Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/779d7c-7564-4960-98c1-5f6ee58d9c8b/1/gQ0XNZzlo6_D5_6oh63nMqIyN2s.roa
File:                     gQ0XNZzlo6_D5_6oh63nMqIyN2s.roa (raw, json)
Hash identifier:          ofJqst8Qc50l9ofICGP9GbDI9oGMWAApeFId8dU+cgI=
Subject key identifier:   81:0D:17:35:9C:E5:A3:AF:C3:E7:FE:A8:87:AD:E7:32:A2:32:37:6B
Certificate issuer:       /CN=3cb78128b79ca91ab624ba8325dfced94f64469a
Certificate serial:       018CEDABAE8E2FD38593F14B89E13B2DA81D
Authority key identifier: 3C:B7:81:28:B7:9C:A9:1A:B6:24:BA:83:25:DF:CE:D9:4F:64:46:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PLeBKLecqRq2JLqDJd_O2U9kRpo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/779d7c-7564-4960-98c1-5f6ee58d9c8b/1/gQ0XNZzlo6_D5_6oh63nMqIyN2s.roa
Signing time:             Tue 09 Jan 2024 10:01:40 +0000
ROA not before:           Tue 09 Jan 2024 10:01:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12703
IP address blocks:        185.71.100.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/779d7c-7564-4960-98c1-5f6ee58d9c8b/1/PLeBKLecqRq2JLqDJd_O2U9kRpo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/779d7c-7564-4960-98c1-5f6ee58d9c8b/1/PLeBKLecqRq2JLqDJd_O2U9kRpo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PLeBKLecqRq2JLqDJd_O2U9kRpo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ed:ab:ae:8e:2f:d3:85:93:f1:4b:89:e1:3b:2d:a8:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cb78128b79ca91ab624ba8325dfced94f64469a
        Validity
            Not Before: Jan  9 10:01:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=810d17359ce5a3afc3e7fea887ade732a232376b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:55:aa:a8:5d:ed:b6:12:66:8d:d5:1a:f7:5d:
                    25:5e:df:84:63:f1:9b:1c:92:2d:fb:a0:30:85:76:
                    c4:a5:04:f2:2c:6e:3a:ba:ae:94:0c:1b:4e:5e:6c:
                    37:70:85:84:d0:66:96:2c:61:ef:f7:eb:73:77:f6:
                    d5:9a:bc:76:e9:aa:74:f3:5a:f1:12:2a:fb:9f:98:
                    54:d2:b0:d3:46:85:31:fb:67:f7:8a:6a:ca:fa:76:
                    c9:09:f9:9c:3c:7d:a9:bc:39:13:f7:1b:30:99:db:
                    df:93:74:1a:f9:4f:05:35:80:a8:04:a1:56:c7:f5:
                    b6:f3:b8:7a:7a:41:37:02:fc:20:7d:b6:42:2e:ea:
                    27:05:dc:1d:ee:de:0e:e4:02:a0:06:7a:a8:c4:6f:
                    81:c2:d5:42:c2:66:5b:7d:9c:03:6e:e9:d2:bc:89:
                    c7:91:5c:64:d3:5a:fe:08:4f:53:2a:e9:bf:eb:a2:
                    cb:9d:07:1a:4b:88:8e:4f:13:61:9a:04:1f:43:39:
                    0b:85:82:8f:7a:62:84:87:12:c7:26:d3:fb:2d:38:
                    53:f4:f6:f6:90:b1:5e:ab:e8:ee:45:d5:0a:55:33:
                    0a:da:f2:ad:c4:e5:71:a2:b2:f8:5b:76:c1:fd:6c:
                    12:21:3b:2d:83:52:9a:d3:9e:03:71:7d:0a:ab:68:
                    a2:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:0D:17:35:9C:E5:A3:AF:C3:E7:FE:A8:87:AD:E7:32:A2:32:37:6B
            X509v3 Authority Key Identifier:
                keyid:3C:B7:81:28:B7:9C:A9:1A:B6:24:BA:83:25:DF:CE:D9:4F:64:46:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PLeBKLecqRq2JLqDJd_O2U9kRpo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/779d7c-7564-4960-98c1-5f6ee58d9c8b/1/gQ0XNZzlo6_D5_6oh63nMqIyN2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/779d7c-7564-4960-98c1-5f6ee58d9c8b/1/PLeBKLecqRq2JLqDJd_O2U9kRpo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:29:64:6c:85:84:e1:b8:d9:ff:e9:98:95:cc:9d:0e:97:e2:
         af:00:d7:0b:c6:9d:84:68:bf:ee:45:ea:1c:ad:41:66:ad:43:
         cf:31:47:34:70:ec:0a:0d:51:bb:9e:9a:08:5c:9f:2f:a0:5d:
         5c:f8:e0:34:51:2c:91:06:3b:e4:57:32:25:c3:a4:a3:1b:4c:
         2e:23:08:10:22:7e:40:f7:13:e9:51:d6:a5:36:0a:b6:76:1e:
         77:b5:9d:47:c4:87:36:eb:0c:20:45:65:0c:df:08:34:7c:89:
         19:30:ea:06:da:42:fa:34:be:58:b0:0b:83:be:97:c0:4e:78:
         3d:cd:fa:90:99:15:b3:05:cb:30:22:de:b3:df:41:f1:5c:f2:
         dd:8f:84:1a:3d:65:c3:46:da:8b:b4:e6:3e:86:30:61:36:22:
         7c:21:19:40:05:cb:aa:9a:44:60:c0:ab:c4:59:91:04:5a:ce:
         04:56:2d:ab:b5:cf:e2:66:c2:6e:cd:d0:e7:e0:24:08:94:89:
         c5:ba:26:fb:45:9a:ff:4f:37:23:cf:44:19:7c:b1:68:e7:bc:
         8f:fe:5f:1b:32:49:5b:90:9d:5f:21:72:fa:31:dc:ed:27:b1:
         84:89:e1:33:34:2e:bf:2e:09:89:91:5c:5e:87:d8:42:cd:a3:
         ee:3a:f7:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYztq66OL9OFk/FLieE7LagdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjYjc4MTI4Yjc5Y2E5MWFiNjI0YmE4MzI1ZGZjZWQ5NGY2
NDQ2OWEwHhcNMjQwMTA5MTAwMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTBkMTczNTljZTVhM2FmYzNlN2ZlYTg4N2FkZTczMmEyMzIzNzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgFWqqF3tthJmjdUa910lXt+EY/Gb
HJIt+6AwhXbEpQTyLG46uq6UDBtOXmw3cIWE0GaWLGHv9+tzd/bVmrx26ap081rx
Eir7n5hU0rDTRoUx+2f3imrK+nbJCfmcPH2pvDkT9xswmdvfk3Qa+U8FNYCoBKFW
x/W287h6ekE3AvwgfbZCLuonBdwd7t4O5AKgBnqoxG+BwtVCwmZbfZwDbunSvInH
kVxk01r+CE9TKum/66LLnQcaS4iOTxNhmgQfQzkLhYKPemKEhxLHJtP7LThT9Pb2
kLFeq+juRdUKVTMK2vKtxOVxorL4W3bB/WwSITstg1Ka054DcX0Kq2ii2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIENFzWc5aOvw+f+qIet5zKiMjdrMB8GA1UdIwQY
MBaAFDy3gSi3nKkatiS6gyXfztlPZEaaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUExlQktMZWNxUnEySkxxREpkX08yVTlrUnBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi83NzlkN2MtNzU2NC00OTYwLTk4YzEt
NWY2ZWU1OGQ5YzhiLzEvZ1EwWE5aemxvNl9ENV82b2g2M25NcUl5TjJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi83NzlkN2MtNzU2NC00OTYwLTk4YzEtNWY2ZWU1OGQ5Yzhi
LzEvUExlQktMZWNxUnEySkxxREpkX08yVTlrUnBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUdkMA0G
CSqGSIb3DQEBCwUAA4IBAQAWKWRshYThuNn/6ZiVzJ0Ol+KvANcLxp2EaL/uReoc
rUFmrUPPMUc0cOwKDVG7npoIXJ8voF1c+OA0USyRBjvkVzIlw6SjG0wuIwgQIn5A
9xPpUdalNgq2dh53tZ1HxIc26wwgRWUM3wg0fIkZMOoG2kL6NL5YsAuDvpfATng9
zfqQmRWzBcswIt6z30HxXPLdj4QaPWXDRtqLtOY+hjBhNiJ8IRlABcuqmkRgwKvE
WZEEWs4EVi2rtc/iZsJuzdDn4CQIlInFuib7RZr/Tzcjz0QZfLFo57yP/l8bMklb
kJ1fIXL6MdztJ7GEieEzNC6/LgmJkVxeh9hCzaPuOvcg
-----END CERTIFICATE-----