Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/gpqlKGFu8Cy6EbJC8zP4Zjl9dOM.roa
File:                     gpqlKGFu8Cy6EbJC8zP4Zjl9dOM.roa (raw, json)
Hash identifier:          /GKpmyijuUqjDdKr/Io4pxfN2WDZFIadVpye5jc7VMY=
Subject key identifier:   82:9A:A5:28:61:6E:F0:2C:BA:11:B2:42:F3:33:F8:66:39:7D:74:E3
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       018CC7274EBA9B99FC0C8455033D64D1C9B0
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/gpqlKGFu8Cy6EbJC8zP4Zjl9dOM.roa
Signing time:             Mon 01 Jan 2024 22:31:31 +0000
ROA not before:           Mon 01 Jan 2024 22:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42910
IP address blocks:        213.238.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 05:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:4e:ba:9b:99:fc:0c:84:55:03:3d:64:d1:c9:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Jan  1 22:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=829aa528616ef02cba11b242f333f866397d74e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:14:48:81:cf:ec:cd:3b:81:f1:8d:76:9f:6b:
                    7d:68:39:61:bd:bb:2d:ca:53:d9:67:e4:c1:38:83:
                    eb:a0:dc:07:48:2d:4e:95:11:d1:91:aa:45:76:62:
                    75:56:98:99:a3:c0:bd:33:85:51:bd:bb:06:eb:e6:
                    37:cf:5a:09:eb:e9:98:2f:84:59:aa:b1:c5:dd:73:
                    55:de:bc:ac:7a:d2:4e:4a:8e:7d:6d:03:c4:aa:cc:
                    ee:bb:1b:61:d9:89:fd:5e:18:7d:9f:2e:c6:39:27:
                    07:74:1b:b8:2c:71:42:52:3d:28:b9:3c:0f:e9:1b:
                    65:cf:24:36:1a:3a:11:b8:7f:16:df:e6:f8:12:28:
                    90:67:df:0e:b1:4d:6a:9f:3b:9b:ed:c1:05:a5:de:
                    fa:99:97:41:aa:60:11:f6:ec:17:86:49:47:1a:bb:
                    bf:4f:00:60:05:34:f9:35:c0:e6:29:59:50:f2:d7:
                    27:da:2b:62:a9:bb:16:c4:06:ed:fa:5e:a2:d3:c8:
                    37:09:dd:19:9e:5b:c3:55:6e:94:b2:95:6e:9f:41:
                    fa:5c:5b:f5:bc:8b:9c:2f:df:d7:94:0c:f5:82:56:
                    66:3e:18:52:92:8f:38:9f:b6:55:40:61:43:61:7e:
                    05:6a:30:45:30:69:2a:ef:cd:f2:02:85:67:22:7f:
                    03:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:9A:A5:28:61:6E:F0:2C:BA:11:B2:42:F3:33:F8:66:39:7D:74:E3
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/gpqlKGFu8Cy6EbJC8zP4Zjl9dOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:0a:02:05:95:09:60:ad:bb:19:df:ef:e9:2e:4a:bd:b9:fa:
         b7:c1:4c:57:5e:16:63:22:50:1d:52:71:5c:1f:62:87:e3:69:
         ff:6f:84:9c:e1:fb:df:01:77:be:94:c3:33:ea:15:09:69:d8:
         b5:7a:5e:6c:47:d1:a7:fe:13:b8:d5:c5:ae:80:29:4f:05:09:
         8c:71:a9:cc:79:0c:10:ec:65:bf:8a:84:6a:c5:aa:07:fb:e1:
         9b:2b:c2:8f:63:00:f1:75:c5:cf:b6:da:aa:be:73:49:4f:b1:
         02:63:40:d8:59:a1:8a:99:88:90:0e:87:dc:28:0a:12:b5:0e:
         a9:68:f5:69:39:53:ec:9c:e9:44:b0:dc:f7:43:4d:6b:a9:c6:
         71:1b:04:42:8b:58:0e:80:46:cb:26:61:96:e8:94:56:ba:ef:
         f1:32:20:ca:43:10:1e:40:b6:c7:bb:a8:a3:53:5f:c8:ae:7d:
         cc:db:df:a7:f4:27:84:ab:f3:bb:ad:8f:a4:22:95:eb:b4:3a:
         a8:54:8f:a5:7e:83:1a:e8:2d:2a:33:93:c7:b6:26:b2:d2:c6:
         2a:bb:3b:6d:c0:9d:b0:cb:bf:a4:98:15:bf:35:9c:17:7a:87:
         e7:9d:3f:bb:77:da:ab:2f:82:6a:2d:b8:72:6e:e0:d9:32:31:
         70:d1:a2:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ066m5n8DIRVAz1k0cmwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjQwMTAxMjIzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjlhYTUyODYxNmVmMDJjYmExMWIyNDJmMzMzZjg2NjM5N2Q3NGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAihRIgc/szTuB8Y12n2t9aDlhvbst
ylPZZ+TBOIProNwHSC1OlRHRkapFdmJ1VpiZo8C9M4VRvbsG6+Y3z1oJ6+mYL4RZ
qrHF3XNV3rysetJOSo59bQPEqszuuxth2Yn9Xhh9ny7GOScHdBu4LHFCUj0ouTwP
6RtlzyQ2GjoRuH8W3+b4EiiQZ98OsU1qnzub7cEFpd76mZdBqmAR9uwXhklHGru/
TwBgBTT5NcDmKVlQ8tcn2itiqbsWxAbt+l6i08g3Cd0ZnlvDVW6UspVun0H6XFv1
vIucL9/XlAz1glZmPhhSko84n7ZVQGFDYX4FajBFMGkq783yAoVnIn8D4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIKapShhbvAsuhGyQvMz+GY5fXTjMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvZ3BxbEtHRnU4Q3k2RWJKQzh6UDRaamw5ZE9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e6vMA0G
CSqGSIb3DQEBCwUAA4IBAQAGCgIFlQlgrbsZ3+/pLkq9ufq3wUxXXhZjIlAdUnFc
H2KH42n/b4Sc4fvfAXe+lMMz6hUJadi1el5sR9Gn/hO41cWugClPBQmMcanMeQwQ
7GW/ioRqxaoH++GbK8KPYwDxdcXPttqqvnNJT7ECY0DYWaGKmYiQDofcKAoStQ6p
aPVpOVPsnOlEsNz3Q01rqcZxGwRCi1gOgEbLJmGW6JRWuu/xMiDKQxAeQLbHu6ij
U1/Irn3M29+n9CeEq/O7rY+kIpXrtDqoVI+lfoMa6C0qM5PHtiay0sYquzttwJ2w
y7+kmBW/NZwXeofnnT+7d9qrL4JqLbhybuDZMjFw0aKQ
-----END CERTIFICATE-----