Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/6a6b22-fe67-4202-ac94-51ad00e54332/1/GKsMg22mlpLXCVq6Bfh92-dR9A0.roa
File:                     GKsMg22mlpLXCVq6Bfh92-dR9A0.roa (raw, json)
Hash identifier:          vyV6Le4sH8oc7qh9Fe3hr94CnSdMfMjPQP6XmVQxrGc=
Subject key identifier:   18:AB:0C:83:6D:A6:96:92:D7:09:5A:BA:05:F8:7D:DB:E7:51:F4:0D
Certificate issuer:       /CN=64b59ae521952da55e03f779b885031c0c809cf9
Certificate serial:       019428254DFE46BFC1930BF4954BA7A44261
Authority key identifier: 64:B5:9A:E5:21:95:2D:A5:5E:03:F7:79:B8:85:03:1C:0C:80:9C:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZLWa5SGVLaVeA_d5uIUDHAyAnPk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/6a6b22-fe67-4202-ac94-51ad00e54332/1/GKsMg22mlpLXCVq6Bfh92-dR9A0.roa
Signing time:             Thu 02 Jan 2025 17:52:00 +0000
ROA not before:           Thu 02 Jan 2025 17:52:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215603
IP address blocks:        209.177.176.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/6a6b22-fe67-4202-ac94-51ad00e54332/1/ZLWa5SGVLaVeA_d5uIUDHAyAnPk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/6a6b22-fe67-4202-ac94-51ad00e54332/1/ZLWa5SGVLaVeA_d5uIUDHAyAnPk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZLWa5SGVLaVeA_d5uIUDHAyAnPk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:4d:fe:46:bf:c1:93:0b:f4:95:4b:a7:a4:42:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64b59ae521952da55e03f779b885031c0c809cf9
        Validity
            Not Before: Jan  2 17:52:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18ab0c836da69692d7095aba05f87ddbe751f40d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:8a:bf:0e:5e:0d:0b:75:5d:8a:7b:0e:d7:8c:
                    ad:35:c4:28:5c:b9:4a:de:a4:2e:f2:1c:b4:89:ec:
                    57:66:13:4d:47:58:db:57:b2:4f:13:8b:ce:38:84:
                    67:69:bb:b3:43:5b:50:23:28:49:07:33:b6:39:32:
                    5e:ad:3a:80:46:0c:58:47:3c:d4:01:47:14:79:2b:
                    b5:11:05:fc:f7:49:ba:09:e0:7c:05:ea:24:7f:f3:
                    ce:23:35:6e:ff:6e:14:ca:1f:fc:a7:c0:f0:b7:8d:
                    01:d1:1c:4e:48:ee:fa:28:1d:9c:ec:11:52:6f:f6:
                    80:ec:dd:26:ff:44:88:e4:70:a4:61:4b:bd:86:c2:
                    97:35:0e:bb:b9:b2:30:cf:6a:a2:d4:99:95:e4:07:
                    b8:44:84:38:3a:49:d8:97:a1:10:d1:54:d1:21:9b:
                    53:2a:cc:67:43:5f:03:b5:0a:54:68:82:48:f8:a7:
                    65:12:4e:87:cd:ba:80:7d:ff:69:72:f5:96:b9:07:
                    d3:91:e0:c7:06:43:25:e7:c6:06:c4:49:cd:63:11:
                    0f:e9:9f:95:05:b2:b3:f4:86:56:d1:7d:bf:01:0c:
                    d0:58:02:23:63:45:d8:53:2d:2f:5f:23:48:37:60:
                    40:33:38:e3:ca:15:eb:53:7b:c9:91:7d:7f:eb:aa:
                    ec:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:AB:0C:83:6D:A6:96:92:D7:09:5A:BA:05:F8:7D:DB:E7:51:F4:0D
            X509v3 Authority Key Identifier:
