Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/fe8993-9178-4424-a108-33f396ab56f2/1/gi_zGTszZKX1fp9X_XW2y6ZW2gc.roa
File:                     gi_zGTszZKX1fp9X_XW2y6ZW2gc.roa (raw, json)
Hash identifier:          tIKVh/ckxh8P1FH6egvNlqvikx1CZCJgsfjrsTj3lC8=
Subject key identifier:   82:2F:F3:19:3B:33:64:A5:F5:7E:9F:57:FD:75:B6:CB:A6:56:DA:07
Certificate issuer:       /CN=113d5e831c330d3cb51d476e0c163540f25e0372
Certificate serial:       018CC42521C5BC6B28D149B188ABAD6E3E14
Authority key identifier: 11:3D:5E:83:1C:33:0D:3C:B5:1D:47:6E:0C:16:35:40:F2:5E:03:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ET1egxwzDTy1HUduDBY1QPJeA3I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/fe8993-9178-4424-a108-33f396ab56f2/1/gi_zGTszZKX1fp9X_XW2y6ZW2gc.roa
Signing time:             Mon 01 Jan 2024 08:30:16 +0000
ROA not before:           Mon 01 Jan 2024 08:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8698
IP address blocks:        155.192.55.0/24 maxlen: 24
                          155.131.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/fe8993-9178-4424-a108-33f396ab56f2/1/ET1egxwzDTy1HUduDBY1QPJeA3I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/fe8993-9178-4424-a108-33f396ab56f2/1/ET1egxwzDTy1HUduDBY1QPJeA3I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ET1egxwzDTy1HUduDBY1QPJeA3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 19:02:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:21:c5:bc:6b:28:d1:49:b1:88:ab:ad:6e:3e:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=113d5e831c330d3cb51d476e0c163540f25e0372
        Validity
            Not Before: Jan  1 08:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=822ff3193b3364a5f57e9f57fd75b6cba656da07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:ae:3c:73:d7:63:5d:18:66:0e:5a:32:af:9d:
                    6a:4e:c1:f4:f0:ed:af:7f:00:0c:d3:41:72:f8:85:
                    43:1e:d0:45:6d:80:ad:a7:cb:f3:e2:95:7f:b5:8a:
                    cf:5c:68:1a:6e:dc:91:7f:2d:d1:6e:a9:d3:a4:e4:
                    1a:51:10:ba:f0:a7:dc:eb:c9:a6:5b:ef:b4:58:ba:
                    80:a3:5d:e9:23:a1:06:cf:31:86:53:d2:af:b3:3e:
                    6e:26:f2:64:e6:6b:a7:f6:dc:55:0b:8a:ea:b3:d4:
                    03:c7:f2:af:f0:7e:37:22:01:d0:f1:c9:21:0c:09:
                    6c:b4:10:a3:3a:49:64:41:11:92:05:7d:23:24:db:
                    05:27:b4:4e:94:8a:ab:25:33:fc:d3:1e:d7:0b:fa:
                    94:5f:09:3a:06:47:dc:66:87:57:c6:34:65:92:0b:
                    54:23:f8:c2:0b:85:c8:17:0a:21:6c:d4:66:56:fb:
                    00:a3:7e:b3:d9:10:3a:65:3b:08:01:93:8a:8c:a0:
                    e6:a8:05:6f:4a:4a:9c:86:ce:35:1e:63:94:e0:2d:
                    f5:aa:c1:d4:4c:14:b7:2d:67:ca:94:0f:53:7e:32:
                    aa:9f:84:db:05:1e:69:ce:7f:87:52:42:b6:a4:dc:
                    a3:8f:33:ad:55:dc:dc:04:9d:f7:17:3c:da:ca:83:
                    f8:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:2F:F3:19:3B:33:64:A5:F5:7E:9F:57:FD:75:B6:CB:A6:56:DA:07
            X509v3 Authority Key Identifier:
                keyid:11:3D:5E:83:1C:33:0D:3C:B5:1D:47:6E:0C:16:35:40:F2:5E:03:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ET1egxwzDTy1HUduDBY1QPJeA3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe8993-9178-4424-a108-33f396ab56f2/1/gi_zGTszZKX1fp9X_XW2y6ZW2gc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe8993-9178-4424-a108-33f396ab56f2/1/ET1egxwzDTy1HUduDBY1QPJeA3I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.131.55.0/24
                  155.192.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:be:2c:f8:8f:f1:b2:1c:3c:17:cc:78:a3:da:41:2d:01:c3:
         42:23:b5:fd:03:83:91:4f:58:63:06:3a:4c:1f:3e:c8:1b:5e:
         67:cd:b9:5f:ed:eb:4f:8c:b8:d4:7b:4e:b2:37:cc:49:0c:31:
         6b:8e:c8:92:1c:91:0e:4a:6a:31:dd:f2:d2:4a:50:3a:dd:87:
         90:02:e8:14:7d:fd:31:ad:ae:8f:8c:58:de:ba:82:e3:fc:2a:
         31:30:f0:c3:30:16:38:a9:ad:0f:49:be:c2:76:a0:34:6a:1a:
         f4:68:c2:ae:45:83:cb:a2:40:ba:e2:c0:91:53:62:a6:91:61:
         1a:91:f1:5b:ef:e4:ba:3d:58:8d:f3:88:1a:ab:45:a8:20:3e:
         e5:39:db:77:33:0a:f8:7b:94:86:0d:92:69:da:26:03:07:1c:
         64:e1:71:01:51:b9:38:4d:c5:65:af:ba:64:3d:f5:a0:63:f4:
         80:fc:77:09:0b:10:7d:6a:f7:c2:9d:6b:ef:b1:49:2a:de:66:
         c5:3d:10:e7:d9:17:d0:09:e1:64:ae:10:2d:7e:fe:74:f5:4a:
         f1:13:88:54:24:b5:a0:ad:c9:56:9e:ab:f3:0c:59:33:fe:1b:
         a6:dc:62:d2:da:0c:81:89:34:99:6f:16:a6:e4:9d:cb:59:a0:
         b4:88:c9:8a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJSHFvGso0UmxiKutbj4UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExM2Q1ZTgzMWMzMzBkM2NiNTFkNDc2ZTBjMTYzNTQwZjI1
ZTAzNzIwHhcNMjQwMTAxMDgzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjJmZjMxOTNiMzM2NGE1ZjU3ZTlmNTdmZDc1YjZjYmE2NTZkYTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj648c9djXRhmDloyr51qTsH08O2v
fwAM00Fy+IVDHtBFbYCtp8vz4pV/tYrPXGgabtyRfy3RbqnTpOQaURC68Kfc68mm
W++0WLqAo13pI6EGzzGGU9Kvsz5uJvJk5mun9txVC4rqs9QDx/Kv8H43IgHQ8ckh
DAlstBCjOklkQRGSBX0jJNsFJ7ROlIqrJTP80x7XC/qUXwk6BkfcZodXxjRlkgtU
I/jCC4XIFwohbNRmVvsAo36z2RA6ZTsIAZOKjKDmqAVvSkqchs41HmOU4C31qsHU
TBS3LWfKlA9TfjKqn4TbBR5pzn+HUkK2pNyjjzOtVdzcBJ33FzzayoP4ewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIIv8xk7M2Sl9X6fV/11tsumVtoHMB8GA1UdIwQY
MBaAFBE9XoMcMw08tR1HbgwWNUDyXgNyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVQxZWd4d3pEVHkxSFVkdURCWTFRUEplQTNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9mZTg5OTMtOTE3OC00NDI0LWExMDgt
MzNmMzk2YWI1NmYyLzEvZ2lfekdUc3paS1gxZnA5WF9YVzJ5NlpXMmdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9mZTg5OTMtOTE3OC00NDI0LWExMDgtMzNmMzk2YWI1NmYy
LzEvRVQxZWd4d3pEVHkxSFVkdURCWTFRUEplQTNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAm4M3AwQA
m8A3MA0GCSqGSIb3DQEBCwUAA4IBAQBUviz4j/GyHDwXzHij2kEtAcNCI7X9A4OR
T1hjBjpMHz7IG15nzblf7etPjLjUe06yN8xJDDFrjsiSHJEOSmox3fLSSlA63YeQ
AugUff0xra6PjFjeuoLj/CoxMPDDMBY4qa0PSb7CdqA0ahr0aMKuRYPLokC64sCR
U2KmkWEakfFb7+S6PViN84gaq0WoID7lOdt3Mwr4e5SGDZJp2iYDBxxk4XEBUbk4
TcVlr7pkPfWgY/SA/HcJCxB9avfCnWvvsUkq3mbFPRDn2RfQCeFkrhAtfv509Urx
E4hUJLWgrclWnqvzDFkz/hum3GLS2gyBiTSZbxam5J3LWaC0iMmK
-----END CERTIFICATE-----