Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/a4528a-90e6-4d91-a52c-f0717ea485c6/1/GE_0SNO0PvXhpbM0xoYJu-5KP4w.roa
File:                     GE_0SNO0PvXhpbM0xoYJu-5KP4w.roa (raw, json)
Hash identifier:          N2UdZ78bR9z8Vw2hIMxzaneK3jw62yi+PTf/CRihDnI=
Subject key identifier:   18:4F:F4:48:D3:B4:3E:F5:E1:A5:B3:34:C6:86:09:BB:EE:4A:3F:8C
Certificate issuer:       /CN=7fa816a3338d32741cd4fff8f49ddb2cc838fdc5
Certificate serial:       0191A947FB24FBBA078988E4A4C77AD66A76
Authority key identifier: 7F:A8:16:A3:33:8D:32:74:1C:D4:FF:F8:F4:9D:DB:2C:C8:38:FD:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f6gWozONMnQc1P_49J3bLMg4_cU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/a4528a-90e6-4d91-a52c-f0717ea485c6/1/GE_0SNO0PvXhpbM0xoYJu-5KP4w.roa
Signing time:             Sat 31 Aug 2024 16:32:32 +0000
ROA not before:           Sat 31 Aug 2024 16:32:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39513
IP address blocks:        193.93.76.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/a4528a-90e6-4d91-a52c-f0717ea485c6/1/f6gWozONMnQc1P_49J3bLMg4_cU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/a4528a-90e6-4d91-a52c-f0717ea485c6/1/f6gWozONMnQc1P_49J3bLMg4_cU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f6gWozONMnQc1P_49J3bLMg4_cU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:a9:47:fb:24:fb:ba:07:89:88:e4:a4:c7:7a:d6:6a:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7fa816a3338d32741cd4fff8f49ddb2cc838fdc5
        Validity
            Not Before: Aug 31 16:32:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=184ff448d3b43ef5e1a5b334c68609bbee4a3f8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:94:e7:70:74:91:7e:61:e0:de:e7:17:3e:45:
                    e2:7a:9f:24:96:cb:68:f6:d9:fb:72:db:92:57:76:
                    cc:49:98:51:aa:fc:03:ba:d4:72:94:36:c0:1e:76:
                    fb:7c:83:3e:99:88:b6:36:0e:aa:0e:61:48:44:98:
                    e5:de:20:22:ad:86:4e:78:c5:04:f1:55:28:67:c6:
                    af:97:9d:32:f0:6e:19:c5:ab:56:04:c2:6f:b7:04:
                    d3:8c:9b:44:14:75:2e:c5:1a:eb:cb:04:f6:01:2c:
                    68:b9:83:91:3c:ef:9b:b4:b2:fe:30:6c:e4:3e:6b:
                    1f:8c:3b:45:ab:5f:db:2f:d3:d0:99:0f:de:8a:90:
                    3d:ab:5c:cc:09:c1:9b:7a:ef:d0:f4:10:93:74:50:
                    07:28:f0:32:11:a2:0e:a6:67:35:d7:ce:e6:45:21:
                    62:8b:48:0c:ed:66:90:3d:00:b2:4a:9f:01:c0:d5:
                    c2:22:c3:bb:c9:00:5f:ae:7d:25:eb:9a:f6:49:66:
                    d8:03:bc:1f:f4:df:13:d9:2f:a4:9f:d2:33:a5:97:
                    1f:e2:a8:38:a3:c2:e4:02:14:39:cf:de:8c:06:7a:
                    08:a0:6b:5c:7b:22:16:3c:fa:7e:8d:be:2e:5a:8a:
                    98:e4:24:eb:b8:26:3d:b6:43:68:01:4d:83:f5:53:
                    08:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:4F:F4:48:D3:B4:3E:F5:E1:A5:B3:34:C6:86:09:BB:EE:4A:3F:8C
            X509v3 Authority Key Identifier:
