Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/GdZQZiJ-70Im8CPbPKPsbexlJUw.roa
File:                     GdZQZiJ-70Im8CPbPKPsbexlJUw.roa (raw, json)
Hash identifier:          n6DRS8kdmXuign9yQeJxK6omzEvaCtyEvYeqVVV/l0s=
Subject key identifier:   19:D6:50:66:22:7E:EF:42:26:F0:23:DB:3C:A3:EC:6D:EC:65:25:4C
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       018DEE7DA6FCE768282271C7CD51309648DD
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/GdZQZiJ-70Im8CPbPKPsbexlJUw.roa
Signing time:             Wed 28 Feb 2024 06:53:48 +0000
ROA not before:           Wed 28 Feb 2024 06:53:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        194.26.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ee:7d:a6:fc:e7:68:28:22:71:c7:cd:51:30:96:48:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Feb 28 06:53:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19d65066227eef4226f023db3ca3ec6dec65254c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:be:30:84:3f:6e:ab:f3:76:f9:85:69:3f:e6:
                    e4:4d:6d:97:95:16:12:9f:75:37:e5:73:9d:a2:79:
                    f4:24:aa:87:17:f8:35:bc:59:7e:52:b9:81:1c:ce:
                    63:54:64:4f:e7:5d:1b:10:1d:e7:fd:55:fc:66:3e:
                    ac:66:b4:e0:43:ef:f8:71:cb:04:0c:6a:c1:df:b7:
                    3c:db:e1:c5:fb:ce:45:1c:e2:a1:ab:76:bd:3d:60:
                    e6:45:90:bd:44:95:9f:0a:f7:4f:bf:7b:3f:62:0f:
                    ad:5f:e2:6c:e2:58:67:1b:c3:ec:61:1e:c5:52:7f:
                    3e:e9:41:32:bd:bd:98:a6:37:b6:29:63:74:9f:25:
                    34:74:f4:89:16:d0:87:13:c7:86:fb:02:ab:26:f6:
                    74:10:77:d1:39:62:4d:e2:b7:a4:9c:2a:9f:9d:03:
                    ac:76:e2:79:b0:59:a3:ff:60:b5:07:cb:00:29:b0:
                    0b:30:2e:5e:67:f0:61:e9:e5:96:4f:3a:06:9f:e3:
                    5f:2e:c2:ad:a6:e3:22:95:62:50:cd:46:7a:1a:ac:
                    cd:a7:7d:8c:45:b8:3d:23:bc:51:a2:e9:f6:db:ea:
                    e0:07:d0:a2:c0:9d:ed:ed:3c:f3:83:9b:1d:52:c2:
                    b2:f0:37:c3:23:8a:05:c6:b5:ef:81:cd:cc:21:71:
                    72:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:D6:50:66:22:7E:EF:42:26:F0:23:DB:3C:A3:EC:6D:EC:65:25:4C
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/GdZQZiJ-70Im8CPbPKPsbexlJUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d0:e8:13:48:8e:38:98:ef:31:7c:3f:ab:2f:15:10:ed:16:0d:
         a5:bc:b0:b0:89:54:dd:02:52:58:0e:f6:bf:c3:c5:fc:5b:80:
         ba:42:35:6c:5b:c0:d9:04:66:62:27:e4:bb:04:d7:5e:31:af:
         e3:a8:03:16:43:97:78:79:90:8e:2c:6b:da:9b:79:c8:08:c8:
         67:55:83:ab:47:f2:9f:df:3d:21:2c:bd:d8:d8:80:3a:f2:db:
         40:f4:55:ca:a9:f0:73:c8:e0:0c:27:9a:94:68:02:8a:47:8f:
         61:e9:a3:5e:ef:d8:3c:14:03:11:e1:f8:0d:41:6c:c7:d4:66:
         10:93:2c:40:f8:4b:78:3f:a8:bb:f7:10:9d:74:6d:17:6d:9e:
         1e:c7:bc:b8:cc:b8:a5:4b:b0:33:c8:02:17:be:f1:fc:1f:18:
         f0:77:36:be:73:e2:7b:c8:a8:06:cb:38:e8:b3:f1:31:68:07:
         0a:fb:e6:05:1f:2f:29:f0:ed:0f:6e:93:c3:c0:ab:ea:fe:1c:
         cc:d7:e6:df:36:46:7a:1d:31:0b:a5:5e:95:0a:73:0f:f7:29:
         54:fb:08:6d:7a:c1:d6:bd:1f:2f:60:bd:65:a7:d3:15:b7:f4:
         d2:28:9e:59:6f:de:ca:a5:28:b5:02:d6:81:d4:73:3d:2a:e9:
         87:68:98:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3ufab852goInHHzVEwlkjdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwMjI4MDY1MzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWQ2NTA2NjIyN2VlZjQyMjZmMDIzZGIzY2EzZWM2ZGVjNjUyNTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkr4whD9uq/N2+YVpP+bkTW2XlRYS
n3U35XOdonn0JKqHF/g1vFl+UrmBHM5jVGRP510bEB3n/VX8Zj6sZrTgQ+/4ccsE
DGrB37c82+HF+85FHOKhq3a9PWDmRZC9RJWfCvdPv3s/Yg+tX+Js4lhnG8PsYR7F
Un8+6UEyvb2Ypje2KWN0nyU0dPSJFtCHE8eG+wKrJvZ0EHfROWJN4reknCqfnQOs
duJ5sFmj/2C1B8sAKbALMC5eZ/Bh6eWWTzoGn+NfLsKtpuMilWJQzUZ6GqzNp32M
Rbg9I7xRoun22+rgB9CiwJ3t7Tzzg5sdUsKy8DfDI4oFxrXvgc3MIXFy9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBnWUGYifu9CJvAj2zyj7G3sZSVMMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvR2RaUVppSi03MEltOENQYlBLUHNiZXhsSlV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhrXMA0G
CSqGSIb3DQEBCwUAA4IBAQDQ6BNIjjiY7zF8P6svFRDtFg2lvLCwiVTdAlJYDva/
w8X8W4C6QjVsW8DZBGZiJ+S7BNdeMa/jqAMWQ5d4eZCOLGvam3nICMhnVYOrR/Kf
3z0hLL3Y2IA68ttA9FXKqfBzyOAMJ5qUaAKKR49h6aNe79g8FAMR4fgNQWzH1GYQ
kyxA+Et4P6i79xCddG0XbZ4ex7y4zLilS7AzyAIXvvH8Hxjwdza+c+J7yKgGyzjo
s/ExaAcK++YFHy8p8O0PbpPDwKvq/hzM1+bfNkZ6HTELpV6VCnMP9ylU+whtesHW
vR8vYL1lp9MVt/TSKJ5Zb97KpSi1AtaB1HM9KumHaJjv
-----END CERTIFICATE-----