Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/e2e048-2788-49b8-9ed5-453bd8995bca/1/Gqc1YD_z7F3I3MxEyA1il2WT4T4.roa
File:                     Gqc1YD_z7F3I3MxEyA1il2WT4T4.roa (raw, json)
Hash identifier:          whdsMkJX883H6H1neOmEEDoCMw18zFhXkPglANT7r/4=
Subject key identifier:   1A:A7:35:60:3F:F3:EC:5D:C8:DC:CC:44:C8:0D:62:97:65:93:E1:3E
Certificate issuer:       /CN=c2b5d3afd0b72eb734c21ed782329eb6e7c1ce41
Certificate serial:       018CC2DAF9BC84952775D179FDE334EE15E4
Authority key identifier: C2:B5:D3:AF:D0:B7:2E:B7:34:C2:1E:D7:82:32:9E:B6:E7:C1:CE:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wrXTr9C3Lrc0wh7XgjKetufBzkE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/e2e048-2788-49b8-9ed5-453bd8995bca/1/Gqc1YD_z7F3I3MxEyA1il2WT4T4.roa
Signing time:             Mon 01 Jan 2024 02:29:39 +0000
ROA not before:           Mon 01 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204802
IP address blocks:        185.239.108.0/24 maxlen: 24
                          2a10:4880::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/e2e048-2788-49b8-9ed5-453bd8995bca/1/wrXTr9C3Lrc0wh7XgjKetufBzkE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/e2e048-2788-49b8-9ed5-453bd8995bca/1/wrXTr9C3Lrc0wh7XgjKetufBzkE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wrXTr9C3Lrc0wh7XgjKetufBzkE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f9:bc:84:95:27:75:d1:79:fd:e3:34:ee:15:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2b5d3afd0b72eb734c21ed782329eb6e7c1ce41
        Validity
            Not Before: Jan  1 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1aa735603ff3ec5dc8dccc44c80d62976593e13e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:21:68:35:09:96:83:68:63:5d:e6:24:7e:f7:
                    3b:3b:dd:ea:d5:56:a3:04:8b:eb:ce:db:ab:00:03:
                    ba:55:f7:ac:68:c7:d7:53:21:a2:75:b0:4d:e7:01:
                    e2:f0:8f:31:ac:24:11:cf:98:73:41:54:da:31:1d:
                    69:ba:86:f8:4e:95:0d:db:f2:f8:06:b0:3a:7d:80:
                    12:ee:70:f5:a9:67:23:d3:26:79:5b:81:bc:49:b2:
                    31:33:c4:f7:67:67:57:7a:e5:c1:11:41:51:29:00:
                    a4:48:6e:27:90:f9:d8:72:90:61:25:7a:f9:c6:4f:
                    5d:a9:dd:b8:8b:44:ca:43:83:01:bc:67:64:31:04:
                    d7:01:69:4e:7c:7b:83:00:46:ce:89:c6:77:80:c8:
                    73:db:0e:0f:c2:a3:7e:3d:30:0f:09:37:6b:44:0a:
                    ad:ce:75:18:54:45:83:bb:95:fb:a8:50:c7:9a:e0:
                    ea:eb:76:8b:af:51:ab:8e:66:93:9e:9f:27:af:06:
                    e3:52:66:e9:7f:52:02:ce:31:44:a6:64:79:57:3a:
                    27:02:29:1e:f7:bf:3e:cc:34:64:9d:16:db:94:3c:
                    80:e1:42:b7:df:2d:ed:e1:e1:b3:ff:b8:ef:a7:71:
                    85:ec:9f:d6:3b:0b:37:f6:2a:df:db:59:3f:10:98:
                    14:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:A7:35:60:3F:F3:EC:5D:C8:DC:CC:44:C8:0D:62:97:65:93:E1:3E
            X509v3 Authority Key Identifier:
