Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/GI3LH5JEwKoHuWIWeUzqkvhkgws.roa
File:                     GI3LH5JEwKoHuWIWeUzqkvhkgws.roa (raw, json)
Hash identifier:          FFQDWzJhN5sZdDA34wEZo3p6DdDTbx7KD519G3fST70=
Subject key identifier:   18:8D:CB:1F:92:44:C0:AA:07:B9:62:16:79:4C:EA:92:F8:64:83:0B
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CC26D5C07C6AF09E192F5BB9EEE2CA6C2
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/GI3LH5JEwKoHuWIWeUzqkvhkgws.roa
Signing time:             Mon 01 Jan 2024 00:29:55 +0000
ROA not before:           Mon 01 Jan 2024 00:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51859
IP address blocks:        185.167.144.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:5c:07:c6:af:09:e1:92:f5:bb:9e:ee:2c:a6:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 00:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=188dcb1f9244c0aa07b96216794cea92f864830b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:f2:c3:62:02:90:48:7c:01:3d:f5:80:22:ee:
                    2b:12:af:86:e6:71:63:45:36:7d:68:4c:fa:25:d3:
                    81:5e:1b:4b:63:e4:b0:e0:0b:a1:7e:21:12:32:41:
                    3f:82:28:70:43:b7:55:eb:db:99:0e:56:f1:d0:56:
                    62:aa:24:bc:73:bc:af:9d:be:86:49:33:d5:40:77:
                    ce:8a:7c:90:1b:1e:d3:39:a3:13:1d:af:b6:c9:80:
                    08:88:0d:83:de:ab:8e:68:48:75:cc:62:6a:c7:ea:
                    47:cc:0c:ba:24:72:8c:a1:2a:92:ab:ff:cc:d9:40:
                    41:f5:14:ce:b3:45:d3:ee:80:6d:61:44:ad:94:51:
                    67:ab:ea:6e:c6:65:60:cb:e2:52:0a:3d:e2:06:64:
                    c7:63:80:35:79:9f:51:2f:fa:cc:7f:9d:56:e7:b0:
                    de:47:7f:3f:6b:ce:9e:d7:d9:c1:0c:36:fd:80:5f:
                    cc:6c:79:a8:c1:bd:9a:f6:68:7e:c1:13:f0:0f:8c:
                    08:f9:ca:3f:cf:84:bc:31:1b:a8:42:cc:ad:d7:44:
                    34:8b:99:67:06:66:cd:98:71:7f:9f:99:c4:3e:17:
                    0c:93:7c:1c:a2:33:27:c4:f1:89:c6:6a:55:ec:20:
                    66:b7:86:ea:b2:0d:27:8e:f3:fb:3f:61:1c:91:ee:
                    d4:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:8D:CB:1F:92:44:C0:AA:07:B9:62:16:79:4C:EA:92:F8:64:83:0B
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/GI3LH5JEwKoHuWIWeUzqkvhkgws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:07:0b:5d:44:8d:38:9f:e3:3c:96:7f:af:63:34:d5:0f:f2:
         a2:83:93:88:f4:52:00:42:bb:9e:ed:36:b2:a0:b3:ed:b5:32:
         57:86:8a:55:39:ad:15:cc:8c:b8:2f:0f:bd:1d:c3:fb:38:b1:
         f3:4c:3d:fa:5e:ed:74:c3:7a:d3:7d:be:47:92:f1:5f:e1:44:
         fd:f3:74:76:03:dc:f4:2b:93:5e:79:8b:3a:83:f1:9a:a4:29:
         c6:f8:87:41:da:b1:a1:b9:40:e1:ff:bc:14:09:cf:f7:8f:48:
         30:88:2f:c8:e2:61:be:30:ae:45:d8:c0:d7:63:61:31:ee:80:
         29:4c:ea:60:0b:7b:ea:e6:ab:31:ff:48:14:ef:52:c8:3e:a6:
         8e:56:78:9c:fd:10:7c:3b:e9:37:46:52:2d:30:3e:f0:5e:89:
         e4:5a:6d:15:3e:bb:56:2a:fa:02:55:ce:52:fe:66:09:b7:ae:
         76:a6:e7:c6:2c:f2:35:55:8b:97:bb:67:04:9b:04:60:a8:83:
         86:da:f1:68:94:5c:00:dc:08:33:20:2e:3d:eb:52:36:47:2f:
         74:da:f3:26:41:c3:86:29:cb:4b:6b:5a:89:b1:23:54:f1:30:
         d0:e1:f0:68:06:2b:67:21:c0:d7:90:f3:bb:c8:f5:59:97:5f:
         5e:7f:3f:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVwHxq8J4ZL1u57uLKbCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTAxMDAyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODhkY2IxZjkyNDRjMGFhMDdiOTYyMTY3OTRjZWE5MmY4NjQ4MzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvLDYgKQSHwBPfWAIu4rEq+G5nFj
RTZ9aEz6JdOBXhtLY+Sw4AuhfiESMkE/gihwQ7dV69uZDlbx0FZiqiS8c7yvnb6G
STPVQHfOinyQGx7TOaMTHa+2yYAIiA2D3quOaEh1zGJqx+pHzAy6JHKMoSqSq//M
2UBB9RTOs0XT7oBtYUStlFFnq+puxmVgy+JSCj3iBmTHY4A1eZ9RL/rMf51W57De
R38/a86e19nBDDb9gF/MbHmowb2a9mh+wRPwD4wI+co/z4S8MRuoQsyt10Q0i5ln
BmbNmHF/n5nEPhcMk3wcojMnxPGJxmpV7CBmt4bqsg0njvP7P2Ecke7U7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBiNyx+SRMCqB7liFnlM6pL4ZIMLMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvR0kzTEg1SkV3S29IdVdJV2VVenFrdmhrZ3dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaeQMA0G
CSqGSIb3DQEBCwUAA4IBAQAaBwtdRI04n+M8ln+vYzTVD/Kig5OI9FIAQrue7Tay
oLPttTJXhopVOa0VzIy4Lw+9HcP7OLHzTD36Xu10w3rTfb5HkvFf4UT983R2A9z0
K5NeeYs6g/GapCnG+IdB2rGhuUDh/7wUCc/3j0gwiC/I4mG+MK5F2MDXY2Ex7oAp
TOpgC3vq5qsx/0gU71LIPqaOVnic/RB8O+k3RlItMD7wXonkWm0VPrtWKvoCVc5S
/mYJt652pufGLPI1VYuXu2cEmwRgqIOG2vFolFwA3AgzIC4961I2Ry902vMmQcOG
KctLa1qJsSNU8TDQ4fBoBitnIcDXkPO7yPVZl19efz/C
-----END CERTIFICATE-----