                keyid:64:B5:9A:E5:21:95:2D:A5:5E:03:F7:79:B8:85:03:1C:0C:80:9C:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZLWa5SGVLaVeA_d5uIUDHAyAnPk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/6a6b22-fe67-4202-ac94-51ad00e54332/1/GKsMg22mlpLXCVq6Bfh92-dR9A0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/6a6b22-fe67-4202-ac94-51ad00e54332/1/ZLWa5SGVLaVeA_d5uIUDHAyAnPk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.177.176.0/23

    Signature Algorithm: sha256WithRSAEncryption
         80:93:fc:e1:88:24:19:3d:c3:f0:c7:45:46:bc:51:bc:6c:5a:
         79:4f:0f:bc:58:44:97:4a:4c:19:d3:90:b2:1f:3e:ae:6d:49:
         68:98:77:22:45:7b:8b:38:0d:d9:5d:6b:43:b5:bb:c8:cb:42:
         e0:ec:b1:8c:37:c2:8e:e8:36:12:d8:7a:64:75:bd:f9:12:8c:
         bf:a3:5d:71:c5:88:6f:c5:3e:a4:6d:0f:d0:27:14:37:d0:6b:
         72:28:30:07:cb:16:f8:c2:c7:66:56:90:78:d9:f3:d3:3d:1e:
         6d:1b:cb:bd:81:e0:62:28:99:e7:87:b7:2e:cc:f1:a9:19:d0:
         92:88:5b:76:99:75:9d:89:19:6e:32:03:58:12:d2:1c:86:82:
         19:23:75:29:b7:87:f7:a6:db:2e:7b:62:7e:31:d0:9e:7e:dd:
         8b:cc:e5:50:95:b2:8b:11:28:a5:20:f9:24:55:30:85:56:e4:
         95:cd:5c:fc:05:c1:3b:f1:8c:6c:37:92:b2:b2:f3:68:4a:d6:
         31:75:27:bd:96:2b:28:5f:9a:de:a2:ed:59:9b:7f:61:01:81:
         b2:bb:e1:b4:b4:11:46:0d:c5:94:dd:91:6b:98:a0:9d:cb:4d:
         ee:51:52:33:df:5d:6d:e0:4c:57:f6:b9:cd:d8:2c:14:8d:7c:
         4b:71:19:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJU3+Rr/Bkwv0lUunpEJhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0YjU5YWU1MjE5NTJkYTU1ZTAzZjc3OWI4ODUwMzFjMGM4
MDljZjkwHhcNMjUwMTAyMTc1MjAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGFiMGM4MzZkYTY5NjkyZDcwOTVhYmEwNWY4N2RkYmU3NTFmNDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYq/Dl4NC3VdinsO14ytNcQoXLlK
3qQu8hy0iexXZhNNR1jbV7JPE4vOOIRnabuzQ1tQIyhJBzO2OTJerTqARgxYRzzU
AUcUeSu1EQX890m6CeB8Beokf/POIzVu/24Uyh/8p8Dwt40B0RxOSO76KB2c7BFS
b/aA7N0m/0SI5HCkYUu9hsKXNQ67ubIwz2qi1JmV5Ae4RIQ4OknYl6EQ0VTRIZtT
KsxnQ18DtQpUaIJI+KdlEk6HzbqAff9pcvWWuQfTkeDHBkMl58YGxEnNYxEP6Z+V
BbKz9IZW0X2/AQzQWAIjY0XYUy0vXyNIN2BAMzjjyhXrU3vJkX1/66rsJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBirDINtppaS1wlaugX4fdvnUfQNMB8GA1UdIwQY
MBaAFGS1muUhlS2lXgP3ebiFAxwMgJz5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkxXYTVTR1ZMYVZlQV9kNXVJVURIQXlBblBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi82YTZiMjItZmU2Ny00MjAyLWFjOTQt
NTFhZDAwZTU0MzMyLzEvR0tzTWcyMm1scExYQ1ZxNkJmaDkyLWRSOUEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi82YTZiMjItZmU2Ny00MjAyLWFjOTQtNTFhZDAwZTU0MzMy
LzEvWkxXYTVTR1ZMYVZlQV9kNXVJVURIQXlBblBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB0bGwMA0G
CSqGSIb3DQEBCwUAA4IBAQCAk/zhiCQZPcPwx0VGvFG8bFp5Tw+8WESXSkwZ05Cy
Hz6ubUlomHciRXuLOA3ZXWtDtbvIy0Lg7LGMN8KO6DYS2Hpkdb35Eoy/o11xxYhv
xT6kbQ/QJxQ30GtyKDAHyxb4wsdmVpB42fPTPR5tG8u9geBiKJnnh7cuzPGpGdCS
iFt2mXWdiRluMgNYEtIchoIZI3Upt4f3ptsue2J+MdCeft2LzOVQlbKLESilIPkk
VTCFVuSVzVz8BcE78YxsN5KysvNoStYxdSe9lisoX5reou1Zm39hAYGyu+G0tBFG
DcWU3ZFrmKCdy03uUVIz311t4ExX9rnN2CwUjXxLcRmz
-----END CERTIFICATE-----