                keyid:C2:B5:D3:AF:D0:B7:2E:B7:34:C2:1E:D7:82:32:9E:B6:E7:C1:CE:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wrXTr9C3Lrc0wh7XgjKetufBzkE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/e2e048-2788-49b8-9ed5-453bd8995bca/1/Gqc1YD_z7F3I3MxEyA1il2WT4T4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/e2e048-2788-49b8-9ed5-453bd8995bca/1/wrXTr9C3Lrc0wh7XgjKetufBzkE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.108.0/24
                IPv6:
                  2a10:4880::/29

    Signature Algorithm: sha256WithRSAEncryption
         7f:6c:c2:70:6a:c8:76:e5:24:1d:87:de:01:cd:3e:fa:4e:b3:
         57:f6:43:6b:d4:44:27:00:bf:5a:8b:f8:fd:d6:b4:e0:a9:a0:
         be:cc:82:61:3f:75:0b:ea:b5:71:55:5d:9c:62:75:32:47:fa:
         98:ae:32:0b:92:d0:2b:4f:d6:64:a3:fd:61:8e:b0:0a:99:bd:
         85:cf:dd:75:de:cf:f5:fc:56:ff:27:86:a2:07:41:48:e4:43:
         03:86:ca:3b:75:36:d6:3c:3e:23:bc:b2:8b:aa:bc:4f:21:fa:
         b5:25:d8:09:f2:17:a3:4d:50:53:d4:e0:a3:77:3e:b4:5c:56:
         f1:f0:d3:87:9b:11:2d:73:5b:cd:f4:b1:88:e0:0a:88:1e:43:
         45:cb:99:d5:e4:e7:e5:cb:33:d2:c5:08:2d:a6:cb:22:2d:f6:
         55:dd:d6:3c:34:b9:02:d0:35:8f:0b:1e:47:0a:07:9d:c9:be:
         b1:8e:d2:7d:52:6a:ac:ad:6b:dc:a5:bd:74:c2:1a:6c:1a:17:
         d0:4f:b3:57:47:6f:fe:b4:f4:b0:fc:23:be:c3:36:9f:ab:e3:
         25:a2:4c:3f:64:e5:c5:ee:e7:f8:a2:04:d5:8c:19:00:01:16:
         8e:df:c8:58:aa:95:ee:d7:0a:33:88:62:53:1a:b8:d7:8a:a6:
         1b:8b:44:e9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2vm8hJUnddF5/eM07hXkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyYjVkM2FmZDBiNzJlYjczNGMyMWVkNzgyMzI5ZWI2ZTdj
MWNlNDEwHhcNMjQwMTAxMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWE3MzU2MDNmZjNlYzVkYzhkY2NjNDRjODBkNjI5NzY1OTNlMTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsiFoNQmWg2hjXeYkfvc7O93q1Vaj
BIvrzturAAO6VfesaMfXUyGidbBN5wHi8I8xrCQRz5hzQVTaMR1puob4TpUN2/L4
BrA6fYAS7nD1qWcj0yZ5W4G8SbIxM8T3Z2dXeuXBEUFRKQCkSG4nkPnYcpBhJXr5
xk9dqd24i0TKQ4MBvGdkMQTXAWlOfHuDAEbOicZ3gMhz2w4PwqN+PTAPCTdrRAqt
znUYVEWDu5X7qFDHmuDq63aLr1GrjmaTnp8nrwbjUmbpf1ICzjFEpmR5VzonAike
978+zDRknRbblDyA4UK33y3t4eGz/7jvp3GF7J/WOws39irf21k/EJgU2wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBqnNWA/8+xdyNzMRMgNYpdlk+E+MB8GA1UdIwQY
MBaAFMK106/Qty63NMIe14Iynrbnwc5BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3JYVHI5QzNMcmMwd2g3WGdqS2V0dWZCemtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9lMmUwNDgtMjc4OC00OWI4LTllZDUt
NDUzYmQ4OTk1YmNhLzEvR3FjMVlEX3o3RjNJM014RXlBMWlsMldUNFQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9lMmUwNDgtMjc4OC00OWI4LTllZDUtNDUzYmQ4OTk1YmNh
LzEvd3JYVHI5QzNMcmMwd2g3WGdqS2V0dWZCemtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAue9sMA0E
AgACMAcDBQMqEEiAMA0GCSqGSIb3DQEBCwUAA4IBAQB/bMJwash25SQdh94BzT76
TrNX9kNr1EQnAL9ai/j91rTgqaC+zIJhP3UL6rVxVV2cYnUyR/qYrjILktArT9Zk
o/1hjrAKmb2Fz9113s/1/Fb/J4aiB0FI5EMDhso7dTbWPD4jvLKLqrxPIfq1JdgJ
8hejTVBT1OCjdz60XFbx8NOHmxEtc1vN9LGI4AqIHkNFy5nV5OflyzPSxQgtpssi
LfZV3dY8NLkC0DWPCx5HCgedyb6xjtJ9UmqsrWvcpb10whpsGhfQT7NXR2/+tPSw
/CO+wzafq+Mlokw/ZOXF7uf4ogTVjBkAARaO38hYqpXu1woziGJTGrjXiqYbi0Tp
-----END CERTIFICATE-----