Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/3191ec-ce8f-4576-a940-cc50107ea146/1/Gxzk52QpRdmHdyvIJkJlC2oVPmg.roa
File:                     Gxzk52QpRdmHdyvIJkJlC2oVPmg.roa (raw, json)
Hash identifier:          pE0S3nu3CVAb5nAO8LOnIRj/WxUUHFEa3AuabTFvZ1s=
Subject key identifier:   1B:1C:E4:E7:64:29:45:D9:87:77:2B:C8:26:42:65:0B:6A:15:3E:68
Certificate issuer:       /CN=86f4129af869f6f5c85a7388808aad0ac0ba9c4f
Certificate serial:       018CC8DE2E404B6AFCF4083E260BB18A8767
Authority key identifier: 86:F4:12:9A:F8:69:F6:F5:C8:5A:73:88:80:8A:AD:0A:C0:BA:9C:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hvQSmvhp9vXIWnOIgIqtCsC6nE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/3191ec-ce8f-4576-a940-cc50107ea146/1/Gxzk52QpRdmHdyvIJkJlC2oVPmg.roa
Signing time:             Tue 02 Jan 2024 06:30:53 +0000
ROA not before:           Tue 02 Jan 2024 06:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        195.10.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/3191ec-ce8f-4576-a940-cc50107ea146/1/hvQSmvhp9vXIWnOIgIqtCsC6nE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/3191ec-ce8f-4576-a940-cc50107ea146/1/hvQSmvhp9vXIWnOIgIqtCsC6nE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hvQSmvhp9vXIWnOIgIqtCsC6nE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:2e:40:4b:6a:fc:f4:08:3e:26:0b:b1:8a:87:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86f4129af869f6f5c85a7388808aad0ac0ba9c4f
        Validity
            Not Before: Jan  2 06:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b1ce4e7642945d987772bc82642650b6a153e68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:0e:1b:ff:da:02:e3:59:74:f3:b7:3b:79:ec:
                    45:aa:31:a8:90:7b:e4:72:f6:1c:c1:13:1f:3e:49:
                    82:c9:47:6c:59:05:0c:36:cb:c1:29:74:a3:8e:b0:
                    b7:bf:9f:c2:90:52:7c:02:a1:f8:10:31:0c:80:35:
                    8d:0e:23:bf:a1:02:1f:1e:8b:92:34:fb:31:9b:ea:
                    7f:12:9f:42:c5:41:c3:16:51:1c:3b:88:f3:09:6d:
                    72:77:67:ba:1d:e6:61:8a:83:34:57:47:15:bb:6e:
                    ef:00:03:ac:7c:e0:7b:83:35:f4:fd:09:7d:cc:e3:
                    12:3b:2e:c3:f3:40:aa:cd:2a:be:19:38:63:c9:b7:
                    59:40:ff:7e:d1:94:22:0f:1e:3d:35:75:8d:8f:42:
                    0e:40:60:9f:3a:a6:ca:c5:96:23:0c:75:63:5d:2c:
                    51:82:24:6f:05:51:92:3b:49:e2:c8:da:06:68:c1:
                    df:27:32:5d:35:a7:59:dc:09:c3:07:41:14:df:7f:
                    e3:89:6e:62:fd:f6:82:d0:ad:3a:ad:86:74:dc:dc:
                    54:12:da:68:93:5a:0c:ae:1e:3c:d9:bd:f7:53:43:
                    cc:9d:e4:f2:86:23:c3:18:b4:b8:7a:39:9d:42:96:
                    62:b0:41:4c:80:76:7d:99:7b:c7:e5:f8:0a:b9:3c:
                    f4:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:1C:E4:E7:64:29:45:D9:87:77:2B:C8:26:42:65:0B:6A:15:3E:68
            X509v3 Authority Key Identifier:
                keyid:86:F4:12:9A:F8:69:F6:F5:C8:5A:73:88:80:8A:AD:0A:C0:BA:9C:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hvQSmvhp9vXIWnOIgIqtCsC6nE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/3191ec-ce8f-4576-a940-cc50107ea146/1/Gxzk52QpRdmHdyvIJkJlC2oVPmg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/3191ec-ce8f-4576-a940-cc50107ea146/1/hvQSmvhp9vXIWnOIgIqtCsC6nE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.10.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:a8:6e:7a:e1:05:2e:78:cd:91:66:84:f0:4c:9f:b8:2e:39:
         20:e2:83:30:f2:77:57:67:25:1e:e9:d4:89:43:8e:8a:20:61:
         93:b1:30:3d:cc:5a:ab:52:bf:fc:a6:0a:aa:3a:73:3b:f2:6f:
         6c:cc:b2:53:88:3a:0c:bc:b3:91:5d:68:75:56:14:58:50:12:
         3f:63:39:4e:67:24:8e:eb:1c:58:c7:5d:90:3f:dc:03:13:3e:
         3c:32:dc:4a:f7:f3:ad:97:48:6f:ca:40:3c:61:34:4c:5b:7e:
         46:97:1b:bc:98:b1:7c:18:11:a3:ab:0b:c9:7f:64:40:1d:00:
         7f:6a:15:e9:9e:82:de:09:f7:fc:c7:60:de:79:cd:cf:55:d4:
         5a:5b:44:0b:e7:b2:06:75:a1:cf:4a:11:9c:d9:92:4a:9d:cc:
         42:92:13:c8:e2:b2:98:93:a0:ea:1d:a6:f0:eb:a8:99:24:ff:
         ff:a8:66:af:06:d1:7a:4b:af:ba:5e:35:fc:1a:c2:8a:9e:8b:
         1c:c7:df:f6:87:a2:3d:74:ae:e3:a8:6c:51:e8:dd:b9:5d:f4:
         f4:73:5e:c4:45:7d:da:a1:cc:c5:c7:5a:23:e1:12:48:03:a4:
         0e:6c:75:8e:6c:ae:52:09:9b:40:d3:f1:e6:43:67:dc:92:24:
         1e:ab:e8:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3i5AS2r89Ag+JguxiodnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZjQxMjlhZjg2OWY2ZjVjODVhNzM4ODgwOGFhZDBhYzBi
YTljNGYwHhcNMjQwMTAyMDYzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjFjZTRlNzY0Mjk0NWQ5ODc3NzJiYzgyNjQyNjUwYjZhMTUzZTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvg4b/9oC41l087c7eexFqjGokHvk
cvYcwRMfPkmCyUdsWQUMNsvBKXSjjrC3v5/CkFJ8AqH4EDEMgDWNDiO/oQIfHouS
NPsxm+p/Ep9CxUHDFlEcO4jzCW1yd2e6HeZhioM0V0cVu27vAAOsfOB7gzX0/Ql9
zOMSOy7D80CqzSq+GThjybdZQP9+0ZQiDx49NXWNj0IOQGCfOqbKxZYjDHVjXSxR
giRvBVGSO0niyNoGaMHfJzJdNadZ3AnDB0EU33/jiW5i/faC0K06rYZ03NxUEtpo
k1oMrh482b33U0PMneTyhiPDGLS4ejmdQpZisEFMgHZ9mXvH5fgKuTz07wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBsc5OdkKUXZh3cryCZCZQtqFT5oMB8GA1UdIwQY
MBaAFIb0Epr4afb1yFpziICKrQrAupxPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHZRU212aHA5dlhJV25PSWdJcXRDc0M2bkU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8zMTkxZWMtY2U4Zi00NTc2LWE5NDAt
Y2M1MDEwN2VhMTQ2LzEvR3h6azUyUXBSZG1IZHl2SUprSmxDMm9WUG1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8zMTkxZWMtY2U4Zi00NTc2LWE5NDAtY2M1MDEwN2VhMTQ2
LzEvaHZRU212aHA5dlhJV25PSWdJcXRDc0M2bkU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwrHMA0G
CSqGSIb3DQEBCwUAA4IBAQBWqG564QUueM2RZoTwTJ+4Ljkg4oMw8ndXZyUe6dSJ
Q46KIGGTsTA9zFqrUr/8pgqqOnM78m9szLJTiDoMvLORXWh1VhRYUBI/YzlOZySO
6xxYx12QP9wDEz48MtxK9/Otl0hvykA8YTRMW35Glxu8mLF8GBGjqwvJf2RAHQB/
ahXpnoLeCff8x2Deec3PVdRaW0QL57IGdaHPShGc2ZJKncxCkhPI4rKYk6DqHabw
66iZJP//qGavBtF6S6+6XjX8GsKKnoscx9/2h6I9dK7jqGxR6N25XfT0c17ERX3a
oczFx1oj4RJIA6QObHWObK5SCZtA0/HmQ2fckiQeq+j+
-----END CERTIFICATE-----