Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GfuMmmKASRTVaSKb5cL_RMrtXyQ.roa
File:                     GfuMmmKASRTVaSKb5cL_RMrtXyQ.roa (raw, json)
Hash identifier:          vZSyVBQDjfbJ88NGivA66QID9rYsOVGZzB2lRvkRvcY=
Subject key identifier:   19:FB:8C:9A:62:80:49:14:D5:69:22:9B:E5:C2:FF:44:CA:ED:5F:24
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018CC94E351B326F6524FF035C9445814ED9
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GfuMmmKASRTVaSKb5cL_RMrtXyQ.roa
Signing time:             Tue 02 Jan 2024 08:33:14 +0000
ROA not before:           Tue 02 Jan 2024 08:33:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48314
IP address blocks:        45.90.98.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:35:1b:32:6f:65:24:ff:03:5c:94:45:81:4e:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 08:33:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19fb8c9a62804914d569229be5c2ff44caed5f24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:d8:5c:78:90:e6:32:a3:f8:9f:c0:00:e4:4c:
                    33:9c:f8:22:0d:68:49:77:cb:83:5c:92:27:fd:ae:
                    9b:e6:7a:42:13:ff:3a:03:c7:c8:95:61:a8:c8:f7:
                    d4:58:7e:d5:83:6d:5b:97:ef:8d:ca:79:d2:cc:46:
                    0e:00:a7:0c:ea:0a:c3:6d:13:25:c8:cb:cd:1f:a3:
                    77:6f:b6:5e:90:ac:ca:1b:1c:18:42:50:9b:2f:b0:
                    8e:50:fd:d5:d2:52:c4:db:5d:27:25:44:70:cd:31:
                    2a:41:31:3c:38:29:d9:0f:16:d7:e6:26:47:64:d0:
                    f9:af:5c:74:90:fa:f6:b5:4b:4f:8b:cf:4c:25:38:
                    b5:39:fa:27:b9:48:2b:fa:3d:55:e3:4f:89:9f:c6:
                    bb:5c:84:f2:e7:7a:d4:58:38:46:9c:7d:e2:1c:cd:
                    31:53:f0:b0:11:7f:1b:67:33:76:60:86:12:64:06:
                    71:53:3e:09:e5:e1:a9:81:a1:3f:97:06:7d:34:85:
                    79:e1:54:c0:a7:18:c4:c3:cf:c1:d4:c3:d0:c2:e6:
                    7d:8b:d5:df:c8:dd:f8:ac:78:2d:b4:75:1d:75:7a:
                    c1:34:eb:11:2e:82:2f:63:66:80:a1:ee:38:7c:24:
                    85:4e:bf:31:98:fc:11:a2:fe:a0:7d:26:a0:fe:7f:
                    88:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:FB:8C:9A:62:80:49:14:D5:69:22:9B:E5:C2:FF:44:CA:ED:5F:24
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GfuMmmKASRTVaSKb5cL_RMrtXyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:44:85:1a:76:8b:a7:71:ba:e5:fb:8d:30:d0:c7:e6:3c:b1:
         a0:cc:34:a5:b2:5b:e7:b2:6e:f4:7b:55:10:16:b5:ae:30:37:
         7c:33:af:c4:cf:72:b4:fd:9f:97:06:da:4d:8e:11:a8:e2:3c:
         74:58:d8:db:4c:ee:b3:38:7c:33:f8:7f:9b:19:3e:0d:f3:13:
         fe:34:7d:e3:62:b1:1e:ff:6d:a2:e7:36:f1:64:f6:47:27:f1:
         86:0d:15:42:3d:69:b4:a4:f3:45:d6:19:5f:4f:9d:9b:0a:d2:
         4b:20:f6:02:ee:31:bb:17:32:bb:03:8e:ce:1a:fb:b9:8f:d7:
         19:b7:73:a2:a8:90:cd:97:96:a5:82:98:b5:44:10:28:f4:78:
         10:c1:26:cb:67:73:a3:0d:96:32:a2:01:68:83:68:b7:1e:e5:
         c2:66:36:98:fa:44:16:b1:95:ad:8f:d5:0a:f0:b0:de:98:d8:
         10:74:91:d8:b4:de:e3:c3:fe:44:e1:f2:ee:92:e0:0f:68:7e:
         67:88:b5:b7:37:8f:50:a9:43:28:4c:ff:85:67:e7:56:a3:90:
         7f:f3:dd:1f:40:bd:d1:80:dd:90:16:1b:5d:2e:5e:3e:55:93:
         4e:76:48:34:ff:f4:42:9a:e0:2b:4d:ac:1c:13:54:03:41:10:
         76:06:6f:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTjUbMm9lJP8DXJRFgU7ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMTAyMDgzMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWZiOGM5YTYyODA0OTE0ZDU2OTIyOWJlNWMyZmY0NGNhZWQ1ZjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8dhceJDmMqP4n8AA5EwznPgiDWhJ
d8uDXJIn/a6b5npCE/86A8fIlWGoyPfUWH7Vg21bl++NynnSzEYOAKcM6grDbRMl
yMvNH6N3b7ZekKzKGxwYQlCbL7COUP3V0lLE210nJURwzTEqQTE8OCnZDxbX5iZH
ZND5r1x0kPr2tUtPi89MJTi1OfonuUgr+j1V40+Jn8a7XITy53rUWDhGnH3iHM0x
U/CwEX8bZzN2YIYSZAZxUz4J5eGpgaE/lwZ9NIV54VTApxjEw8/B1MPQwuZ9i9Xf
yN34rHgttHUddXrBNOsRLoIvY2aAoe44fCSFTr8xmPwRov6gfSag/n+I/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBn7jJpigEkU1Wkim+XC/0TK7V8kMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvR2Z1TW1tS0FTUlRWYVNLYjVjTF9STXJ0WHlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVpiMA0G
CSqGSIb3DQEBCwUAA4IBAQAbRIUadouncbrl+40w0MfmPLGgzDSlslvnsm70e1UQ
FrWuMDd8M6/Ez3K0/Z+XBtpNjhGo4jx0WNjbTO6zOHwz+H+bGT4N8xP+NH3jYrEe
/22i5zbxZPZHJ/GGDRVCPWm0pPNF1hlfT52bCtJLIPYC7jG7FzK7A47OGvu5j9cZ
t3OiqJDNl5algpi1RBAo9HgQwSbLZ3OjDZYyogFog2i3HuXCZjaY+kQWsZWtj9UK
8LDemNgQdJHYtN7jw/5E4fLukuAPaH5niLW3N49QqUMoTP+FZ+dWo5B/890fQL3R
gN2QFhtdLl4+VZNOdkg0//RCmuArTawcE1QDQRB2Bm9d
-----END CERTIFICATE-----