Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/gPTbTV_-5VENN0WTPohjL-LuyJI.roa
File:                     gPTbTV_-5VENN0WTPohjL-LuyJI.roa (raw, json)
Hash identifier:          JvsPB0YJnWJB4SaYdkuoEQ5ig7UMuvt9Y5ExPT7rBKQ=
Subject key identifier:   80:F4:DB:4D:5F:FE:E5:51:0D:37:45:93:3E:88:63:2F:E2:EE:C8:92
Certificate issuer:       /CN=5dedd6b0e36f4bd8f1d57e26cc1c2d18c6993c04
Certificate serial:       018CCA29D4E7AE53BC5426C75DDD93D92091
Authority key identifier: 5D:ED:D6:B0:E3:6F:4B:D8:F1:D5:7E:26:CC:1C:2D:18:C6:99:3C:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/gPTbTV_-5VENN0WTPohjL-LuyJI.roa
Signing time:             Tue 02 Jan 2024 12:33:08 +0000
ROA not before:           Tue 02 Jan 2024 12:33:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8820
IP address blocks:        46.41.14.0/24 maxlen: 24
                          188.246.17.0/24 maxlen: 24
                          188.246.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:02:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:d4:e7:ae:53:bc:54:26:c7:5d:dd:93:d9:20:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dedd6b0e36f4bd8f1d57e26cc1c2d18c6993c04
        Validity
            Not Before: Jan  2 12:33:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80f4db4d5ffee5510d3745933e88632fe2eec892
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:44:0f:2a:ff:d6:0f:37:16:83:58:c1:f8:27:
                    66:01:03:d9:cf:45:60:3b:31:c2:ed:4f:66:17:1c:
                    8e:30:a9:f9:38:55:07:a5:67:db:47:bc:db:a9:50:
                    26:12:ee:51:78:25:b4:c5:a9:48:08:e4:75:2b:ee:
                    8b:f1:fd:ed:5b:8d:bd:20:48:3a:bd:3d:0a:02:ad:
                    6a:90:5d:1a:61:89:3e:f1:5e:5d:90:20:bd:79:bd:
                    87:ac:a3:72:99:3c:a4:49:9c:34:a5:10:a5:8a:07:
                    25:34:48:d9:15:9c:87:52:a0:d0:25:92:ac:6d:4d:
                    40:67:20:23:fb:d6:74:f5:8e:59:4d:4e:4c:f4:3e:
                    1b:8e:2c:27:67:2e:a0:70:9e:4e:4e:96:d4:9f:9e:
                    b0:e5:9e:de:aa:5f:80:51:f8:5a:d5:fb:4a:13:c4:
                    63:bd:ce:cc:f9:e2:b6:9e:a8:cd:57:c0:ca:79:b5:
                    ab:f7:5a:df:7a:18:09:f2:2e:46:f2:3c:66:f2:29:
                    3c:1a:07:5d:2c:da:ed:f0:ac:7e:ae:a9:dd:c7:69:
                    5e:0e:b6:01:55:40:00:c9:e7:15:ec:85:c8:e1:5c:
                    bd:5d:77:48:81:a8:98:a5:ca:19:1a:5c:a1:e0:17:
                    f1:3d:8b:6d:61:7c:fc:9b:e5:2a:37:73:eb:1a:1a:
                    be:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:F4:DB:4D:5F:FE:E5:51:0D:37:45:93:3E:88:63:2F:E2:EE:C8:92
            X509v3 Authority Key Identifier:
                keyid:5D:ED:D6:B0:E3:6F:4B:D8:F1:D5:7E:26:CC:1C:2D:18:C6:99:3C:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/gPTbTV_-5VENN0WTPohjL-LuyJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.41.14.0/24
