Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/98dab8-7b24-49f3-a36f-73a157a2b99f/1/GbZy-T_dH67WQNN8htaQD3ROb8g.roa
File:                     GbZy-T_dH67WQNN8htaQD3ROb8g.roa (raw, json)
Hash identifier:          sOqlZ3bRakJPyH5rMmkrNkDH95aGimG8JZYDcjnIHg4=
Subject key identifier:   19:B6:72:F9:3F:DD:1F:AE:D6:40:D3:7C:86:D6:90:0F:74:4E:6F:C8
Certificate issuer:       /CN=6c73bd24fd830886bfa2d2961416d2185de33772
Certificate serial:       018CC500C61D79D736E68595581BC8BC93AC
Authority key identifier: 6C:73:BD:24:FD:83:08:86:BF:A2:D2:96:14:16:D2:18:5D:E3:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bHO9JP2DCIa_otKWFBbSGF3jN3I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/98dab8-7b24-49f3-a36f-73a157a2b99f/1/GbZy-T_dH67WQNN8htaQD3ROb8g.roa
Signing time:             Mon 01 Jan 2024 12:30:11 +0000
ROA not before:           Mon 01 Jan 2024 12:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208654
IP address blocks:        45.85.148.0/22 maxlen: 24
                          2a0e:c680::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/98dab8-7b24-49f3-a36f-73a157a2b99f/1/bHO9JP2DCIa_otKWFBbSGF3jN3I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/98dab8-7b24-49f3-a36f-73a157a2b99f/1/bHO9JP2DCIa_otKWFBbSGF3jN3I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bHO9JP2DCIa_otKWFBbSGF3jN3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:c6:1d:79:d7:36:e6:85:95:58:1b:c8:bc:93:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c73bd24fd830886bfa2d2961416d2185de33772
        Validity
            Not Before: Jan  1 12:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19b672f93fdd1faed640d37c86d6900f744e6fc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:68:3d:eb:42:fc:01:63:f2:15:87:45:ff:ca:
                    2d:f2:a7:31:05:5d:e1:6d:e1:47:55:20:21:e6:e9:
                    55:e8:81:aa:01:a7:34:83:1e:2b:b9:25:fa:c1:79:
                    c4:f3:72:46:4f:7b:be:16:70:e7:ba:de:42:89:a4:
                    8d:16:92:97:69:2a:f1:f8:3a:53:5b:b3:05:7f:82:
                    13:20:39:61:47:19:9e:fd:94:4e:b2:cd:66:5a:15:
                    49:67:a7:6b:2c:9c:8e:3f:a3:fd:f0:49:72:ec:e0:
                    09:1a:92:8d:18:06:25:22:05:72:1c:c1:c2:f7:f8:
                    6a:28:83:dc:99:95:0a:9c:b1:a1:87:01:0c:33:7a:
                    f5:2f:ea:20:09:fd:92:5d:07:3c:4a:97:93:83:49:
                    fb:dd:d6:9c:81:14:52:9b:ad:22:cd:63:eb:55:bb:
                    2a:4a:3b:3d:e8:ba:03:95:52:fc:9e:65:27:77:6c:
                    7d:3b:0a:ee:9d:50:e2:b2:8e:68:f3:76:bd:fd:58:
                    f5:8b:d6:83:5f:40:b8:84:10:9e:62:51:ab:b4:e8:
                    61:39:0f:aa:69:cd:57:77:91:3a:33:1e:44:20:d3:
                    54:a2:86:0d:72:e4:a6:56:fd:f8:5c:26:a4:c8:14:
                    9f:69:58:bc:f5:03:c5:36:04:dc:0f:80:c8:0d:61:
                    d4:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:B6:72:F9:3F:DD:1F:AE:D6:40:D3:7C:86:D6:90:0F:74:4E:6F:C8
            X509v3 Authority Key Identifier:
                keyid:6C:73:BD:24:FD:83:08:86:BF:A2:D2:96:14:16:D2:18:5D:E3:37:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bHO9JP2DCIa_otKWFBbSGF3jN3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/98dab8-7b24-49f3-a36f-73a157a2b99f/1/GbZy-T_dH67WQNN8htaQD3ROb8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/98dab8-7b24-49f3-a36f-73a157a2b99f/1/bHO9JP2DCIa_otKWFBbSGF3jN3I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.148.0/22
                IPv6:
                  2a0e:c680::/32

    Signature Algorithm: sha256WithRSAEncryption
         c6:b0:9c:da:0d:05:40:bb:1f:e3:63:ba:34:e1:b6:79:fb:0d:
         6f:8e:5d:a9:e2:bf:79:e2:5c:d9:63:c1:a9:e3:a3:ca:56:55:
         ac:fa:a4:a8:fd:db:30:88:ab:d9:76:bb:85:c3:67:3d:91:36:
         23:89:04:d7:9d:59:42:ea:76:7f:30:3a:63:8e:58:af:e0:67:
         d6:33:6f:c2:a1:ef:44:8d:9b:aa:f1:c9:f0:66:b6:ea:95:39:
         e6:dd:b2:ce:a7:b7:e5:e5:80:f6:ed:ce:1b:4c:63:e7:1f:37:
         e0:e3:c3:64:6f:37:16:6e:12:b7:15:d4:18:84:80:20:86:b2:
         f9:65:68:ed:ae:80:44:aa:5a:b9:1b:0d:36:f0:a6:ae:5a:9d:
         05:ec:9f:6f:ce:9f:61:b1:24:2b:ec:ce:06:c1:1b:b7:57:50:
         58:a1:fa:c2:40:d4:db:55:55:08:a3:98:1d:7e:84:70:47:29:
         0c:aa:1f:2f:a6:71:ea:d9:60:88:75:a3:8b:1b:40:4e:d1:3c:
         17:74:ef:00:35:f9:5d:48:f6:f3:5c:d9:09:82:4a:25:cd:69:
         9b:4f:59:9d:66:ee:93:ee:fd:58:ab:e2:e2:c0:2e:39:de:c8:
         82:08:f5:f4:90:fc:c3:ba:37:97:e7:d9:c6:9b:a4:ea:c6:a4:
         b8:ce:4c:d4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAMYdedc25oWVWBvIvJOsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjNzNiZDI0ZmQ4MzA4ODZiZmEyZDI5NjE0MTZkMjE4NWRl
MzM3NzIwHhcNMjQwMTAxMTIzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWI2NzJmOTNmZGQxZmFlZDY0MGQzN2M4NmQ2OTAwZjc0NGU2ZmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWg960L8AWPyFYdF/8ot8qcxBV3h
beFHVSAh5ulV6IGqAac0gx4ruSX6wXnE83JGT3u+FnDnut5CiaSNFpKXaSrx+DpT
W7MFf4ITIDlhRxme/ZROss1mWhVJZ6drLJyOP6P98Ely7OAJGpKNGAYlIgVyHMHC
9/hqKIPcmZUKnLGhhwEMM3r1L+ogCf2SXQc8SpeTg0n73dacgRRSm60izWPrVbsq
Sjs96LoDlVL8nmUnd2x9OwrunVDiso5o83a9/Vj1i9aDX0C4hBCeYlGrtOhhOQ+q
ac1Xd5E6Mx5EINNUooYNcuSmVv34XCakyBSfaVi89QPFNgTcD4DIDWHUfQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBm2cvk/3R+u1kDTfIbWkA90Tm/IMB8GA1UdIwQY
MBaAFGxzvST9gwiGv6LSlhQW0hhd4zdyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkhPOUpQMkRDSWFfb3RLV0ZCYlNHRjNqTjNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC85OGRhYjgtN2IyNC00OWYzLWEzNmYt
NzNhMTU3YTJiOTlmLzEvR2JaeS1UX2RINjdXUU5OOGh0YVFEM1JPYjhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC85OGRhYjgtN2IyNC00OWYzLWEzNmYtNzNhMTU3YTJiOTlm
LzEvYkhPOUpQMkRDSWFfb3RLV0ZCYlNHRjNqTjNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVWUMA0E
AgACMAcDBQAqDsaAMA0GCSqGSIb3DQEBCwUAA4IBAQDGsJzaDQVAux/jY7o04bZ5
+w1vjl2p4r954lzZY8Gp46PKVlWs+qSo/dswiKvZdruFw2c9kTYjiQTXnVlC6nZ/
MDpjjliv4GfWM2/Coe9EjZuq8cnwZrbqlTnm3bLOp7fl5YD27c4bTGPnHzfg48Nk
bzcWbhK3FdQYhIAghrL5ZWjtroBEqlq5Gw028KauWp0F7J9vzp9hsSQr7M4GwRu3
V1BYofrCQNTbVVUIo5gdfoRwRykMqh8vpnHq2WCIdaOLG0BO0TwXdO8ANfldSPbz
XNkJgkolzWmbT1mdZu6T7v1Yq+LiwC453siCCPX0kPzDujeX59nGm6TqxqS4zkzU
-----END CERTIFICATE-----