Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/260cf2-8850-43f8-a7f2-9273fc016f7d/1/gymANMOawpzu5t7gWLyvg2JyBtg.roa
File:                     gymANMOawpzu5t7gWLyvg2JyBtg.roa (raw, json)
Hash identifier:          niq+T2EUZHjfIqR15q86ptIoQ4vTdcgmufFk38sjZr4=
Subject key identifier:   83:29:80:34:C3:9A:C2:9C:EE:E6:DE:E0:58:BC:AF:83:62:72:06:D8
Certificate issuer:       /CN=526c618d15bb712e3ebae06a8b181697a5e407b8
Certificate serial:       018CC72747974AEFC481B697F403496E3E57
Authority key identifier: 52:6C:61:8D:15:BB:71:2E:3E:BA:E0:6A:8B:18:16:97:A5:E4:07:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UmxhjRW7cS4-uuBqixgWl6XkB7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/260cf2-8850-43f8-a7f2-9273fc016f7d/1/gymANMOawpzu5t7gWLyvg2JyBtg.roa
Signing time:             Mon 01 Jan 2024 22:31:29 +0000
ROA not before:           Mon 01 Jan 2024 22:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213123
IP address blocks:        94.231.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/260cf2-8850-43f8-a7f2-9273fc016f7d/1/UmxhjRW7cS4-uuBqixgWl6XkB7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/260cf2-8850-43f8-a7f2-9273fc016f7d/1/UmxhjRW7cS4-uuBqixgWl6XkB7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UmxhjRW7cS4-uuBqixgWl6XkB7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:47:97:4a:ef:c4:81:b6:97:f4:03:49:6e:3e:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=526c618d15bb712e3ebae06a8b181697a5e407b8
        Validity
            Not Before: Jan  1 22:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83298034c39ac29ceee6dee058bcaf83627206d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:f4:9d:9c:05:83:e1:2b:b6:b4:dc:0f:76:24:
                    a6:f7:ca:4a:2b:d6:4f:04:92:06:1d:a3:d4:6c:ad:
                    20:c8:82:87:2c:86:c7:6f:7c:df:20:ae:07:c8:7e:
                    8e:3e:51:3c:0e:13:62:f2:55:d2:a6:ea:e6:6d:ee:
                    d7:5d:83:5e:39:8a:87:d0:ec:33:4e:19:5a:3b:99:
                    08:4d:c8:aa:4f:c3:ac:8f:84:c9:7c:1d:87:5a:b6:
                    9a:dc:d5:9e:47:92:7e:c8:67:52:1d:e4:80:ea:2c:
                    98:c4:54:3b:46:cf:1b:ef:fe:58:b1:05:03:36:f3:
                    29:84:c7:35:5b:80:5e:27:00:55:49:0a:48:10:9d:
                    71:5e:c2:9f:e9:8f:17:06:1c:64:fc:7e:dd:17:bf:
                    79:37:f0:e9:83:28:2a:2c:75:bb:46:eb:77:f6:2d:
                    01:2f:dc:86:4a:16:d2:91:ad:c8:e2:fd:13:a2:29:
                    ae:b9:9d:81:27:46:a1:4b:5c:c4:4f:56:f9:94:6b:
                    e2:22:b5:06:1d:fe:48:c6:58:18:54:8d:b4:fb:d0:
                    fd:43:72:f1:17:66:e8:7d:c0:5c:78:c1:c3:a8:81:
                    35:8e:7a:a8:c4:01:79:93:f3:a9:17:48:e6:47:37:
                    cf:d1:73:a4:74:a5:2a:60:b5:98:c6:62:ad:1f:91:
                    c6:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:29:80:34:C3:9A:C2:9C:EE:E6:DE:E0:58:BC:AF:83:62:72:06:D8
            X509v3 Authority Key Identifier:
                keyid:52:6C:61:8D:15:BB:71:2E:3E:BA:E0:6A:8B:18:16:97:A5:E4:07:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UmxhjRW7cS4-uuBqixgWl6XkB7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/260cf2-8850-43f8-a7f2-9273fc016f7d/1/gymANMOawpzu5t7gWLyvg2JyBtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/260cf2-8850-43f8-a7f2-9273fc016f7d/1/UmxhjRW7cS4-uuBqixgWl6XkB7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.231.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:98:16:9e:d0:d6:61:e8:34:a4:57:2b:82:a6:be:ed:bd:b8:
         30:24:3c:3d:f5:0d:12:30:0b:6f:1f:0a:4f:5f:12:69:d4:66:
         20:ab:1c:7c:71:75:95:ae:84:dd:0f:f4:9e:34:6e:f0:f1:cf:
         d2:49:ff:12:d1:6e:b6:c0:f5:17:79:06:83:33:39:b2:ee:67:
         bf:5a:ff:db:23:eb:0d:2e:ba:c6:2d:fd:0c:25:0b:9e:cb:6f:
         a2:90:42:25:77:01:4b:aa:e0:79:bb:3b:1f:ad:a6:e3:58:67:
         b4:0e:80:bb:ce:bc:ba:ba:6c:40:88:4b:fb:6f:14:a3:ff:cd:
         41:41:39:ff:a3:2d:cb:c9:86:04:46:f0:68:d9:24:30:04:71:
         fa:38:1a:f9:13:7f:b5:eb:38:90:37:ca:90:fd:ae:8b:d1:99:
         67:51:5a:10:3b:d4:03:6f:f0:ff:54:a7:db:93:02:4d:f3:5f:
         0a:90:a4:80:27:4a:02:9e:0b:b4:d2:cd:e3:0c:dc:d3:b6:ed:
         57:96:f3:b2:87:8d:9e:a1:df:1e:a0:dd:c3:8e:cd:16:31:77:
         e4:6e:e4:53:11:4e:58:5b:67:02:4f:38:7a:6a:48:12:59:2e:
         9b:eb:db:52:1a:e3:24:bc:88:a6:84:f5:97:54:55:b9:1b:fe:
         4f:dc:5a:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ0eXSu/EgbaX9ANJbj5XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNmM2MThkMTViYjcxMmUzZWJhZTA2YThiMTgxNjk3YTVl
NDA3YjgwHhcNMjQwMTAxMjIzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzI5ODAzNGMzOWFjMjljZWVlNmRlZTA1OGJjYWY4MzYyNzIwNmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPSdnAWD4Su2tNwPdiSm98pKK9ZP
BJIGHaPUbK0gyIKHLIbHb3zfIK4HyH6OPlE8DhNi8lXSpurmbe7XXYNeOYqH0Owz
ThlaO5kITciqT8Osj4TJfB2HWraa3NWeR5J+yGdSHeSA6iyYxFQ7Rs8b7/5YsQUD
NvMphMc1W4BeJwBVSQpIEJ1xXsKf6Y8XBhxk/H7dF795N/DpgygqLHW7Rut39i0B
L9yGShbSka3I4v0ToimuuZ2BJ0ahS1zET1b5lGviIrUGHf5IxlgYVI20+9D9Q3Lx
F2bofcBceMHDqIE1jnqoxAF5k/OpF0jmRzfP0XOkdKUqYLWYxmKtH5HG3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIMpgDTDmsKc7ube4Fi8r4NicgbYMB8GA1UdIwQY
MBaAFFJsYY0Vu3EuPrrgaosYFpel5Ae4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW14aGpSVzdjUzQtdXVCcWl4Z1dsNlhrQjdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8yNjBjZjItODg1MC00M2Y4LWE3ZjIt
OTI3M2ZjMDE2ZjdkLzEvZ3ltQU5NT2F3cHp1NXQ3Z1dMeXZnMkp5QnRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8yNjBjZjItODg1MC00M2Y4LWE3ZjItOTI3M2ZjMDE2Zjdk
LzEvVW14aGpSVzdjUzQtdXVCcWl4Z1dsNlhrQjdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXufFMA0G
CSqGSIb3DQEBCwUAA4IBAQA4mBae0NZh6DSkVyuCpr7tvbgwJDw99Q0SMAtvHwpP
XxJp1GYgqxx8cXWVroTdD/SeNG7w8c/SSf8S0W62wPUXeQaDMzmy7me/Wv/bI+sN
LrrGLf0MJQuey2+ikEIldwFLquB5uzsfrabjWGe0DoC7zry6umxAiEv7bxSj/81B
QTn/oy3LyYYERvBo2SQwBHH6OBr5E3+16ziQN8qQ/a6L0ZlnUVoQO9QDb/D/VKfb
kwJN818KkKSAJ0oCngu00s3jDNzTtu1XlvOyh42eod8eoN3Djs0WMXfkbuRTEU5Y
W2cCTzh6akgSWS6b69tSGuMkvIimhPWXVFW5G/5P3FpH
-----END CERTIFICATE-----