                  188.246.17.0/24
                  188.246.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:02:14:b4:0f:d0:81:49:88:b9:c7:9c:53:1d:04:52:5f:96:
         e5:0f:e0:99:8c:a2:3c:73:ff:93:a3:53:99:dd:51:83:51:4f:
         8e:7c:7e:48:4a:f8:f2:63:24:c0:50:17:7b:b2:7c:74:e8:7b:
         23:2a:d0:a9:c3:2e:c8:21:72:4e:c1:f3:98:b7:fa:bf:cc:8e:
         dd:b1:73:db:79:58:6c:29:98:25:e3:8c:92:d9:86:8d:0c:99:
         72:aa:78:bf:f5:60:ee:89:82:7e:dc:92:09:3a:22:1c:d0:58:
         88:33:b8:b4:0a:b0:ab:f3:fc:6a:8f:6d:2a:31:37:d6:5b:15:
         d6:88:02:71:64:4d:1d:21:52:4a:93:09:e3:e3:07:4b:01:bc:
         0b:76:98:23:cd:a5:07:1f:bd:4c:f7:7d:92:c6:c3:6f:c3:ea:
         2e:8b:18:b5:8b:f0:1d:51:bf:08:1b:63:fe:ff:c0:8e:ca:b1:
         a2:74:da:d6:16:3f:3a:48:2c:a6:70:87:c9:cf:92:bc:35:aa:
         47:8d:d2:9d:65:7c:89:da:a8:ef:20:d6:6d:63:77:10:df:07:
         c5:21:2b:1f:82:6e:04:6e:6e:dc:b4:59:a9:5d:c9:22:3d:ce:
         c2:55:30:a4:b7:90:2f:e5:82:3c:dc:3b:55:5d:09:36:f2:ad:
         45:d1:32:19
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKKdTnrlO8VCbHXd2T2SCRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZWRkNmIwZTM2ZjRiZDhmMWQ1N2UyNmNjMWMyZDE4YzY5
OTNjMDQwHhcNMjQwMTAyMTIzMzA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGY0ZGI0ZDVmZmVlNTUxMGQzNzQ1OTMzZTg4NjMyZmUyZWVjODkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokQPKv/WDzcWg1jB+CdmAQPZz0Vg
OzHC7U9mFxyOMKn5OFUHpWfbR7zbqVAmEu5ReCW0xalICOR1K+6L8f3tW429IEg6
vT0KAq1qkF0aYYk+8V5dkCC9eb2HrKNymTykSZw0pRCligclNEjZFZyHUqDQJZKs
bU1AZyAj+9Z09Y5ZTU5M9D4bjiwnZy6gcJ5OTpbUn56w5Z7eql+AUfha1ftKE8Rj
vc7M+eK2nqjNV8DKebWr91rfehgJ8i5G8jxm8ik8GgddLNrt8Kx+rqndx2leDrYB
VUAAyecV7IXI4Vy9XXdIgaiYpcoZGlyh4BfxPYttYXz8m+UqN3PrGhq+/wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFID0201f/uVRDTdFkz6IYy/i7siSMB8GA1UdIwQY
MBaAFF3t1rDjb0vY8dV+JswcLRjGmTwEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGUzV3NPTnZTOWp4MVg0bXpCd3RHTWFaUEFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9mMDNjZGMtMjk0NS00MDhjLTg4ODkt
YzY5ODcxZjVkMzA1LzEvZ1BUYlRWXy01VkVOTjBXVFBvaGpMLUx1eUpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9mMDNjZGMtMjk0NS00MDhjLTg4ODktYzY5ODcxZjVkMzA1
LzEvWGUzV3NPTnZTOWp4MVg0bXpCd3RHTWFaUEFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALikOAwQA
vPYRAwQAvPYXMA0GCSqGSIb3DQEBCwUAA4IBAQB1AhS0D9CBSYi5x5xTHQRSX5bl
D+CZjKI8c/+To1OZ3VGDUU+OfH5ISvjyYyTAUBd7snx06HsjKtCpwy7IIXJOwfOY
t/q/zI7dsXPbeVhsKZgl44yS2YaNDJlyqni/9WDuiYJ+3JIJOiIc0FiIM7i0CrCr
8/xqj20qMTfWWxXWiAJxZE0dIVJKkwnj4wdLAbwLdpgjzaUHH71M932SxsNvw+ou
ixi1i/AdUb8IG2P+/8COyrGidNrWFj86SCymcIfJz5K8NapHjdKdZXyJ2qjvINZt
Y3cQ3wfFISsfgm4Ebm7ctFmpXckiPc7CVTCkt5Av5YI83DtVXQk28q1F0TIZ
-----END CERTIFICATE-----