Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/848c8b-0e9c-4d6e-873e-8cf7d4493358/1/ghqg6ujuEOV4Vw3b6x6YkQU8aSs.roa
File:                     ghqg6ujuEOV4Vw3b6x6YkQU8aSs.roa (raw, json)
Hash identifier:          IATpDK+kaz0czhsEzmLbtPDJ492YJfivjvGQ/3AgHO8=
Subject key identifier:   82:1A:A0:EA:E8:EE:10:E5:78:57:0D:DB:EB:1E:98:91:05:3C:69:2B
Certificate issuer:       /CN=cbbe3c6d99811819cedddcd27e4be25bc0cf506f
Certificate serial:       019420681722750820362737BDFD2CAFC531
Authority key identifier: CB:BE:3C:6D:99:81:18:19:CE:DD:DC:D2:7E:4B:E2:5B:C0:CF:50:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y748bZmBGBnO3dzSfkviW8DPUG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/848c8b-0e9c-4d6e-873e-8cf7d4493358/1/ghqg6ujuEOV4Vw3b6x6YkQU8aSs.roa
Signing time:             Wed 01 Jan 2025 05:48:00 +0000
ROA not before:           Wed 01 Jan 2025 05:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51175
IP address blocks:        188.123.199.0/24 maxlen: 24
                          188.123.204.0/22 maxlen: 22
                          188.123.212.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/848c8b-0e9c-4d6e-873e-8cf7d4493358/1/y748bZmBGBnO3dzSfkviW8DPUG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/848c8b-0e9c-4d6e-873e-8cf7d4493358/1/y748bZmBGBnO3dzSfkviW8DPUG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y748bZmBGBnO3dzSfkviW8DPUG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:17:22:75:08:20:36:27:37:bd:fd:2c:af:c5:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbbe3c6d99811819cedddcd27e4be25bc0cf506f
        Validity
            Not Before: Jan  1 05:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=821aa0eae8ee10e578570ddbeb1e9891053c692b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:d0:06:60:99:05:73:8e:cf:d1:a9:f2:67:9d:
                    62:40:d8:3a:90:67:98:84:bb:90:b8:b7:eb:35:91:
                    dc:65:ed:56:de:81:0b:d2:59:c2:0b:84:95:41:0f:
                    87:6b:12:d9:fa:2a:7a:df:c4:f8:b8:db:56:59:41:
                    1d:41:eb:8a:f5:9d:65:ad:1c:31:5f:8e:e7:50:46:
                    c5:96:7a:2a:ba:7e:85:cb:4a:2b:2d:0d:b6:55:97:
                    7e:97:50:2c:29:2a:6b:3e:8e:7f:f4:b9:c4:53:5f:
                    0a:d4:88:74:a9:f6:55:3a:16:67:c9:95:98:93:f3:
                    d0:48:aa:27:55:43:fc:3e:1a:6d:9d:a7:e4:53:e2:
                    71:df:e1:14:d5:f1:e5:67:ef:3d:39:81:fc:3c:4c:
                    18:e9:38:ea:b0:3f:74:a4:b8:2b:f2:bf:5e:cc:6b:
                    15:bc:c4:28:4f:9f:e2:eb:b5:44:a0:e9:2c:12:06:
                    36:d3:2d:95:81:e0:28:94:17:db:22:a6:4a:a0:aa:
                    f8:03:07:fb:a7:c7:ef:7f:e5:78:3d:73:e2:96:f6:
                    58:39:5e:6b:34:af:a1:26:2f:08:87:2b:b2:0a:72:
                    16:0f:d2:13:6f:c8:a0:27:4d:0b:48:cb:b1:1d:9a:
                    68:00:18:ac:8a:39:c4:b1:cf:e6:bc:92:05:a6:e0:
                    63:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:1A:A0:EA:E8:EE:10:E5:78:57:0D:DB:EB:1E:98:91:05:3C:69:2B
            X509v3 Authority Key Identifier:
