Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/GXbCNPCj0A1c_bFdkz4tW1PU56Y.roa
File:                     GXbCNPCj0A1c_bFdkz4tW1PU56Y.roa (raw, json)
Hash identifier:          dDVWCct/KAFt+pCLg+/NZAhm3x87iXd5sr3olSl+y8Y=
Subject key identifier:   19:76:C2:34:F0:A3:D0:0D:5C:FD:B1:5D:93:3E:2D:5B:53:D4:E7:A6
Certificate issuer:       /CN=c0e549fdceeb02912c8a8741c816806bbe19c448
Certificate serial:       018CC2DAF04931E2BDF1D8149A125BB73F16
Authority key identifier: C0:E5:49:FD:CE:EB:02:91:2C:8A:87:41:C8:16:80:6B:BE:19:C4:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wOVJ_c7rApEsiodByBaAa74ZxEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/GXbCNPCj0A1c_bFdkz4tW1PU56Y.roa
Signing time:             Mon 01 Jan 2024 02:29:37 +0000
ROA not before:           Mon 01 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212097
IP address blocks:        185.227.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/wOVJ_c7rApEsiodByBaAa74ZxEg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/wOVJ_c7rApEsiodByBaAa74ZxEg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wOVJ_c7rApEsiodByBaAa74ZxEg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f0:49:31:e2:bd:f1:d8:14:9a:12:5b:b7:3f:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0e549fdceeb02912c8a8741c816806bbe19c448
        Validity
            Not Before: Jan  1 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1976c234f0a3d00d5cfdb15d933e2d5b53d4e7a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:76:97:7b:d1:56:7b:d4:21:d3:05:90:d7:54:
                    c4:6e:39:da:48:37:69:8d:f8:fc:47:f8:0a:9c:ce:
                    86:f6:54:71:55:ee:1e:7c:5f:2e:d5:ce:81:c7:6d:
                    cd:63:52:e9:26:f2:5f:aa:03:57:58:d6:da:83:5f:
                    b1:54:6e:7f:da:a8:9b:b6:06:0f:3b:32:a2:5f:69:
                    98:8f:3a:c3:60:d8:aa:1c:6d:a8:60:b1:95:81:31:
                    24:29:b5:0e:de:38:7e:e3:b6:e4:1c:d0:21:d4:9c:
                    7c:d6:24:37:e5:fa:c4:31:9b:53:c9:a6:6e:2d:cc:
                    98:e6:23:55:50:bd:17:32:fb:c2:1f:d8:23:a4:27:
                    2c:a0:1e:34:b5:c4:0e:37:8d:8a:ce:8a:5a:21:df:
                    f3:d6:bd:cf:5d:98:02:0a:a2:ed:1d:82:ae:62:ac:
                    35:eb:de:34:62:59:f6:2b:0c:1a:d6:a0:0c:3f:2c:
                    48:01:d7:80:c9:56:52:0d:13:e3:0d:d3:7e:36:74:
                    fc:44:49:24:23:36:d9:3a:ed:85:3b:4e:07:61:92:
                    3c:02:d2:dd:06:17:13:4a:cf:a0:97:61:0d:91:f7:
                    26:2c:be:cc:f4:04:9d:c0:d4:06:16:29:c5:82:f7:
                    f1:de:e4:d5:83:44:e4:eb:a9:86:0f:73:e1:65:74:
                    a1:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:76:C2:34:F0:A3:D0:0D:5C:FD:B1:5D:93:3E:2D:5B:53:D4:E7:A6
            X509v3 Authority Key Identifier:
                keyid:C0:E5:49:FD:CE:EB:02:91:2C:8A:87:41:C8:16:80:6B:BE:19:C4:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wOVJ_c7rApEsiodByBaAa74ZxEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/GXbCNPCj0A1c_bFdkz4tW1PU56Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/wOVJ_c7rApEsiodByBaAa74ZxEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:33:b0:52:2f:36:06:6d:34:8b:2a:fa:d4:db:56:a3:9f:0f:
         6b:2f:d0:1d:c4:1e:ad:4c:31:09:0f:db:f3:c0:c9:14:30:4a:
         7e:e6:41:f0:96:fd:95:a0:75:81:15:bb:08:53:12:a4:38:47:
         79:d5:4a:3d:01:48:41:a0:33:7d:e7:9c:2c:ae:b3:f4:46:87:
         58:59:7b:09:06:9e:1c:0c:87:33:56:e0:4f:90:d3:df:29:e4:
         5b:5f:20:d2:fc:32:29:77:19:9e:57:f2:85:2f:7a:1b:7f:36:
         66:d8:1f:3c:af:21:d3:3b:53:45:4f:85:5a:d2:53:00:fd:ae:
         0a:8a:e3:29:fb:9d:66:f3:9d:71:e6:02:08:08:e8:48:77:64:
         a7:6d:65:92:8f:bd:e0:6b:c4:f3:56:08:17:bb:aa:b3:54:6a:
         c6:3b:0f:98:77:61:e3:3a:ff:9e:30:d5:f6:4c:b6:3b:2e:65:
         1d:3f:18:16:0d:e2:91:23:8d:c0:2b:bf:69:3c:0d:41:b4:28:
         fc:a9:1a:df:ee:f9:ae:ff:d7:53:3c:05:87:79:96:0a:f3:df:
         b5:b4:c9:5c:91:0d:c0:4f:74:60:96:c2:bf:97:c7:31:3d:3d:
         2e:bf:d5:79:63:c2:3c:fb:20:33:4a:7b:39:7a:7d:c9:40:54:
         03:32:77:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2vBJMeK98dgUmhJbtz8WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZTU0OWZkY2VlYjAyOTEyYzhhODc0MWM4MTY4MDZiYmUx
OWM0NDgwHhcNMjQwMTAxMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTc2YzIzNGYwYTNkMDBkNWNmZGIxNWQ5MzNlMmQ1YjUzZDRlN2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnHaXe9FWe9Qh0wWQ11TEbjnaSDdp
jfj8R/gKnM6G9lRxVe4efF8u1c6Bx23NY1LpJvJfqgNXWNbag1+xVG5/2qibtgYP
OzKiX2mYjzrDYNiqHG2oYLGVgTEkKbUO3jh+47bkHNAh1Jx81iQ35frEMZtTyaZu
LcyY5iNVUL0XMvvCH9gjpCcsoB40tcQON42KzopaId/z1r3PXZgCCqLtHYKuYqw1
6940Yln2Kwwa1qAMPyxIAdeAyVZSDRPjDdN+NnT8REkkIzbZOu2FO04HYZI8AtLd
BhcTSs+gl2ENkfcmLL7M9ASdwNQGFinFgvfx3uTVg0Tk66mGD3PhZXShfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBl2wjTwo9ANXP2xXZM+LVtT1OemMB8GA1UdIwQY
MBaAFMDlSf3O6wKRLIqHQcgWgGu+GcRIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd09WSl9jN3JBcEVzaW9kQnlCYUFhNzRaeEVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8xNjBmOGYtZGJhYi00ODJkLWIzOWMt
YWQyZmRhNDc5ODhlLzEvR1hiQ05QQ2owQTFjX2JGZGt6NHRXMVBVNTZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8xNjBmOGYtZGJhYi00ODJkLWIzOWMtYWQyZmRhNDc5ODhl
LzEvd09WSl9jN3JBcEVzaW9kQnlCYUFhNzRaeEVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuePbMA0G
CSqGSIb3DQEBCwUAA4IBAQAGM7BSLzYGbTSLKvrU21ajnw9rL9AdxB6tTDEJD9vz
wMkUMEp+5kHwlv2VoHWBFbsIUxKkOEd51Uo9AUhBoDN955wsrrP0RodYWXsJBp4c
DIczVuBPkNPfKeRbXyDS/DIpdxmeV/KFL3obfzZm2B88ryHTO1NFT4Va0lMA/a4K
iuMp+51m851x5gIICOhId2SnbWWSj73ga8TzVggXu6qzVGrGOw+Yd2HjOv+eMNX2
TLY7LmUdPxgWDeKRI43AK79pPA1BtCj8qRrf7vmu/9dTPAWHeZYK89+1tMlckQ3A
T3RglsK/l8cxPT0uv9V5Y8I8+yAzSns5en3JQFQDMnfG
-----END CERTIFICATE-----