Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/GPCgOkDy6-72Leb7HirsigRfBF4.roa
File:                     GPCgOkDy6-72Leb7HirsigRfBF4.roa (raw, json)
Hash identifier:          UJI5/0YPT5EdKQ+VmZ5E2wi0EnxI4FwxgSWJ3y9wKt0=
Subject key identifier:   18:F0:A0:3A:40:F2:EB:EE:F6:2D:E6:FB:1E:2A:EC:8A:04:5F:04:5E
Certificate issuer:       /CN=30c409613fea0a2b442ce112e9cbdb485e01188f
Certificate serial:       018CC94E0BB02BD52C46CBEADE539E4186AD
Authority key identifier: 30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/GPCgOkDy6-72Leb7HirsigRfBF4.roa
Signing time:             Tue 02 Jan 2024 08:33:04 +0000
ROA not before:           Tue 02 Jan 2024 08:33:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211655
IP address blocks:        192.102.225.0/24 maxlen: 24
                          2001:7f9::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:0b:b0:2b:d5:2c:46:cb:ea:de:53:9e:41:86:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30c409613fea0a2b442ce112e9cbdb485e01188f
        Validity
            Not Before: Jan  2 08:33:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18f0a03a40f2ebeef62de6fb1e2aec8a045f045e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:2d:93:8f:70:5d:04:00:b7:77:d7:12:b6:d7:
                    7e:61:f6:ad:d6:d8:54:11:36:b1:ff:01:76:cb:ea:
                    c3:fe:5e:11:1f:fe:da:55:b7:2d:e2:e1:37:53:c7:
                    57:c6:0c:31:e3:26:c9:be:69:23:ef:eb:4c:88:40:
                    ab:3a:f2:61:4c:af:56:00:cb:fc:1e:21:86:82:e8:
                    70:c8:9d:f9:51:72:c1:2c:75:0d:b5:13:5a:70:73:
                    49:dd:f3:60:3e:00:e3:48:0b:67:fa:bd:fc:1f:33:
                    7b:38:48:82:71:9c:9a:db:cd:94:8a:2e:71:ec:f5:
                    20:c0:3e:76:e6:73:23:15:9b:b1:d2:66:7e:d3:78:
                    0a:8a:3f:b9:af:d2:38:45:11:43:61:7a:2d:71:a4:
                    34:29:f5:49:6b:26:13:34:dc:6f:67:7e:aa:92:00:
                    c0:11:3b:86:32:cd:df:47:d0:4a:19:a0:e2:a4:ff:
                    a9:7a:37:fa:0e:f8:38:22:4e:85:e6:ae:6b:bd:10:
                    f5:e9:46:e4:4e:e8:8f:75:3c:0c:9e:e4:11:dd:00:
                    0d:ba:ec:e7:37:d0:7f:66:45:2c:a7:9d:6d:cd:e8:
                    ac:5a:99:1e:89:5c:1f:57:fb:ad:3b:d1:2f:64:62:
                    4e:02:3a:b0:e0:2a:1e:6a:32:21:4d:14:38:58:aa:
                    be:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:F0:A0:3A:40:F2:EB:EE:F6:2D:E6:FB:1E:2A:EC:8A:04:5F:04:5E
            X509v3 Authority Key Identifier:
                keyid:30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/GPCgOkDy6-72Leb7HirsigRfBF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.102.225.0/24
                IPv6:
                  2001:7f9::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:29:dd:61:19:77:02:a2:80:0c:ac:90:1c:4f:07:6d:5c:66:
         9b:85:66:a8:8f:55:9c:12:c6:07:a1:cf:5e:b4:70:70:25:b1:
         41:53:74:03:74:44:d9:96:f6:f8:07:f7:1d:68:af:c5:14:d9:
         21:1e:4c:b7:44:46:d6:f4:ed:f2:c3:46:af:2b:d9:26:3f:8c:
         e2:cb:cc:29:c8:a6:e6:99:51:f8:09:4e:2e:27:aa:0a:fc:f9:
         bf:11:e9:d5:e6:c8:19:ed:72:24:13:1f:cd:14:b5:c7:c6:6d:
         16:3e:36:62:45:b7:6b:0b:ca:57:5b:31:d5:54:e4:c3:e3:b0:
         44:d5:13:25:bb:90:90:5f:81:61:1f:84:bf:3a:cc:bf:bc:77:
         cf:f7:32:fa:21:ec:d3:5e:25:59:e9:df:2b:db:2e:6b:c6:4e:
         89:37:42:d6:85:58:c7:f7:7d:4b:b1:bf:bd:d6:4f:44:83:8c:
         2f:51:e7:61:aa:f9:7c:16:b7:1e:7d:65:21:4b:fc:c9:69:64:
         82:c8:38:d1:d9:94:c1:22:19:8b:e2:f1:32:61:6b:08:0c:4e:
         95:6c:cb:54:43:fe:05:7e:b4:70:b3:ff:7c:af:ff:33:13:7f:
         c4:90:35:3b:a2:8c:f1:0c:30:39:35:db:b1:6c:e7:eb:dd:b8:
         5f:33:08:e0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJTguwK9UsRsvq3lOeQYatMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYzQwOTYxM2ZlYTBhMmI0NDJjZTExMmU5Y2JkYjQ4NWUw
MTE4OGYwHhcNMjQwMTAyMDgzMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGYwYTAzYTQwZjJlYmVlZjYyZGU2ZmIxZTJhZWM4YTA0NWYwNDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhi2Tj3BdBAC3d9cSttd+Yfat1thU
ETax/wF2y+rD/l4RH/7aVbct4uE3U8dXxgwx4ybJvmkj7+tMiECrOvJhTK9WAMv8
HiGGguhwyJ35UXLBLHUNtRNacHNJ3fNgPgDjSAtn+r38HzN7OEiCcZya282Uii5x
7PUgwD525nMjFZux0mZ+03gKij+5r9I4RRFDYXotcaQ0KfVJayYTNNxvZ36qkgDA
ETuGMs3fR9BKGaDipP+pejf6Dvg4Ik6F5q5rvRD16UbkTuiPdTwMnuQR3QANuuzn
N9B/ZkUsp51tzeisWpkeiVwfV/utO9EvZGJOAjqw4CoeajIhTRQ4WKq+NwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBjwoDpA8uvu9i3m+x4q7IoEXwReMB8GA1UdIwQY
MBaAFDDECWE/6gorRCzhEunL20heARiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYt
YzA2NzFiZjRjZjNlLzEvR1BDZ09rRHk2LTcyTGViN0hpcnNpZ1JmQkY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYtYzA2NzFiZjRjZjNl
LzEvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwGbhMA8E
AgACMAkDBwAgAQf5AAAwDQYJKoZIhvcNAQELBQADggEBAHgp3WEZdwKigAyskBxP
B21cZpuFZqiPVZwSxgehz160cHAlsUFTdAN0RNmW9vgH9x1or8UU2SEeTLdERtb0
7fLDRq8r2SY/jOLLzCnIpuaZUfgJTi4nqgr8+b8R6dXmyBntciQTH80UtcfGbRY+
NmJFt2sLyldbMdVU5MPjsETVEyW7kJBfgWEfhL86zL+8d8/3Mvoh7NNeJVnp3yvb
LmvGTok3QtaFWMf3fUuxv73WT0SDjC9R52Gq+XwWtx59ZSFL/MlpZILIONHZlMEi
GYvi8TJhawgMTpVsy1RD/gV+tHCz/3yv/zMTf8SQNTuijPEMMDk127Fs5+vduF8z
COA=
-----END CERTIFICATE-----