Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/de3890-8d06-427c-85f1-1fa9ac580b8e/1/GECAzqq5bwWzGfx4L_3apUm9Ges.roa
File:                     GECAzqq5bwWzGfx4L_3apUm9Ges.roa (raw, json)
Hash identifier:          DDJ415C9tPbsRSmy5fIfXlOsoZG/HSOwPn4d8BjJbCE=
Subject key identifier:   18:40:80:CE:AA:B9:6F:05:B3:19:FC:78:2F:FD:DA:A5:49:BD:19:EB
Certificate issuer:       /CN=dea46eaae7aef2f44fe660162bb9dc70d6525af1
Certificate serial:       018CC801B3768C71D1C7636D47756FC005EA
Authority key identifier: DE:A4:6E:AA:E7:AE:F2:F4:4F:E6:60:16:2B:B9:DC:70:D6:52:5A:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3qRuqueu8vRP5mAWK7nccNZSWvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/de3890-8d06-427c-85f1-1fa9ac580b8e/1/GECAzqq5bwWzGfx4L_3apUm9Ges.roa
Signing time:             Tue 02 Jan 2024 02:30:03 +0000
ROA not before:           Tue 02 Jan 2024 02:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9136
IP address blocks:        185.225.135.0/24 maxlen: 24
                          2a0d:c405::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/de3890-8d06-427c-85f1-1fa9ac580b8e/1/3qRuqueu8vRP5mAWK7nccNZSWvE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/de3890-8d06-427c-85f1-1fa9ac580b8e/1/3qRuqueu8vRP5mAWK7nccNZSWvE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3qRuqueu8vRP5mAWK7nccNZSWvE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:b3:76:8c:71:d1:c7:63:6d:47:75:6f:c0:05:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dea46eaae7aef2f44fe660162bb9dc70d6525af1
        Validity
            Not Before: Jan  2 02:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=184080ceaab96f05b319fc782ffddaa549bd19eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:4d:ea:c1:b8:ec:c5:8d:fc:54:2a:29:c3:86:
                    fa:36:09:32:6f:bf:be:c5:30:6b:5c:ac:fd:6b:c1:
                    2b:6a:19:d4:35:67:1e:59:db:a8:8b:a8:ce:f5:5f:
                    9b:96:19:09:21:87:70:51:39:d4:9e:ee:a9:d9:0f:
                    f9:1a:57:37:25:9d:91:f0:85:3a:ae:5a:23:d0:8a:
                    eb:69:43:78:82:f3:b6:6a:cc:85:79:e5:8b:92:b2:
                    53:2f:96:d4:7f:cd:bc:bb:6a:c1:32:93:dd:22:22:
                    96:19:60:58:1b:73:5e:25:15:43:bf:5d:6c:27:f0:
                    6e:47:9f:01:1d:5b:fc:8d:ef:e0:81:d9:1f:22:97:
                    d2:49:83:a0:bd:16:01:fa:3c:d7:47:40:cf:99:10:
                    4c:2b:73:c4:03:01:61:96:4b:33:28:f9:c8:df:47:
                    11:f9:9e:fc:10:c9:d0:5b:1c:7f:96:dc:06:d4:bf:
                    dc:c1:76:13:d1:29:40:13:51:5d:6b:53:93:d3:13:
                    ee:06:74:15:b1:3a:60:52:6a:db:49:18:99:90:6a:
                    6b:c7:f7:e6:a9:ce:83:9f:f1:51:6f:ad:a1:e4:1b:
                    cb:bc:02:22:75:49:f2:17:78:b9:74:30:40:c4:ca:
                    f5:07:8a:fe:06:d1:3f:b3:5d:66:27:65:57:4b:07:
                    67:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:40:80:CE:AA:B9:6F:05:B3:19:FC:78:2F:FD:DA:A5:49:BD:19:EB
            X509v3 Authority Key Identifier:
