Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/d6bf5e-4812-430e-9a13-e5947614ef3f/1/D-Gs-2SD1PY77eRssGfvbkWIrY4.roa
File:                     D-Gs-2SD1PY77eRssGfvbkWIrY4.roa (raw, json)
Hash identifier:          gWNa7e2+Wwn2m/kpuBmue1RJNasRwh2ea6Un53QzB4M=
Subject key identifier:   0F:E1:AC:FB:64:83:D4:F6:3B:ED:E4:6C:B0:67:EF:6E:45:88:AD:8E
Certificate issuer:       /CN=5c746e9f12c2c0e5459fe4e3d413c1c89de6db0e
Certificate serial:       018CC493773827DC81E83881FE691DB49292
Authority key identifier: 5C:74:6E:9F:12:C2:C0:E5:45:9F:E4:E3:D4:13:C1:C8:9D:E6:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XHRunxLCwOVFn-Tj1BPByJ3m2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/d6bf5e-4812-430e-9a13-e5947614ef3f/1/D-Gs-2SD1PY77eRssGfvbkWIrY4.roa
Signing time:             Mon 01 Jan 2024 10:30:47 +0000
ROA not before:           Mon 01 Jan 2024 10:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42595
IP address blocks:        62.181.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/d6bf5e-4812-430e-9a13-e5947614ef3f/1/XHRunxLCwOVFn-Tj1BPByJ3m2w4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/d6bf5e-4812-430e-9a13-e5947614ef3f/1/XHRunxLCwOVFn-Tj1BPByJ3m2w4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XHRunxLCwOVFn-Tj1BPByJ3m2w4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:77:38:27:dc:81:e8:38:81:fe:69:1d:b4:92:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c746e9f12c2c0e5459fe4e3d413c1c89de6db0e
        Validity
            Not Before: Jan  1 10:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0fe1acfb6483d4f63bede46cb067ef6e4588ad8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:1f:da:4f:bd:fd:25:c5:cc:cd:e3:b7:19:74:
                    50:c1:f2:b9:c1:97:0e:b9:21:b9:63:9d:3e:2b:a6:
                    7c:51:73:3b:3a:03:d8:c9:88:f6:54:ee:04:34:6f:
                    d0:9b:8b:7e:84:32:fc:15:f1:8e:ca:98:e0:23:19:
                    d5:4b:95:b2:67:b9:36:0b:8f:41:8e:10:97:72:03:
                    5e:4b:0d:14:d4:89:44:b1:a2:46:6a:83:be:f3:6f:
                    0c:65:ef:2d:4f:2c:ad:7f:b4:94:38:10:ad:5a:ca:
                    48:6e:a2:ea:c0:d5:92:d0:98:75:2a:6f:31:15:31:
                    73:ed:c4:81:2f:f1:77:fd:ff:38:ab:20:86:a1:59:
                    32:e7:5c:61:2d:00:c2:07:c6:c3:ac:22:05:85:dc:
                    dc:ce:11:aa:34:e8:84:8e:0e:99:8d:cb:fc:dc:06:
                    df:e8:1a:a9:72:a2:4b:84:4c:5a:28:fb:e9:65:81:
                    cf:5e:2c:bd:61:71:28:e1:3e:ff:92:8b:2d:d4:31:
                    91:0f:02:b3:9a:0b:32:1d:5b:1a:f5:b5:49:28:c3:
                    d3:01:95:9a:0b:af:42:ba:0b:b3:02:94:c1:19:a4:
                    d7:d8:db:1c:f1:04:ce:cf:31:50:1b:81:f6:d0:00:
                    0f:43:c4:bd:87:2e:17:92:e7:94:6a:d7:fd:f8:46:
                    41:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:E1:AC:FB:64:83:D4:F6:3B:ED:E4:6C:B0:67:EF:6E:45:88:AD:8E
            X509v3 Authority Key Identifier:
                keyid:5C:74:6E:9F:12:C2:C0:E5:45:9F:E4:E3:D4:13:C1:C8:9D:E6:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XHRunxLCwOVFn-Tj1BPByJ3m2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/d6bf5e-4812-430e-9a13-e5947614ef3f/1/D-Gs-2SD1PY77eRssGfvbkWIrY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/d6bf5e-4812-430e-9a13-e5947614ef3f/1/XHRunxLCwOVFn-Tj1BPByJ3m2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.181.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:cf:a3:a7:ee:06:e9:7f:b1:d9:1b:f0:75:fc:e5:91:53:68:
         56:a9:78:1d:92:6d:12:fa:b4:99:25:51:8f:d7:ae:bb:21:a8:
         0c:de:4b:9b:37:24:a1:54:d2:a8:04:8a:28:12:d9:b7:83:68:
         34:6a:e3:f5:6b:0e:61:ca:b2:21:04:58:2f:0e:1a:06:a9:49:
         85:ba:d8:35:cf:de:20:09:9e:14:ff:dd:39:c0:7b:30:a8:ea:
         89:ca:8b:a5:f0:3c:4d:37:8d:9f:e7:c0:93:53:d8:da:ff:a4:
         cf:64:94:b2:cd:99:1f:73:f2:ef:aa:68:88:86:21:fa:e3:a8:
         ae:c7:47:f8:9a:99:a3:79:25:86:b5:64:8d:47:dd:c7:8d:06:
         e7:e6:3d:6d:52:8c:62:45:8a:97:cb:24:b3:fc:91:da:37:fc:
         df:d0:75:6e:b4:b4:81:86:43:9b:84:b0:ed:3d:63:07:d4:c2:
         d0:a8:28:d7:0a:f6:77:a9:e9:54:86:4f:89:4e:d6:dc:6b:46:
         ef:86:1a:56:08:b3:2c:14:03:3c:c2:21:c0:ca:ea:29:ef:21:
         d6:2b:b2:0b:da:06:91:4f:b2:47:66:8f:da:e0:46:42:4c:7c:
         ed:76:44:24:0e:13:6a:3d:89:46:80:65:9a:04:74:09:f2:0a:
         ae:52:e7:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk3c4J9yB6DiB/mkdtJKSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNzQ2ZTlmMTJjMmMwZTU0NTlmZTRlM2Q0MTNjMWM4OWRl
NmRiMGUwHhcNMjQwMTAxMTAzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmUxYWNmYjY0ODNkNGY2M2JlZGU0NmNiMDY3ZWY2ZTQ1ODhhZDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtR/aT739JcXMzeO3GXRQwfK5wZcO
uSG5Y50+K6Z8UXM7OgPYyYj2VO4ENG/Qm4t+hDL8FfGOypjgIxnVS5WyZ7k2C49B
jhCXcgNeSw0U1IlEsaJGaoO+828MZe8tTyytf7SUOBCtWspIbqLqwNWS0Jh1Km8x
FTFz7cSBL/F3/f84qyCGoVky51xhLQDCB8bDrCIFhdzczhGqNOiEjg6Zjcv83Abf
6BqpcqJLhExaKPvpZYHPXiy9YXEo4T7/kost1DGRDwKzmgsyHVsa9bVJKMPTAZWa
C69CuguzApTBGaTX2Nsc8QTOzzFQG4H20AAPQ8S9hy4XkueUatf9+EZBTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA/hrPtkg9T2O+3kbLBn725FiK2OMB8GA1UdIwQY
MBaAFFx0bp8SwsDlRZ/k49QTwcid5tsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEhSdW54TEN3T1ZGbi1UajFCUEJ5SjNtMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9kNmJmNWUtNDgxMi00MzBlLTlhMTMt
ZTU5NDc2MTRlZjNmLzEvRC1Hcy0yU0QxUFk3N2VSc3NHZnZia1dJclk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9kNmJmNWUtNDgxMi00MzBlLTlhMTMtZTU5NDc2MTRlZjNm
LzEvWEhSdW54TEN3T1ZGbi1UajFCUEJ5SjNtMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPrXfMA0G
CSqGSIb3DQEBCwUAA4IBAQBuz6On7gbpf7HZG/B1/OWRU2hWqXgdkm0S+rSZJVGP
1667IagM3kubNyShVNKoBIooEtm3g2g0auP1aw5hyrIhBFgvDhoGqUmFutg1z94g
CZ4U/905wHswqOqJyoul8DxNN42f58CTU9ja/6TPZJSyzZkfc/LvqmiIhiH646iu
x0f4mpmjeSWGtWSNR93HjQbn5j1tUoxiRYqXyySz/JHaN/zf0HVutLSBhkObhLDt
PWMH1MLQqCjXCvZ3qelUhk+JTtbca0bvhhpWCLMsFAM8wiHAyuop7yHWK7IL2gaR
T7JHZo/a4EZCTHztdkQkDhNqPYlGgGWaBHQJ8gquUudG
-----END CERTIFICATE-----