Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/GV-Y7bAnTuFcArFgIS_YcUvL0h8.roa
File:                     GV-Y7bAnTuFcArFgIS_YcUvL0h8.roa (raw, json)
Hash identifier:          m+7BMsZLZgMCybZ1t8sTEJiLZqUdgBzGdu5KGBfmPsk=
Subject key identifier:   19:5F:98:ED:B0:27:4E:E1:5C:02:B1:60:21:2F:D8:71:4B:CB:D2:1F
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       01927B51821CDEB63B2B2882C287271D8323
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/GV-Y7bAnTuFcArFgIS_YcUvL0h8.roa
Signing time:             Fri 11 Oct 2024 11:23:12 +0000
ROA not before:           Fri 11 Oct 2024 11:23:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42831
IP address blocks:        109.122.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7b:51:82:1c:de:b6:3b:2b:28:82:c2:87:27:1d:83:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Oct 11 11:23:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=195f98edb0274ee15c02b160212fd8714bcbd21f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:58:63:2b:07:8e:2b:f5:ca:a7:5a:19:60:37:
                    ed:36:03:ed:c2:41:d5:d3:b6:76:d6:56:8a:e8:a6:
                    c8:98:ac:1c:73:fd:08:98:88:8b:09:55:1c:c6:5c:
                    bc:df:0b:6e:2d:03:09:03:61:3e:21:e1:39:0e:ec:
                    99:9d:19:6b:6c:7b:65:7a:c2:8b:04:2e:13:95:71:
                    4d:c7:4e:6d:31:a9:19:21:34:36:95:3e:da:b4:eb:
                    84:ba:48:63:d8:99:45:da:e3:68:05:f7:26:63:95:
                    17:5a:5f:00:77:f2:76:79:94:4d:da:98:7d:c5:b4:
                    32:ec:f0:52:01:8a:bf:23:76:1b:f9:25:f6:53:44:
                    4c:8d:92:f8:56:79:ba:0d:19:c1:c3:22:88:59:cf:
                    fa:9d:8a:2f:62:30:9b:9e:63:c0:99:81:4b:33:08:
                    93:8e:2a:e6:fa:cc:50:0e:67:e1:71:a6:bb:2b:81:
                    e3:44:ba:82:7f:e5:c9:e0:fb:20:2b:40:b2:4b:36:
                    cf:fe:a0:9a:e1:a1:89:09:91:8e:f4:52:b3:35:18:
                    65:9d:67:e5:93:10:31:a9:75:00:79:6a:4a:b0:a9:
                    fe:4a:31:3e:e5:1f:4f:e4:63:8e:aa:85:9c:e2:0a:
                    39:d0:67:e4:27:3d:59:c9:1a:99:46:13:aa:56:fc:
                    fd:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:5F:98:ED:B0:27:4E:E1:5C:02:B1:60:21:2F:D8:71:4B:CB:D2:1F
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/GV-Y7bAnTuFcArFgIS_YcUvL0h8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:7a:3b:7c:7f:81:5e:1a:aa:6d:4f:27:ce:83:50:80:b8:56:
         ac:b0:00:7f:ef:bd:49:85:24:be:d2:b9:ab:e5:84:6e:a4:10:
         1d:2a:94:62:78:8f:4b:8d:c9:a7:a0:62:30:6d:78:03:66:5f:
         53:ea:70:4e:8b:b2:81:93:97:f4:ec:70:d6:d9:8e:de:d8:5f:
         19:a7:99:a4:09:04:5b:d1:02:4f:39:11:11:9a:6b:30:98:2c:
         bb:9d:25:f1:65:4b:78:99:e7:44:fa:18:31:69:3a:b9:26:11:
         bc:f0:b1:7a:8f:f1:8e:f0:f6:c5:61:71:aa:2e:f6:33:fa:f8:
         a2:f0:3c:b9:e3:98:2d:cf:a2:9c:d5:c6:ea:ca:71:0d:39:be:
         73:ff:ce:51:56:58:72:41:d7:da:f6:68:8e:60:37:80:a4:3b:
         99:7f:bc:40:dd:5e:16:85:6e:fc:ad:22:2e:1b:0c:2c:08:db:
         4a:5c:21:8f:cc:cd:40:a9:f7:38:ba:ab:0d:58:b4:71:41:4c:
         6c:82:a9:3f:81:a4:8f:e4:2d:54:1d:d3:62:85:be:8b:cd:8f:
         44:43:41:7d:39:2f:76:5f:59:44:dd:a1:47:85:b4:dc:d8:26:
         f0:4a:b6:42:19:70:e5:f4:73:0e:41:fc:3c:e2:56:9d:63:64:
         43:c8:02:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ7UYIc3rY7KyiCwocnHYMjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQxMDExMTEyMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTVmOThlZGIwMjc0ZWUxNWMwMmIxNjAyMTJmZDg3MTRiY2JkMjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolhjKweOK/XKp1oZYDftNgPtwkHV
07Z21laK6KbImKwcc/0ImIiLCVUcxly83wtuLQMJA2E+IeE5DuyZnRlrbHtlesKL
BC4TlXFNx05tMakZITQ2lT7atOuEukhj2JlF2uNoBfcmY5UXWl8Ad/J2eZRN2ph9
xbQy7PBSAYq/I3Yb+SX2U0RMjZL4Vnm6DRnBwyKIWc/6nYovYjCbnmPAmYFLMwiT
jirm+sxQDmfhcaa7K4HjRLqCf+XJ4PsgK0CySzbP/qCa4aGJCZGO9FKzNRhlnWfl
kxAxqXUAeWpKsKn+SjE+5R9P5GOOqoWc4go50GfkJz1ZyRqZRhOqVvz9+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBlfmO2wJ07hXAKxYCEv2HFLy9IfMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvR1YtWTdiQW5UdUZjQXJGZ0lTX1ljVXZMMGg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXopMA0G
CSqGSIb3DQEBCwUAA4IBAQAxejt8f4FeGqptTyfOg1CAuFassAB/771JhSS+0rmr
5YRupBAdKpRieI9LjcmnoGIwbXgDZl9T6nBOi7KBk5f07HDW2Y7e2F8Zp5mkCQRb
0QJPORERmmswmCy7nSXxZUt4medE+hgxaTq5JhG88LF6j/GO8PbFYXGqLvYz+vii
8Dy545gtz6Kc1cbqynENOb5z/85RVlhyQdfa9miOYDeApDuZf7xA3V4WhW78rSIu
GwwsCNtKXCGPzM1Aqfc4uqsNWLRxQUxsgqk/gaSP5C1UHdNihb6LzY9EQ0F9OS92
X1lE3aFHhbTc2CbwSrZCGXDl9HMOQfw84ladY2RDyAJj
-----END CERTIFICATE-----