Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/d2aab0-8363-4b14-9cc2-c8bb8ea39804/1/rgPGw7n6BG6yjRTkP7iBSCbEToY.roa
File:                     rgPGw7n6BG6yjRTkP7iBSCbEToY.roa (raw, json)
Hash identifier:          CBInPcDHWxg46g867SY/Jc7YxQbyDRMl928e+gRmb4Q=
Subject key identifier:   AE:03:C6:C3:B9:FA:04:6E:B2:8D:14:E4:3F:B8:81:48:26:C4:4E:86
Certificate issuer:       /CN=77b020308865c3360dab19f3a5703341864e9f50
Certificate serial:       018CC3488BC3CB7CBCC436F4B9E8ED4B930F
Authority key identifier: 77:B0:20:30:88:65:C3:36:0D:AB:19:F3:A5:70:33:41:86:4E:9F:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d7AgMIhlwzYNqxnzpXAzQYZOn1A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/d2aab0-8363-4b14-9cc2-c8bb8ea39804/1/rgPGw7n6BG6yjRTkP7iBSCbEToY.roa
Signing time:             Mon 01 Jan 2024 04:29:20 +0000
ROA not before:           Mon 01 Jan 2024 04:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8680
IP address blocks:        185.87.144.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/d2aab0-8363-4b14-9cc2-c8bb8ea39804/1/d7AgMIhlwzYNqxnzpXAzQYZOn1A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/d2aab0-8363-4b14-9cc2-c8bb8ea39804/1/d7AgMIhlwzYNqxnzpXAzQYZOn1A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d7AgMIhlwzYNqxnzpXAzQYZOn1A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:8b:c3:cb:7c:bc:c4:36:f4:b9:e8:ed:4b:93:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77b020308865c3360dab19f3a5703341864e9f50
        Validity
            Not Before: Jan  1 04:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae03c6c3b9fa046eb28d14e43fb8814826c44e86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:5c:e1:0f:75:77:72:8e:54:d6:ce:2a:38:b7:
                    73:92:1e:f1:00:98:5a:89:80:bf:37:b9:ed:f2:f6:
                    44:b3:65:36:67:21:99:ac:87:56:60:0f:39:7c:11:
                    70:fa:64:ce:af:c2:c6:ec:5e:47:db:fb:23:c7:1d:
                    af:a9:10:a8:6d:9f:1c:7c:08:f4:6c:a8:a5:12:38:
                    f6:65:0f:bf:a9:b0:c7:22:e0:d0:b8:7b:4d:22:1d:
                    a0:d1:f2:fd:b5:cf:80:7f:5d:cd:92:77:ce:40:4c:
                    fa:94:90:45:1c:7c:86:b0:dd:39:f1:52:4c:42:63:
                    30:ac:f0:8a:36:87:40:2c:68:27:d8:60:d3:7d:86:
                    f8:ab:08:8b:1f:1d:19:13:ee:94:23:95:13:09:b1:
                    45:8a:0f:6b:c7:a4:37:a2:48:46:f0:c5:9d:fd:8e:
                    7f:9f:40:35:18:86:2d:19:ca:d2:8e:dc:e6:95:e8:
                    f5:87:c5:57:bb:58:47:c1:1a:36:89:95:f7:14:b8:
                    87:47:01:f5:0c:99:17:59:2a:55:24:5f:aa:0e:6c:
                    ea:5d:c8:6b:41:42:ee:6d:d3:3d:96:e7:a7:ea:a0:
                    03:29:fe:e9:83:67:8b:e1:89:1c:4b:36:33:64:ed:
                    5c:c0:75:07:31:b2:3e:c3:00:f2:2f:4f:f6:90:04:
                    fa:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:03:C6:C3:B9:FA:04:6E:B2:8D:14:E4:3F:B8:81:48:26:C4:4E:86
            X509v3 Authority Key Identifier:
                keyid:77:B0:20:30:88:65:C3:36:0D:AB:19:F3:A5:70:33:41:86:4E:9F:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7AgMIhlwzYNqxnzpXAzQYZOn1A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/d2aab0-8363-4b14-9cc2-c8bb8ea39804/1/rgPGw7n6BG6yjRTkP7iBSCbEToY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/d2aab0-8363-4b14-9cc2-c8bb8ea39804/1/d7AgMIhlwzYNqxnzpXAzQYZOn1A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.87.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:7b:63:2c:ca:4a:c3:14:9b:6a:66:a9:c4:e8:57:db:f6:dd:
         ae:6b:8d:f6:b6:24:0d:f2:41:12:82:ef:21:d3:e3:c1:90:8e:
         7a:a0:e6:a4:0a:03:82:97:9b:f1:49:41:63:1b:88:60:8b:97:
         02:76:c6:67:ae:32:3b:22:17:d7:7d:d1:ea:f2:85:27:24:9d:
         81:97:47:c8:b1:a6:55:c5:fb:a3:b2:8a:f6:c2:84:1d:b0:6c:
         1a:f0:0d:0d:80:aa:6e:91:82:a9:ca:a6:13:e1:10:62:1d:d0:
         07:9a:c5:f9:e2:73:33:02:a7:b1:a0:5d:01:bd:c5:21:fc:5e:
         22:8d:0b:1d:28:74:b1:d7:6b:f0:cb:26:63:24:15:7c:b4:37:
         b1:ce:87:78:43:8b:32:e0:45:f0:89:f6:83:1f:2e:b8:62:7c:
         51:0e:6e:db:94:24:8b:43:be:37:82:56:1b:92:bb:dd:4b:1a:
         9c:0b:62:6e:be:d2:15:4c:d2:b6:20:3c:4a:4a:e8:b4:b4:c6:
         eb:20:98:52:10:1c:e1:99:0d:b8:8e:10:06:dc:8a:02:23:0f:
         46:15:88:d9:69:2a:fd:e9:d0:61:d7:ee:cb:57:bc:37:f1:b3:
         64:f9:51:ac:ce:7d:ad:11:4b:b2:a1:f6:aa:9a:bf:48:0f:18:
         6d:34:90:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSIvDy3y8xDb0uejtS5MPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3YjAyMDMwODg2NWMzMzYwZGFiMTlmM2E1NzAzMzQxODY0
ZTlmNTAwHhcNMjQwMTAxMDQyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTAzYzZjM2I5ZmEwNDZlYjI4ZDE0ZTQzZmI4ODE0ODI2YzQ0ZTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVzhD3V3co5U1s4qOLdzkh7xAJha
iYC/N7nt8vZEs2U2ZyGZrIdWYA85fBFw+mTOr8LG7F5H2/sjxx2vqRCobZ8cfAj0
bKilEjj2ZQ+/qbDHIuDQuHtNIh2g0fL9tc+Af13NknfOQEz6lJBFHHyGsN058VJM
QmMwrPCKNodALGgn2GDTfYb4qwiLHx0ZE+6UI5UTCbFFig9rx6Q3okhG8MWd/Y5/
n0A1GIYtGcrSjtzmlej1h8VXu1hHwRo2iZX3FLiHRwH1DJkXWSpVJF+qDmzqXchr
QULubdM9luen6qADKf7pg2eL4YkcSzYzZO1cwHUHMbI+wwDyL0/2kAT6AQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK4DxsO5+gRuso0U5D+4gUgmxE6GMB8GA1UdIwQY
MBaAFHewIDCIZcM2DasZ86VwM0GGTp9QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDdBZ01JaGx3ellOcXhuenBYQXpRWVpPbjFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9kMmFhYjAtODM2My00YjE0LTljYzIt
YzhiYjhlYTM5ODA0LzEvcmdQR3c3bjZCRzZ5alJUa1A3aUJTQ2JFVG9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9kMmFhYjAtODM2My00YjE0LTljYzItYzhiYjhlYTM5ODA0
LzEvZDdBZ01JaGx3ellOcXhuenBYQXpRWVpPbjFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVeQMA0G
CSqGSIb3DQEBCwUAA4IBAQCUe2MsykrDFJtqZqnE6Ffb9t2ua432tiQN8kESgu8h
0+PBkI56oOakCgOCl5vxSUFjG4hgi5cCdsZnrjI7IhfXfdHq8oUnJJ2Bl0fIsaZV
xfujsor2woQdsGwa8A0NgKpukYKpyqYT4RBiHdAHmsX54nMzAqexoF0BvcUh/F4i
jQsdKHSx12vwyyZjJBV8tDexzod4Q4sy4EXwifaDHy64YnxRDm7blCSLQ743glYb
krvdSxqcC2JuvtIVTNK2IDxKSui0tMbrIJhSEBzhmQ24jhAG3IoCIw9GFYjZaSr9
6dBh1+7LV7w38bNk+VGszn2tEUuyofaqmr9IDxhtNJAl
-----END CERTIFICATE-----