Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/71a748-b2bc-4728-9ef0-a69cd9d15e31/1/GbH3C8xxQBVzS8ZvTseXyH8hWYE.roa
File:                     GbH3C8xxQBVzS8ZvTseXyH8hWYE.roa (raw, json)
Hash identifier:          DlB8M3rvXFrTr8uOp+auuYyfezxQ9vcvC4VYxRbYiYM=
Subject key identifier:   19:B1:F7:0B:CC:71:40:15:73:4B:C6:6F:4E:C7:97:C8:7F:21:59:81
Certificate issuer:       /CN=51e591e54903d2f9ea840a146955ba3459e33ea1
Certificate serial:       018CC493642EB9CAD6783E4E0BF950A1802E
Authority key identifier: 51:E5:91:E5:49:03:D2:F9:EA:84:0A:14:69:55:BA:34:59:E3:3E:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UeWR5UkD0vnqhAoUaVW6NFnjPqE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/71a748-b2bc-4728-9ef0-a69cd9d15e31/1/GbH3C8xxQBVzS8ZvTseXyH8hWYE.roa
Signing time:             Mon 01 Jan 2024 10:30:42 +0000
ROA not before:           Mon 01 Jan 2024 10:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28940
IP address blocks:        193.97.168.0/21 maxlen: 21
                          2001:67c:29dc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/71a748-b2bc-4728-9ef0-a69cd9d15e31/1/UeWR5UkD0vnqhAoUaVW6NFnjPqE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/71a748-b2bc-4728-9ef0-a69cd9d15e31/1/UeWR5UkD0vnqhAoUaVW6NFnjPqE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UeWR5UkD0vnqhAoUaVW6NFnjPqE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:64:2e:b9:ca:d6:78:3e:4e:0b:f9:50:a1:80:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51e591e54903d2f9ea840a146955ba3459e33ea1
        Validity
            Not Before: Jan  1 10:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19b1f70bcc714015734bc66f4ec797c87f215981
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:50:60:5f:47:e7:29:91:20:16:04:5b:57:40:
                    2a:3d:57:fd:88:65:1b:b4:c7:8e:72:a6:43:c5:31:
                    90:fa:58:3d:81:4a:cb:18:52:35:5c:84:a5:72:c9:
                    e6:3f:33:40:88:3d:75:22:62:02:01:ff:e8:b4:a0:
                    c4:97:9f:32:a1:ee:c1:b1:76:bc:a0:21:78:f6:1c:
                    aa:43:66:10:53:1e:2d:d4:17:70:e4:4f:c0:04:df:
                    ba:00:1e:d1:33:1b:32:7d:cf:43:07:ac:5d:71:23:
                    30:56:d2:3f:5c:37:00:01:e9:af:4e:c1:af:d1:c2:
                    1f:2d:78:e9:a5:00:31:e8:3c:43:7a:56:f5:1e:f6:
                    6c:b5:13:17:3e:21:16:e8:06:68:aa:58:8b:fc:b9:
                    aa:c6:0e:f0:dd:bf:1e:8f:d9:eb:2b:8b:86:88:7c:
                    f4:46:23:b8:e6:ba:7e:a5:08:71:4d:8b:0d:1c:43:
                    b4:37:ff:43:a7:3e:4b:09:ac:f8:5b:4f:7f:88:9d:
                    ea:e6:43:8b:9e:fc:ee:61:21:83:f7:9e:57:3f:89:
                    91:dd:cb:57:dd:0e:6f:54:5f:fc:2a:b5:0b:12:29:
                    40:9a:fe:c1:73:63:5e:e3:e9:99:0f:ce:9f:a0:ce:
                    85:1b:da:0b:9d:96:c2:12:1f:ec:ad:f0:6d:c5:2a:
                    30:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:B1:F7:0B:CC:71:40:15:73:4B:C6:6F:4E:C7:97:C8:7F:21:59:81
            X509v3 Authority Key Identifier:
                keyid:51:E5:91:E5:49:03:D2:F9:EA:84:0A:14:69:55:BA:34:59:E3:3E:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UeWR5UkD0vnqhAoUaVW6NFnjPqE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/71a748-b2bc-4728-9ef0-a69cd9d15e31/1/GbH3C8xxQBVzS8ZvTseXyH8hWYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/71a748-b2bc-4728-9ef0-a69cd9d15e31/1/UeWR5UkD0vnqhAoUaVW6NFnjPqE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.97.168.0/21
                IPv6:
                  2001:67c:29dc::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:d1:bf:1a:76:b4:6a:25:43:7e:c1:30:7d:08:85:5b:3e:65:
         0e:2f:89:da:3f:d8:af:d1:27:94:9a:ed:0d:9f:d1:d2:3c:ea:
         3b:60:67:15:94:3b:c2:87:57:ed:3b:39:42:d7:fd:05:59:34:
         0f:38:54:49:8e:12:30:5d:77:57:c1:89:df:e3:65:a7:70:bf:
         ed:f1:84:c5:7c:7b:a9:4a:bc:1f:67:d7:0e:56:e5:5c:02:a0:
         da:b1:a7:0c:57:d0:4c:1f:cc:00:f7:60:f2:44:72:d4:20:bb:
         79:f7:bc:96:6f:85:f0:a1:ef:b3:52:b7:2c:69:d8:52:16:5c:
         91:61:4d:56:c8:44:53:0f:e1:cf:84:e8:8d:96:3c:f1:8c:5a:
         12:e7:ce:37:a5:d6:dd:e9:f4:26:d4:06:24:d5:c4:51:ba:69:
         60:d7:68:21:9f:54:52:99:66:8b:b8:c0:6b:bb:68:64:07:80:
         c8:1f:2c:d3:b0:78:ac:20:89:9f:0c:a8:d4:83:29:1a:3a:be:
         c1:85:cc:e0:49:68:97:69:0b:40:e6:71:b2:44:56:1d:a7:6d:
         72:98:ae:fb:d5:fb:8f:94:31:d1:01:7c:53:12:04:ce:bb:b0:
         de:a9:f1:cd:a1:90:75:cc:91:73:b7:59:32:33:a4:61:17:fb:
         7a:b3:63:eb
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEk2QuucrWeD5OC/lQoYAuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxZTU5MWU1NDkwM2QyZjllYTg0MGExNDY5NTViYTM0NTll
MzNlYTEwHhcNMjQwMTAxMTAzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWIxZjcwYmNjNzE0MDE1NzM0YmM2NmY0ZWM3OTdjODdmMjE1OTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArlBgX0fnKZEgFgRbV0AqPVf9iGUb
tMeOcqZDxTGQ+lg9gUrLGFI1XISlcsnmPzNAiD11ImICAf/otKDEl58yoe7BsXa8
oCF49hyqQ2YQUx4t1Bdw5E/ABN+6AB7RMxsyfc9DB6xdcSMwVtI/XDcAAemvTsGv
0cIfLXjppQAx6DxDelb1HvZstRMXPiEW6AZoqliL/Lmqxg7w3b8ej9nrK4uGiHz0
RiO45rp+pQhxTYsNHEO0N/9Dpz5LCaz4W09/iJ3q5kOLnvzuYSGD955XP4mR3ctX
3Q5vVF/8KrULEilAmv7Bc2Ne4+mZD86foM6FG9oLnZbCEh/srfBtxSow4QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBmx9wvMcUAVc0vGb07Hl8h/IVmBMB8GA1UdIwQY
MBaAFFHlkeVJA9L56oQKFGlVujRZ4z6hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWVXUjVVa0Qwdm5xaEFvVWFWVzZORm5qUHFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi83MWE3NDgtYjJiYy00NzI4LTllZjAt
YTY5Y2Q5ZDE1ZTMxLzEvR2JIM0M4eHhRQlZ6UzhadlRzZVh5SDhoV1lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi83MWE3NDgtYjJiYy00NzI4LTllZjAtYTY5Y2Q5ZDE1ZTMx
LzEvVWVXUjVVa0Qwdm5xaEFvVWFWVzZORm5qUHFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwWGoMA8E
AgACMAkDBwAgAQZ8KdwwDQYJKoZIhvcNAQELBQADggEBAHDRvxp2tGolQ37BMH0I
hVs+ZQ4vido/2K/RJ5Sa7Q2f0dI86jtgZxWUO8KHV+07OULX/QVZNA84VEmOEjBd
d1fBid/jZadwv+3xhMV8e6lKvB9n1w5W5VwCoNqxpwxX0EwfzAD3YPJEctQgu3n3
vJZvhfCh77NStyxp2FIWXJFhTVbIRFMP4c+E6I2WPPGMWhLnzjel1t3p9CbUBiTV
xFG6aWDXaCGfVFKZZou4wGu7aGQHgMgfLNOweKwgiZ8MqNSDKRo6vsGFzOBJaJdp
C0DmcbJEVh2nbXKYrvvV+4+UMdEBfFMSBM67sN6p8c2hkHXMkXO3WTIzpGEX+3qz
Y+s=
-----END CERTIFICATE-----