Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/3d2415-8133-40a0-9d8c-a6319ab179bf/1/GY8UF_e74UollanhGstg7mbbWSk.roa
File:                     GY8UF_e74UollanhGstg7mbbWSk.roa (raw, json)
Hash identifier:          XC4CC2rwJMKVO//jp/QM/09AfanSIbeVqM7v/Wi1jbk=
Subject key identifier:   19:8F:14:17:F7:BB:E1:4A:25:95:A9:E1:1A:CB:60:EE:66:DB:59:29
Certificate issuer:       /CN=73a1b76664717e2a4d2e5cf2bde3b9731907f8c2
Certificate serial:       018CC2DB1CD0104C76520FDE97E1C0460005
Authority key identifier: 73:A1:B7:66:64:71:7E:2A:4D:2E:5C:F2:BD:E3:B9:73:19:07:F8:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c6G3ZmRxfipNLlzyveO5cxkH-MI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/3d2415-8133-40a0-9d8c-a6319ab179bf/1/GY8UF_e74UollanhGstg7mbbWSk.roa
Signing time:             Mon 01 Jan 2024 02:29:48 +0000
ROA not before:           Mon 01 Jan 2024 02:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29695
IP address blocks:        193.160.148.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/3d2415-8133-40a0-9d8c-a6319ab179bf/1/c6G3ZmRxfipNLlzyveO5cxkH-MI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/3d2415-8133-40a0-9d8c-a6319ab179bf/1/c6G3ZmRxfipNLlzyveO5cxkH-MI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c6G3ZmRxfipNLlzyveO5cxkH-MI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:1c:d0:10:4c:76:52:0f:de:97:e1:c0:46:00:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73a1b76664717e2a4d2e5cf2bde3b9731907f8c2
        Validity
            Not Before: Jan  1 02:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=198f1417f7bbe14a2595a9e11acb60ee66db5929
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:d9:23:4a:03:e1:9f:1a:da:e4:b4:7a:50:5f:
                    da:5c:52:ed:1b:78:9f:ac:65:2e:78:a0:32:0a:17:
                    df:3e:c3:04:f5:0b:24:fb:bf:f0:e6:e8:04:ef:38:
                    8b:6a:23:30:8d:3c:ac:00:6e:79:c1:10:63:c6:34:
                    f4:a4:70:bb:4c:15:06:58:d7:a7:17:42:bb:07:4b:
                    b0:c9:78:c5:b9:60:b1:ed:b4:d1:17:cc:4c:a6:d3:
                    da:83:69:9a:97:77:56:bf:2c:6a:83:ce:92:32:73:
                    19:ca:8b:60:d5:a7:71:04:5b:8e:ff:aa:9a:71:7d:
                    37:49:62:64:b2:c7:fc:0b:04:ae:ad:f4:50:2a:7b:
                    f9:37:19:ea:54:c2:dc:b8:f4:22:9b:dd:d7:ce:69:
                    d7:b6:d5:84:6f:06:df:5a:ce:84:86:ed:72:b0:b8:
                    b6:f1:33:20:0e:1c:35:f5:23:7c:ec:4f:32:7d:8d:
                    94:a0:f7:e1:2e:0b:92:5b:7a:24:ba:78:e6:95:c9:
                    ae:18:64:80:fa:44:ee:65:02:46:4f:b6:d5:f2:a9:
                    4b:11:e7:05:42:1f:d6:b7:69:2f:81:27:61:90:af:
                    46:b4:84:84:a1:c3:1d:ce:2c:5f:a7:7c:af:ec:ae:
                    31:3c:e3:14:95:02:de:b5:87:9d:9d:c0:53:e5:04:
                    a1:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:8F:14:17:F7:BB:E1:4A:25:95:A9:E1:1A:CB:60:EE:66:DB:59:29
            X509v3 Authority Key Identifier:
                keyid:73:A1:B7:66:64:71:7E:2A:4D:2E:5C:F2:BD:E3:B9:73:19:07:F8:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6G3ZmRxfipNLlzyveO5cxkH-MI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/3d2415-8133-40a0-9d8c-a6319ab179bf/1/GY8UF_e74UollanhGstg7mbbWSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/3d2415-8133-40a0-9d8c-a6319ab179bf/1/c6G3ZmRxfipNLlzyveO5cxkH-MI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         99:aa:d5:25:66:8d:f7:a9:0a:5a:9f:a7:b2:3e:ea:a0:2a:98:
         78:67:d7:ea:fc:86:9a:de:d9:8a:ec:71:d3:09:36:2d:4a:cc:
         9b:ba:28:63:35:6e:2e:9b:37:96:54:84:e7:cb:38:f1:5c:d1:
         1f:7f:e7:08:00:ab:fd:23:7b:f1:d3:97:22:3e:46:da:ed:00:
         c4:8e:c0:4e:55:99:3f:02:e2:df:f5:59:23:5c:f5:05:f6:d4:
         d2:8d:65:8c:35:47:8d:cb:f2:33:7c:61:1a:7a:cf:83:8f:06:
         18:2e:a9:6c:be:61:dd:9a:65:26:b8:b7:21:02:b1:a9:c7:62:
         e8:42:cf:81:70:b9:fe:f5:0a:ae:93:b3:85:03:c0:3b:54:fd:
         27:19:11:aa:d0:2a:d8:08:e6:06:bb:47:ab:7a:ff:60:8c:68:
         a2:1a:0b:96:9a:6e:d2:c8:7b:bc:e3:e7:5c:47:f2:b5:2f:e0:
         f2:55:c1:f5:d8:80:77:a0:54:dc:d6:fa:20:3e:13:a2:ed:ac:
         9d:95:b7:50:c1:47:6d:43:ad:b0:ef:6c:e6:af:cc:e5:be:26:
         fa:ec:e7:e3:ab:a9:d1:45:4c:67:6f:61:df:60:b1:84:a2:19:
         17:b9:6a:4c:4f:1a:1d:1d:55:08:8e:86:95:5b:8b:1c:24:bd:
         e6:8b:68:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2xzQEEx2Ug/el+HARgAFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYTFiNzY2NjQ3MTdlMmE0ZDJlNWNmMmJkZTNiOTczMTkw
N2Y4YzIwHhcNMjQwMTAxMDIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOThmMTQxN2Y3YmJlMTRhMjU5NWE5ZTExYWNiNjBlZTY2ZGI1OTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9kjSgPhnxra5LR6UF/aXFLtG3if
rGUueKAyChffPsME9Qsk+7/w5ugE7ziLaiMwjTysAG55wRBjxjT0pHC7TBUGWNen
F0K7B0uwyXjFuWCx7bTRF8xMptPag2mal3dWvyxqg86SMnMZyotg1adxBFuO/6qa
cX03SWJkssf8CwSurfRQKnv5NxnqVMLcuPQim93XzmnXttWEbwbfWs6Ehu1ysLi2
8TMgDhw19SN87E8yfY2UoPfhLguSW3okunjmlcmuGGSA+kTuZQJGT7bV8qlLEecF
Qh/Wt2kvgSdhkK9GtISEocMdzixfp3yv7K4xPOMUlQLetYedncBT5QShSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBmPFBf3u+FKJZWp4RrLYO5m21kpMB8GA1UdIwQY
MBaAFHOht2ZkcX4qTS5c8r3juXMZB/jCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzZHM1ptUnhmaXBOTGx6eXZlTzVjeGtILU1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC8zZDI0MTUtODEzMy00MGEwLTlkOGMt
YTYzMTlhYjE3OWJmLzEvR1k4VUZfZTc0VW9sbGFuaEdzdGc3bWJiV1NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC8zZDI0MTUtODEzMy00MGEwLTlkOGMtYTYzMTlhYjE3OWJm
LzEvYzZHM1ptUnhmaXBOTGx6eXZlTzVjeGtILU1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwaCUMA0G
CSqGSIb3DQEBCwUAA4IBAQCZqtUlZo33qQpan6eyPuqgKph4Z9fq/Iaa3tmK7HHT
CTYtSsybuihjNW4umzeWVITnyzjxXNEff+cIAKv9I3vx05ciPkba7QDEjsBOVZk/
AuLf9VkjXPUF9tTSjWWMNUeNy/IzfGEaes+DjwYYLqlsvmHdmmUmuLchArGpx2Lo
Qs+BcLn+9Qquk7OFA8A7VP0nGRGq0CrYCOYGu0erev9gjGiiGguWmm7SyHu84+dc
R/K1L+DyVcH12IB3oFTc1vogPhOi7aydlbdQwUdtQ62w72zmr8zlvib67Ofjq6nR
RUxnb2HfYLGEohkXuWpMTxodHVUIjoaVW4scJL3mi2js
-----END CERTIFICATE-----