Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/e01a29-c597-4974-86e1-092e7a16b74e/1/gtzgycO3YuHrd3o3OzIJ5FDJkKA.roa
File:                     gtzgycO3YuHrd3o3OzIJ5FDJkKA.roa (raw, json)
Hash identifier:          YRMMrGfI8zvSp0c3Wdy5yKf8a1UgZdAcXDvYazqBJ/M=
Subject key identifier:   82:DC:E0:C9:C3:B7:62:E1:EB:77:7A:37:3B:32:09:E4:50:C9:90:A0
Certificate issuer:       /CN=076851104a9218eff173f434f55bdd2420aaae2e
Certificate serial:       018F14AE5DD8BBAAB3BCB5F819E7CE82A07E
Authority key identifier: 07:68:51:10:4A:92:18:EF:F1:73:F4:34:F5:5B:DD:24:20:AA:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B2hREEqSGO_xc_Q09VvdJCCqri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/e01a29-c597-4974-86e1-092e7a16b74e/1/gtzgycO3YuHrd3o3OzIJ5FDJkKA.roa
Signing time:             Thu 25 Apr 2024 09:55:22 +0000
ROA not before:           Thu 25 Apr 2024 09:55:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39637
IP address blocks:        195.130.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/e01a29-c597-4974-86e1-092e7a16b74e/1/B2hREEqSGO_xc_Q09VvdJCCqri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/e01a29-c597-4974-86e1-092e7a16b74e/1/B2hREEqSGO_xc_Q09VvdJCCqri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B2hREEqSGO_xc_Q09VvdJCCqri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:14:ae:5d:d8:bb:aa:b3:bc:b5:f8:19:e7:ce:82:a0:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=076851104a9218eff173f434f55bdd2420aaae2e
        Validity
            Not Before: Apr 25 09:55:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82dce0c9c3b762e1eb777a373b3209e450c990a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:29:b6:09:16:ba:04:ce:d7:b5:03:78:08:62:
                    e1:87:d6:37:bf:f5:81:32:67:f9:ac:ee:a2:6f:8f:
                    89:73:9b:57:a4:4c:b6:f7:7d:af:b8:87:1d:57:60:
                    19:38:24:6f:9c:96:36:9f:e5:0f:7a:ed:8d:07:c9:
                    ec:cf:97:3f:35:7e:0c:07:2a:3c:0f:92:98:31:f3:
                    42:94:a8:2c:ae:02:66:95:16:b9:1a:7e:50:02:4c:
                    1b:02:6c:fb:1d:b6:e8:e2:e9:fd:7c:e4:15:b9:67:
                    1f:c1:52:9a:ef:bf:88:f1:5c:68:94:85:5e:3e:5e:
                    c5:6b:08:31:2a:d4:9f:3b:50:12:f7:71:4b:25:e5:
                    c6:1f:ea:47:05:17:58:d7:d3:9b:ce:49:d9:13:3b:
                    84:6b:5d:e5:bc:14:56:04:43:87:c3:a2:c9:98:df:
                    89:b5:09:eb:b7:51:5e:51:80:79:dd:3b:64:31:85:
                    1e:0b:12:21:52:25:0d:9f:9d:75:26:ba:72:83:a9:
                    90:82:64:27:02:dd:24:2d:e4:29:5c:95:0d:42:97:
                    0e:27:47:dc:ec:62:63:c7:2a:48:69:86:64:75:80:
                    b0:ce:df:46:72:4a:01:bd:9d:aa:53:7d:ef:49:1a:
                    d4:4a:5d:ca:80:54:94:72:9f:1f:9d:db:88:34:d9:
                    aa:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:DC:E0:C9:C3:B7:62:E1:EB:77:7A:37:3B:32:09:E4:50:C9:90:A0
            X509v3 Authority Key Identifier:
                keyid:07:68:51:10:4A:92:18:EF:F1:73:F4:34:F5:5B:DD:24:20:AA:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B2hREEqSGO_xc_Q09VvdJCCqri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/e01a29-c597-4974-86e1-092e7a16b74e/1/gtzgycO3YuHrd3o3OzIJ5FDJkKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/e01a29-c597-4974-86e1-092e7a16b74e/1/B2hREEqSGO_xc_Q09VvdJCCqri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.130.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:54:ac:c9:53:8e:ef:70:80:f7:df:59:82:b6:d3:ec:10:f5:
         22:41:0b:a0:d3:9b:dc:16:b3:e1:e6:bd:6e:06:a6:67:ee:26:
         91:79:7e:f0:4c:d5:5d:b5:89:b9:a3:2e:00:d2:0f:b6:02:81:
         0b:b4:6a:98:05:05:e3:12:24:5b:74:c7:65:74:de:2d:d0:e6:
         3c:ff:57:8e:d4:85:91:ef:0d:3b:b9:c4:f8:1f:13:19:d7:14:
         39:69:b0:cd:4a:6e:ec:6e:31:b4:e6:d4:e3:a5:aa:b9:b1:13:
         e4:de:97:7c:5e:3d:14:af:3b:95:63:6e:97:c0:bb:3c:4d:6f:
         bf:ac:ac:2d:5d:25:61:2a:17:d7:26:f2:04:5c:83:05:91:32:
         4d:f0:87:7e:af:14:11:c8:dd:3a:db:81:ae:fe:4f:bb:b9:a2:
         b7:20:4b:72:10:0f:15:6c:ca:2b:fb:85:0f:1a:30:2a:f7:ba:
         60:e4:bd:1e:24:7c:71:07:9a:48:72:68:de:23:b2:9d:cb:46:
         9e:9c:11:05:77:a7:92:db:9c:ca:9a:c9:67:d8:89:f5:75:f8:
         62:ca:da:d1:f8:37:03:fa:c5:ca:ea:dd:f8:6c:f8:fe:b3:18:
         f0:52:b3:36:e1:c7:fa:53:d0:fd:29:e8:f4:9d:e8:96:f8:aa:
         37:82:d5:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8Url3Yu6qzvLX4GefOgqB+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3Njg1MTEwNGE5MjE4ZWZmMTczZjQzNGY1NWJkZDI0MjBh
YWFlMmUwHhcNMjQwNDI1MDk1NTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmRjZTBjOWMzYjc2MmUxZWI3NzdhMzczYjMyMDllNDUwYzk5MGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCm2CRa6BM7XtQN4CGLhh9Y3v/WB
Mmf5rO6ib4+Jc5tXpEy2932vuIcdV2AZOCRvnJY2n+UPeu2NB8nsz5c/NX4MByo8
D5KYMfNClKgsrgJmlRa5Gn5QAkwbAmz7Hbbo4un9fOQVuWcfwVKa77+I8VxolIVe
Pl7FawgxKtSfO1AS93FLJeXGH+pHBRdY19ObzknZEzuEa13lvBRWBEOHw6LJmN+J
tQnrt1FeUYB53TtkMYUeCxIhUiUNn511Jrpyg6mQgmQnAt0kLeQpXJUNQpcOJ0fc
7GJjxypIaYZkdYCwzt9GckoBvZ2qU33vSRrUSl3KgFSUcp8fnduINNmqwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFILc4MnDt2Lh63d6NzsyCeRQyZCgMB8GA1UdIwQY
MBaAFAdoURBKkhjv8XP0NPVb3SQgqq4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjJoUkVFcVNHT194Y19RMDlWdmRKQ0Nxcmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9lMDFhMjktYzU5Ny00OTc0LTg2ZTEt
MDkyZTdhMTZiNzRlLzEvZ3R6Z3ljTzNZdUhyZDNvM096SUo1RkRKa0tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9lMDFhMjktYzU5Ny00OTc0LTg2ZTEtMDkyZTdhMTZiNzRl
LzEvQjJoUkVFcVNHT194Y19RMDlWdmRKQ0Nxcmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4LHMA0G
CSqGSIb3DQEBCwUAA4IBAQB2VKzJU47vcID331mCttPsEPUiQQug05vcFrPh5r1u
BqZn7iaReX7wTNVdtYm5oy4A0g+2AoELtGqYBQXjEiRbdMdldN4t0OY8/1eO1IWR
7w07ucT4HxMZ1xQ5abDNSm7sbjG05tTjpaq5sRPk3pd8Xj0UrzuVY26XwLs8TW+/
rKwtXSVhKhfXJvIEXIMFkTJN8Id+rxQRyN0624Gu/k+7uaK3IEtyEA8VbMor+4UP
GjAq97pg5L0eJHxxB5pIcmjeI7Kdy0aenBEFd6eS25zKmsln2In1dfhiytrR+DcD
+sXK6t34bPj+sxjwUrM24cf6U9D9Kej0neiW+Ko3gtXe
-----END CERTIFICATE-----