Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/788d10-e8df-4dac-aa8f-d39ffc16ef89/1/G4knMZ_IgmSgl1i7fFHCPDTXDCw.roa
File:                     G4knMZ_IgmSgl1i7fFHCPDTXDCw.roa (raw, json)
Hash identifier:          CDrnAazOGWg710GoNeUfL+ezUV4CIIuRJNs5cZ9BQhE=
Subject key identifier:   1B:89:27:31:9F:C8:82:64:A0:97:58:BB:7C:51:C2:3C:34:D7:0C:2C
Certificate issuer:       /CN=8046e33860171ef6ec60ebcfc5ec5ac91c25757c
Certificate serial:       018D47178375037851F4B6EAEE37D12F5646
Authority key identifier: 80:46:E3:38:60:17:1E:F6:EC:60:EB:CF:C5:EC:5A:C9:1C:25:75:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gEbjOGAXHvbsYOvPxexayRwldXw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/788d10-e8df-4dac-aa8f-d39ffc16ef89/1/G4knMZ_IgmSgl1i7fFHCPDTXDCw.roa
Signing time:             Fri 26 Jan 2024 18:45:39 +0000
ROA not before:           Fri 26 Jan 2024 18:45:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48147
IP address blocks:        217.198.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/788d10-e8df-4dac-aa8f-d39ffc16ef89/1/gEbjOGAXHvbsYOvPxexayRwldXw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/788d10-e8df-4dac-aa8f-d39ffc16ef89/1/gEbjOGAXHvbsYOvPxexayRwldXw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gEbjOGAXHvbsYOvPxexayRwldXw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Jun 2024 03:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:47:17:83:75:03:78:51:f4:b6:ea:ee:37:d1:2f:56:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8046e33860171ef6ec60ebcfc5ec5ac91c25757c
        Validity
            Not Before: Jan 26 18:45:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b8927319fc88264a09758bb7c51c23c34d70c2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:0d:53:c9:ce:75:43:f9:a9:01:6b:f8:78:e2:
                    72:70:b4:66:52:ea:3d:24:64:7d:46:56:63:e3:06:
                    2f:ed:4d:ed:59:57:27:c5:d4:5f:0e:77:17:55:73:
                    22:e5:e6:ea:50:80:8d:e6:6a:42:a7:9c:19:11:22:
                    a3:1e:92:11:45:f7:0c:c3:55:e6:d4:28:51:2b:af:
                    f5:63:88:fb:f3:22:0b:00:23:c5:62:57:6f:9a:87:
                    d5:4f:e2:f7:9c:9f:a7:6a:d1:fb:45:7d:20:96:7d:
                    bf:10:60:67:03:a1:1f:13:f1:f3:47:92:18:1a:84:
                    25:67:70:2c:3c:75:8c:94:5d:04:92:98:af:4e:e8:
                    0e:7e:f0:4d:57:27:2d:6c:19:7f:eb:af:80:e1:0c:
                    db:1e:72:c2:84:1e:1f:60:4c:6d:58:00:0a:a8:64:
                    2f:46:88:d4:b9:8d:de:24:a9:f1:c3:56:68:67:53:
                    bc:aa:6c:7e:43:7e:ba:df:13:1a:f0:d5:13:6d:3c:
                    94:80:f3:2a:a1:86:49:55:fa:71:d1:12:9d:a5:82:
                    17:22:92:14:85:b2:6b:b9:b5:76:1f:e1:7f:03:5c:
                    90:12:5c:69:89:90:27:57:82:51:b9:c2:4c:6a:48:
                    63:0e:13:e2:b6:9b:b5:f8:13:c5:1b:1d:3e:ac:ab:
                    99:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:89:27:31:9F:C8:82:64:A0:97:58:BB:7C:51:C2:3C:34:D7:0C:2C
            X509v3 Authority Key Identifier:
                keyid:80:46:E3:38:60:17:1E:F6:EC:60:EB:CF:C5:EC:5A:C9:1C:25:75:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gEbjOGAXHvbsYOvPxexayRwldXw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/788d10-e8df-4dac-aa8f-d39ffc16ef89/1/G4knMZ_IgmSgl1i7fFHCPDTXDCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/788d10-e8df-4dac-aa8f-d39ffc16ef89/1/gEbjOGAXHvbsYOvPxexayRwldXw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.198.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:7a:2a:fa:25:82:4b:0e:26:92:42:5c:20:20:cd:7c:b2:78:
         02:ff:15:99:82:e0:8b:b4:ef:74:a9:4a:2a:10:62:71:36:fc:
         ff:ac:56:44:0b:5d:62:12:14:92:d1:54:b1:ef:42:f8:a4:53:
         0a:cb:0a:97:5c:a5:ff:1a:a9:42:c9:80:2a:38:10:6e:b6:c9:
         8a:0f:e6:76:93:bb:c2:ab:8d:33:21:6d:03:32:48:8e:a3:38:
         cc:f8:03:6a:5f:db:a4:8e:fa:8b:3f:5a:41:61:b9:d7:20:63:
         6b:9e:7a:ae:d2:8e:b5:a7:36:50:a6:4b:c7:26:1a:ae:78:51:
         0c:3f:34:82:df:d2:68:97:76:83:05:c7:84:4d:49:82:36:57:
         7d:b1:70:74:dd:55:e3:84:bf:32:81:e0:07:cd:25:88:68:4d:
         2a:45:b1:78:1e:d0:8b:76:fa:c7:4f:2c:0d:62:aa:8c:7e:ec:
         44:02:47:c8:b2:e8:40:ba:c9:f1:08:97:76:49:84:23:8b:6c:
         b6:fd:50:3b:92:94:1c:cd:88:75:fb:2c:2d:aa:90:57:6c:b4:
         dd:c5:00:f4:18:e1:d2:c0:f5:93:d7:98:c5:9e:95:23:bb:d3:
         ed:5e:74:03:a4:bd:c1:d4:1f:66:a4:70:86:2d:d7:36:d0:a0:
         ac:bd:ba:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1HF4N1A3hR9Lbq7jfRL1ZGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwNDZlMzM4NjAxNzFlZjZlYzYwZWJjZmM1ZWM1YWM5MWMy
NTc1N2MwHhcNMjQwMTI2MTg0NTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjg5MjczMTlmYzg4MjY0YTA5NzU4YmI3YzUxYzIzYzM0ZDcwYzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnw1Tyc51Q/mpAWv4eOJycLRmUuo9
JGR9RlZj4wYv7U3tWVcnxdRfDncXVXMi5ebqUICN5mpCp5wZESKjHpIRRfcMw1Xm
1ChRK6/1Y4j78yILACPFYldvmofVT+L3nJ+natH7RX0gln2/EGBnA6EfE/HzR5IY
GoQlZ3AsPHWMlF0EkpivTugOfvBNVyctbBl/66+A4QzbHnLChB4fYExtWAAKqGQv
RojUuY3eJKnxw1ZoZ1O8qmx+Q3663xMa8NUTbTyUgPMqoYZJVfpx0RKdpYIXIpIU
hbJrubV2H+F/A1yQElxpiZAnV4JRucJMakhjDhPitpu1+BPFGx0+rKuZMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBuJJzGfyIJkoJdYu3xRwjw01wwsMB8GA1UdIwQY
MBaAFIBG4zhgFx727GDrz8XsWskcJXV8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0Viak9HQVhIdmJzWU92UHhleGF5UndsZFh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83ODhkMTAtZThkZi00ZGFjLWFhOGYt
ZDM5ZmZjMTZlZjg5LzEvRzRrbk1aX0lnbVNnbDFpN2ZGSENQRFRYREN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83ODhkMTAtZThkZi00ZGFjLWFhOGYtZDM5ZmZjMTZlZjg5
LzEvZ0Viak9HQVhIdmJzWU92UHhleGF5UndsZFh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ca+MA0G
CSqGSIb3DQEBCwUAA4IBAQCXeir6JYJLDiaSQlwgIM18sngC/xWZguCLtO90qUoq
EGJxNvz/rFZEC11iEhSS0VSx70L4pFMKywqXXKX/GqlCyYAqOBButsmKD+Z2k7vC
q40zIW0DMkiOozjM+ANqX9ukjvqLP1pBYbnXIGNrnnqu0o61pzZQpkvHJhqueFEM
PzSC39Jol3aDBceETUmCNld9sXB03VXjhL8ygeAHzSWIaE0qRbF4HtCLdvrHTywN
YqqMfuxEAkfIsuhAusnxCJd2SYQji2y2/VA7kpQczYh1+ywtqpBXbLTdxQD0GOHS
wPWT15jFnpUju9PtXnQDpL3B1B9mpHCGLdc20KCsvbrL
-----END CERTIFICATE-----