Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/dff2c6-d87c-4d65-a256-1c8225d407b5/1/gmZoT1EPV4SR2Fd--nJL7uelNKg.roa
File:                     gmZoT1EPV4SR2Fd--nJL7uelNKg.roa (raw, json)
Hash identifier:          NaJa6hHPNinXi6tpeIA16S3mXciiWQLk4rZCAL8R5oI=
Subject key identifier:   82:66:68:4F:51:0F:57:84:91:D8:57:7E:FA:72:4B:EE:E7:A5:34:A8
Certificate issuer:       /CN=18ca6de1a48a4e8c5b8af1eae9b5e80bfcf92c45
Certificate serial:       018EBD40D83C43A8C737BC58FB2E5E39D2FF
Authority key identifier: 18:CA:6D:E1:A4:8A:4E:8C:5B:8A:F1:EA:E9:B5:E8:0B:FC:F9:2C:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GMpt4aSKToxbivHq6bXoC_z5LEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/dff2c6-d87c-4d65-a256-1c8225d407b5/1/gmZoT1EPV4SR2Fd--nJL7uelNKg.roa
Signing time:             Mon 08 Apr 2024 10:28:47 +0000
ROA not before:           Mon 08 Apr 2024 10:28:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199760
IP address blocks:        185.115.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/dff2c6-d87c-4d65-a256-1c8225d407b5/1/GMpt4aSKToxbivHq6bXoC_z5LEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/dff2c6-d87c-4d65-a256-1c8225d407b5/1/GMpt4aSKToxbivHq6bXoC_z5LEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GMpt4aSKToxbivHq6bXoC_z5LEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 13:57:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bd:40:d8:3c:43:a8:c7:37:bc:58:fb:2e:5e:39:d2:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18ca6de1a48a4e8c5b8af1eae9b5e80bfcf92c45
        Validity
            Not Before: Apr  8 10:28:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8266684f510f578491d8577efa724beee7a534a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d4:cf:47:3d:a5:f2:51:ff:46:91:8b:d1:67:
                    ad:eb:da:cc:d9:b0:f7:e3:a9:5f:bd:14:30:a5:6a:
                    07:f2:27:c7:84:d6:8a:0f:84:45:f9:ec:c3:3f:6d:
                    94:75:d5:d8:62:3e:0b:de:e2:52:6d:2c:64:38:63:
                    c9:99:7c:c6:67:2a:28:eb:bf:ec:59:00:2e:b2:25:
                    b7:17:a3:c5:0d:39:2a:12:86:13:06:a3:60:d9:ae:
                    a9:ba:03:20:3e:c6:b8:9e:2c:16:8a:29:9c:67:2b:
                    73:e5:fa:16:ab:ce:5d:44:3c:26:60:23:c4:b0:45:
                    17:93:12:30:a0:c0:c7:03:cd:99:b0:1f:88:70:01:
                    86:7e:97:d2:64:0c:fd:14:eb:4f:48:d7:ed:c9:a1:
                    0e:ca:a1:b4:a2:39:63:ed:10:85:4a:ca:6a:3f:86:
                    97:e2:5e:c5:40:01:12:22:e0:22:1d:70:68:fb:3d:
                    0e:8f:f8:40:e7:8a:23:92:0c:47:94:52:c7:c8:61:
                    bc:64:e0:fa:60:0f:46:02:f0:5a:08:4a:49:0d:b1:
                    5c:52:c0:f9:65:6a:a8:d8:50:1b:91:3e:55:83:42:
                    3a:4a:c3:00:8d:0d:ed:49:b6:6c:ee:e1:5f:a7:92:
                    9c:4c:b6:b3:5d:14:59:46:ea:e9:46:67:11:00:7d:
                    11:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:66:68:4F:51:0F:57:84:91:D8:57:7E:FA:72:4B:EE:E7:A5:34:A8
            X509v3 Authority Key Identifier:
                keyid:18:CA:6D:E1:A4:8A:4E:8C:5B:8A:F1:EA:E9:B5:E8:0B:FC:F9:2C:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GMpt4aSKToxbivHq6bXoC_z5LEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/dff2c6-d87c-4d65-a256-1c8225d407b5/1/gmZoT1EPV4SR2Fd--nJL7uelNKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/dff2c6-d87c-4d65-a256-1c8225d407b5/1/GMpt4aSKToxbivHq6bXoC_z5LEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:d7:1c:31:be:46:90:18:06:a3:53:e8:7c:1d:34:36:0e:99:
         5f:5a:89:79:95:12:b0:9d:61:bb:a9:26:43:1f:ce:42:7f:96:
         5c:bd:aa:92:85:04:a3:0d:fd:64:44:26:6c:c7:1d:6d:4a:fc:
         e5:ae:ab:3e:95:fa:db:80:ac:1d:c8:bd:0b:49:c6:b0:48:e6:
         7d:1a:6d:aa:0e:ca:dd:e7:7d:3b:47:51:b1:61:d1:ee:01:d7:
         54:0c:67:bc:76:65:81:f4:5c:17:05:d6:3d:5e:80:b7:12:ed:
         8f:ff:e2:c6:71:b0:65:07:cd:45:4e:7a:35:25:96:d4:66:c9:
         04:49:d4:28:79:8d:82:40:f7:70:e0:5d:c5:20:ff:79:0e:39:
         c9:ba:25:64:cc:0d:6e:3f:10:1b:42:7c:47:5d:6d:72:12:a7:
         f4:6a:bf:90:f7:97:41:c6:7a:ff:f6:46:8e:73:cd:cb:45:2b:
         0c:69:1b:5f:ee:7b:d0:7b:2f:89:cc:be:2b:44:52:8f:06:3f:
         f2:8d:9c:2e:a7:4a:79:4a:96:83:d4:6c:ca:56:b2:71:ca:d0:
         59:fb:51:52:15:69:d7:51:a8:d5:5f:c9:e0:fb:63:02:3c:e0:
         c2:65:cd:30:cf:f0:a5:f1:75:23:f3:72:85:e2:e7:b0:e4:b2:
         73:a6:8e:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY69QNg8Q6jHN7xY+y5eOdL/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4Y2E2ZGUxYTQ4YTRlOGM1YjhhZjFlYWU5YjVlODBiZmNm
OTJjNDUwHhcNMjQwNDA4MTAyODQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjY2Njg0ZjUxMGY1Nzg0OTFkODU3N2VmYTcyNGJlZWU3YTUzNGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNTPRz2l8lH/RpGL0Wet69rM2bD3
46lfvRQwpWoH8ifHhNaKD4RF+ezDP22UddXYYj4L3uJSbSxkOGPJmXzGZyoo67/s
WQAusiW3F6PFDTkqEoYTBqNg2a6pugMgPsa4niwWiimcZytz5foWq85dRDwmYCPE
sEUXkxIwoMDHA82ZsB+IcAGGfpfSZAz9FOtPSNftyaEOyqG0ojlj7RCFSspqP4aX
4l7FQAESIuAiHXBo+z0Oj/hA54ojkgxHlFLHyGG8ZOD6YA9GAvBaCEpJDbFcUsD5
ZWqo2FAbkT5Vg0I6SsMAjQ3tSbZs7uFfp5KcTLazXRRZRurpRmcRAH0RSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIJmaE9RD1eEkdhXfvpyS+7npTSoMB8GA1UdIwQY
MBaAFBjKbeGkik6MW4rx6um16Av8+SxFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR01wdDRhU0tUb3hiaXZIcTZiWG9DX3o1TEVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9kZmYyYzYtZDg3Yy00ZDY1LWEyNTYt
MWM4MjI1ZDQwN2I1LzEvZ21ab1QxRVBWNFNSMkZkLS1uSkw3dWVsTktnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9kZmYyYzYtZDg3Yy00ZDY1LWEyNTYtMWM4MjI1ZDQwN2I1
LzEvR01wdDRhU0tUb3hiaXZIcTZiWG9DX3o1TEVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXOjMA0G
CSqGSIb3DQEBCwUAA4IBAQBp1xwxvkaQGAajU+h8HTQ2DplfWol5lRKwnWG7qSZD
H85Cf5ZcvaqShQSjDf1kRCZsxx1tSvzlrqs+lfrbgKwdyL0LScawSOZ9Gm2qDsrd
5307R1GxYdHuAddUDGe8dmWB9FwXBdY9XoC3Eu2P/+LGcbBlB81FTno1JZbUZskE
SdQoeY2CQPdw4F3FIP95DjnJuiVkzA1uPxAbQnxHXW1yEqf0ar+Q95dBxnr/9kaO
c83LRSsMaRtf7nvQey+JzL4rRFKPBj/yjZwup0p5SpaD1GzKVrJxytBZ+1FSFWnX
UajVX8ng+2MCPODCZc0wz/Cl8XUj83KF4uew5LJzpo61
-----END CERTIFICATE-----