Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/g-G_A6UJcrubANCJplvp8GhbzDU.roa
File:                     g-G_A6UJcrubANCJplvp8GhbzDU.roa (raw, json)
Hash identifier:          0uVHwOhPtoCVYwYMrAc7PaRUVQozXpMAk1Fi5j6r6XY=
Subject key identifier:   83:E1:BF:03:A5:09:72:BB:9B:00:D0:89:A6:5B:E9:F0:68:5B:CC:35
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       019108561570C256632B407E1739B82B17C7
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/g-G_A6UJcrubANCJplvp8GhbzDU.roa
Signing time:             Wed 31 Jul 2024 10:29:04 +0000
ROA not before:           Wed 31 Jul 2024 10:29:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212025
IP address blocks:        85.158.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:08:56:15:70:c2:56:63:2b:40:7e:17:39:b8:2b:17:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jul 31 10:29:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83e1bf03a50972bb9b00d089a65be9f0685bcc35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:39:63:6d:21:27:b1:be:4b:5d:e7:da:40:d1:
                    d8:49:1c:74:34:36:c3:56:74:67:b9:84:28:f4:4a:
                    1e:b8:60:b2:d6:cb:28:99:c4:2c:71:98:12:9f:04:
                    6b:de:62:a7:bd:b6:55:6c:cb:3a:6c:ab:f7:78:ec:
                    5a:e5:c3:bc:28:c0:36:bc:31:c4:4f:a5:00:bd:02:
                    c3:63:db:b3:89:ff:e1:ac:24:b9:36:ca:6e:d7:df:
                    75:c4:23:4e:24:d0:95:ac:f8:49:7e:80:4a:69:2f:
                    a0:ce:c5:43:87:cd:7c:aa:fb:84:1b:40:9b:af:02:
                    97:7d:df:8b:43:eb:c0:08:f4:5f:f4:2c:8c:86:1f:
                    7c:aa:2e:e5:f9:4a:c1:9b:a4:08:29:9a:bc:ee:96:
                    4f:4b:39:93:4a:90:2a:d6:f4:a4:2e:75:49:c4:cb:
                    e5:f4:19:e0:fd:86:45:75:93:9c:20:d1:c7:75:36:
                    a5:52:f8:06:77:94:04:e5:38:41:8b:36:f2:b6:b7:
                    24:b9:f7:fa:a9:34:f8:98:21:74:64:41:d7:9d:f7:
                    c5:ac:b9:60:01:d3:91:46:75:62:4d:56:ff:24:98:
                    be:4c:01:12:ec:a2:3e:ce:05:71:b6:2a:be:d5:1a:
                    9b:d3:25:c7:da:e5:70:02:d8:c5:3c:7d:f3:e0:1d:
                    5e:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:E1:BF:03:A5:09:72:BB:9B:00:D0:89:A6:5B:E9:F0:68:5B:CC:35
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/g-G_A6UJcrubANCJplvp8GhbzDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:4c:1f:99:7d:f2:ae:b7:90:c6:a6:a0:28:15:ae:af:b5:ea:
         5a:1c:57:7b:0b:ff:cc:71:14:07:be:df:be:eb:31:aa:57:6c:
         3a:ee:70:22:f1:1e:2d:c6:b0:ae:ab:8c:46:c5:ae:ae:f8:ac:
         9d:b3:33:51:73:85:af:f1:02:2b:f9:0d:96:bc:bc:79:3a:d8:
         80:cb:49:e5:b9:ce:05:4f:10:7e:fa:82:87:e4:77:76:43:83:
         cd:0f:fd:26:94:aa:9c:b6:ea:cb:71:34:7a:67:b6:ab:18:04:
         52:00:4b:08:45:5e:c5:a6:ad:13:ca:ba:9e:29:a1:d7:a5:0e:
         ac:a2:cf:94:23:1a:ef:32:fe:58:f3:45:22:89:c8:23:ac:c0:
         f1:0d:78:e2:a7:4e:25:a6:2b:14:11:e1:80:f8:d3:88:d8:e2:
         ea:68:77:05:b6:07:fc:0c:86:40:16:98:de:9d:cc:5a:00:bf:
         84:73:ef:c0:1d:b2:16:80:b1:24:8f:6b:60:34:0b:71:6e:90:
         cc:6b:59:39:0e:1a:3d:c5:85:a0:30:39:cd:24:f5:c4:3f:a2:
         b5:7d:0d:f5:35:de:86:98:16:ef:72:36:0f:cf:33:af:ae:76:
         41:28:85:17:cb:a2:96:5c:be:37:6e:f8:e8:7e:ef:c3:f2:9d:
         d5:d8:9a:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEIVhVwwlZjK0B+Fzm4KxfHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjQwNzMxMTAyOTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2UxYmYwM2E1MDk3MmJiOWIwMGQwODlhNjViZTlmMDY4NWJjYzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3DljbSEnsb5LXefaQNHYSRx0NDbD
VnRnuYQo9EoeuGCy1ssomcQscZgSnwRr3mKnvbZVbMs6bKv3eOxa5cO8KMA2vDHE
T6UAvQLDY9uzif/hrCS5Nspu1991xCNOJNCVrPhJfoBKaS+gzsVDh818qvuEG0Cb
rwKXfd+LQ+vACPRf9CyMhh98qi7l+UrBm6QIKZq87pZPSzmTSpAq1vSkLnVJxMvl
9Bng/YZFdZOcINHHdTalUvgGd5QE5ThBizbytrckuff6qTT4mCF0ZEHXnffFrLlg
AdORRnViTVb/JJi+TAES7KI+zgVxtiq+1Rqb0yXH2uVwAtjFPH3z4B1eoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIPhvwOlCXK7mwDQiaZb6fBoW8w1MB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvZy1HX0E2VUpjcnViQU5DSnBsdnA4R2hiekRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVZ6RMA0G
CSqGSIb3DQEBCwUAA4IBAQCKTB+ZffKut5DGpqAoFa6vtepaHFd7C//McRQHvt++
6zGqV2w67nAi8R4txrCuq4xGxa6u+KydszNRc4Wv8QIr+Q2WvLx5OtiAy0nluc4F
TxB++oKH5Hd2Q4PND/0mlKqcturLcTR6Z7arGARSAEsIRV7Fpq0TyrqeKaHXpQ6s
os+UIxrvMv5Y80UiicgjrMDxDXjip04lpisUEeGA+NOI2OLqaHcFtgf8DIZAFpje
ncxaAL+Ec+/AHbIWgLEkj2tgNAtxbpDMa1k5Dho9xYWgMDnNJPXEP6K1fQ31Nd6G
mBbvcjYPzzOvrnZBKIUXy6KWXL43bvjofu/D8p3V2JpP
-----END CERTIFICATE-----