Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/c2ec61-37ab-405b-a6c2-13ee4c8d3082/1/gVaKPdb0iab5AFEXgIdMjJmi1fc.roa
File:                     gVaKPdb0iab5AFEXgIdMjJmi1fc.roa (raw, json)
Hash identifier:          +Gl+9WF/x7tce+hM+67S0LqZe8Q4wRmd9cVT5LzVm94=
Subject key identifier:   81:56:8A:3D:D6:F4:89:A6:F9:00:51:17:80:87:4C:8C:99:A2:D5:F7
Certificate issuer:       /CN=34ba9c223241eb80e2bc71853bb7d2e58286bdd3
Certificate serial:       018E09CA101ADAF2CEC595550AD302743BC1
Authority key identifier: 34:BA:9C:22:32:41:EB:80:E2:BC:71:85:3B:B7:D2:E5:82:86:BD:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NLqcIjJB64DivHGFO7fS5YKGvdM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/c2ec61-37ab-405b-a6c2-13ee4c8d3082/1/gVaKPdb0iab5AFEXgIdMjJmi1fc.roa
Signing time:             Mon 04 Mar 2024 14:07:01 +0000
ROA not before:           Mon 04 Mar 2024 14:07:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204877
IP address blocks:        185.141.120.0/22 maxlen: 32
                          2a0d:ff00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/c2ec61-37ab-405b-a6c2-13ee4c8d3082/1/NLqcIjJB64DivHGFO7fS5YKGvdM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/c2ec61-37ab-405b-a6c2-13ee4c8d3082/1/NLqcIjJB64DivHGFO7fS5YKGvdM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NLqcIjJB64DivHGFO7fS5YKGvdM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:09:ca:10:1a:da:f2:ce:c5:95:55:0a:d3:02:74:3b:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34ba9c223241eb80e2bc71853bb7d2e58286bdd3
        Validity
            Not Before: Mar  4 14:07:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81568a3dd6f489a6f900511780874c8c99a2d5f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:cf:a5:11:67:85:b1:55:2b:38:29:78:eb:5d:
                    2d:fd:e1:5e:c4:a1:08:f9:37:7f:8c:bf:14:62:63:
                    4f:e4:2e:f3:61:65:5d:46:62:9c:09:49:b3:5b:e2:
                    83:84:98:c5:4d:e6:37:7b:e8:37:ae:d0:cb:cf:25:
                    39:ed:20:87:a0:0b:f3:85:02:09:ec:b8:ba:18:d0:
                    f2:06:a3:77:92:a3:28:e6:ac:da:ea:47:7e:35:e2:
                    ce:31:dc:d5:41:c1:94:5b:a3:d9:a5:8a:84:27:8b:
                    84:ee:3f:5a:6a:43:68:4e:7d:4f:ac:58:d7:be:8b:
                    74:86:e7:81:b9:28:04:af:b2:b7:2c:21:80:9c:c9:
                    d9:7c:51:70:d5:32:73:d8:69:de:28:bb:94:63:4e:
                    09:4f:e3:01:d6:18:3e:fb:27:13:8d:69:16:cc:60:
                    cc:95:84:39:04:2c:c0:1f:27:c8:3d:82:a4:b7:2d:
                    c4:12:b9:95:6f:34:aa:a0:01:ad:64:83:9c:cc:61:
                    4a:27:c6:a4:c2:ba:80:70:ad:9f:ae:4e:5f:af:4a:
                    3a:15:f9:3d:92:01:80:bf:0f:4b:a0:62:d1:8c:d8:
                    eb:f9:ba:e0:1a:6f:85:c4:00:97:39:57:38:a7:d7:
                    88:b8:75:9f:de:84:72:29:3b:51:bc:da:3c:fc:c6:
                    13:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:56:8A:3D:D6:F4:89:A6:F9:00:51:17:80:87:4C:8C:99:A2:D5:F7
            X509v3 Authority Key Identifier:
