Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/14ffe2-4e45-4af2-b685-70272688e970/1/Gk-xWpJG5MD-d4z5KWaGvk9L7Ik.roa
File:                     Gk-xWpJG5MD-d4z5KWaGvk9L7Ik.roa (raw, json)
Hash identifier:          NKpisnXVRvsA4V7aVeUgkWtapyoDqQcMZEiu9orwLOI=
Subject key identifier:   1A:4F:B1:5A:92:46:E4:C0:FE:77:8C:F9:29:66:86:BE:4F:4B:EC:89
Certificate issuer:       /CN=1a517281acf96d38e79a35c8beb68b8c05979a6f
Certificate serial:       018F335201E1889B86E5912ADDE8A03D81FE
Authority key identifier: 1A:51:72:81:AC:F9:6D:38:E7:9A:35:C8:BE:B6:8B:8C:05:97:9A:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GlFygaz5bTjnmjXIvraLjAWXmm8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/14ffe2-4e45-4af2-b685-70272688e970/1/Gk-xWpJG5MD-d4z5KWaGvk9L7Ik.roa
Signing time:             Wed 01 May 2024 08:42:43 +0000
ROA not before:           Wed 01 May 2024 08:42:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210501
IP address blocks:        194.69.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/14ffe2-4e45-4af2-b685-70272688e970/1/GlFygaz5bTjnmjXIvraLjAWXmm8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/14ffe2-4e45-4af2-b685-70272688e970/1/GlFygaz5bTjnmjXIvraLjAWXmm8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GlFygaz5bTjnmjXIvraLjAWXmm8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 13:57:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:33:52:01:e1:88:9b:86:e5:91:2a:dd:e8:a0:3d:81:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a517281acf96d38e79a35c8beb68b8c05979a6f
        Validity
            Not Before: May  1 08:42:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a4fb15a9246e4c0fe778cf9296686be4f4bec89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:9b:48:0e:60:7b:35:c0:15:3e:ba:b8:b7:11:
                    14:21:eb:93:9a:06:7b:d2:31:59:27:12:86:03:5a:
                    7f:32:fa:e1:2c:89:0a:c9:ee:93:b0:48:db:2a:d9:
                    53:ab:9c:55:de:73:42:c0:9b:a9:d2:dd:85:e5:c9:
                    6b:f5:f8:8c:57:1f:d8:59:bb:57:67:bf:78:3a:cc:
                    c3:76:32:ce:62:2c:b1:1b:9b:c1:46:1a:f4:02:48:
                    2e:6b:58:d6:23:9c:fb:88:05:d8:06:71:9f:d7:f9:
                    04:eb:c4:0f:0f:c6:e6:82:d3:87:a9:e6:f2:cc:62:
                    1b:b0:74:7e:8c:92:24:0c:05:30:b5:96:fb:a8:a5:
                    8a:dd:18:c0:42:9b:3b:e1:66:b2:c8:36:a5:d7:02:
                    28:d1:2c:c0:d0:1d:43:1c:a9:d6:0b:d3:d8:b1:23:
                    9d:ff:64:fb:69:e4:6e:fc:98:a0:f3:81:6e:9e:4b:
                    5b:37:77:8a:9b:24:8a:50:0c:12:c7:a8:a2:d5:e6:
                    2f:0c:3b:09:5a:9a:80:90:3d:01:71:45:5e:84:30:
                    db:93:1e:aa:75:44:f0:c2:33:5e:95:1c:ef:c1:77:
                    7e:34:41:eb:4e:4d:10:27:ef:b0:4d:ff:f6:7f:7a:
                    da:d1:50:dd:f8:86:5c:12:b4:c2:7d:4f:04:10:79:
                    eb:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:4F:B1:5A:92:46:E4:C0:FE:77:8C:F9:29:66:86:BE:4F:4B:EC:89
            X509v3 Authority Key Identifier:
                keyid:1A:51:72:81:AC:F9:6D:38:E7:9A:35:C8:BE:B6:8B:8C:05:97:9A:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GlFygaz5bTjnmjXIvraLjAWXmm8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/14ffe2-4e45-4af2-b685-70272688e970/1/Gk-xWpJG5MD-d4z5KWaGvk9L7Ik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/14ffe2-4e45-4af2-b685-70272688e970/1/GlFygaz5bTjnmjXIvraLjAWXmm8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.69.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:40:69:99:30:c9:91:cb:4a:fe:b0:90:df:80:7f:20:75:1b:
         25:ef:1b:d7:8d:9d:32:44:f8:36:4a:ef:ae:62:70:54:11:ff:
         fc:b0:4c:f0:c7:ac:24:2c:33:fe:36:0b:33:6a:60:82:3e:d8:
         75:aa:f1:96:68:76:e9:7d:8e:78:12:2e:83:82:e4:f7:ff:c6:
         7a:ca:fe:e4:cc:66:f7:cd:5d:f7:b5:a1:27:b9:27:ad:0b:43:
         eb:55:50:90:7f:e0:ab:0c:c7:64:ba:e8:14:8d:df:d4:6b:63:
         52:49:28:e8:db:ee:b1:39:05:9c:c7:45:21:1a:f7:53:ae:f9:
         52:aa:7d:df:29:71:a3:84:c5:0c:d2:7b:bc:b5:e9:48:f6:c1:
         40:2c:c6:de:40:8a:72:33:a7:25:ba:1b:5f:2e:14:3c:d5:d0:
         de:1d:ed:7f:8f:78:f2:c2:fc:05:3d:54:97:d8:b2:6e:ea:75:
         a3:b5:83:05:69:e7:c0:fd:08:74:d0:61:27:84:f3:14:f2:96:
         45:61:de:c2:01:8a:2f:23:0b:2a:d5:4f:a2:5a:a1:b5:74:95:
         b8:3b:d7:0b:a2:d5:90:41:15:1f:b4:b9:5a:2f:88:e4:f4:9b:
         08:97:66:89:1f:86:50:4a:35:f8:15:3f:28:de:17:d8:62:26:
         8a:3e:8e:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8zUgHhiJuG5ZEq3eigPYH+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNTE3MjgxYWNmOTZkMzhlNzlhMzVjOGJlYjY4YjhjMDU5
NzlhNmYwHhcNMjQwNTAxMDg0MjQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTRmYjE1YTkyNDZlNGMwZmU3NzhjZjkyOTY2ODZiZTRmNGJlYzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkptIDmB7NcAVPrq4txEUIeuTmgZ7
0jFZJxKGA1p/MvrhLIkKye6TsEjbKtlTq5xV3nNCwJup0t2F5clr9fiMVx/YWbtX
Z794OszDdjLOYiyxG5vBRhr0Akgua1jWI5z7iAXYBnGf1/kE68QPD8bmgtOHqeby
zGIbsHR+jJIkDAUwtZb7qKWK3RjAQps74WayyDal1wIo0SzA0B1DHKnWC9PYsSOd
/2T7aeRu/Jig84FunktbN3eKmySKUAwSx6ii1eYvDDsJWpqAkD0BcUVehDDbkx6q
dUTwwjNelRzvwXd+NEHrTk0QJ++wTf/2f3ra0VDd+IZcErTCfU8EEHnroQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBpPsVqSRuTA/neM+Slmhr5PS+yJMB8GA1UdIwQY
MBaAFBpRcoGs+W0455o1yL62i4wFl5pvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2xGeWdhejViVGpubWpYSXZyYUxqQVdYbW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8xNGZmZTItNGU0NS00YWYyLWI2ODUt
NzAyNzI2ODhlOTcwLzEvR2steFdwSkc1TUQtZDR6NUtXYUd2azlMN0lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8xNGZmZTItNGU0NS00YWYyLWI2ODUtNzAyNzI2ODhlOTcw
LzEvR2xGeWdhejViVGpubWpYSXZyYUxqQVdYbW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkWnMA0G
CSqGSIb3DQEBCwUAA4IBAQAmQGmZMMmRy0r+sJDfgH8gdRsl7xvXjZ0yRPg2Su+u
YnBUEf/8sEzwx6wkLDP+NgszamCCPth1qvGWaHbpfY54Ei6DguT3/8Z6yv7kzGb3
zV33taEnuSetC0PrVVCQf+CrDMdkuugUjd/Ua2NSSSjo2+6xOQWcx0UhGvdTrvlS
qn3fKXGjhMUM0nu8telI9sFALMbeQIpyM6cluhtfLhQ81dDeHe1/j3jywvwFPVSX
2LJu6nWjtYMFaefA/Qh00GEnhPMU8pZFYd7CAYovIwsq1U+iWqG1dJW4O9cLotWQ
QRUftLlaL4jk9JsIl2aJH4ZQSjX4FT8o3hfYYiaKPo6s
-----END CERTIFICATE-----