                keyid:CB:BE:3C:6D:99:81:18:19:CE:DD:DC:D2:7E:4B:E2:5B:C0:CF:50:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y748bZmBGBnO3dzSfkviW8DPUG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/848c8b-0e9c-4d6e-873e-8cf7d4493358/1/ghqg6ujuEOV4Vw3b6x6YkQU8aSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/848c8b-0e9c-4d6e-873e-8cf7d4493358/1/y748bZmBGBnO3dzSfkviW8DPUG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.123.199.0/24
                  188.123.204.0/22
                  188.123.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:41:db:54:2e:47:dd:96:3d:5f:43:b8:0a:7e:76:9a:52:24:
         9f:78:0d:a2:8d:51:cf:3b:56:b2:46:b3:fc:49:4b:e7:7d:ce:
         a2:c4:1b:39:73:3f:51:8c:7f:b4:51:93:94:67:e2:bd:20:01:
         75:05:d2:85:3c:2a:ad:da:9c:6c:c3:64:0c:75:fa:3d:a1:a4:
         e5:e4:ee:9a:c8:71:9c:2b:76:d9:b1:5b:ee:80:9e:03:f6:0b:
         0e:01:5a:b4:25:ba:0e:4a:c1:ae:b6:15:af:3c:4f:1d:3b:22:
         19:12:c4:8c:6a:1d:47:e9:fa:7c:5c:53:31:42:fb:5a:1c:2d:
         dd:94:2f:75:ab:cd:ed:f4:a5:66:e2:45:7e:4e:b9:02:5a:ee:
         9f:dc:cc:62:e9:ae:34:1d:4a:d7:7c:a5:c4:5b:e9:8d:ba:64:
         05:1b:a8:6f:37:eb:11:3d:35:34:de:b3:60:d1:f6:07:fc:d6:
         ff:37:15:ce:63:45:90:04:a4:d3:99:3a:21:70:1c:fe:ab:06:
         57:a7:a1:a0:7f:7d:60:62:9f:58:bc:1b:79:9f:04:28:a7:5d:
         8c:2c:f2:07:08:72:2e:33:c0:d1:b8:ea:40:f2:e8:00:1e:39:
         1a:d5:98:c5:4a:95:89:d2:c4:29:27:a6:74:55:10:56:01:32:
         8f:7c:94:86
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQgaBcidQggNic3vf0sr8UxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiYmUzYzZkOTk4MTE4MTljZWRkZGNkMjdlNGJlMjViYzBj
ZjUwNmYwHhcNMjUwMTAxMDU0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjFhYTBlYWU4ZWUxMGU1Nzg1NzBkZGJlYjFlOTg5MTA1M2M2OTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6tAGYJkFc47P0anyZ51iQNg6kGeY
hLuQuLfrNZHcZe1W3oEL0lnCC4SVQQ+HaxLZ+ip638T4uNtWWUEdQeuK9Z1lrRwx
X47nUEbFlnoqun6Fy0orLQ22VZd+l1AsKSprPo5/9LnEU18K1Ih0qfZVOhZnyZWY
k/PQSKonVUP8PhptnafkU+Jx3+EU1fHlZ+89OYH8PEwY6TjqsD90pLgr8r9ezGsV
vMQoT5/i67VEoOksEgY20y2VgeAolBfbIqZKoKr4Awf7p8fvf+V4PXPilvZYOV5r
NK+hJi8IhyuyCnIWD9ITb8igJ00LSMuxHZpoABisijnEsc/mvJIFpuBjewIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIIaoOro7hDleFcN2+semJEFPGkrMB8GA1UdIwQY
MBaAFMu+PG2ZgRgZzt3c0n5L4lvAz1BvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTc0OGJabUJHQm5PM2R6U2ZrdmlXOERQVUc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS84NDhjOGItMGU5Yy00ZDZlLTg3M2Ut
OGNmN2Q0NDkzMzU4LzEvZ2hxZzZ1anVFT1Y0VnczYjZ4NllrUVU4YVNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS84NDhjOGItMGU5Yy00ZDZlLTg3M2UtOGNmN2Q0NDkzMzU4
LzEveTc0OGJabUJHQm5PM2R6U2ZrdmlXOERQVUc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAvHvHAwQC
vHvMAwQBvHvUMA0GCSqGSIb3DQEBCwUAA4IBAQAbQdtULkfdlj1fQ7gKfnaaUiSf
eA2ijVHPO1ayRrP8SUvnfc6ixBs5cz9RjH+0UZOUZ+K9IAF1BdKFPCqt2pxsw2QM
dfo9oaTl5O6ayHGcK3bZsVvugJ4D9gsOAVq0JboOSsGuthWvPE8dOyIZEsSMah1H
6fp8XFMxQvtaHC3dlC91q83t9KVm4kV+TrkCWu6f3Mxi6a40HUrXfKXEW+mNumQF
G6hvN+sRPTU03rNg0fYH/Nb/NxXOY0WQBKTTmTohcBz+qwZXp6Ggf31gYp9YvBt5
nwQop12MLPIHCHIuM8DRuOpA8ugAHjka1ZjFSpWJ0sQpJ6Z0VRBWATKPfJSG
-----END CERTIFICATE-----