Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/9ae9ad-6a8c-47cb-bdd1-57d8030b61e1/1/gdTGgL5HfNwRju2ijxYPWfRjtj4.roa
File:                     gdTGgL5HfNwRju2ijxYPWfRjtj4.roa (raw, json)
Hash identifier:          RJTyD3dYmZuxCDXxWQzfe/a6qUC2e97rWqcheVagxzM=
Subject key identifier:   81:D4:C6:80:BE:47:7C:DC:11:8E:ED:A2:8F:16:0F:59:F4:63:B6:3E
Certificate issuer:       /CN=92214a90d4095fd26765cc0e4df899e8c46c06df
Certificate serial:       018CC649D72E044CFC7552F9E122AAC7C524
Authority key identifier: 92:21:4A:90:D4:09:5F:D2:67:65:CC:0E:4D:F8:99:E8:C4:6C:06:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kiFKkNQJX9JnZcwOTfiZ6MRsBt8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/9ae9ad-6a8c-47cb-bdd1-57d8030b61e1/1/gdTGgL5HfNwRju2ijxYPWfRjtj4.roa
Signing time:             Mon 01 Jan 2024 18:29:37 +0000
ROA not before:           Mon 01 Jan 2024 18:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206978
IP address blocks:        185.196.29.0/24 maxlen: 24
                          2a03:e440::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/9ae9ad-6a8c-47cb-bdd1-57d8030b61e1/1/kiFKkNQJX9JnZcwOTfiZ6MRsBt8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/9ae9ad-6a8c-47cb-bdd1-57d8030b61e1/1/kiFKkNQJX9JnZcwOTfiZ6MRsBt8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kiFKkNQJX9JnZcwOTfiZ6MRsBt8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 22:02:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:d7:2e:04:4c:fc:75:52:f9:e1:22:aa:c7:c5:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92214a90d4095fd26765cc0e4df899e8c46c06df
        Validity
            Not Before: Jan  1 18:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81d4c680be477cdc118eeda28f160f59f463b63e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:5d:50:a1:9d:af:cc:e2:0e:a0:ae:f3:ed:63:
                    fb:0b:57:85:32:50:81:02:c5:1b:8b:30:dc:37:ae:
                    31:f6:2a:23:09:ba:b8:6e:1d:0a:04:42:73:3c:0f:
                    83:e2:d5:81:57:7b:33:b4:36:0e:1b:fe:cb:1e:58:
                    7e:58:8f:1d:3e:48:80:43:55:78:41:28:8a:a6:9b:
                    b7:37:5c:b7:f9:df:6d:63:97:0e:4b:14:7f:40:2e:
                    4e:c8:99:81:e3:22:68:ac:6b:ce:82:b2:26:4f:ef:
                    d8:28:05:4e:49:54:33:39:4f:4a:5e:b4:9c:5a:bf:
                    52:2e:9d:e5:22:84:9a:00:43:a0:25:06:20:f2:0a:
                    ee:79:a1:70:d1:9a:02:78:1f:80:a3:16:f6:24:7c:
                    83:7c:fc:9b:c7:63:f2:48:b0:52:75:fb:cc:3f:cf:
                    42:9c:ab:64:7f:9a:07:41:f6:e8:9f:c1:50:5b:22:
                    59:2e:e3:2d:e4:21:01:d5:a1:b6:94:d6:3a:a2:c2:
                    d3:83:6d:90:52:f9:73:8a:2e:6e:a2:1c:e0:ea:7c:
                    d8:50:41:54:09:f1:76:f3:f0:dd:73:de:b4:a6:43:
                    d8:10:dc:58:4c:70:61:c4:09:75:aa:d2:6f:b3:f3:
                    37:0c:45:95:a0:70:5e:aa:ba:0d:a0:d7:d0:33:54:
                    d4:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:D4:C6:80:BE:47:7C:DC:11:8E:ED:A2:8F:16:0F:59:F4:63:B6:3E
            X509v3 Authority Key Identifier:
                keyid:92:21:4A:90:D4:09:5F:D2:67:65:CC:0E:4D:F8:99:E8:C4:6C:06:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kiFKkNQJX9JnZcwOTfiZ6MRsBt8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/9ae9ad-6a8c-47cb-bdd1-57d8030b61e1/1/gdTGgL5HfNwRju2ijxYPWfRjtj4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/9ae9ad-6a8c-47cb-bdd1-57d8030b61e1/1/kiFKkNQJX9JnZcwOTfiZ6MRsBt8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.29.0/24
                IPv6:
                  2a03:e440::/29

    Signature Algorithm: sha256WithRSAEncryption
         6e:5c:c3:4e:2a:b2:96:e2:9b:17:43:92:e7:46:15:3d:47:42:
         f7:39:50:bb:5f:16:ad:73:a2:f1:a0:84:4b:21:66:94:4d:df:
         14:4c:be:4a:99:2c:20:13:fe:e0:fd:1e:82:0c:e8:28:14:55:
         a3:41:40:3f:75:b8:e8:5d:df:06:5d:d5:3f:ad:e0:ee:3e:27:
         48:ed:50:7c:1f:83:48:a2:e0:3f:33:9e:4d:d0:f8:31:88:0a:
         0e:93:ae:e8:d8:92:b6:4f:ac:73:79:22:5a:55:d6:95:98:6c:
         af:30:5e:0a:6c:c4:4d:7e:ba:4c:87:7d:15:1d:e8:6f:c7:b5:
         fe:ab:5d:05:bd:0b:ca:0e:d1:7e:7d:f2:ef:92:52:00:4c:5a:
         76:74:75:54:e4:fc:91:aa:ad:33:a4:9e:a1:c2:34:9c:82:a5:
         3c:7d:24:85:39:04:f2:98:bd:da:30:77:da:f6:ab:82:57:af:
         60:03:e7:18:4e:45:2c:22:b5:2f:65:0c:13:77:b9:1c:95:15:
         bc:2d:41:c5:85:a2:16:28:b7:aa:2e:7a:0c:b6:57:ff:a0:30:
         58:f4:a1:c8:25:07:b0:f9:b6:37:c6:d1:dd:ef:8b:68:61:8e:
         b5:a5:db:3b:0e:9a:8f:f0:97:5e:47:58:93:22:61:2e:34:b7:
         2a:8f:23:07
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGSdcuBEz8dVL54SKqx8UkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMjE0YTkwZDQwOTVmZDI2NzY1Y2MwZTRkZjg5OWU4YzQ2
YzA2ZGYwHhcNMjQwMTAxMTgyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWQ0YzY4MGJlNDc3Y2RjMTE4ZWVkYTI4ZjE2MGY1OWY0NjNiNjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx11QoZ2vzOIOoK7z7WP7C1eFMlCB
AsUbizDcN64x9iojCbq4bh0KBEJzPA+D4tWBV3sztDYOG/7LHlh+WI8dPkiAQ1V4
QSiKppu3N1y3+d9tY5cOSxR/QC5OyJmB4yJorGvOgrImT+/YKAVOSVQzOU9KXrSc
Wr9SLp3lIoSaAEOgJQYg8grueaFw0ZoCeB+Aoxb2JHyDfPybx2PySLBSdfvMP89C
nKtkf5oHQfbon8FQWyJZLuMt5CEB1aG2lNY6osLTg22QUvlzii5uohzg6nzYUEFU
CfF28/Ddc960pkPYENxYTHBhxAl1qtJvs/M3DEWVoHBeqroNoNfQM1TU1wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIHUxoC+R3zcEY7too8WD1n0Y7Y+MB8GA1UdIwQY
MBaAFJIhSpDUCV/SZ2XMDk34mejEbAbfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2lGS2tOUUpYOUpuWmN3T1RmaVo2TVJzQnQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi85YWU5YWQtNmE4Yy00N2NiLWJkZDEt
NTdkODAzMGI2MWUxLzEvZ2RUR2dMNUhmTndSanUyaWp4WVBXZlJqdGo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi85YWU5YWQtNmE4Yy00N2NiLWJkZDEtNTdkODAzMGI2MWUx
LzEva2lGS2tOUUpYOUpuWmN3T1RmaVo2TVJzQnQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAucQdMA0E
AgACMAcDBQMqA+RAMA0GCSqGSIb3DQEBCwUAA4IBAQBuXMNOKrKW4psXQ5LnRhU9
R0L3OVC7Xxatc6LxoIRLIWaUTd8UTL5KmSwgE/7g/R6CDOgoFFWjQUA/dbjoXd8G
XdU/reDuPidI7VB8H4NIouA/M55N0PgxiAoOk67o2JK2T6xzeSJaVdaVmGyvMF4K
bMRNfrpMh30VHehvx7X+q10FvQvKDtF+ffLvklIATFp2dHVU5PyRqq0zpJ6hwjSc
gqU8fSSFOQTymL3aMHfa9quCV69gA+cYTkUsIrUvZQwTd7kclRW8LUHFhaIWKLeq
LnoMtlf/oDBY9KHIJQew+bY3xtHd74toYY61pds7DpqP8JdeR1iTImEuNLcqjyMH
-----END CERTIFICATE-----