Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/8b16cc-4db5-4198-924e-4032e190edc3/1/guaC8z596maH8e8Oqzuf2LttI40.roa
File:                     guaC8z596maH8e8Oqzuf2LttI40.roa (raw, json)
Hash identifier:          5QnAD/B2mlGPlB71LsYaOS+AYnMyi4jcI5AhFvpi+lo=
Subject key identifier:   82:E6:82:F3:3E:7D:EA:66:87:F1:EF:0E:AB:3B:9F:D8:BB:6D:23:8D
Certificate issuer:       /CN=d4d179ce49e5776b92c86c26c20b0b43fd0a6cb6
Certificate serial:       018CC348E44BDADD3BA0D3B766CE126F0237
Authority key identifier: D4:D1:79:CE:49:E5:77:6B:92:C8:6C:26:C2:0B:0B:43:FD:0A:6C:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1NF5zknld2uSyGwmwgsLQ_0KbLY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/8b16cc-4db5-4198-924e-4032e190edc3/1/guaC8z596maH8e8Oqzuf2LttI40.roa
Signing time:             Mon 01 Jan 2024 04:29:43 +0000
ROA not before:           Mon 01 Jan 2024 04:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5485
IP address blocks:        185.124.76.0/22 maxlen: 22
                          2a06:b0c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/8b16cc-4db5-4198-924e-4032e190edc3/1/1NF5zknld2uSyGwmwgsLQ_0KbLY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/8b16cc-4db5-4198-924e-4032e190edc3/1/1NF5zknld2uSyGwmwgsLQ_0KbLY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1NF5zknld2uSyGwmwgsLQ_0KbLY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e4:4b:da:dd:3b:a0:d3:b7:66:ce:12:6f:02:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4d179ce49e5776b92c86c26c20b0b43fd0a6cb6
        Validity
            Not Before: Jan  1 04:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82e682f33e7dea6687f1ef0eab3b9fd8bb6d238d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:05:8c:80:56:9a:60:e9:62:78:6c:b6:45:93:
                    88:cc:25:73:3c:f2:eb:68:1d:7d:ac:18:8f:6d:4b:
                    6a:32:0c:96:15:f7:4e:af:1c:98:1e:91:8c:53:54:
                    eb:c4:08:18:90:5f:a7:25:2b:37:27:66:bd:eb:3e:
                    ef:20:e2:58:5b:e1:62:05:81:95:b5:3f:b9:fe:ff:
                    ab:8a:6b:dd:48:37:4b:55:4a:15:e7:1a:0e:34:4c:
                    34:4b:c4:ce:92:69:04:b6:b4:45:0b:fe:a5:f3:8b:
                    31:1e:5f:38:d1:5f:b0:2d:37:7b:de:f0:b1:f2:90:
                    ab:0f:e8:a2:93:43:56:9d:a9:1c:63:62:43:7e:11:
                    f4:fe:5d:a6:f5:fe:35:5a:a5:fe:4a:97:6d:3f:ae:
                    b9:1a:e4:ca:a0:f2:0f:f7:95:16:92:56:6a:bc:41:
                    c5:2f:4d:e7:87:8f:65:56:db:ae:f1:09:3e:74:f9:
                    a4:48:07:81:99:74:61:60:63:32:52:e7:69:36:ec:
                    88:51:a9:be:77:2d:65:72:fd:1c:7b:31:7b:a2:e4:
                    bd:a2:cc:88:32:dd:9d:51:6c:09:9d:1f:e6:d2:ad:
                    6e:5a:18:c7:b2:4e:ae:a2:3e:1e:54:a8:07:01:f4:
                    bd:b0:fe:d8:3f:e4:e7:b1:44:90:b2:d4:55:2b:b5:
                    77:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:E6:82:F3:3E:7D:EA:66:87:F1:EF:0E:AB:3B:9F:D8:BB:6D:23:8D
            X509v3 Authority Key Identifier:
                keyid:D4:D1:79:CE:49:E5:77:6B:92:C8:6C:26:C2:0B:0B:43:FD:0A:6C:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1NF5zknld2uSyGwmwgsLQ_0KbLY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/8b16cc-4db5-4198-924e-4032e190edc3/1/guaC8z596maH8e8Oqzuf2LttI40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/8b16cc-4db5-4198-924e-4032e190edc3/1/1NF5zknld2uSyGwmwgsLQ_0KbLY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.76.0/22
                IPv6:
                  2a06:b0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         45:09:d0:f8:53:69:6d:a3:63:1e:72:0f:63:0a:2f:d8:70:55:
         81:1b:bc:8a:b6:67:62:54:3a:01:42:22:46:9e:a0:68:39:c7:
         da:88:3b:6d:ba:f7:e1:65:89:e3:bd:55:3c:f0:b3:1a:f6:65:
         9f:a5:34:f8:93:cb:7d:f5:3d:ac:cb:1f:82:6a:69:2e:a5:3e:
         b2:02:ea:31:bf:d0:6e:32:60:44:a6:a4:29:31:75:72:d8:2c:
         f5:7c:ce:db:d7:6e:4f:98:4a:6a:c1:af:fa:98:d7:fb:da:4b:
         88:fe:d4:b9:cd:e5:10:87:1d:6b:ce:49:db:f4:61:64:b8:e1:
         51:71:6f:b7:2b:9c:04:07:b9:f1:de:4e:ee:40:56:29:f1:01:
         68:60:25:90:77:8a:71:c9:3a:18:e2:a9:50:6a:10:d1:c1:ba:
         3a:18:20:72:0c:1f:38:eb:02:e6:5b:b9:dc:af:55:33:90:64:
         7c:2f:07:ce:66:4a:6f:47:ed:0b:f3:5a:cd:37:13:ce:02:f3:
         60:0a:78:b4:6d:aa:e3:a0:53:85:6e:97:ad:c6:49:5f:98:3a:
         e3:24:95:c9:41:3f:17:b5:39:fe:91:b2:fb:25:f5:fd:b0:b1:
         85:1a:51:5d:5f:8a:e9:90:03:c5:e3:e6:ab:ee:81:57:31:34:
         a3:0e:14:20
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSORL2t07oNO3Zs4SbwI3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ZDE3OWNlNDllNTc3NmI5MmM4NmMyNmMyMGIwYjQzZmQw
YTZjYjYwHhcNMjQwMTAxMDQyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmU2ODJmMzNlN2RlYTY2ODdmMWVmMGVhYjNiOWZkOGJiNmQyMzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgWMgFaaYOlieGy2RZOIzCVzPPLr
aB19rBiPbUtqMgyWFfdOrxyYHpGMU1TrxAgYkF+nJSs3J2a96z7vIOJYW+FiBYGV
tT+5/v+rimvdSDdLVUoV5xoONEw0S8TOkmkEtrRFC/6l84sxHl840V+wLTd73vCx
8pCrD+iik0NWnakcY2JDfhH0/l2m9f41WqX+SpdtP665GuTKoPIP95UWklZqvEHF
L03nh49lVtuu8Qk+dPmkSAeBmXRhYGMyUudpNuyIUam+dy1lcv0cezF7ouS9osyI
Mt2dUWwJnR/m0q1uWhjHsk6uoj4eVKgHAfS9sP7YP+TnsUSQstRVK7V3eQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFILmgvM+fepmh/HvDqs7n9i7bSONMB8GA1UdIwQY
MBaAFNTRec5J5XdrkshsJsILC0P9Cmy2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU5GNXprbmxkMnVTeUd3bXdnc0xRXzBLYkxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi84YjE2Y2MtNGRiNS00MTk4LTkyNGUt
NDAzMmUxOTBlZGMzLzEvZ3VhQzh6NTk2bWFIOGU4T3F6dWYyTHR0STQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi84YjE2Y2MtNGRiNS00MTk4LTkyNGUtNDAzMmUxOTBlZGMz
LzEvMU5GNXprbmxkMnVTeUd3bXdnc0xRXzBLYkxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXxMMA0E
AgACMAcDBQMqBrDAMA0GCSqGSIb3DQEBCwUAA4IBAQBFCdD4U2lto2Mecg9jCi/Y
cFWBG7yKtmdiVDoBQiJGnqBoOcfaiDttuvfhZYnjvVU88LMa9mWfpTT4k8t99T2s
yx+CamkupT6yAuoxv9BuMmBEpqQpMXVy2Cz1fM7b125PmEpqwa/6mNf72kuI/tS5
zeUQhx1rzknb9GFkuOFRcW+3K5wEB7nx3k7uQFYp8QFoYCWQd4pxyToY4qlQahDR
wbo6GCByDB846wLmW7ncr1UzkGR8LwfOZkpvR+0L81rNNxPOAvNgCni0barjoFOF
bpetxklfmDrjJJXJQT8XtTn+kbL7JfX9sLGFGlFdX4rpkAPF4+ar7oFXMTSjDhQg
-----END CERTIFICATE-----