Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/b024bd-2d0c-4572-a49a-5878a8173c44/1/g_uwwu4cwJv41RJzLzJsLG7iYGc.roa
File:                     g_uwwu4cwJv41RJzLzJsLG7iYGc.roa (raw, json)
Hash identifier:          BzuXZNsREhhcgP77eRePbtViTChfb3j2Bae4v6n6c0c=
Subject key identifier:   83:FB:B0:C2:EE:1C:C0:9B:F8:D5:12:73:2F:32:6C:2C:6E:E2:60:67
Certificate issuer:       /CN=f8ec1468ee3103fe53b1cf5a9875aecd4e28ad51
Certificate serial:       018DEFD8A19CC455B9C9E111BE22F89AE2D7
Authority key identifier: F8:EC:14:68:EE:31:03:FE:53:B1:CF:5A:98:75:AE:CD:4E:28:AD:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OwUaO4xA_5Tsc9amHWuzU4orVE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/b024bd-2d0c-4572-a49a-5878a8173c44/1/g_uwwu4cwJv41RJzLzJsLG7iYGc.roa
Signing time:             Wed 28 Feb 2024 13:12:48 +0000
ROA not before:           Wed 28 Feb 2024 13:12:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211528
IP address blocks:        84.234.126.0/24 maxlen: 24
                          185.251.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/b024bd-2d0c-4572-a49a-5878a8173c44/1/1-OwUaO4xA_5Tsc9amHWuzU4orVE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/b024bd-2d0c-4572-a49a-5878a8173c44/1/1-OwUaO4xA_5Tsc9amHWuzU4orVE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OwUaO4xA_5Tsc9amHWuzU4orVE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ef:d8:a1:9c:c4:55:b9:c9:e1:11:be:22:f8:9a:e2:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8ec1468ee3103fe53b1cf5a9875aecd4e28ad51
        Validity
            Not Before: Feb 28 13:12:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83fbb0c2ee1cc09bf8d512732f326c2c6ee26067
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:5d:d4:37:ef:a5:a2:92:7e:0f:c4:4d:37:51:
                    31:70:ad:ef:47:fd:2c:a2:87:31:32:24:ff:2d:b6:
                    0b:78:af:08:d5:e0:25:65:56:6c:6c:88:c0:0c:62:
                    43:06:46:6e:b7:48:bd:81:1f:78:5d:97:52:1b:6d:
                    6e:68:86:de:a3:f3:2f:2f:72:60:78:1a:dc:1e:44:
                    d8:3d:70:ab:35:cc:ce:c3:30:b6:35:c9:56:80:4b:
                    bf:51:05:ad:1e:16:e1:36:21:7b:00:af:8a:fa:bf:
                    26:9e:17:54:6a:53:1a:05:15:37:c9:62:02:59:f0:
                    4f:2f:4a:40:3e:9f:4c:f0:fa:9d:6a:a5:c1:aa:b8:
                    32:e9:e2:5c:42:30:a4:5b:6c:68:b6:96:4f:66:29:
                    61:03:4b:9c:dd:89:60:68:88:e9:41:d6:6a:9c:7a:
                    f5:d2:de:f2:56:49:eb:9e:b5:b5:00:8d:00:ac:13:
                    b7:aa:b2:d4:fe:11:9f:f6:15:0d:a3:28:c4:ea:1e:
                    0c:a2:89:ac:aa:fe:c3:c2:38:68:36:19:89:55:96:
                    78:88:f8:16:8a:ae:ab:34:37:9b:11:6f:0c:80:22:
                    9e:73:80:db:39:a4:1b:2a:c3:d9:06:5c:58:da:40:
                    04:95:4a:82:ac:f3:7e:62:e4:48:74:00:14:61:4e:
                    77:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:FB:B0:C2:EE:1C:C0:9B:F8:D5:12:73:2F:32:6C:2C:6E:E2:60:67
            X509v3 Authority Key Identifier:
                keyid:F8:EC:14:68:EE:31:03:FE:53:B1:CF:5A:98:75:AE:CD:4E:28:AD:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OwUaO4xA_5Tsc9amHWuzU4orVE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/b024bd-2d0c-4572-a49a-5878a8173c44/1/g_uwwu4cwJv41RJzLzJsLG7iYGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/b024bd-2d0c-4572-a49a-5878a8173c44/1/1-OwUaO4xA_5Tsc9amHWuzU4orVE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.234.126.0/24
                  185.251.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:9b:bc:ed:d4:26:98:db:c0:05:b3:58:8b:f8:dd:c9:8e:fa:
         fd:26:99:2a:38:57:4d:45:51:75:43:1d:86:dd:c7:58:10:cf:
         0a:df:46:88:d8:92:1a:ef:a0:68:df:7c:17:d0:d3:1d:8b:a0:
         e3:80:b9:26:12:3e:f5:37:d0:83:d6:80:88:17:43:76:95:17:
         be:fb:f9:ab:65:20:5e:c2:87:dd:88:33:6f:cf:42:59:b8:32:
         61:05:93:08:00:60:9f:01:4c:17:fa:96:e7:c2:e1:55:1f:ba:
         97:53:bc:c9:b4:f1:50:c4:af:f5:01:12:6c:85:bf:d4:94:1e:
         35:88:6c:a7:87:b9:6c:4e:6e:99:30:fd:46:8c:9f:02:ca:40:
         8c:2a:59:e9:22:6a:7d:e5:58:89:c6:2c:a1:3c:50:b0:c3:2f:
         41:02:39:26:2a:18:52:3f:8a:a5:17:ad:cb:96:b8:c4:d4:f4:
         f7:24:6c:fc:57:0e:e9:5f:99:19:71:36:4e:13:cc:e6:f9:ef:
         40:01:19:24:30:2a:99:bf:7e:e1:2b:d3:c4:91:da:e2:57:f7:
         f6:41:06:6d:73:6a:4c:5a:b8:15:70:1a:6b:09:3b:c8:5a:f9:
         2f:b6:e6:8c:48:57:1f:b8:05:1c:7a:f0:96:8e:0c:35:9e:16:
         5e:fc:eb:67
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY3v2KGcxFW5yeERviL4muLXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZWMxNDY4ZWUzMTAzZmU1M2IxY2Y1YTk4NzVhZWNkNGUy
OGFkNTEwHhcNMjQwMjI4MTMxMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2ZiYjBjMmVlMWNjMDliZjhkNTEyNzMyZjMyNmMyYzZlZTI2MDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw13UN++lopJ+D8RNN1ExcK3vR/0s
oocxMiT/LbYLeK8I1eAlZVZsbIjADGJDBkZut0i9gR94XZdSG21uaIbeo/MvL3Jg
eBrcHkTYPXCrNczOwzC2NclWgEu/UQWtHhbhNiF7AK+K+r8mnhdUalMaBRU3yWIC
WfBPL0pAPp9M8PqdaqXBqrgy6eJcQjCkW2xotpZPZilhA0uc3YlgaIjpQdZqnHr1
0t7yVknrnrW1AI0ArBO3qrLU/hGf9hUNoyjE6h4Moomsqv7DwjhoNhmJVZZ4iPgW
iq6rNDebEW8MgCKec4DbOaQbKsPZBlxY2kAElUqCrPN+YuRIdAAUYU53KwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIP7sMLuHMCb+NUScy8ybCxu4mBnMB8GA1UdIwQY
MBaAFPjsFGjuMQP+U7HPWph1rs1OKK1RMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1Pd1VhTzR4QV81VHNjOWFtSFd1elU0b3JWRS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGUvYjAyNGJkLTJkMGMtNDU3Mi1hNDlh
LTU4NzhhODE3M2M0NC8xL2dfdXd3dTRjd0p2NDFSSnpMekpzTEc3aVlHYy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZGUvYjAyNGJkLTJkMGMtNDU3Mi1hNDlhLTU4NzhhODE3M2M0
NC8xLzEtT3dVYU80eEFfNVRzYzlhbUhXdXpVNG9yVkUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABU6n4D
BAC5+yUwDQYJKoZIhvcNAQELBQADggEBAFGbvO3UJpjbwAWzWIv43cmO+v0mmSo4
V01FUXVDHYbdx1gQzwrfRojYkhrvoGjffBfQ0x2LoOOAuSYSPvU30IPWgIgXQ3aV
F777+atlIF7Ch92IM2/PQlm4MmEFkwgAYJ8BTBf6lufC4VUfupdTvMm08VDEr/UB
EmyFv9SUHjWIbKeHuWxObpkw/UaMnwLKQIwqWekian3lWInGLKE8ULDDL0ECOSYq
GFI/iqUXrcuWuMTU9PckbPxXDulfmRlxNk4TzOb570ABGSQwKpm/fuEr08SR2uJX
9/ZBBm1zakxauBVwGmsJO8ha+S+25oxIVx+4BRx68JaODDWeFl7862c=
-----END CERTIFICATE-----