Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/cGybxK4fMLlS76gk4XfH4ULf5gE.roa
File:                     cGybxK4fMLlS76gk4XfH4ULf5gE.roa (raw, json)
Hash identifier:          eW3RHHVcOt6ODRy+/fXF2IFaYpfXR4KMgqMARgQY3QA=
Subject key identifier:   70:6C:9B:C4:AE:1F:30:B9:52:EF:A8:24:E1:77:C7:E1:42:DF:E6:01
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DAD412AC5431FFBAF5CC8E6D6F9225
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/cGybxK4fMLlS76gk4XfH4ULf5gE.roa
Signing time:             Mon 01 Jan 2024 02:29:30 +0000
ROA not before:           Mon 01 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206787
IP address blocks:        185.176.84.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d4:12:ac:54:31:ff:ba:f5:cc:8e:6d:6f:92:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=706c9bc4ae1f30b952efa824e177c7e142dfe601
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:7f:31:50:a0:8f:1f:a0:20:76:ea:ab:f9:be:
                    10:05:16:a4:05:f4:70:52:28:2c:9a:b3:7e:5a:e4:
                    fb:c7:50:64:76:21:31:6d:57:50:57:87:22:7a:54:
                    78:13:77:93:2a:28:7d:9e:ea:07:27:f9:b6:e8:85:
                    e6:ea:ad:ad:d4:74:4e:46:44:9a:47:39:2d:d3:f6:
                    3a:4a:d6:26:d9:f9:91:7a:2e:0e:55:32:cf:62:ee:
                    72:38:2d:fb:9f:2a:cd:f2:08:c6:6b:1c:6e:8a:5a:
                    47:9b:7a:e1:b9:cd:cf:51:c0:f6:f7:af:b2:3a:72:
                    9b:fb:c9:eb:58:a1:0b:b1:db:46:71:3b:5f:cf:28:
                    64:c0:00:d3:ac:a7:6b:70:d8:75:49:18:74:33:36:
                    8c:7c:84:b9:bc:0e:20:03:bf:68:ce:35:38:ca:ca:
                    43:7b:11:7c:18:0d:bc:94:62:8d:06:f2:be:60:91:
                    94:a4:75:f2:97:72:24:cd:1d:91:62:f0:cf:a8:90:
                    52:17:e7:02:73:5c:22:95:ce:f3:7d:18:96:70:0e:
                    6c:f4:e8:e5:4b:99:a2:80:90:e7:7f:01:bc:92:f6:
                    f0:cc:ba:b7:05:47:03:93:58:28:82:24:90:4f:7c:
                    43:10:66:8c:0e:12:0d:51:ec:8c:42:17:32:e1:a0:
                    9b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:6C:9B:C4:AE:1F:30:B9:52:EF:A8:24:E1:77:C7:E1:42:DF:E6:01
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/cGybxK4fMLlS76gk4XfH4ULf5gE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         07:ff:a1:dd:ad:a6:a0:b5:57:59:88:34:9f:54:07:2b:e7:59:
         a2:66:22:73:af:f8:3f:74:0d:44:7b:f9:07:dd:2f:6c:25:8b:
         8d:e4:b4:f6:d3:46:c2:e0:6f:e9:28:8c:05:14:91:03:2e:13:
         aa:ca:5c:c7:8c:f4:de:52:7f:8e:90:98:57:7d:a0:8f:58:62:
         cf:e9:4f:03:95:ee:70:ce:42:dc:ec:6d:4b:bb:3e:95:27:d0:
         b1:48:eb:ce:dd:fd:19:33:f8:9a:8a:cd:6c:d3:3f:47:35:bc:
         46:f7:b4:0d:76:47:71:5b:e1:6f:52:e7:6a:e5:3a:05:82:a8:
         fe:5a:6a:dd:df:7d:4b:c3:61:5a:4b:b3:a3:d7:e3:03:98:46:
         f5:bc:14:64:cd:16:4e:ce:78:18:30:48:6e:64:f3:28:c0:a2:
         2a:c8:33:41:b6:5e:85:75:c2:5b:f4:dc:d0:75:7c:c0:a0:4e:
         22:e3:f9:09:af:c4:6a:7c:69:c0:23:e1:96:00:cd:59:f1:8b:
         49:9a:e6:0c:2e:5c:6e:86:26:46:e6:69:51:c0:9f:39:6e:87:
         5b:21:c5:a6:4b:51:25:81:61:8c:91:70:c8:e1:57:94:5c:9d:
         82:f8:a5:24:78:bd:3c:b7:94:41:dd:de:44:43:fc:46:22:f1:
         f9:5a:4a:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tQSrFQx/7r1zI5tb5IlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDZjOWJjNGFlMWYzMGI5NTJlZmE4MjRlMTc3YzdlMTQyZGZlNjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoX8xUKCPH6Agduqr+b4QBRakBfRw
UigsmrN+WuT7x1BkdiExbVdQV4cielR4E3eTKih9nuoHJ/m26IXm6q2t1HRORkSa
Rzkt0/Y6StYm2fmRei4OVTLPYu5yOC37nyrN8gjGaxxuilpHm3rhuc3PUcD296+y
OnKb+8nrWKELsdtGcTtfzyhkwADTrKdrcNh1SRh0MzaMfIS5vA4gA79ozjU4yspD
exF8GA28lGKNBvK+YJGUpHXyl3IkzR2RYvDPqJBSF+cCc1wilc7zfRiWcA5s9Ojl
S5migJDnfwG8kvbwzLq3BUcDk1gogiSQT3xDEGaMDhINUeyMQhcy4aCbKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHBsm8SuHzC5Uu+oJOF3x+FC3+YBMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvY0d5YnhLNGZNTGxTNzZnazRYZkg0VUxmNWdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubBUMA0G
CSqGSIb3DQEBCwUAA4IBAQAH/6HdraagtVdZiDSfVAcr51miZiJzr/g/dA1Ee/kH
3S9sJYuN5LT200bC4G/pKIwFFJEDLhOqylzHjPTeUn+OkJhXfaCPWGLP6U8Dle5w
zkLc7G1Luz6VJ9CxSOvO3f0ZM/iais1s0z9HNbxG97QNdkdxW+FvUudq5ToFgqj+
Wmrd331Lw2FaS7Oj1+MDmEb1vBRkzRZOzngYMEhuZPMowKIqyDNBtl6FdcJb9NzQ
dXzAoE4i4/kJr8RqfGnAI+GWAM1Z8YtJmuYMLlxuhiZG5mlRwJ85bodbIcWmS1El
gWGMkXDI4VeUXJ2C+KUkeL08t5RB3d5EQ/xGIvH5WkpR
-----END CERTIFICATE-----