Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a48017-59d4-4095-beef-d606d9925ab7/1/cc_gigPeu50sv85VxRSiAVow7FA.roa
File:                     cc_gigPeu50sv85VxRSiAVow7FA.roa (raw, json)
Hash identifier:          JLxGZ3SqTBYH1J2PUMFkDQJa10pXZr8zJFqN6KGsxz8=
Subject key identifier:   71:CF:E0:8A:03:DE:BB:9D:2C:BF:CE:55:C5:14:A2:01:5A:30:EC:50
Certificate issuer:       /CN=8dc4587335c290ff8f2b374df24abe2333bced5e
Certificate serial:       018CC4935FE9FBE2A41B6F37C98881875D01
Authority key identifier: 8D:C4:58:73:35:C2:90:FF:8F:2B:37:4D:F2:4A:BE:23:33:BC:ED:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jcRYczXCkP-PKzdN8kq-IzO87V4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/a48017-59d4-4095-beef-d606d9925ab7/1/cc_gigPeu50sv85VxRSiAVow7FA.roa
Signing time:             Mon 01 Jan 2024 10:30:41 +0000
ROA not before:           Mon 01 Jan 2024 10:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205402
IP address blocks:        109.234.224.0/21 maxlen: 24
                          185.108.92.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/a48017-59d4-4095-beef-d606d9925ab7/1/jcRYczXCkP-PKzdN8kq-IzO87V4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/a48017-59d4-4095-beef-d606d9925ab7/1/jcRYczXCkP-PKzdN8kq-IzO87V4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jcRYczXCkP-PKzdN8kq-IzO87V4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:5f:e9:fb:e2:a4:1b:6f:37:c9:88:81:87:5d:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8dc4587335c290ff8f2b374df24abe2333bced5e
        Validity
            Not Before: Jan  1 10:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71cfe08a03debb9d2cbfce55c514a2015a30ec50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:cc:13:42:5c:00:82:65:c1:b2:91:fb:50:d8:
                    e1:df:e1:23:26:d0:81:05:67:cd:79:c0:9a:f3:e9:
                    1e:a4:0c:26:ac:52:21:2c:4b:3e:7f:b6:5e:08:a6:
                    86:e0:6b:38:0a:06:b0:e9:06:ad:cb:3d:92:2e:53:
                    61:2b:d2:3e:47:0e:34:89:15:65:54:69:cc:d4:3f:
                    6a:e7:a2:af:0b:de:7e:1b:4e:f2:64:f8:40:39:0f:
                    c4:7d:9b:8a:fc:db:b4:8a:e5:17:6c:f0:ae:e0:60:
                    6e:37:ba:90:45:38:5d:fa:d0:5e:69:bf:9e:4c:c9:
                    5c:3a:e4:92:cd:c7:15:e0:c2:bd:94:f8:ef:09:33:
                    b9:d9:df:70:6a:e3:be:e9:2d:ad:1c:e2:76:50:64:
                    0c:40:cf:fb:b0:83:c4:35:90:95:2f:ac:23:e8:dd:
                    64:10:f1:24:4f:74:8d:f5:f6:42:5d:6c:88:95:de:
                    c3:72:38:ac:f3:fb:05:8a:f8:50:3c:83:f7:8f:2b:
                    fb:ac:7a:c9:39:eb:c0:5d:7a:8d:7e:63:0f:3b:85:
                    f4:69:52:48:8b:c4:7f:6f:86:68:9b:87:39:a0:85:
                    01:cb:49:3a:87:d2:2a:94:dc:ec:e4:c0:20:c9:76:
                    52:95:ab:76:4a:09:8f:b5:32:b6:e7:64:32:c4:bf:
                    41:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:CF:E0:8A:03:DE:BB:9D:2C:BF:CE:55:C5:14:A2:01:5A:30:EC:50
            X509v3 Authority Key Identifier:
                keyid:8D:C4:58:73:35:C2:90:FF:8F:2B:37:4D:F2:4A:BE:23:33:BC:ED:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jcRYczXCkP-PKzdN8kq-IzO87V4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a48017-59d4-4095-beef-d606d9925ab7/1/cc_gigPeu50sv85VxRSiAVow7FA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a48017-59d4-4095-beef-d606d9925ab7/1/jcRYczXCkP-PKzdN8kq-IzO87V4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.234.224.0/21
                  185.108.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:08:00:eb:c6:bd:0e:2f:80:db:53:37:88:ba:03:d3:10:35:
         5f:92:18:2b:f6:bb:e5:a0:5d:88:c0:d5:a8:04:75:d4:a8:3c:
         4b:61:1f:e3:0b:1e:1d:2f:29:f3:79:8f:3c:b2:6d:0e:4d:34:
         88:9c:60:08:81:37:2f:35:5d:89:9b:d2:9c:c9:91:0d:07:a8:
         8b:bb:76:92:85:f1:ff:9a:32:f8:97:5f:3a:91:82:a4:49:6b:
         be:92:64:f5:84:69:14:b0:bc:6b:95:2b:f0:ae:cf:08:14:54:
         51:e5:84:55:e5:0f:6d:eb:a0:ad:99:c2:e5:42:c6:a2:72:66:
         8f:74:43:59:71:35:20:52:7e:f4:84:ce:ea:3c:2b:fe:27:90:
         c2:2f:1e:4a:d3:44:18:81:df:8f:f0:38:25:07:f1:1d:9e:29:
         8d:dd:73:68:ac:26:28:39:5f:dc:f1:1b:bc:20:a6:e7:2f:19:
         92:01:74:33:f2:1a:05:ef:5d:9f:d7:ed:ff:4b:c0:7b:5c:27:
         50:6c:10:c1:cc:56:0c:ed:60:bc:d3:8c:df:5c:c7:00:06:7f:
         34:ed:e3:fa:41:ae:4c:71:36:4c:7a:2a:c9:2e:77:fc:69:0f:
         50:28:41:39:61:1a:1e:a9:98:e7:6a:17:57:58:bf:f6:a0:d8:
         a7:b7:91:82
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEk1/p++KkG283yYiBh10BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYzQ1ODczMzVjMjkwZmY4ZjJiMzc0ZGYyNGFiZTIzMzNi
Y2VkNWUwHhcNMjQwMTAxMTAzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWNmZTA4YTAzZGViYjlkMmNiZmNlNTVjNTE0YTIwMTVhMzBlYzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiswTQlwAgmXBspH7UNjh3+EjJtCB
BWfNecCa8+kepAwmrFIhLEs+f7ZeCKaG4Gs4Cgaw6Qatyz2SLlNhK9I+Rw40iRVl
VGnM1D9q56KvC95+G07yZPhAOQ/EfZuK/Nu0iuUXbPCu4GBuN7qQRThd+tBeab+e
TMlcOuSSzccV4MK9lPjvCTO52d9wauO+6S2tHOJ2UGQMQM/7sIPENZCVL6wj6N1k
EPEkT3SN9fZCXWyIld7Dcjis8/sFivhQPIP3jyv7rHrJOevAXXqNfmMPO4X0aVJI
i8R/b4Zom4c5oIUBy0k6h9IqlNzs5MAgyXZSlat2SgmPtTK252QyxL9BcQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHHP4IoD3rudLL/OVcUUogFaMOxQMB8GA1UdIwQY
MBaAFI3EWHM1wpD/jys3TfJKviMzvO1eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamNSWWN6WENrUC1QS3pkTjhrcS1Jek84N1Y0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hNDgwMTctNTlkNC00MDk1LWJlZWYt
ZDYwNmQ5OTI1YWI3LzEvY2NfZ2lnUGV1NTBzdjg1VnhSU2lBVm93N0ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hNDgwMTctNTlkNC00MDk1LWJlZWYtZDYwNmQ5OTI1YWI3
LzEvamNSWWN6WENrUC1QS3pkTjhrcS1Jek84N1Y0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDbergAwQC
uWxcMA0GCSqGSIb3DQEBCwUAA4IBAQAUCADrxr0OL4DbUzeIugPTEDVfkhgr9rvl
oF2IwNWoBHXUqDxLYR/jCx4dLynzeY88sm0OTTSInGAIgTcvNV2Jm9KcyZENB6iL
u3aShfH/mjL4l186kYKkSWu+kmT1hGkUsLxrlSvwrs8IFFRR5YRV5Q9t66CtmcLl
QsaicmaPdENZcTUgUn70hM7qPCv+J5DCLx5K00QYgd+P8DglB/EdnimN3XNorCYo
OV/c8Ru8IKbnLxmSAXQz8hoF712f1+3/S8B7XCdQbBDBzFYM7WC804zfXMcABn80
7eP6Qa5McTZMeirJLnf8aQ9QKEE5YRoeqZjnahdXWL/2oNint5GC
-----END CERTIFICATE-----