Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/_gbiPfZ8FyMzwDJvDLcftg6qJOM.roa
File:                     _gbiPfZ8FyMzwDJvDLcftg6qJOM.roa (raw, json)
Hash identifier:          gNtlvEL87RY6L6TtulzX4Y6NiqiYyWaOKGidxBFmYP0=
Subject key identifier:   FE:06:E2:3D:F6:7C:17:23:33:C0:32:6F:0C:B7:1F:B6:0E:AA:24:E3
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       018CC348C2AEB9D06C771E4C2E74754390D8
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/_gbiPfZ8FyMzwDJvDLcftg6qJOM.roa
Signing time:             Mon 01 Jan 2024 04:29:34 +0000
ROA not before:           Mon 01 Jan 2024 04:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39650
IP address blocks:        185.125.244.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c2:ae:b9:d0:6c:77:1e:4c:2e:74:75:43:90:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 04:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe06e23df67c172333c0326f0cb71fb60eaa24e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b3:9c:d1:58:26:29:a0:c0:36:5d:98:2d:b3:
                    6c:b7:12:d9:80:60:99:00:aa:77:3c:f4:a8:c0:7e:
                    9a:59:bf:69:3e:46:db:80:29:18:9d:55:2c:43:07:
                    47:45:c8:c0:87:78:99:d7:62:13:94:8e:70:c3:98:
                    b5:6d:b7:82:68:ff:7d:3a:f7:54:35:40:9c:c4:06:
                    66:6b:fc:dd:b8:8b:9f:12:21:43:d0:78:f9:da:27:
                    0d:5d:f8:4a:36:da:40:d8:fd:3e:32:95:3e:3a:8c:
                    2f:5a:fe:c2:b6:20:3d:ef:21:84:80:8e:5c:65:be:
                    af:d6:ff:d8:79:f6:0f:dd:f5:e6:21:66:b7:86:af:
                    87:0b:a9:d8:71:c7:9a:16:bc:f6:5a:21:06:84:ec:
                    02:09:7a:92:bb:fd:f6:db:d6:0f:86:97:e5:3c:76:
                    ac:96:61:b7:d3:2a:b6:3c:19:77:ef:6a:bc:95:86:
                    9b:28:11:03:98:fa:32:e8:d8:a2:88:3c:40:9e:04:
                    aa:63:1d:ad:ed:f2:c7:de:18:a9:6d:67:cc:19:82:
                    03:44:8a:61:81:d1:b5:c0:30:30:a4:23:34:c8:3a:
                    4b:88:33:44:93:76:c8:60:6c:46:28:7b:27:d9:b3:
                    1a:5e:d3:8c:4c:35:2c:e8:f3:6a:70:43:d5:3b:f7:
                    ec:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:06:E2:3D:F6:7C:17:23:33:C0:32:6F:0C:B7:1F:B6:0E:AA:24:E3
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/_gbiPfZ8FyMzwDJvDLcftg6qJOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a0:ce:b9:a9:d0:4b:94:22:04:36:97:f8:4d:22:f2:25:b8:f8:
         fd:30:b6:f4:a7:ef:58:07:e1:59:0c:56:5f:1e:b7:2b:43:fd:
         e8:e9:9a:a9:38:76:d4:92:57:af:44:ed:7e:ce:e7:a5:ac:cf:
         76:c9:85:e6:b7:4c:6a:47:5c:e9:43:c7:9c:8e:42:48:d4:50:
         71:f3:93:c4:45:a8:8c:b0:5e:07:1c:6e:99:bb:a3:6e:5c:90:
         66:2d:23:f7:57:4e:aa:7f:c8:73:85:1e:5e:1f:3f:27:ac:94:
         c1:e4:1a:f1:62:ae:f4:44:68:59:3d:a4:2b:58:d9:76:d1:7d:
         0d:2c:2c:01:03:15:d4:b8:10:9e:58:fc:0d:94:c6:cf:0f:4c:
         8a:f8:45:77:bf:0f:4b:b3:4c:9e:5d:02:4c:01:42:cb:b7:f0:
         c2:9a:0a:23:e5:c6:5a:4f:9f:62:3c:02:b1:a0:a6:fe:06:0f:
         2f:21:e9:c6:49:54:ea:54:04:a3:3c:fd:c2:fb:a8:5e:0e:47:
         34:7e:5f:3c:5c:83:d0:46:8b:19:89:b6:a1:18:ab:c2:72:90:
         00:8b:82:60:21:56:73:c3:fd:28:d2:5e:40:ce:14:5c:23:11:
         78:a1:e0:b0:75:37:a3:91:4e:3c:6d:55:e8:e4:78:34:c2:d5:
         f4:88:98:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMKuudBsdx5MLnR1Q5DYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjQwMTAxMDQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTA2ZTIzZGY2N2MxNzIzMzNjMDMyNmYwY2I3MWZiNjBlYWEyNGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorOc0VgmKaDANl2YLbNstxLZgGCZ
AKp3PPSowH6aWb9pPkbbgCkYnVUsQwdHRcjAh3iZ12ITlI5ww5i1bbeCaP99OvdU
NUCcxAZma/zduIufEiFD0Hj52icNXfhKNtpA2P0+MpU+OowvWv7CtiA97yGEgI5c
Zb6v1v/YefYP3fXmIWa3hq+HC6nYcceaFrz2WiEGhOwCCXqSu/3229YPhpflPHas
lmG30yq2PBl372q8lYabKBEDmPoy6NiiiDxAngSqYx2t7fLH3hipbWfMGYIDRIph
gdG1wDAwpCM0yDpLiDNEk3bIYGxGKHsn2bMaXtOMTDUs6PNqcEPVO/fsPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP4G4j32fBcjM8Aybwy3H7YOqiTjMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvX2diaVBmWjhGeU16d0RKdkRMY2Z0ZzZxSk9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuX30MA0G
CSqGSIb3DQEBCwUAA4IBAQCgzrmp0EuUIgQ2l/hNIvIluPj9MLb0p+9YB+FZDFZf
HrcrQ/3o6ZqpOHbUklevRO1+zuelrM92yYXmt0xqR1zpQ8ecjkJI1FBx85PERaiM
sF4HHG6Zu6NuXJBmLSP3V06qf8hzhR5eHz8nrJTB5BrxYq70RGhZPaQrWNl20X0N
LCwBAxXUuBCeWPwNlMbPD0yK+EV3vw9Ls0yeXQJMAULLt/DCmgoj5cZaT59iPAKx
oKb+Bg8vIenGSVTqVASjPP3C+6heDkc0fl88XIPQRosZibahGKvCcpAAi4JgIVZz
w/0o0l5AzhRcIxF4oeCwdTejkU48bVXo5Hg0wtX0iJjl
-----END CERTIFICATE-----