Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/GoMvgoXou5K5J_FDOl4iPJf943E.roa
File:                     GoMvgoXou5K5J_FDOl4iPJf943E.roa (raw, json)
Hash identifier:          Cx1+5gAZhBGiyWvUMjaVkE8ngdkDRzwMY9RX2wiUejw=
Subject key identifier:   1A:83:2F:82:85:E8:BB:92:B9:27:F1:43:3A:5E:22:3C:97:FD:E3:71
Certificate issuer:       /CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
Certificate serial:       018CC871073993D8897154716BC18F992583
Authority key identifier: 79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/GoMvgoXou5K5J_FDOl4iPJf943E.roa
Signing time:             Tue 02 Jan 2024 04:31:39 +0000
ROA not before:           Tue 02 Jan 2024 04:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207258
IP address blocks:        93.188.200.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:07:39:93:d8:89:71:54:71:6b:c1:8f:99:25:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
        Validity
            Not Before: Jan  2 04:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a832f8285e8bb92b927f1433a5e223c97fde371
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:bc:0a:52:e6:66:0a:92:db:3c:74:22:9b:3f:
                    ed:92:2d:46:ca:95:1f:e1:89:04:81:54:bf:a2:af:
                    ca:0f:13:c4:81:6b:bb:f1:ab:8c:c3:eb:e2:93:6f:
                    26:c0:e3:b3:9a:cc:0a:50:c1:e4:aa:3b:24:91:72:
                    7e:d6:5d:46:d9:eb:5d:72:d3:ab:0c:51:c0:1e:46:
                    af:f8:d3:8e:4c:b6:3f:3d:94:da:10:07:76:23:61:
                    f4:08:17:2c:91:5d:d5:59:bd:fd:e0:f5:6c:db:f7:
                    ca:7f:f4:2c:2b:a1:04:67:e6:fe:17:07:47:65:86:
                    7a:7f:cc:d9:e6:fd:96:90:24:f6:a4:9f:29:0b:8b:
                    d5:9a:c0:c2:be:13:3f:1c:f4:87:4e:9b:39:70:7b:
                    60:20:6e:41:29:46:06:e7:2b:ec:0c:c3:c9:fb:a0:
                    eb:ad:45:98:57:51:65:10:1a:c3:4d:c7:87:e7:62:
                    bf:5b:28:36:07:3c:b6:49:2e:99:01:30:e2:8f:f1:
                    37:d4:dc:52:44:69:a7:01:80:62:ba:c0:86:d4:de:
                    6a:79:c0:ad:c0:29:bd:a7:f1:c1:83:35:65:cf:c5:
                    14:36:8f:e5:09:d4:81:92:fc:1f:c3:ab:77:31:d6:
                    7f:f0:a4:89:11:76:50:5b:79:c5:fb:7f:38:70:2d:
                    3f:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:83:2F:82:85:E8:BB:92:B9:27:F1:43:3A:5E:22:3C:97:FD:E3:71
            X509v3 Authority Key Identifier:
                keyid:79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/GoMvgoXou5K5J_FDOl4iPJf943E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.188.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:26:ed:4d:78:07:e3:df:d5:52:ff:c6:7f:c2:ca:ab:ee:16:
         82:6b:f7:a1:eb:33:9f:c5:46:eb:f2:0c:67:10:f3:cd:38:ae:
         7b:bf:75:ae:56:b1:f1:46:82:65:ea:2d:95:a8:3f:0a:38:76:
         ec:4e:5e:b7:b5:bd:47:5d:56:2c:bf:bf:79:05:20:61:32:21:
         e1:9f:25:07:7f:df:af:b3:be:73:f5:c2:4c:99:e0:2e:f8:e8:
         b9:13:33:cc:25:32:19:74:80:2a:78:96:dc:6a:75:03:b8:83:
         6d:8b:60:c8:c4:46:db:55:01:6d:c9:03:7e:91:d4:93:50:5a:
         18:3b:18:7b:f3:bc:76:a2:c2:6c:13:8f:97:9e:ac:9f:5a:d2:
         27:51:df:58:8f:9e:1a:73:a9:90:ea:45:77:ce:1e:66:bb:22:
         45:d5:c2:a3:6f:cd:08:75:6d:a5:96:a5:23:b6:85:ca:e0:ee:
         51:2b:11:a1:bc:a1:e9:3e:42:2b:2e:04:77:64:5e:c8:62:df:
         4f:1f:98:57:bc:ed:0b:8e:19:dd:a7:21:d1:ec:0b:ed:be:0a:
         c3:12:8b:28:46:14:8a:c1:0f:e6:18:ff:73:e3:0c:c3:88:43:
         8e:62:fd:16:6e:42:d8:f7:37:d1:b4:fd:73:d5:58:3f:28:c6:
         09:1d:6a:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcQc5k9iJcVRxa8GPmSWDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5Nzk4NjNjZWE4MmFlYjhlOWRmMzg0YjM5YWE1MTc2ZjRi
Y2ZhNjEwHhcNMjQwMTAyMDQzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTgzMmY4Mjg1ZThiYjkyYjkyN2YxNDMzYTVlMjIzYzk3ZmRlMzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprwKUuZmCpLbPHQimz/tki1GypUf
4YkEgVS/oq/KDxPEgWu78auMw+vik28mwOOzmswKUMHkqjskkXJ+1l1G2etdctOr
DFHAHkav+NOOTLY/PZTaEAd2I2H0CBcskV3VWb394PVs2/fKf/QsK6EEZ+b+FwdH
ZYZ6f8zZ5v2WkCT2pJ8pC4vVmsDCvhM/HPSHTps5cHtgIG5BKUYG5yvsDMPJ+6Dr
rUWYV1FlEBrDTceH52K/Wyg2Bzy2SS6ZATDij/E31NxSRGmnAYBiusCG1N5qecCt
wCm9p/HBgzVlz8UUNo/lCdSBkvwfw6t3MdZ/8KSJEXZQW3nF+384cC0/nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBqDL4KF6LuSuSfxQzpeIjyX/eNxMB8GA1UdIwQY
MBaAFHl5hjzqgq646d84SzmqUXb0vPphMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEt
ZGU0YWNmNDQ3ZmFlLzEvR29NdmdvWG91NUs1Sl9GRE9sNGlQSmY5NDNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEtZGU0YWNmNDQ3ZmFl
LzEvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXbzIMA0G
CSqGSIb3DQEBCwUAA4IBAQAcJu1NeAfj39VS/8Z/wsqr7haCa/eh6zOfxUbr8gxn
EPPNOK57v3WuVrHxRoJl6i2VqD8KOHbsTl63tb1HXVYsv795BSBhMiHhnyUHf9+v
s75z9cJMmeAu+Oi5EzPMJTIZdIAqeJbcanUDuINti2DIxEbbVQFtyQN+kdSTUFoY
Oxh787x2osJsE4+XnqyfWtInUd9Yj54ac6mQ6kV3zh5muyJF1cKjb80IdW2llqUj
toXK4O5RKxGhvKHpPkIrLgR3ZF7IYt9PH5hXvO0LjhndpyHR7AvtvgrDEosoRhSK
wQ/mGP9z4wzDiEOOYv0WbkLY9zfRtP1z1Vg/KMYJHWpV
-----END CERTIFICATE-----