Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/ffbf18-aa03-434c-8bbd-141450f10a85/1/GhJPedVhNXBWi24dCzz_8rK0hk0.roa
File:                     GhJPedVhNXBWi24dCzz_8rK0hk0.roa (raw, json)
Hash identifier:          mdJpypEYe5AAUb7SATMLtGb5TsWj+8+NH+pRF814jD8=
Subject key identifier:   1A:12:4F:79:D5:61:35:70:56:8B:6E:1D:0B:3C:FF:F2:B2:B4:86:4D
Certificate issuer:       /CN=bb62fe6b7f3d364332bcd6e0daf79226ccf809e2
Certificate serial:       018CC42463C93AABC1DFBCB022A98363D0A1
Authority key identifier: BB:62:FE:6B:7F:3D:36:43:32:BC:D6:E0:DA:F7:92:26:CC:F8:09:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u2L-a389NkMyvNbg2veSJsz4CeI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/ffbf18-aa03-434c-8bbd-141450f10a85/1/GhJPedVhNXBWi24dCzz_8rK0hk0.roa
Signing time:             Mon 01 Jan 2024 08:29:28 +0000
ROA not before:           Mon 01 Jan 2024 08:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42466
IP address blocks:        91.189.144.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/ffbf18-aa03-434c-8bbd-141450f10a85/1/u2L-a389NkMyvNbg2veSJsz4CeI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/ffbf18-aa03-434c-8bbd-141450f10a85/1/u2L-a389NkMyvNbg2veSJsz4CeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u2L-a389NkMyvNbg2veSJsz4CeI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:02:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:63:c9:3a:ab:c1:df:bc:b0:22:a9:83:63:d0:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb62fe6b7f3d364332bcd6e0daf79226ccf809e2
        Validity
            Not Before: Jan  1 08:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a124f79d5613570568b6e1d0b3cfff2b2b4864d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:d9:99:cc:a8:42:19:f9:3b:10:49:6c:b5:58:
                    2d:4a:aa:e5:9b:b6:d5:84:a0:4a:76:d3:2c:00:db:
                    2b:76:ae:c0:a9:90:44:11:0e:48:00:d1:85:86:28:
                    09:5d:92:14:5c:81:9c:2e:02:1e:9c:cf:13:df:48:
                    26:1d:67:75:52:f2:73:21:15:6c:42:98:86:d3:e0:
                    b9:bb:23:5a:bb:c9:04:c7:6c:7c:14:c0:99:1d:42:
                    01:35:9c:f7:dc:af:fb:07:c0:8a:7d:2d:4d:17:3a:
                    3e:5f:cf:57:1b:00:48:b8:dd:7f:e2:bc:0f:19:aa:
                    22:9e:7b:ab:14:1e:c7:22:7c:fb:64:eb:b8:50:eb:
                    6c:41:4b:36:b8:91:c3:2c:55:02:fd:32:fd:8a:d3:
                    9b:92:45:05:3d:8c:41:d5:a5:19:5a:25:79:6f:2e:
                    94:49:e5:5b:fb:c7:22:50:c8:9f:17:91:24:d9:dc:
                    12:a9:12:f3:55:81:0c:a1:f6:5e:f0:1c:3d:ca:18:
                    4f:25:1a:66:de:77:33:25:3d:33:9b:39:78:fe:15:
                    22:b2:ab:18:a9:04:19:da:9f:f8:7d:f8:dc:9e:36:
                    51:ae:ee:a1:67:7b:cd:46:19:57:f4:aa:5c:6a:ee:
                    0e:de:d5:fd:42:58:76:9a:e4:eb:0d:3c:ef:12:6f:
                    1e:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:12:4F:79:D5:61:35:70:56:8B:6E:1D:0B:3C:FF:F2:B2:B4:86:4D
            X509v3 Authority Key Identifier:
                keyid:BB:62:FE:6B:7F:3D:36:43:32:BC:D6:E0:DA:F7:92:26:CC:F8:09:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u2L-a389NkMyvNbg2veSJsz4CeI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/ffbf18-aa03-434c-8bbd-141450f10a85/1/GhJPedVhNXBWi24dCzz_8rK0hk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/ffbf18-aa03-434c-8bbd-141450f10a85/1/u2L-a389NkMyvNbg2veSJsz4CeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.189.144.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4c:db:df:91:4e:0c:36:ec:8e:e8:ed:dd:84:71:8f:82:15:87:
         61:bd:74:6d:82:c9:22:ad:04:53:2a:b2:95:35:88:88:51:0a:
         6d:95:d8:3b:65:86:c5:0f:ea:c3:c3:d8:56:2a:c7:a9:3f:f7:
         4e:a1:15:02:29:68:2a:db:37:12:b0:f9:72:b8:a1:b2:02:e3:
         d4:ed:88:c6:4d:cc:50:ee:6c:66:5d:fd:0d:dc:37:fa:73:83:
         6c:e0:3c:06:93:7c:8c:04:9b:d8:f3:f2:11:80:2e:41:4e:c8:
         ef:09:55:a0:69:e9:68:26:5f:32:75:41:a4:d8:91:66:21:18:
         19:cc:b2:39:bc:52:8a:e0:5e:52:9e:64:f1:97:45:18:7c:1d:
         5e:3d:62:f8:7f:fd:b1:1f:5e:11:d3:e1:ab:bb:36:34:68:4e:
         92:59:3c:08:19:ad:fe:e7:5f:ad:c8:d1:99:ff:c0:f4:3a:10:
         62:5d:18:6a:97:b7:87:ef:ca:a7:b2:8f:1f:04:a4:e9:0b:e8:
         e0:70:57:e5:76:35:17:02:7a:0f:31:f1:a6:0a:59:4a:2e:0c:
         17:2e:e8:0c:97:26:90:8a:51:49:a5:9f:ba:2d:5d:49:3f:b2:
         ae:c8:4f:8c:b6:ba:79:bf:9e:6c:c4:a0:63:f3:d9:9f:c4:02:
         ab:37:22:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJGPJOqvB37ywIqmDY9ChMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiNjJmZTZiN2YzZDM2NDMzMmJjZDZlMGRhZjc5MjI2Y2Nm
ODA5ZTIwHhcNMjQwMTAxMDgyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTEyNGY3OWQ1NjEzNTcwNTY4YjZlMWQwYjNjZmZmMmIyYjQ4NjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9mZzKhCGfk7EElstVgtSqrlm7bV
hKBKdtMsANsrdq7AqZBEEQ5IANGFhigJXZIUXIGcLgIenM8T30gmHWd1UvJzIRVs
QpiG0+C5uyNau8kEx2x8FMCZHUIBNZz33K/7B8CKfS1NFzo+X89XGwBIuN1/4rwP
GaoinnurFB7HInz7ZOu4UOtsQUs2uJHDLFUC/TL9itObkkUFPYxB1aUZWiV5by6U
SeVb+8ciUMifF5Ek2dwSqRLzVYEMofZe8Bw9yhhPJRpm3nczJT0zmzl4/hUisqsY
qQQZ2p/4ffjcnjZRru6hZ3vNRhlX9Kpcau4O3tX9Qlh2muTrDTzvEm8emwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBoST3nVYTVwVotuHQs8//KytIZNMB8GA1UdIwQY
MBaAFLti/mt/PTZDMrzW4Nr3kibM+AniMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTJMLWEzODlOa015dk5iZzJ2ZVNKc3o0Q2VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9mZmJmMTgtYWEwMy00MzRjLThiYmQt
MTQxNDUwZjEwYTg1LzEvR2hKUGVkVmhOWEJXaTI0ZEN6el84ckswaGswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9mZmJmMTgtYWEwMy00MzRjLThiYmQtMTQxNDUwZjEwYTg1
LzEvdTJMLWEzODlOa015dk5iZzJ2ZVNKc3o0Q2VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDW72QMA0G
CSqGSIb3DQEBCwUAA4IBAQBM29+RTgw27I7o7d2EcY+CFYdhvXRtgskirQRTKrKV
NYiIUQptldg7ZYbFD+rDw9hWKsepP/dOoRUCKWgq2zcSsPlyuKGyAuPU7YjGTcxQ
7mxmXf0N3Df6c4Ns4DwGk3yMBJvY8/IRgC5BTsjvCVWgaeloJl8ydUGk2JFmIRgZ
zLI5vFKK4F5SnmTxl0UYfB1ePWL4f/2xH14R0+GruzY0aE6SWTwIGa3+51+tyNGZ
/8D0OhBiXRhql7eH78qnso8fBKTpC+jgcFfldjUXAnoPMfGmCllKLgwXLugMlyaQ
ilFJpZ+6LV1JP7KuyE+Mtrp5v55sxKBj89mfxAKrNyKN
-----END CERTIFICATE-----