjYzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNS4vERMXBHdh/aitK+OPgRhyy9Y
PoNTFrJ2VaPIZ8PoE6e36bLwU7h+KBqpzRK8DBEGTHrqRHA9o1SmZLluY119hVRw
xcjIM2c0Uj+wzSTLd7oSFcd3S3h2duaXcRK2Zh80RlJieQZXw+mFFv6eQDfxPJFP
wgGglVCAGn6PR5dno3Eo+u6e2ultGTjP/TOuMJdsdBb1z3PNAJpRXY21HYwfykcZ
4w900F6RTCPUQ7Xr6sIqNnPIeCmcPpOmYCEoHqjANdGstT4Oi+L3v/RAlfg1opba
6uKnhGrLVvsN+o2EP1NHCXZvp0yLnlIuStoBgeE4SlNWjkgmRIavUqVcUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIKBJ88MbHYUviKfWEhOKKiFYMybMB8GA1UdIwQY
MBaAFPBOsgTzWABHiCJOL7GOTV50vr+NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMt
NWM1ODkyYWZhNDg3LzEvZ29Fbnp3eHNkaFMtSXA5WVNFNG9xSVZnekpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMtNWM1ODkyYWZhNDg3
LzEvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBe/3UMA0G
CSqGSIb3DQEBCwUAA4IBAQB/vfVZi+N1Y0Peq4e/tdLoclD3HNQzlRctTqcgOtYL
UeKYDWukxor8tJlKTvuvJfOyBfDn6KiQDXMbACAWOdLGOm5x1B5IrB4veY2Ye5RA
aPODOQcVUpKZHkebvYfCd5bx7gRRbY+mcYJUB1aXHUBn3IT9sXjlcxqjHm6TAmrz
UKHxqWYFE34QAIqjPfowvpH86mCyBjvt8juBCjTq9ydWLlqCcelzg/Bi0wAu5ML7
5oZjlyTW8OLGSIPqFV/DnHwjZ2iZCU3Bz2noe0mFBxLcd7GHern2kbuLRGOTLmit
LeMfghzu3NOETwCtWdxCf0CP11fXwTlVM9nkKyqEbRNJ
-----END CERTIFICATE-----