Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/bc8e10-461e-4ce4-8be9-6239733c6184/1/girmpSCKrlTOXIu3jZHzUN9xsv0.roa
File:                     girmpSCKrlTOXIu3jZHzUN9xsv0.roa (raw, json)
Hash identifier:          xHKJgVVA5s/UaiGZFQACJ2fNBUgUAfHYoDe0ckJ/zoM=
Subject key identifier:   82:2A:E6:A5:20:8A:AE:54:CE:5C:8B:B7:8D:91:F3:50:DF:71:B2:FD
Certificate issuer:       /CN=977775ce8804695996ce77c7d3681b9c241b362f
Certificate serial:       018CC56E2AB3A53B6663A01E7E2ACE1D2F18
Authority key identifier: 97:77:75:CE:88:04:69:59:96:CE:77:C7:D3:68:1B:9C:24:1B:36:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l3d1zogEaVmWznfH02gbnCQbNi8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/bc8e10-461e-4ce4-8be9-6239733c6184/1/girmpSCKrlTOXIu3jZHzUN9xsv0.roa
Signing time:             Mon 01 Jan 2024 14:29:40 +0000
ROA not before:           Mon 01 Jan 2024 14:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199829
IP address blocks:        185.45.16.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/bc8e10-461e-4ce4-8be9-6239733c6184/1/l3d1zogEaVmWznfH02gbnCQbNi8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/bc8e10-461e-4ce4-8be9-6239733c6184/1/l3d1zogEaVmWznfH02gbnCQbNi8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l3d1zogEaVmWznfH02gbnCQbNi8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:2a:b3:a5:3b:66:63:a0:1e:7e:2a:ce:1d:2f:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=977775ce8804695996ce77c7d3681b9c241b362f
        Validity
            Not Before: Jan  1 14:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=822ae6a5208aae54ce5c8bb78d91f350df71b2fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:84:51:c2:70:ac:a0:47:b6:8f:f9:e6:d0:11:
                    12:92:b4:54:23:3a:2c:9b:8b:2d:c3:e9:57:f4:97:
                    6b:1a:da:b0:a1:1a:f3:c1:7a:cf:8b:8f:e2:17:42:
                    70:d1:2a:31:88:f9:b9:2e:13:0a:d5:b5:5d:98:e2:
                    fe:86:9e:a7:12:8d:ee:e6:65:d0:92:b2:8f:a0:0a:
                    da:59:32:9c:df:15:59:20:63:93:7a:02:ee:71:12:
                    ab:76:d3:21:64:de:27:d1:35:d7:b7:40:59:cc:e6:
                    2d:96:92:4f:f0:a6:46:2d:5f:59:ce:3a:e8:0c:c3:
                    ae:b3:8a:64:34:4a:d1:59:25:2e:a3:3c:e1:4d:17:
                    f3:39:f5:19:36:e6:28:83:93:67:d9:9f:13:87:5c:
                    e5:7d:8b:8b:90:84:44:e9:2a:be:a0:02:b6:48:29:
                    49:9b:e1:d4:d0:cf:18:02:2f:d3:89:f7:b5:c5:82:
                    d0:4b:8d:e9:80:c5:e5:19:22:2b:df:36:2d:4f:82:
                    68:d6:ac:4c:6f:8c:9e:8f:34:d5:e5:3e:49:d2:16:
                    af:cf:c5:7f:24:60:f3:90:24:4b:d7:ac:b5:e6:d2:
                    54:ac:e0:fd:6d:d6:2d:4b:82:4b:b2:35:79:be:5f:
                    84:85:1c:a4:df:f5:43:c6:69:11:35:9d:d7:7a:0b:
                    22:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:2A:E6:A5:20:8A:AE:54:CE:5C:8B:B7:8D:91:F3:50:DF:71:B2:FD
            X509v3 Authority Key Identifier:
