Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/6683f4-3eec-4dcb-8787-731abc6f75ca/1/GX0cE2F4912LsRvT-4QWUEO6BPI.roa
File:                     GX0cE2F4912LsRvT-4QWUEO6BPI.roa (raw, json)
Hash identifier:          x0apLtHbpD5gXHtCthRE2Xn/XT/4PWpbR2DOWgyBWVs=
Subject key identifier:   19:7D:1C:13:61:78:F7:5D:8B:B1:1B:D3:FB:84:16:50:43:BA:04:F2
Certificate issuer:       /CN=1795ac843cd8ba90188f7313652bb561299b296f
Certificate serial:       018CC4244CCC17D5445027ECA6B6D7BC31FD
Authority key identifier: 17:95:AC:84:3C:D8:BA:90:18:8F:73:13:65:2B:B5:61:29:9B:29:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5WshDzYupAYj3MTZSu1YSmbKW8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/6683f4-3eec-4dcb-8787-731abc6f75ca/1/GX0cE2F4912LsRvT-4QWUEO6BPI.roa
Signing time:             Mon 01 Jan 2024 08:29:22 +0000
ROA not before:           Mon 01 Jan 2024 08:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28727
IP address blocks:        185.59.240.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/6683f4-3eec-4dcb-8787-731abc6f75ca/1/F5WshDzYupAYj3MTZSu1YSmbKW8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/6683f4-3eec-4dcb-8787-731abc6f75ca/1/F5WshDzYupAYj3MTZSu1YSmbKW8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F5WshDzYupAYj3MTZSu1YSmbKW8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:03:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:4c:cc:17:d5:44:50:27:ec:a6:b6:d7:bc:31:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1795ac843cd8ba90188f7313652bb561299b296f
        Validity
            Not Before: Jan  1 08:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=197d1c136178f75d8bb11bd3fb84165043ba04f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:f6:c5:ab:9d:49:a5:7a:49:5a:b2:9a:03:13:
                    03:53:57:36:a7:b0:c2:6e:fc:ef:33:ee:20:0d:5a:
                    3f:c0:2a:4e:d5:f5:8c:1d:52:cd:c1:c6:d1:74:f5:
                    98:21:a2:34:8e:00:a4:cc:ce:67:91:f3:a5:e2:f7:
                    96:b0:af:54:4d:74:c1:b3:69:8d:0d:7d:79:42:65:
                    87:1a:e6:aa:43:14:9c:8f:ea:57:ba:1e:ef:52:bc:
                    fb:f3:12:db:c7:3f:85:0d:de:99:05:a9:0f:2b:1a:
                    e7:8c:06:ce:f6:15:b7:28:af:c2:c1:d6:bd:49:1c:
                    22:42:01:bc:c9:9b:5a:00:49:0f:9f:87:39:e6:80:
                    c9:c9:e2:ae:ba:b6:54:aa:5f:02:3f:7d:f3:3b:4a:
                    c4:46:64:63:49:8f:4f:2a:a3:5c:4c:5e:b3:85:61:
                    a6:00:59:f3:a3:98:eb:20:34:38:1d:c0:0e:f0:1c:
                    98:97:0e:91:7f:b0:34:d1:08:34:0b:55:7f:b2:e5:
                    49:a5:db:c1:02:09:61:8a:c7:24:e1:3a:3a:54:e6:
                    9a:f0:f2:8d:ff:ed:2f:bb:28:47:ee:cc:84:72:20:
                    d0:f5:80:a8:d9:ce:ae:ef:ec:b6:8e:02:08:24:25:
                    cb:00:33:ec:4d:e2:03:d4:16:b2:e7:67:61:ba:73:
                    4f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:7D:1C:13:61:78:F7:5D:8B:B1:1B:D3:FB:84:16:50:43:BA:04:F2
            X509v3 Authority Key Identifier:
                keyid:17:95:AC:84:3C:D8:BA:90:18:8F:73:13:65:2B:B5:61:29:9B:29:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5WshDzYupAYj3MTZSu1YSmbKW8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/6683f4-3eec-4dcb-8787-731abc6f75ca/1/GX0cE2F4912LsRvT-4QWUEO6BPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/6683f4-3eec-4dcb-8787-731abc6f75ca/1/F5WshDzYupAYj3MTZSu1YSmbKW8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.59.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:38:54:1b:24:4a:8f:1b:64:76:de:88:f6:51:dc:4a:f8:f3:
         71:4c:b4:3d:2e:94:60:11:4b:1c:f8:57:bb:a2:08:0a:0f:20:
         54:44:c7:4a:22:7b:b8:f6:b9:59:f3:37:4c:a6:14:86:c4:7e:
         3a:7d:f7:b9:26:47:b4:58:4e:61:e5:15:45:74:aa:fa:cb:ed:
         ab:3f:09:cf:8c:99:0a:64:64:be:7b:e7:e1:a1:21:71:aa:03:
         1e:ac:ff:56:0b:8a:86:6c:7c:2d:e8:12:ed:8e:0d:29:d5:5d:
         38:af:57:b1:3f:fd:f4:81:21:3c:a4:9a:e8:b3:c5:31:4f:5f:
         1e:95:c7:58:31:2d:e9:05:06:25:81:5f:c3:97:e2:47:74:2e:
         7d:b4:7d:16:9a:6a:87:2c:49:60:ad:46:3f:3b:ff:03:27:40:
         ef:0a:db:61:dd:b7:f3:ae:08:b7:6e:31:d8:5e:11:b3:ca:06:
         26:7d:31:78:90:17:32:5c:cf:2e:94:24:89:ac:6a:fb:3f:eb:
         fe:e1:0b:4b:4c:8f:f4:cc:9f:fe:29:82:1f:11:45:ed:d8:f0:
         95:cc:0d:ae:b4:35:71:4d:64:b6:a0:56:2d:09:45:df:c2:d9:
         7c:d8:e5:81:64:94:f6:91:58:59:79:83:0b:5e:b9:13:47:83:
         ac:76:e3:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJEzMF9VEUCfsprbXvDH9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTVhYzg0M2NkOGJhOTAxODhmNzMxMzY1MmJiNTYxMjk5
YjI5NmYwHhcNMjQwMTAxMDgyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTdkMWMxMzYxNzhmNzVkOGJiMTFiZDNmYjg0MTY1MDQzYmEwNGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6/bFq51JpXpJWrKaAxMDU1c2p7DC
bvzvM+4gDVo/wCpO1fWMHVLNwcbRdPWYIaI0jgCkzM5nkfOl4veWsK9UTXTBs2mN
DX15QmWHGuaqQxScj+pXuh7vUrz78xLbxz+FDd6ZBakPKxrnjAbO9hW3KK/Cwda9
SRwiQgG8yZtaAEkPn4c55oDJyeKuurZUql8CP33zO0rERmRjSY9PKqNcTF6zhWGm
AFnzo5jrIDQ4HcAO8ByYlw6Rf7A00Qg0C1V/suVJpdvBAglhisck4To6VOaa8PKN
/+0vuyhH7syEciDQ9YCo2c6u7+y2jgIIJCXLADPsTeID1Bay52dhunNPBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBl9HBNhePddi7Eb0/uEFlBDugTyMB8GA1UdIwQY
MBaAFBeVrIQ82LqQGI9zE2UrtWEpmylvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVXc2hEell1cEFZajNNVFpTdTFZU21iS1c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS82NjgzZjQtM2VlYy00ZGNiLTg3ODct
NzMxYWJjNmY3NWNhLzEvR1gwY0UyRjQ5MTJMc1J2VC00UVdVRU82QlBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS82NjgzZjQtM2VlYy00ZGNiLTg3ODctNzMxYWJjNmY3NWNh
LzEvRjVXc2hEell1cEFZajNNVFpTdTFZU21iS1c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTvwMA0G
CSqGSIb3DQEBCwUAA4IBAQCpOFQbJEqPG2R23oj2UdxK+PNxTLQ9LpRgEUsc+Fe7
oggKDyBURMdKInu49rlZ8zdMphSGxH46ffe5Jke0WE5h5RVFdKr6y+2rPwnPjJkK
ZGS+e+fhoSFxqgMerP9WC4qGbHwt6BLtjg0p1V04r1exP/30gSE8pJros8UxT18e
lcdYMS3pBQYlgV/Dl+JHdC59tH0WmmqHLElgrUY/O/8DJ0DvCtth3bfzrgi3bjHY
XhGzygYmfTF4kBcyXM8ulCSJrGr7P+v+4QtLTI/0zJ/+KYIfEUXt2PCVzA2utDVx
TWS2oFYtCUXfwtl82OWBZJT2kVhZeYMLXrkTR4OsduPs
-----END CERTIFICATE-----