Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/6cd5fc-60cc-45de-bd8a-1544b44d59ca/1/gw4_oPDMJtqORj3fQ6lwOCXx5z8.roa
File:                     gw4_oPDMJtqORj3fQ6lwOCXx5z8.roa (raw, json)
Hash identifier:          5Lvc487uRUqOa28tDqLbtRuXNRg9oz1/Qj5rassFg/U=
Subject key identifier:   83:0E:3F:A0:F0:CC:26:DA:8E:46:3D:DF:43:A9:70:38:25:F1:E7:3F
Certificate issuer:       /CN=c62d7cac1ffb2c3fbde284625bf1af4c6bae6b0e
Certificate serial:       018CC26D6391C5120985B91A70529561DA19
Authority key identifier: C6:2D:7C:AC:1F:FB:2C:3F:BD:E2:84:62:5B:F1:AF:4C:6B:AE:6B:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xi18rB_7LD-94oRiW_GvTGuuaw4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/6cd5fc-60cc-45de-bd8a-1544b44d59ca/1/gw4_oPDMJtqORj3fQ6lwOCXx5z8.roa
Signing time:             Mon 01 Jan 2024 00:29:57 +0000
ROA not before:           Mon 01 Jan 2024 00:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3292
IP address blocks:        147.29.150.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/6cd5fc-60cc-45de-bd8a-1544b44d59ca/1/xi18rB_7LD-94oRiW_GvTGuuaw4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/6cd5fc-60cc-45de-bd8a-1544b44d59ca/1/xi18rB_7LD-94oRiW_GvTGuuaw4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xi18rB_7LD-94oRiW_GvTGuuaw4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 06:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:63:91:c5:12:09:85:b9:1a:70:52:95:61:da:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c62d7cac1ffb2c3fbde284625bf1af4c6bae6b0e
        Validity
            Not Before: Jan  1 00:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=830e3fa0f0cc26da8e463ddf43a9703825f1e73f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:0d:48:3a:f7:1c:a4:bf:b3:48:b6:0c:c9:33:
                    1a:b1:76:7b:eb:18:b4:12:77:32:1c:0a:d6:b5:b0:
                    e0:a2:e2:63:58:d8:3e:1c:e8:10:53:2b:1e:2e:8b:
                    c2:40:58:9c:67:ea:1a:a1:32:7d:68:60:00:23:21:
                    68:47:e0:62:68:a7:b7:33:a6:f2:16:46:14:b7:13:
                    69:a4:46:7e:9b:08:d8:c4:e2:3a:06:5b:14:53:36:
                    2b:88:11:51:a3:f7:ca:cd:90:24:1a:dc:95:94:f9:
                    dd:d2:dc:8e:8f:2b:c6:e0:22:3f:6c:6f:af:1c:5d:
                    20:43:0e:c6:3b:10:f8:20:21:d9:d0:60:02:6c:b7:
                    c1:d1:0c:04:75:9b:a9:56:99:f9:cb:d2:61:8d:a5:
                    2f:4c:3e:fa:c4:54:94:0c:c2:b0:10:86:a8:9c:ef:
                    a6:fb:b3:e3:f9:0c:87:7f:77:e2:29:47:9e:e9:61:
                    9d:06:9b:74:4c:75:8e:f8:d4:49:98:d7:1c:50:93:
                    62:23:a1:84:ac:c1:37:f3:05:b6:fb:2a:a5:cb:c7:
                    a0:21:2b:92:f6:9d:3f:ab:81:f6:66:ba:02:3d:b1:
                    4c:b3:f3:8d:da:ad:28:0e:c6:05:a1:87:51:ac:5c:
                    8d:b9:b8:dd:ee:03:94:38:29:85:86:4d:1d:71:1c:
                    74:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:0E:3F:A0:F0:CC:26:DA:8E:46:3D:DF:43:A9:70:38:25:F1:E7:3F
            X509v3 Authority Key Identifier:
                keyid:C6:2D:7C:AC:1F:FB:2C:3F:BD:E2:84:62:5B:F1:AF:4C:6B:AE:6B:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xi18rB_7LD-94oRiW_GvTGuuaw4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/6cd5fc-60cc-45de-bd8a-1544b44d59ca/1/gw4_oPDMJtqORj3fQ6lwOCXx5z8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/6cd5fc-60cc-45de-bd8a-1544b44d59ca/1/xi18rB_7LD-94oRiW_GvTGuuaw4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.29.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         84:a3:4d:58:49:e5:2f:bf:40:94:53:56:00:e8:8a:a4:1d:91:
         6e:25:32:1f:87:3e:73:68:a1:70:c6:71:f9:f2:a0:f3:b3:9e:
         6d:0b:69:7d:f4:9d:6b:2b:2e:26:f5:22:51:3b:0a:64:ed:aa:
         84:6d:09:ee:c3:90:46:8f:8b:0c:d0:a0:c6:d1:25:ce:f2:48:
         22:ec:7b:d7:64:20:b6:af:30:1a:5a:88:3a:cc:69:07:13:0f:
         25:d2:85:dc:82:96:40:27:b2:bf:5e:f2:42:96:5e:1a:64:cd:
         b5:c1:e2:ba:e1:3d:2f:39:ff:b8:c7:e5:80:7f:da:ad:f1:09:
         93:06:35:15:d1:f9:39:25:6f:ee:ab:f5:f3:9d:b2:78:b7:0e:
         6f:d0:7e:2d:de:e7:c4:da:75:48:c6:25:9e:3f:8c:eb:b0:b4:
         a3:af:b3:02:0f:25:c4:07:23:0c:18:68:c6:b5:51:00:b8:59:
         c4:ed:db:84:3f:70:08:84:15:ec:23:5c:5b:63:2b:d3:72:18:
         ad:78:89:79:e7:8b:a9:dd:a9:da:76:22:9d:d1:e3:ea:5a:10:
         29:ed:7d:fa:71:24:ea:41:32:1d:e1:1c:1a:f5:8b:15:89:28:
         9f:b9:2f:5f:5c:94:59:21:42:25:1a:57:1d:a3:cf:a7:a5:c6:
         d6:35:13:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbWORxRIJhbkacFKVYdoZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MmQ3Y2FjMWZmYjJjM2ZiZGUyODQ2MjViZjFhZjRjNmJh
ZTZiMGUwHhcNMjQwMTAxMDAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzBlM2ZhMGYwY2MyNmRhOGU0NjNkZGY0M2E5NzAzODI1ZjFlNzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnw1IOvccpL+zSLYMyTMasXZ76xi0
EncyHArWtbDgouJjWNg+HOgQUyseLovCQFicZ+oaoTJ9aGAAIyFoR+BiaKe3M6by
FkYUtxNppEZ+mwjYxOI6BlsUUzYriBFRo/fKzZAkGtyVlPnd0tyOjyvG4CI/bG+v
HF0gQw7GOxD4ICHZ0GACbLfB0QwEdZupVpn5y9JhjaUvTD76xFSUDMKwEIaonO+m
+7Pj+QyHf3fiKUee6WGdBpt0THWO+NRJmNccUJNiI6GErME38wW2+yqly8egISuS
9p0/q4H2ZroCPbFMs/ON2q0oDsYFoYdRrFyNubjd7gOUOCmFhk0dcRx0EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIMOP6DwzCbajkY930OpcDgl8ec/MB8GA1UdIwQY
MBaAFMYtfKwf+yw/veKEYlvxr0xrrmsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGkxOHJCXzdMRC05NG9SaVdfR3ZUR3V1YXc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82Y2Q1ZmMtNjBjYy00NWRlLWJkOGEt
MTU0NGI0NGQ1OWNhLzEvZ3c0X29QRE1KdHFPUmozZlE2bHdPQ1h4NXo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82Y2Q1ZmMtNjBjYy00NWRlLWJkOGEtMTU0NGI0NGQ1OWNh
LzEveGkxOHJCXzdMRC05NG9SaVdfR3ZUR3V1YXc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBkx2WMA0G
CSqGSIb3DQEBCwUAA4IBAQCEo01YSeUvv0CUU1YA6IqkHZFuJTIfhz5zaKFwxnH5
8qDzs55tC2l99J1rKy4m9SJROwpk7aqEbQnuw5BGj4sM0KDG0SXO8kgi7HvXZCC2
rzAaWog6zGkHEw8l0oXcgpZAJ7K/XvJCll4aZM21weK64T0vOf+4x+WAf9qt8QmT
BjUV0fk5JW/uq/XznbJ4tw5v0H4t3ufE2nVIxiWeP4zrsLSjr7MCDyXEByMMGGjG
tVEAuFnE7duEP3AIhBXsI1xbYyvTchiteIl554up3anadiKd0ePqWhAp7X36cSTq
QTId4Rwa9YsViSifuS9fXJRZIUIlGlcdo8+npcbWNRPs
-----END CERTIFICATE-----