Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/GMmKt-5baeZVQ82hbvBrxYFlQXM.roa
File:                     GMmKt-5baeZVQ82hbvBrxYFlQXM.roa (raw, json)
Hash identifier:          s5iUX/ExHm3pVTZBNgXMVP9bcmV8hfTJwbyd8w5AgEI=
Subject key identifier:   18:C9:8A:B7:EE:5B:69:E6:55:43:CD:A1:6E:F0:6B:C5:81:65:41:73
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       019420680D36DB094AA318A5341D6BB9B1E6
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/GMmKt-5baeZVQ82hbvBrxYFlQXM.roa
Signing time:             Wed 01 Jan 2025 05:47:57 +0000
ROA not before:           Wed 01 Jan 2025 05:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208864
IP address blocks:        193.151.184.0/23 maxlen: 23
                          193.151.186.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:0d:36:db:09:4a:a3:18:a5:34:1d:6b:b9:b1:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jan  1 05:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18c98ab7ee5b69e65543cda16ef06bc581654173
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:53:80:1b:3b:ee:0f:1e:88:5c:fe:95:02:0c:
                    a9:99:fc:1c:4b:cc:df:10:c1:de:d0:f8:27:d3:7f:
                    25:46:38:6b:24:cf:0a:47:f1:66:36:d0:e6:c5:ee:
                    bd:1a:55:5b:bd:bc:cf:b2:d5:db:4f:29:33:6d:25:
                    1d:a9:08:68:ea:84:06:f3:e0:ac:d0:f7:49:c9:c9:
                    15:e4:e8:40:d9:9f:52:bb:74:5f:a5:5b:14:27:bf:
                    3f:85:18:6d:f1:f9:88:ee:5a:ca:52:98:ac:91:de:
                    a6:b3:16:6c:6f:9f:f4:52:2c:50:b4:7c:e1:3a:ae:
                    53:22:38:be:f7:a2:83:c5:02:25:b0:28:8a:46:90:
                    81:39:8b:5f:d7:66:61:92:e5:94:fa:ca:71:f3:90:
                    a0:eb:a5:bd:50:49:2b:3e:c1:23:fc:61:e9:34:a5:
                    04:43:e5:bb:00:76:f0:32:a4:86:b7:89:c3:8d:d8:
                    0a:9e:a4:ef:c5:86:ad:e1:f7:4d:86:ba:f8:3f:b8:
                    e6:35:f9:7f:d5:9c:e7:be:a5:06:a4:91:e3:93:70:
                    ef:00:79:67:71:44:8e:38:7d:7c:ff:4e:f4:94:c5:
                    0d:b0:26:41:8f:7a:4b:47:0a:93:6c:80:b4:71:c7:
                    1c:fc:a9:3e:16:bb:13:f4:52:e0:cf:94:a2:4e:ef:
                    9e:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:C9:8A:B7:EE:5B:69:E6:55:43:CD:A1:6E:F0:6B:C5:81:65:41:73
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/GMmKt-5baeZVQ82hbvBrxYFlQXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:4a:a5:46:a2:0f:a2:13:cb:9a:ee:ce:b0:7b:06:d3:9d:4f:
         76:99:aa:65:aa:98:da:ae:3b:a8:a9:d3:0b:20:cd:e8:f2:06:
         b3:7e:6f:41:a4:4a:64:89:6f:71:04:50:40:3d:ae:7f:d3:f6:
         e2:56:ec:e8:aa:86:63:a2:c2:98:55:27:70:6b:15:33:3b:12:
         a5:f7:19:18:15:b4:74:80:d0:44:82:14:6b:96:5d:d8:21:6a:
         99:32:b4:ee:42:9d:1b:61:c0:01:45:d4:f2:fd:c6:d7:ef:5b:
         4b:9a:92:7f:0e:7f:f0:ef:0e:1f:e1:2f:3f:e7:91:68:42:27:
         28:0a:db:32:ec:7b:8e:57:de:d9:ff:fb:34:e4:91:66:18:be:
         73:1f:7b:92:28:87:dd:02:3b:b8:90:8e:87:c5:cf:cf:8f:01:
         57:4a:15:07:a1:10:93:9b:66:23:37:9a:fe:18:eb:8f:47:f6:
         07:b2:c6:aa:0b:d3:d4:0d:68:dd:4d:34:d3:82:0b:86:fb:e3:
         47:cb:79:3a:95:70:ad:79:9e:4c:bf:50:6f:c7:a2:99:5b:0b:
         be:58:2c:84:6c:70:1e:49:6c:49:2b:ad:c4:b6:45:46:84:bd:
         57:5d:9f:5f:76:23:3a:df:85:d3:0f:4c:3b:d5:45:fa:83:e8:
         ca:f5:0e:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaA022wlKoxilNB1rubHmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjUwMTAxMDU0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGM5OGFiN2VlNWI2OWU2NTU0M2NkYTE2ZWYwNmJjNTgxNjU0MTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7lOAGzvuDx6IXP6VAgypmfwcS8zf
EMHe0Pgn038lRjhrJM8KR/FmNtDmxe69GlVbvbzPstXbTykzbSUdqQho6oQG8+Cs
0PdJyckV5OhA2Z9Su3RfpVsUJ78/hRht8fmI7lrKUpiskd6msxZsb5/0UixQtHzh
Oq5TIji+96KDxQIlsCiKRpCBOYtf12ZhkuWU+spx85Cg66W9UEkrPsEj/GHpNKUE
Q+W7AHbwMqSGt4nDjdgKnqTvxYat4fdNhrr4P7jmNfl/1ZznvqUGpJHjk3DvAHln
cUSOOH18/070lMUNsCZBj3pLRwqTbIC0cccc/Kk+FrsT9FLgz5SiTu+eFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBjJirfuW2nmVUPNoW7wa8WBZUFzMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvR01tS3QtNWJhZVpWUTgyaGJ2QnJ4WUZsUVhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwZe4MA0G
CSqGSIb3DQEBCwUAA4IBAQBnSqVGog+iE8ua7s6wewbTnU92maplqpjarjuoqdML
IM3o8gazfm9BpEpkiW9xBFBAPa5/0/biVuzoqoZjosKYVSdwaxUzOxKl9xkYFbR0
gNBEghRrll3YIWqZMrTuQp0bYcABRdTy/cbX71tLmpJ/Dn/w7w4f4S8/55FoQico
Ctsy7HuOV97Z//s05JFmGL5zH3uSKIfdAju4kI6Hxc/PjwFXShUHoRCTm2YjN5r+
GOuPR/YHssaqC9PUDWjdTTTTgguG++NHy3k6lXCteZ5Mv1Bvx6KZWwu+WCyEbHAe
SWxJK63EtkVGhL1XXZ9fdiM634XTD0w71UX6g+jK9Q4r
-----END CERTIFICATE-----