                keyid:34:BA:9C:22:32:41:EB:80:E2:BC:71:85:3B:B7:D2:E5:82:86:BD:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NLqcIjJB64DivHGFO7fS5YKGvdM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/c2ec61-37ab-405b-a6c2-13ee4c8d3082/1/gVaKPdb0iab5AFEXgIdMjJmi1fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/c2ec61-37ab-405b-a6c2-13ee4c8d3082/1/NLqcIjJB64DivHGFO7fS5YKGvdM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.120.0/22
                IPv6:
                  2a0d:ff00::/29

    Signature Algorithm: sha256WithRSAEncryption
         1e:b4:08:8c:98:50:9b:6e:4a:ae:e4:ae:d6:a7:c9:b2:10:fa:
         69:c6:55:d4:09:32:12:b1:f3:e4:4c:27:ee:5c:20:2b:9d:f4:
         c5:db:ee:8f:be:1e:ff:84:3e:eb:05:c4:68:00:82:f6:3e:b5:
         7a:4a:77:33:05:04:0b:9e:98:8a:25:f1:0b:e7:dd:34:ad:da:
         80:90:ed:dc:14:bf:04:ac:f3:3c:77:8d:78:70:a8:b6:d2:95:
         ee:a7:de:c6:fe:a8:f3:e2:e4:25:3a:38:15:19:85:d1:40:e7:
         e0:44:b7:17:e1:6b:56:1c:51:a8:4c:6b:b9:de:47:7e:b3:87:
         66:80:60:21:97:b3:c0:71:33:39:12:8b:50:47:19:2d:4e:e0:
         83:05:b3:1f:1b:c7:d5:4d:85:41:a4:31:4c:7e:1c:39:74:ba:
         c1:d7:91:b7:9f:f7:44:6e:c2:6f:0f:24:f5:f4:8f:28:24:01:
         6b:19:d3:98:cc:b6:2d:b2:51:c7:14:81:83:8c:16:73:cb:88:
         b7:33:3a:99:c9:8a:da:c6:93:61:04:ba:ca:f0:07:fa:bf:42:
         0f:c1:c3:52:85:83:8b:40:e9:9a:19:40:de:f5:6b:9a:fb:44:
         ff:11:7c:c8:85:33:fe:b5:e0:54:3a:20:99:b5:23:74:0d:f8:
         d1:3d:9a:f1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY4JyhAa2vLOxZVVCtMCdDvBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0YmE5YzIyMzI0MWViODBlMmJjNzE4NTNiYjdkMmU1ODI4
NmJkZDMwHhcNMjQwMzA0MTQwNzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTU2OGEzZGQ2ZjQ4OWE2ZjkwMDUxMTc4MDg3NGM4Yzk5YTJkNWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8+lEWeFsVUrOCl4610t/eFexKEI
+Td/jL8UYmNP5C7zYWVdRmKcCUmzW+KDhJjFTeY3e+g3rtDLzyU57SCHoAvzhQIJ
7Li6GNDyBqN3kqMo5qza6kd+NeLOMdzVQcGUW6PZpYqEJ4uE7j9aakNoTn1PrFjX
vot0hueBuSgEr7K3LCGAnMnZfFFw1TJz2GneKLuUY04JT+MB1hg++ycTjWkWzGDM
lYQ5BCzAHyfIPYKkty3EErmVbzSqoAGtZIOczGFKJ8akwrqAcK2frk5fr0o6Ffk9
kgGAvw9LoGLRjNjr+brgGm+FxACXOVc4p9eIuHWf3oRyKTtRvNo8/MYTnQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIFWij3W9Imm+QBRF4CHTIyZotX3MB8GA1UdIwQY
MBaAFDS6nCIyQeuA4rxxhTu30uWChr3TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkxxY0lqSkI2NERpdkhHRk83ZlM1WUtHdmRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9jMmVjNjEtMzdhYi00MDViLWE2YzIt
MTNlZTRjOGQzMDgyLzEvZ1ZhS1BkYjBpYWI1QUZFWGdJZE1qSm1pMWZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9jMmVjNjEtMzdhYi00MDViLWE2YzItMTNlZTRjOGQzMDgy
LzEvTkxxY0lqSkI2NERpdkhHRk83ZlM1WUtHdmRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuY14MA0E
AgACMAcDBQMqDf8AMA0GCSqGSIb3DQEBCwUAA4IBAQAetAiMmFCbbkqu5K7Wp8my
EPppxlXUCTISsfPkTCfuXCArnfTF2+6Pvh7/hD7rBcRoAIL2PrV6SnczBQQLnpiK
JfEL5900rdqAkO3cFL8ErPM8d414cKi20pXup97G/qjz4uQlOjgVGYXRQOfgRLcX
4WtWHFGoTGu53kd+s4dmgGAhl7PAcTM5EotQRxktTuCDBbMfG8fVTYVBpDFMfhw5
dLrB15G3n/dEbsJvDyT19I8oJAFrGdOYzLYtslHHFIGDjBZzy4i3MzqZyYraxpNh
BLrK8Af6v0IPwcNShYOLQOmaGUDe9Wua+0T/EXzIhTP+teBUOiCZtSN0DfjRPZrx
-----END CERTIFICATE-----