                keyid:7F:A8:16:A3:33:8D:32:74:1C:D4:FF:F8:F4:9D:DB:2C:C8:38:FD:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6gWozONMnQc1P_49J3bLMg4_cU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/a4528a-90e6-4d91-a52c-f0717ea485c6/1/GE_0SNO0PvXhpbM0xoYJu-5KP4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/a4528a-90e6-4d91-a52c-f0717ea485c6/1/f6gWozONMnQc1P_49J3bLMg4_cU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.93.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:19:ff:3e:0f:2e:87:71:e2:4e:c7:13:08:7c:da:72:5f:c4:
         12:68:df:fb:4e:7f:99:7c:60:67:44:2d:2f:ae:2e:8f:66:30:
         72:69:e0:23:5b:c7:e1:b6:19:ea:3b:e3:c2:e5:b9:80:18:4c:
         cf:77:b2:fa:fe:fc:73:d2:b6:9c:04:67:9f:51:1d:0d:e9:b2:
         39:b2:5a:d7:2d:7c:fe:c5:0f:4b:90:62:66:3b:41:5d:e2:15:
         81:1c:17:fe:02:7e:51:2f:9e:67:c7:dc:ba:f4:c0:28:fe:cd:
         cb:26:af:5b:08:52:97:fd:58:ea:60:83:a7:38:3a:37:81:36:
         0c:86:47:e6:33:26:98:6f:dd:7b:3b:59:48:2e:37:09:20:a5:
         db:97:b6:dd:e4:fd:4d:7b:8a:0b:21:d7:f1:58:71:0f:db:01:
         89:9b:de:65:27:2a:8a:96:ce:8e:a7:c3:11:25:76:b0:20:49:
         3c:bc:82:1b:c8:2e:89:f7:69:1f:b3:66:c1:6f:0f:7e:cb:d6:
         ab:2a:8a:7b:11:e0:20:ad:a0:d3:9d:76:a3:e6:5e:31:34:48:
         67:1e:06:ae:c8:e0:cf:67:e7:57:ef:b8:b2:21:a7:d5:d4:0c:
         85:27:63:93:30:07:32:e0:28:6e:d1:e2:65:b4:0e:0f:00:28:
         ce:ea:d5:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGpR/sk+7oHiYjkpMd61mp2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmYTgxNmEzMzM4ZDMyNzQxY2Q0ZmZmOGY0OWRkYjJjYzgz
OGZkYzUwHhcNMjQwODMxMTYzMjMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODRmZjQ0OGQzYjQzZWY1ZTFhNWIzMzRjNjg2MDliYmVlNGEzZjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5TncHSRfmHg3ucXPkXiep8klsto
9tn7ctuSV3bMSZhRqvwDutRylDbAHnb7fIM+mYi2Ng6qDmFIRJjl3iAirYZOeMUE
8VUoZ8avl50y8G4ZxatWBMJvtwTTjJtEFHUuxRrrywT2ASxouYORPO+btLL+MGzk
PmsfjDtFq1/bL9PQmQ/eipA9q1zMCcGbeu/Q9BCTdFAHKPAyEaIOpmc1187mRSFi
i0gM7WaQPQCySp8BwNXCIsO7yQBfrn0l65r2SWbYA7wf9N8T2S+kn9IzpZcf4qg4
o8LkAhQ5z96MBnoIoGtceyIWPPp+jb4uWoqY5CTruCY9tkNoAU2D9VMIpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBhP9EjTtD714aWzNMaGCbvuSj+MMB8GA1UdIwQY
MBaAFH+oFqMzjTJ0HNT/+PSd2yzIOP3FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjZnV296T05NblFjMVBfNDlKM2JMTWc0X2NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My9hNDUyOGEtOTBlNi00ZDkxLWE1MmMt
ZjA3MTdlYTQ4NWM2LzEvR0VfMFNOTzBQdlhocGJNMHhvWUp1LTVLUDR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My9hNDUyOGEtOTBlNi00ZDkxLWE1MmMtZjA3MTdlYTQ4NWM2
LzEvZjZnV296T05NblFjMVBfNDlKM2JMTWc0X2NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwV1MMA0G
CSqGSIb3DQEBCwUAA4IBAQBhGf8+Dy6HceJOxxMIfNpyX8QSaN/7Tn+ZfGBnRC0v
ri6PZjByaeAjW8fhthnqO+PC5bmAGEzPd7L6/vxz0racBGefUR0N6bI5slrXLXz+
xQ9LkGJmO0Fd4hWBHBf+An5RL55nx9y69MAo/s3LJq9bCFKX/VjqYIOnODo3gTYM
hkfmMyaYb917O1lILjcJIKXbl7bd5P1Ne4oLIdfxWHEP2wGJm95lJyqKls6Op8MR
JXawIEk8vIIbyC6J92kfs2bBbw9+y9arKop7EeAgraDTnXaj5l4xNEhnHgauyODP
Z+dX77iyIafV1AyFJ2OTMAcy4Chu0eJltA4PACjO6tUQ
-----END CERTIFICATE-----