Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/6d4759-a05e-46bc-be58-669eed2ec7ea/1/GG899dySjncoJHr7vr75jXYSw3Y.roa
File:                     GG899dySjncoJHr7vr75jXYSw3Y.roa (raw, json)
Hash identifier:          h9fw3o3cIyWYQwgvriTMCY6Xf5dEMW5UtZMCvuRsxyo=
Subject key identifier:   18:6F:3D:F5:DC:92:8E:77:28:24:7A:FB:BE:BE:F9:8D:76:12:C3:76
Certificate issuer:       /CN=ba76706d3e08813db8b2776628af846518e26dd2
Certificate serial:       018CC56E8D42467CC179B2B391C01CBF6A7B
Authority key identifier: BA:76:70:6D:3E:08:81:3D:B8:B2:77:66:28:AF:84:65:18:E2:6D:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/unZwbT4IgT24sndmKK-EZRjibdI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/6d4759-a05e-46bc-be58-669eed2ec7ea/1/GG899dySjncoJHr7vr75jXYSw3Y.roa
Signing time:             Mon 01 Jan 2024 14:30:05 +0000
ROA not before:           Mon 01 Jan 2024 14:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203205
IP address blocks:        185.125.8.0/24 maxlen: 24
                          185.125.8.0/22 maxlen: 22
                          185.125.11.0/24 maxlen: 24
                          185.125.10.0/24 maxlen: 24
                          185.125.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/6d4759-a05e-46bc-be58-669eed2ec7ea/1/unZwbT4IgT24sndmKK-EZRjibdI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/6d4759-a05e-46bc-be58-669eed2ec7ea/1/unZwbT4IgT24sndmKK-EZRjibdI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/unZwbT4IgT24sndmKK-EZRjibdI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:8d:42:46:7c:c1:79:b2:b3:91:c0:1c:bf:6a:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba76706d3e08813db8b2776628af846518e26dd2
        Validity
            Not Before: Jan  1 14:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=186f3df5dc928e7728247afbbebef98d7612c376
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:d5:0d:4b:0b:4e:3e:c3:aa:9c:a9:c9:c3:4e:
                    2e:5f:1f:f8:cd:33:89:d3:5b:51:9c:79:bb:58:e0:
                    7f:87:6c:d1:0f:3d:56:14:6f:26:5c:ab:80:18:7a:
                    e1:a4:2f:aa:e4:39:8a:81:b6:0a:bb:ce:f2:d1:a8:
                    47:cb:42:b0:7c:62:62:a6:5b:71:47:5c:9e:70:95:
                    2f:a2:8f:9d:ec:f0:7e:47:95:f0:bb:a6:07:2c:07:
                    6e:37:a1:ac:e1:c5:bc:90:37:5b:c4:a4:f1:31:8f:
                    a2:ba:b9:28:41:c2:38:a4:69:09:50:56:95:ec:37:
                    ff:8b:fd:67:68:5d:07:9a:2d:e5:e7:dd:a0:e1:68:
                    ba:29:e6:5e:56:73:79:ea:b0:1f:5f:28:10:ed:d5:
                    cb:b0:ba:fd:75:a7:70:38:05:b0:46:8d:9a:56:4a:
                    d5:e4:c6:20:9c:6d:eb:fb:dc:bf:d0:bb:2b:73:81:
                    12:42:3c:b4:06:0f:30:6c:88:7a:31:f5:68:6b:2a:
                    ab:e0:ad:93:6d:c5:ec:52:73:ea:9a:25:9e:ec:5a:
                    27:b4:74:98:42:16:a0:9f:d6:5b:eb:83:19:f5:cb:
                    a8:9a:23:ba:3c:30:d4:30:c9:5a:32:34:fa:53:6e:
                    cf:8d:d2:33:49:d1:f7:3b:12:1b:ca:f0:9b:bc:58:
                    bf:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:6F:3D:F5:DC:92:8E:77:28:24:7A:FB:BE:BE:F9:8D:76:12:C3:76
