Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/497ced-0526-4d3b-bd2b-80d21c20d918/1/g0KrjuBVKQP76QP82FIaAG5OXWQ.roa
File:                     g0KrjuBVKQP76QP82FIaAG5OXWQ.roa (raw, json)
Hash identifier:          31XXneOF1Y3dvnPAQ5XHQzbpOM/hZPCLbFNShiqjuTQ=
Subject key identifier:   83:42:AB:8E:E0:55:29:03:FB:E9:03:FC:D8:52:1A:00:6E:4E:5D:64
Certificate issuer:       /CN=e06314757548f074e84faf3fcbb7b82d82def3e5
Certificate serial:       018CC2DB51EE9534C712F0D7E289DE411F1C
Authority key identifier: E0:63:14:75:75:48:F0:74:E8:4F:AF:3F:CB:B7:B8:2D:82:DE:F3:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4GMUdXVI8HToT68_y7e4LYLe8-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/497ced-0526-4d3b-bd2b-80d21c20d918/1/g0KrjuBVKQP76QP82FIaAG5OXWQ.roa
Signing time:             Mon 01 Jan 2024 02:30:02 +0000
ROA not before:           Mon 01 Jan 2024 02:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1103
IP address blocks:        130.112.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/497ced-0526-4d3b-bd2b-80d21c20d918/1/4GMUdXVI8HToT68_y7e4LYLe8-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/497ced-0526-4d3b-bd2b-80d21c20d918/1/4GMUdXVI8HToT68_y7e4LYLe8-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4GMUdXVI8HToT68_y7e4LYLe8-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 04:03:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:51:ee:95:34:c7:12:f0:d7:e2:89:de:41:1f:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e06314757548f074e84faf3fcbb7b82d82def3e5
        Validity
            Not Before: Jan  1 02:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8342ab8ee0552903fbe903fcd8521a006e4e5d64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:6f:90:70:ad:c0:6a:15:46:64:5f:94:69:bb:
                    7f:ad:ec:0f:25:91:a9:86:67:6e:1e:9c:fe:5f:15:
                    d5:ae:b7:af:37:c0:6a:90:44:36:1e:18:4b:9c:7a:
                    1e:7b:0f:8c:a7:3d:1e:43:57:37:d5:fb:28:a5:78:
                    90:08:5a:bd:c4:07:54:ae:7e:a3:e1:cd:a7:f7:26:
                    36:b0:02:a2:77:04:87:10:3f:6f:00:53:8e:4f:2e:
                    ba:d7:4c:c2:68:3a:61:bb:a0:6f:8e:52:7f:0d:07:
                    b3:5f:a8:7d:2d:d7:63:00:cd:a0:34:61:d7:46:5f:
                    f8:72:85:ba:8b:8d:7b:c9:a1:c7:02:b8:3b:d6:f0:
                    e8:cb:d6:a1:ba:d3:f3:fb:e3:77:6b:78:84:31:54:
                    61:17:d1:c9:18:99:44:09:42:7c:a8:fe:74:99:14:
                    41:3b:c4:b0:cd:d6:83:6e:3b:8a:1f:ac:93:43:77:
                    82:a3:d3:8b:8b:dd:ce:88:f0:26:a0:4f:80:b3:55:
                    ec:6a:62:07:35:ce:fb:59:46:f6:20:e4:b6:34:87:
                    a4:e7:ef:89:0c:b2:76:af:92:71:b5:7f:04:6e:5f:
                    f5:3b:9a:c2:58:01:76:e5:72:b6:b5:4b:d0:e7:eb:
                    0c:be:5e:7c:fc:d9:0c:bd:74:03:43:26:54:52:8b:
                    2d:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:42:AB:8E:E0:55:29:03:FB:E9:03:FC:D8:52:1A:00:6E:4E:5D:64
            X509v3 Authority Key Identifier:
                keyid:E0:63:14:75:75:48:F0:74:E8:4F:AF:3F:CB:B7:B8:2D:82:DE:F3:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4GMUdXVI8HToT68_y7e4LYLe8-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/497ced-0526-4d3b-bd2b-80d21c20d918/1/g0KrjuBVKQP76QP82FIaAG5OXWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/497ced-0526-4d3b-bd2b-80d21c20d918/1/4GMUdXVI8HToT68_y7e4LYLe8-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.112.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         33:bc:ac:fb:ab:21:1c:97:61:be:65:a5:00:b1:52:c6:f7:0d:
         85:99:36:d6:80:54:ae:de:c5:04:40:e2:bd:3f:f5:70:08:80:
         19:05:e8:f4:a2:a0:70:f2:32:5a:42:0d:3b:6f:d1:51:7c:90:
         48:6d:4e:17:d1:d7:c7:7f:eb:6b:20:ce:80:cd:8b:93:b3:6d:
         7a:05:91:0c:06:89:28:2c:43:b4:9c:f1:c7:be:49:d2:8c:5f:
         8c:0e:5e:b3:d7:f5:46:01:d8:c1:76:92:40:c3:4c:f5:4d:94:
         ff:d3:ba:d4:2f:26:57:ac:87:19:02:52:a3:58:89:12:7b:38:
         98:cb:77:11:80:1d:b2:1f:5c:35:57:05:5c:e6:c7:2b:70:49:
         e9:3c:45:25:91:59:48:8b:5c:dd:f5:e7:ae:46:8d:4e:2b:af:
         f7:91:0b:31:a7:03:13:0d:d6:78:d5:a4:80:36:83:f6:40:ba:
         9c:27:f1:17:52:87:95:55:f5:3e:c6:15:2e:d0:ce:98:17:6e:
         07:14:03:aa:e4:08:53:a2:0a:e5:83:87:b3:f6:67:ea:24:60:
         39:03:06:a6:96:ef:d8:7c:d8:ea:1e:8f:63:04:1c:1e:85:17:
         43:03:5b:d1:8d:04:7f:a5:d0:f5:2a:fa:d0:e8:71:b5:5c:eb:
         8e:20:13:03
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzC21HulTTHEvDX4oneQR8cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNjMxNDc1NzU0OGYwNzRlODRmYWYzZmNiYjdiODJkODJk
ZWYzZTUwHhcNMjQwMTAxMDIzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzQyYWI4ZWUwNTUyOTAzZmJlOTAzZmNkODUyMWEwMDZlNGU1ZDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxW+QcK3AahVGZF+Uabt/rewPJZGp
hmduHpz+XxXVrrevN8BqkEQ2HhhLnHoeew+Mpz0eQ1c31fsopXiQCFq9xAdUrn6j
4c2n9yY2sAKidwSHED9vAFOOTy6610zCaDphu6BvjlJ/DQezX6h9LddjAM2gNGHX
Rl/4coW6i417yaHHArg71vDoy9ahutPz++N3a3iEMVRhF9HJGJlECUJ8qP50mRRB
O8SwzdaDbjuKH6yTQ3eCo9OLi93OiPAmoE+As1XsamIHNc77WUb2IOS2NIek5++J
DLJ2r5JxtX8Ebl/1O5rCWAF25XK2tUvQ5+sMvl58/NkMvXQDQyZUUostEwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFINCq47gVSkD++kD/NhSGgBuTl1kMB8GA1UdIwQY
MBaAFOBjFHV1SPB06E+vP8u3uC2C3vPlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEdNVWRYVkk4SFRvVDY4X3k3ZTRMWUxlOC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC80OTdjZWQtMDUyNi00ZDNiLWJkMmIt
ODBkMjFjMjBkOTE4LzEvZzBLcmp1QlZLUVA3NlFQODJGSWFBRzVPWFdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC80OTdjZWQtMDUyNi00ZDNiLWJkMmItODBkMjFjMjBkOTE4
LzEvNEdNVWRYVkk4SFRvVDY4X3k3ZTRMWUxlOC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAgnAwDQYJ
KoZIhvcNAQELBQADggEBADO8rPurIRyXYb5lpQCxUsb3DYWZNtaAVK7exQRA4r0/
9XAIgBkF6PSioHDyMlpCDTtv0VF8kEhtThfR18d/62sgzoDNi5OzbXoFkQwGiSgs
Q7Sc8ce+SdKMX4wOXrPX9UYB2MF2kkDDTPVNlP/TutQvJleshxkCUqNYiRJ7OJjL
dxGAHbIfXDVXBVzmxytwSek8RSWRWUiLXN31565GjU4rr/eRCzGnAxMN1njVpIA2
g/ZAupwn8RdSh5VV9T7GFS7QzpgXbgcUA6rkCFOiCuWDh7P2Z+okYDkDBqaW79h8
2Ooej2MEHB6FF0MDW9GNBH+l0PUq+tDocbVc644gEwM=
-----END CERTIFICATE-----