Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/b9f29b-ee3d-4bde-adc6-43e91e5ef145/1/G-I2s73RA53gv5Zn7vKqiN6ibEs.roa
File:                     G-I2s73RA53gv5Zn7vKqiN6ibEs.roa (raw, json)
Hash identifier:          Yi9Mn6mQMvxn2+JIGZov39pIUKQzg+KgeZ9fwDM8NfU=
Subject key identifier:   1B:E2:36:B3:BD:D1:03:9D:E0:BF:96:67:EE:F2:AA:88:DE:A2:6C:4B
Certificate issuer:       /CN=ecd6bdacc521edca4c076048da86fed5dcd61220
Certificate serial:       018F05CD8ECAF8D5228CDEBD898281916173
Authority key identifier: EC:D6:BD:AC:C5:21:ED:CA:4C:07:60:48:DA:86:FE:D5:DC:D6:12:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7Na9rMUh7cpMB2BI2ob-1dzWEiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/b9f29b-ee3d-4bde-adc6-43e91e5ef145/1/G-I2s73RA53gv5Zn7vKqiN6ibEs.roa
Signing time:             Mon 22 Apr 2024 12:35:08 +0000
ROA not before:           Mon 22 Apr 2024 12:35:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56851
IP address blocks:        45.83.192.0/22 maxlen: 24
                          62.192.154.0/24 maxlen: 24
                          176.105.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/b9f29b-ee3d-4bde-adc6-43e91e5ef145/1/7Na9rMUh7cpMB2BI2ob-1dzWEiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/b9f29b-ee3d-4bde-adc6-43e91e5ef145/1/7Na9rMUh7cpMB2BI2ob-1dzWEiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7Na9rMUh7cpMB2BI2ob-1dzWEiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 06:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:05:cd:8e:ca:f8:d5:22:8c:de:bd:89:82:81:91:61:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ecd6bdacc521edca4c076048da86fed5dcd61220
        Validity
            Not Before: Apr 22 12:35:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1be236b3bdd1039de0bf9667eef2aa88dea26c4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:c3:ba:ad:2a:10:04:42:d1:65:9f:ed:d9:21:
                    89:f4:7b:6d:98:ac:77:31:1f:a2:44:72:61:73:21:
                    16:7c:68:9c:bc:77:3c:7e:73:5b:ff:e1:73:6b:00:
                    3b:d1:f1:15:e6:a3:a6:40:ff:ab:10:7a:66:b4:b3:
                    59:8d:dd:d3:45:53:ea:4b:2b:81:e8:ff:9c:6c:9a:
                    77:21:82:74:94:f7:17:72:ee:5a:7a:7d:fe:04:04:
                    50:f2:7c:d2:c2:09:0a:84:be:4f:fa:39:c1:f0:26:
                    9c:4c:ad:ed:ed:0d:d5:d3:94:97:3a:0f:c3:27:64:
                    7d:5e:8e:ac:07:fd:dc:9d:b5:60:7f:70:2e:f8:aa:
                    73:e0:e0:26:95:cb:b3:10:78:23:d2:a8:8d:c8:f9:
                    8f:75:bd:c6:3c:76:12:84:ce:ba:c4:26:a7:cc:f4:
                    29:d1:31:a1:b0:ad:e8:93:6b:93:d8:ae:b6:a1:02:
                    73:26:aa:d2:7e:0f:5b:d2:75:60:9a:2f:9f:93:ba:
                    5c:bf:03:74:2d:e0:b1:f1:13:24:2a:42:69:63:a9:
                    16:1f:40:38:ca:5b:a9:06:d3:d9:6c:75:09:08:ae:
                    b6:4e:3a:a6:96:9d:e7:28:95:51:fb:d4:56:f8:fa:
                    60:6d:6e:d0:6b:53:44:fd:31:57:93:e8:6a:95:f5:
                    f9:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:E2:36:B3:BD:D1:03:9D:E0:BF:96:67:EE:F2:AA:88:DE:A2:6C:4B
            X509v3 Authority Key Identifier:
                keyid:EC:D6:BD:AC:C5:21:ED:CA:4C:07:60:48:DA:86:FE:D5:DC:D6:12:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7Na9rMUh7cpMB2BI2ob-1dzWEiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/b9f29b-ee3d-4bde-adc6-43e91e5ef145/1/G-I2s73RA53gv5Zn7vKqiN6ibEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/b9f29b-ee3d-4bde-adc6-43e91e5ef145/1/7Na9rMUh7cpMB2BI2ob-1dzWEiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.192.0/22
                  62.192.154.0/24
                  176.105.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:37:cd:bc:70:eb:43:9c:48:06:41:93:38:3d:5f:3e:b4:73:
         b2:ab:0a:cc:f9:b3:b4:c9:64:f1:4e:6a:2a:71:b9:b6:bf:65:
         66:32:00:91:1a:14:e4:ab:0d:73:57:4a:a5:78:99:7f:c0:57:
         99:40:7b:eb:08:67:67:6e:5d:58:22:8e:97:d9:3e:a1:30:3a:
         08:c5:62:b6:c4:d6:91:bb:e1:8f:04:91:81:01:56:18:62:08:
         cf:7b:12:d9:05:54:be:e3:75:42:9c:f1:4b:cf:aa:4d:fc:3e:
         4f:d0:b9:bd:3e:02:05:8f:e8:89:05:39:25:26:c3:be:a2:1f:
         65:4f:06:34:c4:a2:f2:f8:19:8a:87:b3:db:5e:1f:d3:15:d6:
         b6:62:f2:ac:bd:d7:30:37:4e:87:30:71:b2:9d:31:fd:b1:aa:
         d0:97:52:34:da:95:02:37:87:81:88:5b:d6:13:ef:d2:72:3d:
         52:49:b9:bb:70:12:94:7f:0b:7b:20:4a:54:c5:57:74:cb:38:
         d3:c1:96:5d:38:89:2f:ea:27:b2:06:a8:51:b9:54:88:4f:af:
         d1:58:db:cb:b7:3e:b5:59:ce:b4:16:67:ea:25:d7:e2:ad:23:
         6c:1f:2a:33:5f:4c:d1:9c:75:9b:bf:a1:5b:fc:67:13:46:dc:
         23:94:24:5d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY8FzY7K+NUijN69iYKBkWFzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjZDZiZGFjYzUyMWVkY2E0YzA3NjA0OGRhODZmZWQ1ZGNk
NjEyMjAwHhcNMjQwNDIyMTIzNTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmUyMzZiM2JkZDEwMzlkZTBiZjk2NjdlZWYyYWE4OGRlYTI2YzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8O6rSoQBELRZZ/t2SGJ9HttmKx3
MR+iRHJhcyEWfGicvHc8fnNb/+FzawA70fEV5qOmQP+rEHpmtLNZjd3TRVPqSyuB
6P+cbJp3IYJ0lPcXcu5aen3+BARQ8nzSwgkKhL5P+jnB8CacTK3t7Q3V05SXOg/D
J2R9Xo6sB/3cnbVgf3Au+Kpz4OAmlcuzEHgj0qiNyPmPdb3GPHYShM66xCanzPQp
0TGhsK3ok2uT2K62oQJzJqrSfg9b0nVgmi+fk7pcvwN0LeCx8RMkKkJpY6kWH0A4
ylupBtPZbHUJCK62Tjqmlp3nKJVR+9RW+PpgbW7Qa1NE/TFXk+hqlfX5cQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBviNrO90QOd4L+WZ+7yqojeomxLMB8GA1UdIwQY
MBaAFOzWvazFIe3KTAdgSNqG/tXc1hIgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN05hOXJNVWg3Y3BNQjJCSTJvYi0xZHpXRWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9iOWYyOWItZWUzZC00YmRlLWFkYzYt
NDNlOTFlNWVmMTQ1LzEvRy1JMnM3M1JBNTNndjVabjd2S3FpTjZpYkVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9iOWYyOWItZWUzZC00YmRlLWFkYzYtNDNlOTFlNWVmMTQ1
LzEvN05hOXJNVWg3Y3BNQjJCSTJvYi0xZHpXRWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLVPAAwQA
PsCaAwQAsGnpMA0GCSqGSIb3DQEBCwUAA4IBAQASN828cOtDnEgGQZM4PV8+tHOy
qwrM+bO0yWTxTmoqcbm2v2VmMgCRGhTkqw1zV0qleJl/wFeZQHvrCGdnbl1YIo6X
2T6hMDoIxWK2xNaRu+GPBJGBAVYYYgjPexLZBVS+43VCnPFLz6pN/D5P0Lm9PgIF
j+iJBTklJsO+oh9lTwY0xKLy+BmKh7PbXh/TFda2YvKsvdcwN06HMHGynTH9sarQ
l1I02pUCN4eBiFvWE+/Scj1SSbm7cBKUfwt7IEpUxVd0yzjTwZZdOIkv6ieyBqhR
uVSIT6/RWNvLtz61Wc60FmfqJdfirSNsHyozX0zRnHWbv6Fb/GcTRtwjlCRd
-----END CERTIFICATE-----