Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/5bcea5-8e45-458a-b031-b78ff80a8027/1/gRFKVxLagDwNGMYL_lzqi3i8vA4.roa
File:                     gRFKVxLagDwNGMYL_lzqi3i8vA4.roa (raw, json)
Hash identifier:          sJgv3RHrKF04fCkDxNYIpGoTwWGdXsJI3SnsPAIKbaA=
Subject key identifier:   81:11:4A:57:12:DA:80:3C:0D:18:C6:0B:FE:5C:EA:8B:78:BC:BC:0E
Certificate issuer:       /CN=552c9a1c9c4ff793e888bd583dca9815cc4574c0
Certificate serial:       018CC3491FE80BB87A5AFC84C5E4E3FDAC5B
Authority key identifier: 55:2C:9A:1C:9C:4F:F7:93:E8:88:BD:58:3D:CA:98:15:CC:45:74:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VSyaHJxP95PoiL1YPcqYFcxFdMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/5bcea5-8e45-458a-b031-b78ff80a8027/1/gRFKVxLagDwNGMYL_lzqi3i8vA4.roa
Signing time:             Mon 01 Jan 2024 04:29:58 +0000
ROA not before:           Mon 01 Jan 2024 04:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49234
IP address blocks:        193.24.128.0/18 maxlen: 18

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/5bcea5-8e45-458a-b031-b78ff80a8027/1/VSyaHJxP95PoiL1YPcqYFcxFdMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/5bcea5-8e45-458a-b031-b78ff80a8027/1/VSyaHJxP95PoiL1YPcqYFcxFdMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VSyaHJxP95PoiL1YPcqYFcxFdMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:1f:e8:0b:b8:7a:5a:fc:84:c5:e4:e3:fd:ac:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=552c9a1c9c4ff793e888bd583dca9815cc4574c0
        Validity
            Not Before: Jan  1 04:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81114a5712da803c0d18c60bfe5cea8b78bcbc0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:e7:c9:b0:99:f1:37:20:e1:60:cd:6d:2d:89:
                    9c:b9:24:95:d6:3e:ea:23:c9:02:2b:ec:ff:c8:9b:
                    7a:ec:c7:fb:11:7d:5d:de:5f:47:11:3c:51:ff:3e:
                    be:86:db:ee:cc:ac:27:c4:31:cc:ab:22:9d:52:fb:
                    70:5c:f1:1c:0d:6f:25:3b:f4:ba:44:68:c9:a7:69:
                    77:17:c7:f7:8e:a6:ed:22:92:6d:69:47:0d:0c:da:
                    41:12:47:ad:83:5d:67:83:35:72:91:04:d3:c6:53:
                    4d:48:a3:65:4b:a4:70:85:84:11:38:d6:ef:16:d4:
                    0f:e8:74:7b:c6:79:d4:aa:33:19:9c:c6:65:7f:81:
                    6c:fb:35:4c:7f:08:66:93:ba:7c:8b:94:83:2e:8a:
                    cc:6e:4e:4e:f3:d0:fd:1e:47:ef:30:d1:fc:ab:33:
                    9d:0c:42:73:a1:05:dd:c9:00:b3:c5:7c:2d:65:df:
                    37:ee:20:8e:b4:ce:d8:93:63:38:ba:b3:e7:f7:c2:
                    2d:de:c5:79:2d:fa:c4:6c:83:bc:d9:ea:de:09:b5:
                    dc:13:b7:e4:6e:c4:6d:15:08:ca:34:83:6f:67:c5:
                    1c:ba:5d:33:cb:30:d7:b1:58:55:73:29:1f:ea:10:
                    d2:08:52:c3:e3:3a:72:5f:97:59:e3:bc:49:20:41:
                    81:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:11:4A:57:12:DA:80:3C:0D:18:C6:0B:FE:5C:EA:8B:78:BC:BC:0E
            X509v3 Authority Key Identifier:
                keyid:55:2C:9A:1C:9C:4F:F7:93:E8:88:BD:58:3D:CA:98:15:CC:45:74:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VSyaHJxP95PoiL1YPcqYFcxFdMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/5bcea5-8e45-458a-b031-b78ff80a8027/1/gRFKVxLagDwNGMYL_lzqi3i8vA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/5bcea5-8e45-458a-b031-b78ff80a8027/1/VSyaHJxP95PoiL1YPcqYFcxFdMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         b4:f3:fa:c8:f6:b0:c6:a7:95:b7:7f:9d:72:9c:c5:ca:2d:00:
         35:7f:20:32:ff:8f:80:c0:31:11:7f:66:a2:08:b0:cd:21:76:
         80:3e:2e:f8:9d:89:94:a7:4f:b0:61:3d:c7:47:52:f6:34:d0:
         25:be:a9:be:9a:27:fe:1b:6c:f6:c6:14:9d:3a:d9:40:f7:47:
         97:38:48:3c:c1:e3:d4:1f:9c:59:ba:cc:4b:80:0e:89:3f:23:
         5d:e3:63:e3:bf:4b:51:99:f3:2b:f5:08:7d:d6:80:7e:bc:7d:
         8c:70:41:f6:4a:1f:65:b7:99:67:75:39:49:ea:63:71:bd:a5:
         02:0d:39:e2:b7:05:b6:7c:6b:46:5d:a4:a0:f7:6c:af:06:f5:
         a1:c1:44:ed:c6:f9:92:97:7f:d5:d4:f2:2b:fb:48:21:7f:f5:
         f5:da:ca:61:06:16:3d:e0:3a:bb:1e:80:c0:70:c9:1f:f3:97:
         5f:b2:5f:e9:ed:66:74:39:bf:10:ea:16:aa:f8:69:88:36:b6:
         99:4e:3c:d9:f5:81:4a:d6:79:04:cf:7c:b0:9c:f6:44:3f:3f:
         11:92:c0:ae:21:ba:f3:7b:d7:53:83:15:fc:82:28:13:49:a3:
         a8:ac:5a:66:94:5b:6f:c9:43:ab:d4:96:9c:86:62:10:d5:6d:
         12:cb:7c:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSR/oC7h6WvyExeTj/axbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1MmM5YTFjOWM0ZmY3OTNlODg4YmQ1ODNkY2E5ODE1Y2M0
NTc0YzAwHhcNMjQwMTAxMDQyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTExNGE1NzEyZGE4MDNjMGQxOGM2MGJmZTVjZWE4Yjc4YmNiYzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhOfJsJnxNyDhYM1tLYmcuSSV1j7q
I8kCK+z/yJt67Mf7EX1d3l9HETxR/z6+htvuzKwnxDHMqyKdUvtwXPEcDW8lO/S6
RGjJp2l3F8f3jqbtIpJtaUcNDNpBEketg11ngzVykQTTxlNNSKNlS6RwhYQRONbv
FtQP6HR7xnnUqjMZnMZlf4Fs+zVMfwhmk7p8i5SDLorMbk5O89D9HkfvMNH8qzOd
DEJzoQXdyQCzxXwtZd837iCOtM7Yk2M4urPn98It3sV5LfrEbIO82ereCbXcE7fk
bsRtFQjKNINvZ8Ucul0zyzDXsVhVcykf6hDSCFLD4zpyX5dZ47xJIEGBqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIERSlcS2oA8DRjGC/5c6ot4vLwOMB8GA1UdIwQY
MBaAFFUsmhycT/eT6Ii9WD3KmBXMRXTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlN5YUhKeFA5NVBvaUwxWVBjcVlGY3hGZE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi81YmNlYTUtOGU0NS00NThhLWIwMzEt
Yjc4ZmY4MGE4MDI3LzEvZ1JGS1Z4TGFnRHdOR01ZTF9senFpM2k4dkE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi81YmNlYTUtOGU0NS00NThhLWIwMzEtYjc4ZmY4MGE4MDI3
LzEvVlN5YUhKeFA5NVBvaUwxWVBjcVlGY3hGZE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGwRiAMA0G
CSqGSIb3DQEBCwUAA4IBAQC08/rI9rDGp5W3f51ynMXKLQA1fyAy/4+AwDERf2ai
CLDNIXaAPi74nYmUp0+wYT3HR1L2NNAlvqm+mif+G2z2xhSdOtlA90eXOEg8wePU
H5xZusxLgA6JPyNd42Pjv0tRmfMr9Qh91oB+vH2McEH2Sh9lt5lndTlJ6mNxvaUC
DTnitwW2fGtGXaSg92yvBvWhwUTtxvmSl3/V1PIr+0ghf/X12sphBhY94Dq7HoDA
cMkf85dfsl/p7WZ0Ob8Q6haq+GmINraZTjzZ9YFK1nkEz3ywnPZEPz8RksCuIbrz
e9dTgxX8gigTSaOorFpmlFtvyUOr1JachmIQ1W0Sy3yL
-----END CERTIFICATE-----