                keyid:DE:A4:6E:AA:E7:AE:F2:F4:4F:E6:60:16:2B:B9:DC:70:D6:52:5A:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3qRuqueu8vRP5mAWK7nccNZSWvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/de3890-8d06-427c-85f1-1fa9ac580b8e/1/GECAzqq5bwWzGfx4L_3apUm9Ges.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/de3890-8d06-427c-85f1-1fa9ac580b8e/1/3qRuqueu8vRP5mAWK7nccNZSWvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.135.0/24
                IPv6:
                  2a0d:c405::/32

    Signature Algorithm: sha256WithRSAEncryption
         7b:72:d2:4b:da:80:9f:d4:d5:af:bc:24:7e:fc:66:65:12:cb:
         2d:b6:0f:a0:26:f5:d2:4e:03:54:5c:fc:b7:19:80:80:30:10:
         e8:ee:11:4a:8e:0a:da:87:c4:aa:34:1a:ae:d8:ab:51:0a:be:
         f8:23:28:06:9e:42:ac:f1:14:76:7b:75:c5:21:2f:e3:e5:fa:
         a1:a5:8f:1e:d9:f5:bc:f6:a9:ae:1e:13:18:28:f0:26:40:42:
         4e:11:e8:8c:10:c5:27:f4:d5:62:b0:d8:90:1a:ea:5e:e7:e9:
         9f:cc:36:7a:2c:35:3c:18:35:60:34:5f:44:bd:bb:5e:24:50:
         94:2d:0c:81:bc:bb:bd:bd:70:74:9a:bc:37:cf:60:2b:2f:ab:
         21:b5:e2:91:40:f3:d4:86:24:17:be:bb:ac:90:ed:3b:15:3d:
         a9:2e:e7:a3:22:e8:03:b8:0a:e3:b1:13:f2:12:c9:bb:e9:31:
         de:08:a8:a1:89:74:a8:bf:01:c0:4c:0d:b0:ae:18:68:36:e2:
         31:36:97:0a:f4:32:b9:17:b9:a7:ad:30:f7:eb:60:13:cc:86:
         fe:ce:bf:a8:75:9e:43:05:8c:09:09:62:b3:e3:22:4c:ed:4e:
         aa:1d:3b:b5:10:3c:04:ab:ee:7a:1f:89:2e:8c:5a:ef:39:6d:
         8c:e3:f9:c1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAbN2jHHRx2NtR3VvwAXqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlYTQ2ZWFhZTdhZWYyZjQ0ZmU2NjAxNjJiYjlkYzcwZDY1
MjVhZjEwHhcNMjQwMTAyMDIzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODQwODBjZWFhYjk2ZjA1YjMxOWZjNzgyZmZkZGFhNTQ5YmQxOWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArE3qwbjsxY38VCopw4b6Ngkyb7++
xTBrXKz9a8ErahnUNWceWduoi6jO9V+blhkJIYdwUTnUnu6p2Q/5Glc3JZ2R8IU6
rloj0IrraUN4gvO2asyFeeWLkrJTL5bUf828u2rBMpPdIiKWGWBYG3NeJRVDv11s
J/BuR58BHVv8je/ggdkfIpfSSYOgvRYB+jzXR0DPmRBMK3PEAwFhlkszKPnI30cR
+Z78EMnQWxx/ltwG1L/cwXYT0SlAE1Fda1OT0xPuBnQVsTpgUmrbSRiZkGprx/fm
qc6Dn/FRb62h5BvLvAIidUnyF3i5dDBAxMr1B4r+BtE/s11mJ2VXSwdn1wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBhAgM6quW8Fsxn8eC/92qVJvRnrMB8GA1UdIwQY
MBaAFN6kbqrnrvL0T+ZgFiu53HDWUlrxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3FSdXF1ZXU4dlJQNW1BV0s3bmNjTlpTV3ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS9kZTM4OTAtOGQwNi00MjdjLTg1ZjEt
MWZhOWFjNTgwYjhlLzEvR0VDQXpxcTVid1d6R2Z4NExfM2FwVW05R2VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS9kZTM4OTAtOGQwNi00MjdjLTg1ZjEtMWZhOWFjNTgwYjhl
LzEvM3FSdXF1ZXU4dlJQNW1BV0s3bmNjTlpTV3ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAueGHMA0E
AgACMAcDBQAqDcQFMA0GCSqGSIb3DQEBCwUAA4IBAQB7ctJL2oCf1NWvvCR+/GZl
Essttg+gJvXSTgNUXPy3GYCAMBDo7hFKjgrah8SqNBqu2KtRCr74IygGnkKs8RR2
e3XFIS/j5fqhpY8e2fW89qmuHhMYKPAmQEJOEeiMEMUn9NVisNiQGupe5+mfzDZ6
LDU8GDVgNF9EvbteJFCULQyBvLu9vXB0mrw3z2ArL6shteKRQPPUhiQXvruskO07
FT2pLuejIugDuArjsRPyEsm76THeCKihiXSovwHATA2wrhhoNuIxNpcK9DK5F7mn
rTD362ATzIb+zr+odZ5DBYwJCWKz4yJM7U6qHTu1EDwEq+56H4kujFrvOW2M4/nB
-----END CERTIFICATE-----