Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/77f4df-c3b9-4859-8bb2-08774b6c6bb3/1/GN15e5Py_RS4K9ffwnlQbWYh_gY.roa
File:                     GN15e5Py_RS4K9ffwnlQbWYh_gY.roa (raw, json)
Hash identifier:          TVctk87JUqiIxjdC4UuQHC+VLQ6ogs4/tkWero/so4s=
Subject key identifier:   18:DD:79:7B:93:F2:FD:14:B8:2B:D7:DF:C2:79:50:6D:66:21:FE:06
Certificate issuer:       /CN=0a203c6eff9e7422603093f83e6211da98c75829
Certificate serial:       018CC8021322133E736819C9202E729224F7
Authority key identifier: 0A:20:3C:6E:FF:9E:74:22:60:30:93:F8:3E:62:11:DA:98:C7:58:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CiA8bv-edCJgMJP4PmIR2pjHWCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/77f4df-c3b9-4859-8bb2-08774b6c6bb3/1/GN15e5Py_RS4K9ffwnlQbWYh_gY.roa
Signing time:             Tue 02 Jan 2024 02:30:28 +0000
ROA not before:           Tue 02 Jan 2024 02:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        194.126.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/77f4df-c3b9-4859-8bb2-08774b6c6bb3/1/CiA8bv-edCJgMJP4PmIR2pjHWCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/77f4df-c3b9-4859-8bb2-08774b6c6bb3/1/CiA8bv-edCJgMJP4PmIR2pjHWCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CiA8bv-edCJgMJP4PmIR2pjHWCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 10:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:13:22:13:3e:73:68:19:c9:20:2e:72:92:24:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a203c6eff9e7422603093f83e6211da98c75829
        Validity
            Not Before: Jan  2 02:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18dd797b93f2fd14b82bd7dfc279506d6621fe06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:d0:1b:fa:bf:e1:ee:f2:f2:fc:71:64:bd:ad:
                    f2:a0:83:ec:99:03:3a:70:03:cb:a0:da:a1:7e:c4:
                    fe:b8:d7:ae:db:b9:fc:04:4e:eb:90:f8:57:bb:54:
                    f7:e8:77:cf:9e:6b:ee:0f:d9:16:5f:97:c9:cb:57:
                    72:09:86:77:e0:05:9b:e1:72:9f:6b:fd:2e:65:dd:
                    0c:d1:25:f5:5e:98:87:5c:ae:94:76:87:f4:55:a4:
                    89:b9:69:d6:7e:8c:f7:21:fa:2f:a7:f9:35:a4:7b:
                    20:2f:63:d6:81:e2:91:0e:f3:5c:87:fe:2b:55:c6:
                    f8:86:41:db:92:b3:09:05:d9:9e:47:db:e2:e0:8d:
                    bb:81:20:8e:4a:77:68:e6:b2:0d:01:a0:12:3b:2b:
                    c4:db:03:73:2d:72:03:75:a8:2a:56:40:13:06:ff:
                    7b:72:15:bd:eb:68:ed:86:3c:e1:85:9a:f4:58:23:
                    a4:28:ba:7c:82:c2:ab:38:c1:0d:00:c2:35:ba:37:
                    5b:f7:b4:8a:04:4b:b2:b7:43:da:e5:76:0c:da:54:
                    40:b9:26:22:e4:66:99:a4:48:d2:e7:76:ad:8f:63:
                    9e:4c:f4:2c:c1:52:28:ab:99:66:88:1b:18:ef:f4:
                    d9:06:1a:36:2e:5a:f5:54:8e:b5:80:9f:2f:fc:55:
                    3d:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:DD:79:7B:93:F2:FD:14:B8:2B:D7:DF:C2:79:50:6D:66:21:FE:06
            X509v3 Authority Key Identifier:
                keyid:0A:20:3C:6E:FF:9E:74:22:60:30:93:F8:3E:62:11:DA:98:C7:58:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CiA8bv-edCJgMJP4PmIR2pjHWCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/77f4df-c3b9-4859-8bb2-08774b6c6bb3/1/GN15e5Py_RS4K9ffwnlQbWYh_gY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/77f4df-c3b9-4859-8bb2-08774b6c6bb3/1/CiA8bv-edCJgMJP4PmIR2pjHWCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.126.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:4f:3e:a4:26:3f:e5:32:00:c4:99:44:b8:b4:38:57:d5:46:
         b0:9d:11:e9:07:38:7d:28:82:61:f5:96:c9:fc:2c:c1:6f:89:
         b7:16:b7:59:c5:da:48:7a:46:8d:e6:6c:14:b6:12:18:69:21:
         d1:3e:1e:8e:1a:d7:06:17:a8:e2:ee:c1:79:a5:cc:34:be:6b:
         30:6f:f8:06:29:d1:28:54:24:00:9f:c2:57:87:7f:37:9e:9e:
         0d:e2:6c:b6:8e:11:f9:fc:fc:18:6e:62:51:c3:3c:2a:8a:83:
         b3:56:0f:3a:3e:59:cd:b0:27:cb:31:de:ac:c8:e7:a9:76:4d:
         f2:90:a0:d6:30:20:2b:1e:96:3f:21:d7:98:b8:f8:de:b8:b6:
         ef:91:fe:de:82:1c:1a:16:28:f1:03:5f:37:2e:1c:d5:1c:ea:
         40:22:c2:37:bb:56:31:8b:f7:0e:71:e3:b4:04:da:5f:b1:73:
         03:6d:83:c1:a2:c5:0f:53:01:9b:e3:e7:e3:c8:b3:a0:57:11:
         a7:5d:f3:e1:2d:d0:3d:0d:bc:e1:96:4f:87:b0:f2:14:7e:99:
         2b:0e:4f:fc:31:53:3f:ef:8f:26:bf:88:e1:21:e6:aa:b2:6e:
         d1:68:e7:96:25:ae:56:4a:26:48:12:16:f8:4b:54:8d:43:31:
         5d:16:d5:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAhMiEz5zaBnJIC5ykiT3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMjAzYzZlZmY5ZTc0MjI2MDMwOTNmODNlNjIxMWRhOThj
NzU4MjkwHhcNMjQwMTAyMDIzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGRkNzk3YjkzZjJmZDE0YjgyYmQ3ZGZjMjc5NTA2ZDY2MjFmZTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNAb+r/h7vLy/HFkva3yoIPsmQM6
cAPLoNqhfsT+uNeu27n8BE7rkPhXu1T36HfPnmvuD9kWX5fJy1dyCYZ34AWb4XKf
a/0uZd0M0SX1XpiHXK6Udof0VaSJuWnWfoz3Ifovp/k1pHsgL2PWgeKRDvNch/4r
Vcb4hkHbkrMJBdmeR9vi4I27gSCOSndo5rINAaASOyvE2wNzLXIDdagqVkATBv97
chW962jthjzhhZr0WCOkKLp8gsKrOMENAMI1ujdb97SKBEuyt0Pa5XYM2lRAuSYi
5GaZpEjS53atj2OeTPQswVIoq5lmiBsY7/TZBho2Llr1VI61gJ8v/FU9FQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBjdeXuT8v0UuCvX38J5UG1mIf4GMB8GA1UdIwQY
MBaAFAogPG7/nnQiYDCT+D5iEdqYx1gpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2lBOGJ2LWVkQ0pnTUpQNFBtSVIycGpIV0NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi83N2Y0ZGYtYzNiOS00ODU5LThiYjIt
MDg3NzRiNmM2YmIzLzEvR04xNWU1UHlfUlM0SzlmZndubFFiV1loX2dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi83N2Y0ZGYtYzNiOS00ODU5LThiYjItMDg3NzRiNmM2YmIz
LzEvQ2lBOGJ2LWVkQ0pnTUpQNFBtSVIycGpIV0NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn7yMA0G
CSqGSIb3DQEBCwUAA4IBAQCJTz6kJj/lMgDEmUS4tDhX1UawnRHpBzh9KIJh9ZbJ
/CzBb4m3FrdZxdpIekaN5mwUthIYaSHRPh6OGtcGF6ji7sF5pcw0vmswb/gGKdEo
VCQAn8JXh383np4N4my2jhH5/PwYbmJRwzwqioOzVg86PlnNsCfLMd6syOepdk3y
kKDWMCArHpY/IdeYuPjeuLbvkf7eghwaFijxA183LhzVHOpAIsI3u1Yxi/cOceO0
BNpfsXMDbYPBosUPUwGb4+fjyLOgVxGnXfPhLdA9Dbzhlk+HsPIUfpkrDk/8MVM/
748mv4jhIeaqsm7RaOeWJa5WSiZIEhb4S1SNQzFdFtUW
-----END CERTIFICATE-----