Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/9422b0-dc79-4c71-bfd8-fcf99470b985/1/CGGquvBpRImhvdeUWG_E4xkpRsY.roa
File:                     CGGquvBpRImhvdeUWG_E4xkpRsY.roa (raw, json)
Hash identifier:          4WpF4wl5e0/HX/3yNcmKamzeYfZzHjvGeIYBRRKXJT8=
Subject key identifier:   08:61:AA:BA:F0:69:44:89:A1:BD:D7:94:58:6F:C4:E3:19:29:46:C6
Certificate issuer:       /CN=a4c2b593d98c092fd30a601ea5d244aabd3cb14d
Certificate serial:       018CC6B7B7667029F693B6D1F2B079117C17
Authority key identifier: A4:C2:B5:93:D9:8C:09:2F:D3:0A:60:1E:A5:D2:44:AA:BD:3C:B1:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pMK1k9mMCS_TCmAepdJEqr08sU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/9422b0-dc79-4c71-bfd8-fcf99470b985/1/CGGquvBpRImhvdeUWG_E4xkpRsY.roa
Signing time:             Mon 01 Jan 2024 20:29:37 +0000
ROA not before:           Mon 01 Jan 2024 20:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35023
IP address blocks:        193.221.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/9422b0-dc79-4c71-bfd8-fcf99470b985/1/pMK1k9mMCS_TCmAepdJEqr08sU0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/9422b0-dc79-4c71-bfd8-fcf99470b985/1/pMK1k9mMCS_TCmAepdJEqr08sU0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pMK1k9mMCS_TCmAepdJEqr08sU0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:b7:66:70:29:f6:93:b6:d1:f2:b0:79:11:7c:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4c2b593d98c092fd30a601ea5d244aabd3cb14d
        Validity
            Not Before: Jan  1 20:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0861aabaf0694489a1bdd794586fc4e3192946c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:e9:42:c7:92:c3:4d:4a:af:84:ed:58:f2:9c:
                    6a:3c:eb:b7:28:6c:3a:0f:5d:f1:bc:4c:bc:fb:b1:
                    4b:13:2a:cb:49:9c:d9:b0:ec:26:69:5b:80:f5:10:
                    4b:3b:0d:a6:6e:e4:ab:83:ec:32:87:c9:85:e6:62:
                    84:f4:4a:98:12:82:b8:89:6b:a5:75:01:bd:65:74:
                    c4:ad:4d:84:01:32:48:fe:b2:ae:c0:17:be:aa:5b:
                    d5:f9:9e:0e:06:b7:22:5b:92:07:bc:00:14:88:b0:
                    2c:c9:51:ee:96:88:f3:66:c7:35:f4:1d:71:da:4e:
                    d0:8a:6d:69:0c:b6:78:77:d8:e0:01:de:37:7f:3e:
                    d2:45:4a:77:2e:c5:25:92:6b:e2:93:bd:95:43:c7:
                    48:32:b4:58:2d:b0:67:ef:f8:bf:79:84:c1:11:c4:
                    dc:be:42:15:aa:42:95:71:e5:15:bb:de:00:12:71:
                    66:67:a1:c5:bc:f8:c3:ea:a0:1b:ba:9d:1e:e3:f4:
                    70:1c:37:62:25:3f:bd:d8:ab:0d:1c:aa:71:8f:2e:
                    56:89:22:19:07:c1:30:b1:3d:93:c1:61:c5:eb:fe:
                    bb:1f:4a:b6:68:13:4c:84:d5:e9:e2:38:2c:bf:fd:
                    e2:80:a6:c7:55:78:39:4f:83:bd:a1:bb:6c:86:4d:
                    24:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:61:AA:BA:F0:69:44:89:A1:BD:D7:94:58:6F:C4:E3:19:29:46:C6
            X509v3 Authority Key Identifier:
                keyid:A4:C2:B5:93:D9:8C:09:2F:D3:0A:60:1E:A5:D2:44:AA:BD:3C:B1:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pMK1k9mMCS_TCmAepdJEqr08sU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/9422b0-dc79-4c71-bfd8-fcf99470b985/1/CGGquvBpRImhvdeUWG_E4xkpRsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/9422b0-dc79-4c71-bfd8-fcf99470b985/1/pMK1k9mMCS_TCmAepdJEqr08sU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.221.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:19:7e:b4:bc:48:00:1e:dc:7c:ad:6a:40:e1:ca:3e:89:57:
         06:ad:80:8f:0f:d9:19:ab:1d:1d:f7:f5:5d:44:3d:81:0a:9d:
         91:b8:9a:91:17:bd:e5:8d:86:32:07:1b:89:73:1e:4f:2b:c3:
         b7:ff:07:14:31:b1:9b:05:8f:54:4d:b6:f0:d5:cf:1a:86:35:
         7f:71:04:a0:13:90:a0:86:bb:75:ad:2a:59:c8:c8:42:42:02:
         c8:ff:be:88:94:0e:87:35:4c:71:01:3a:af:91:7c:f2:20:16:
         2c:6e:78:c6:1d:d6:8b:c6:00:b2:b9:e6:ff:0d:2c:32:a6:be:
         a4:cc:0d:8c:9a:47:c0:30:93:c1:3d:c2:4e:3a:05:aa:d4:22:
         af:6e:21:61:7e:53:34:d7:c5:e3:43:fb:39:78:b8:b9:71:0d:
         8b:01:0a:23:f5:cc:29:02:24:1f:ef:5e:88:60:09:c9:7c:f1:
         ed:ea:68:41:37:14:5c:2e:ca:99:ba:69:4c:ea:b3:67:01:47:
         92:a6:1c:bf:4d:86:a4:8f:46:f3:87:1c:45:4f:80:c7:61:3b:
         39:44:b4:31:0d:04:d5:5e:82:a0:af:ab:30:e9:21:28:9d:35:
         e8:42:e2:aa:b3:79:b9:d9:e2:8b:6b:ff:71:eb:a0:84:a5:2f:
         d8:a3:59:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt7dmcCn2k7bR8rB5EXwXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YzJiNTkzZDk4YzA5MmZkMzBhNjAxZWE1ZDI0NGFhYmQz
Y2IxNGQwHhcNMjQwMTAxMjAyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODYxYWFiYWYwNjk0NDg5YTFiZGQ3OTQ1ODZmYzRlMzE5Mjk0NmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgulCx5LDTUqvhO1Y8pxqPOu3KGw6
D13xvEy8+7FLEyrLSZzZsOwmaVuA9RBLOw2mbuSrg+wyh8mF5mKE9EqYEoK4iWul
dQG9ZXTErU2EATJI/rKuwBe+qlvV+Z4OBrciW5IHvAAUiLAsyVHulojzZsc19B1x
2k7Qim1pDLZ4d9jgAd43fz7SRUp3LsUlkmvik72VQ8dIMrRYLbBn7/i/eYTBEcTc
vkIVqkKVceUVu94AEnFmZ6HFvPjD6qAbup0e4/RwHDdiJT+92KsNHKpxjy5WiSIZ
B8EwsT2TwWHF6/67H0q2aBNMhNXp4jgsv/3igKbHVXg5T4O9obtshk0k7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAhhqrrwaUSJob3XlFhvxOMZKUbGMB8GA1UdIwQY
MBaAFKTCtZPZjAkv0wpgHqXSRKq9PLFNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE1LMWs5bU1DU19UQ21BZXBkSkVxcjA4c1UwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC85NDIyYjAtZGM3OS00YzcxLWJmZDgt
ZmNmOTk0NzBiOTg1LzEvQ0dHcXV2QnBSSW1odmRlVVdHX0U0eGtwUnNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC85NDIyYjAtZGM3OS00YzcxLWJmZDgtZmNmOTk0NzBiOTg1
LzEvcE1LMWs5bU1DU19UQ21BZXBkSkVxcjA4c1UwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwd1wMA0G
CSqGSIb3DQEBCwUAA4IBAQAPGX60vEgAHtx8rWpA4co+iVcGrYCPD9kZqx0d9/Vd
RD2BCp2RuJqRF73ljYYyBxuJcx5PK8O3/wcUMbGbBY9UTbbw1c8ahjV/cQSgE5Cg
hrt1rSpZyMhCQgLI/76IlA6HNUxxATqvkXzyIBYsbnjGHdaLxgCyueb/DSwypr6k
zA2MmkfAMJPBPcJOOgWq1CKvbiFhflM018XjQ/s5eLi5cQ2LAQoj9cwpAiQf716I
YAnJfPHt6mhBNxRcLsqZumlM6rNnAUeSphy/TYakj0bzhxxFT4DHYTs5RLQxDQTV
XoKgr6sw6SEonTXoQuKqs3m52eKLa/9x66CEpS/Yo1mf
-----END CERTIFICATE-----