                keyid:97:77:75:CE:88:04:69:59:96:CE:77:C7:D3:68:1B:9C:24:1B:36:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l3d1zogEaVmWznfH02gbnCQbNi8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/bc8e10-461e-4ce4-8be9-6239733c6184/1/girmpSCKrlTOXIu3jZHzUN9xsv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/bc8e10-461e-4ce4-8be9-6239733c6184/1/l3d1zogEaVmWznfH02gbnCQbNi8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.45.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:7b:a6:a4:b8:ec:5a:d2:47:a5:41:9c:8d:9b:56:86:85:d5:
         ff:d1:1b:60:a2:a4:71:5b:79:7d:a8:17:70:47:87:af:09:6f:
         6a:7f:4c:a1:b9:5d:e4:cc:71:09:b7:c8:dc:16:6c:e6:cf:60:
         f2:e9:77:96:f9:fa:df:64:e0:4d:98:1b:8a:e0:28:98:7d:86:
         5b:a8:72:fc:b7:73:aa:a0:9d:b7:2d:8e:b8:1b:6b:f0:16:7d:
         82:57:f2:79:61:06:98:d8:f7:2b:5d:81:de:cf:ca:db:87:4a:
         6f:80:57:a0:fc:8e:a2:32:cd:de:98:ea:ba:8c:91:2d:78:bf:
         82:9e:f4:04:b4:3d:f2:a4:eb:f4:37:d4:e6:66:f9:a7:26:4d:
         44:0f:0c:53:7b:d4:bf:f5:bc:3e:b4:da:bf:37:c9:aa:5a:f3:
         57:a7:dd:82:95:ba:4d:9e:f1:cb:75:8d:4b:f3:37:72:c0:2c:
         86:fd:1b:58:56:c4:f2:34:4b:9e:b0:f8:fe:1f:6d:a8:27:c5:
         f6:c5:38:3a:7b:a9:3e:b0:2a:90:e0:34:a4:14:d6:55:ab:73:
         60:95:88:a9:11:4b:32:30:6e:7a:fe:8a:82:30:a6:09:ab:49:
         ae:a6:f0:bb:a4:79:bc:ab:0b:34:6e:8b:8b:2c:7a:0b:85:2c:
         fb:9d:c7:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbiqzpTtmY6AefirOHS8YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3Nzc3NWNlODgwNDY5NTk5NmNlNzdjN2QzNjgxYjljMjQx
YjM2MmYwHhcNMjQwMTAxMTQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjJhZTZhNTIwOGFhZTU0Y2U1YzhiYjc4ZDkxZjM1MGRmNzFiMmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYRRwnCsoEe2j/nm0BESkrRUIzos
m4stw+lX9JdrGtqwoRrzwXrPi4/iF0Jw0SoxiPm5LhMK1bVdmOL+hp6nEo3u5mXQ
krKPoAraWTKc3xVZIGOTegLucRKrdtMhZN4n0TXXt0BZzOYtlpJP8KZGLV9Zzjro
DMOus4pkNErRWSUuozzhTRfzOfUZNuYog5Nn2Z8Th1zlfYuLkIRE6Sq+oAK2SClJ
m+HU0M8YAi/Tife1xYLQS43pgMXlGSIr3zYtT4Jo1qxMb4yejzTV5T5J0havz8V/
JGDzkCRL16y15tJUrOD9bdYtS4JLsjV5vl+EhRyk3/VDxmkRNZ3XegsiXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIIq5qUgiq5UzlyLt42R81DfcbL9MB8GA1UdIwQY
MBaAFJd3dc6IBGlZls53x9NoG5wkGzYvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDNkMXpvZ0VhVm1Xem5mSDAyZ2JuQ1FiTmk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9iYzhlMTAtNDYxZS00Y2U0LThiZTkt
NjIzOTczM2M2MTg0LzEvZ2lybXBTQ0tybFRPWEl1M2paSHpVTjl4c3YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9iYzhlMTAtNDYxZS00Y2U0LThiZTktNjIzOTczM2M2MTg0
LzEvbDNkMXpvZ0VhVm1Xem5mSDAyZ2JuQ1FiTmk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuS0QMA0G
CSqGSIb3DQEBCwUAA4IBAQAqe6akuOxa0kelQZyNm1aGhdX/0RtgoqRxW3l9qBdw
R4evCW9qf0yhuV3kzHEJt8jcFmzmz2Dy6XeW+frfZOBNmBuK4CiYfYZbqHL8t3Oq
oJ23LY64G2vwFn2CV/J5YQaY2PcrXYHez8rbh0pvgFeg/I6iMs3emOq6jJEteL+C
nvQEtD3ypOv0N9TmZvmnJk1EDwxTe9S/9bw+tNq/N8mqWvNXp92ClbpNnvHLdY1L
8zdywCyG/RtYVsTyNEuesPj+H22oJ8X2xTg6e6k+sCqQ4DSkFNZVq3NglYipEUsy
MG56/oqCMKYJq0mupvC7pHm8qws0bouLLHoLhSz7ncc9
-----END CERTIFICATE-----