            X509v3 Authority Key Identifier:
                keyid:BA:76:70:6D:3E:08:81:3D:B8:B2:77:66:28:AF:84:65:18:E2:6D:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/unZwbT4IgT24sndmKK-EZRjibdI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/6d4759-a05e-46bc-be58-669eed2ec7ea/1/GG899dySjncoJHr7vr75jXYSw3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/6d4759-a05e-46bc-be58-669eed2ec7ea/1/unZwbT4IgT24sndmKK-EZRjibdI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         60:63:4a:7b:f7:29:6d:cb:a9:44:95:68:bf:5f:ba:e0:bf:45:
         49:c7:96:45:17:9f:da:ae:ac:25:7d:e6:43:9d:f7:d7:69:76:
         76:1a:bb:b4:7d:3e:d6:09:ca:c8:62:59:5d:89:44:51:75:f1:
         dc:0b:ce:7b:ea:cc:73:3b:2f:96:7f:5c:b3:8a:2f:d3:6d:0d:
         43:69:2e:2c:5d:ed:91:cf:68:8b:04:18:17:85:0f:69:34:33:
         6d:c0:3e:95:f9:c2:b0:7a:16:a0:b3:91:49:21:c1:b3:d5:6c:
         4a:6f:29:ae:01:2b:0a:63:9a:29:4b:76:67:70:4b:6e:05:7c:
         92:ec:30:3b:17:97:eb:fa:55:b9:1a:fc:6e:42:70:b0:39:70:
         97:c6:68:8c:c4:c0:5e:12:fb:8d:75:88:27:00:12:b4:ee:a3:
         ef:95:0e:1a:e6:58:cd:6d:c1:37:ba:20:cb:60:bf:d5:c7:f0:
         e4:c0:85:47:20:3d:ae:d5:56:50:a1:b1:65:e9:88:85:c0:5c:
         17:94:54:42:ba:37:bf:51:f1:fb:1b:ee:06:de:19:1a:06:84:
         47:94:ac:3f:fd:bb:10:ec:9d:59:5c:b4:41:d7:f3:fa:62:d7:
         ca:90:6b:f9:15:2c:0c:2a:25:0e:bb:60:ed:68:08:f8:35:c9:
         71:5a:6c:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbo1CRnzBebKzkcAcv2p7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNzY3MDZkM2UwODgxM2RiOGIyNzc2NjI4YWY4NDY1MThl
MjZkZDIwHhcNMjQwMTAxMTQzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODZmM2RmNWRjOTI4ZTc3MjgyNDdhZmJiZWJlZjk4ZDc2MTJjMzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjtUNSwtOPsOqnKnJw04uXx/4zTOJ
01tRnHm7WOB/h2zRDz1WFG8mXKuAGHrhpC+q5DmKgbYKu87y0ahHy0KwfGJipltx
R1yecJUvoo+d7PB+R5Xwu6YHLAduN6Gs4cW8kDdbxKTxMY+iurkoQcI4pGkJUFaV
7Df/i/1naF0Hmi3l592g4Wi6KeZeVnN56rAfXygQ7dXLsLr9dadwOAWwRo2aVkrV
5MYgnG3r+9y/0Lsrc4ESQjy0Bg8wbIh6MfVoayqr4K2TbcXsUnPqmiWe7FontHSY
Qhagn9Zb64MZ9cuomiO6PDDUMMlaMjT6U27PjdIzSdH3OxIbyvCbvFi/SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBhvPfXcko53KCR6+76++Y12EsN2MB8GA1UdIwQY
MBaAFLp2cG0+CIE9uLJ3ZiivhGUY4m3SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW5ad2JUNElnVDI0c25kbUtLLUVaUmppYmRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy82ZDQ3NTktYTA1ZS00NmJjLWJlNTgt
NjY5ZWVkMmVjN2VhLzEvR0c4OTlkeVNqbmNvSkhyN3ZyNzVqWFlTdzNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy82ZDQ3NTktYTA1ZS00NmJjLWJlNTgtNjY5ZWVkMmVjN2Vh
LzEvdW5ad2JUNElnVDI0c25kbUtLLUVaUmppYmRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuX0IMA0G
CSqGSIb3DQEBCwUAA4IBAQBgY0p79ylty6lElWi/X7rgv0VJx5ZFF5/arqwlfeZD
nffXaXZ2Gru0fT7WCcrIYlldiURRdfHcC8576sxzOy+Wf1yzii/TbQ1DaS4sXe2R
z2iLBBgXhQ9pNDNtwD6V+cKwehags5FJIcGz1WxKbymuASsKY5opS3ZncEtuBXyS
7DA7F5fr+lW5GvxuQnCwOXCXxmiMxMBeEvuNdYgnABK07qPvlQ4a5ljNbcE3uiDL
YL/Vx/DkwIVHID2u1VZQobFl6YiFwFwXlFRCuje/UfH7G+4G3hkaBoRHlKw//bsQ
7J1ZXLRB1/P6YtfKkGv5FSwMKiUOu2DtaAj4NclxWmwU
-----END CERTIFICATE-----