Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/3e3126-3f4f-48e9-abef-5cb11a368d10/1/GAfBcVz-9PUZBq9JUDfzeMlw5eE.roa
File:                     GAfBcVz-9PUZBq9JUDfzeMlw5eE.roa (raw, json)
Hash identifier:          soEgEW10i26LtZIFeEwRUyUnFn0YG81X7/LrECYyQSM=
Subject key identifier:   18:07:C1:71:5C:FE:F4:F5:19:06:AF:49:50:37:F3:78:C9:70:E5:E1
Certificate issuer:       /CN=8ad37a9933b052c2f12ef1b8f14d74f05fddb611
Certificate serial:       018EAE4E0C262D19477BCB4BD590B7428417
Authority key identifier: 8A:D3:7A:99:33:B0:52:C2:F1:2E:F1:B8:F1:4D:74:F0:5F:DD:B6:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/itN6mTOwUsLxLvG48U108F_dthE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/3e3126-3f4f-48e9-abef-5cb11a368d10/1/GAfBcVz-9PUZBq9JUDfzeMlw5eE.roa
Signing time:             Fri 05 Apr 2024 12:48:54 +0000
ROA not before:           Fri 05 Apr 2024 12:48:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50902
IP address blocks:        185.253.5.0/24 maxlen: 24
                          193.110.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/3e3126-3f4f-48e9-abef-5cb11a368d10/1/itN6mTOwUsLxLvG48U108F_dthE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/3e3126-3f4f-48e9-abef-5cb11a368d10/1/itN6mTOwUsLxLvG48U108F_dthE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/itN6mTOwUsLxLvG48U108F_dthE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ae:4e:0c:26:2d:19:47:7b:cb:4b:d5:90:b7:42:84:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ad37a9933b052c2f12ef1b8f14d74f05fddb611
        Validity
            Not Before: Apr  5 12:48:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1807c1715cfef4f51906af495037f378c970e5e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:1d:b3:89:88:f4:60:80:15:02:44:05:d2:db:
                    62:ec:78:a1:30:06:14:fc:9b:de:fb:38:cc:d8:fc:
                    53:3d:24:dc:f1:20:76:47:04:81:85:1a:13:b7:84:
                    15:2e:ff:a6:da:e6:a0:c8:9a:63:6c:fd:bb:04:8d:
                    68:8c:93:7b:de:3c:16:02:8c:32:c5:a6:f0:92:48:
                    01:a0:48:af:6e:e8:71:69:90:43:23:7c:d1:00:9e:
                    19:09:59:24:f2:ff:6a:9a:f6:dd:74:fe:a8:a5:43:
                    ae:ac:92:98:90:2d:af:27:10:00:82:f0:e4:e7:ab:
                    99:df:b3:17:d7:b6:91:0e:1c:f1:24:4b:0b:69:18:
                    93:0e:14:23:fa:b2:69:b3:c1:29:92:ca:3b:31:d5:
                    a0:44:3b:a6:e4:00:59:65:23:ae:5e:60:95:e3:ba:
                    85:1a:47:d3:d3:2f:0e:2d:f3:bb:49:70:7a:a3:6d:
                    69:bd:0a:fd:2f:8b:c9:81:54:1d:57:14:7b:86:f0:
                    98:7f:28:69:c8:de:b5:ff:07:75:ed:52:f1:c1:ab:
                    58:66:92:5a:a7:f8:c1:ec:89:93:67:8a:93:dd:bc:
                    40:a6:fc:a4:92:8d:77:43:2b:bf:bf:f7:85:5f:c9:
                    18:fb:8a:3a:50:d3:f9:b1:db:78:37:96:d7:79:26:
                    e8:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:07:C1:71:5C:FE:F4:F5:19:06:AF:49:50:37:F3:78:C9:70:E5:E1
            X509v3 Authority Key Identifier:
                keyid:8A:D3:7A:99:33:B0:52:C2:F1:2E:F1:B8:F1:4D:74:F0:5F:DD:B6:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/itN6mTOwUsLxLvG48U108F_dthE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/3e3126-3f4f-48e9-abef-5cb11a368d10/1/GAfBcVz-9PUZBq9JUDfzeMlw5eE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/3e3126-3f4f-48e9-abef-5cb11a368d10/1/itN6mTOwUsLxLvG48U108F_dthE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.5.0/24
                  193.110.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:1a:09:00:62:06:e9:1f:74:53:2f:7b:49:a4:a0:23:8c:5c:
         6c:b9:da:ca:b4:c5:43:e2:d5:68:f5:04:f2:a8:96:75:43:e3:
         17:fb:53:97:8f:22:a2:63:c8:83:64:87:2e:72:54:6d:1d:14:
         91:cd:70:fe:ff:e2:a8:55:96:44:7f:ee:57:45:42:ce:ba:cf:
         85:88:10:fb:7b:f6:2c:fe:e3:c3:ed:db:d6:d6:e1:6b:99:98:
         d2:c6:bb:a9:52:a0:0e:7b:45:13:0f:1f:70:de:4f:7e:c3:65:
         e7:95:90:bc:8f:76:15:ca:75:5f:8d:b5:34:34:2f:89:b3:de:
         28:05:86:33:30:fd:5e:48:40:13:8e:3b:6e:60:2e:da:10:1a:
         6d:d7:a7:19:64:11:77:26:b2:90:87:a9:eb:28:26:b0:57:2e:
         a3:46:14:4e:dd:b1:41:e7:7d:b4:e7:7a:a0:9e:9d:4b:05:43:
         63:bc:78:ed:33:cc:77:7c:9d:9b:98:00:2e:1c:23:8b:20:d0:
         3d:2f:58:44:6c:6a:46:4a:46:5f:49:b4:0e:ec:9c:5e:e4:cc:
         87:f1:1e:05:3b:7c:c8:22:35:52:a2:b4:b4:f5:cf:8f:39:b1:
         1b:cc:3f:fe:59:d0:2a:70:6a:a7:5c:59:1d:61:9e:35:d5:34:
         33:d0:0a:f6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6uTgwmLRlHe8tL1ZC3QoQXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZDM3YTk5MzNiMDUyYzJmMTJlZjFiOGYxNGQ3NGYwNWZk
ZGI2MTEwHhcNMjQwNDA1MTI0ODU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODA3YzE3MTVjZmVmNGY1MTkwNmFmNDk1MDM3ZjM3OGM5NzBlNWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlR2ziYj0YIAVAkQF0tti7HihMAYU
/Jve+zjM2PxTPSTc8SB2RwSBhRoTt4QVLv+m2uagyJpjbP27BI1ojJN73jwWAowy
xabwkkgBoEivbuhxaZBDI3zRAJ4ZCVkk8v9qmvbddP6opUOurJKYkC2vJxAAgvDk
56uZ37MX17aRDhzxJEsLaRiTDhQj+rJps8Epkso7MdWgRDum5ABZZSOuXmCV47qF
GkfT0y8OLfO7SXB6o21pvQr9L4vJgVQdVxR7hvCYfyhpyN61/wd17VLxwatYZpJa
p/jB7ImTZ4qT3bxApvykko13Qyu/v/eFX8kY+4o6UNP5sdt4N5bXeSbovQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBgHwXFc/vT1GQavSVA383jJcOXhMB8GA1UdIwQY
MBaAFIrTepkzsFLC8S7xuPFNdPBf3bYRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXRONm1UT3dVc0x4THZHNDhVMTA4Rl9kdGhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi8zZTMxMjYtM2Y0Zi00OGU5LWFiZWYt
NWNiMTFhMzY4ZDEwLzEvR0FmQmNWei05UFVaQnE5SlVEZnplTWx3NWVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi8zZTMxMjYtM2Y0Zi00OGU5LWFiZWYtNWNiMTFhMzY4ZDEw
LzEvaXRONm1UT3dVc0x4THZHNDhVMTA4Rl9kdGhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuf0FAwQA
wW5RMA0GCSqGSIb3DQEBCwUAA4IBAQAcGgkAYgbpH3RTL3tJpKAjjFxsudrKtMVD
4tVo9QTyqJZ1Q+MX+1OXjyKiY8iDZIcuclRtHRSRzXD+/+KoVZZEf+5XRULOus+F
iBD7e/Ys/uPD7dvW1uFrmZjSxrupUqAOe0UTDx9w3k9+w2XnlZC8j3YVynVfjbU0
NC+Js94oBYYzMP1eSEATjjtuYC7aEBpt16cZZBF3JrKQh6nrKCawVy6jRhRO3bFB
532053qgnp1LBUNjvHjtM8x3fJ2bmAAuHCOLINA9L1hEbGpGSkZfSbQO7Jxe5MyH
8R4FO3zIIjVSorS09c+PObEbzD/+WdAqcGqnXFkdYZ411TQz0Ar2
-----END CERTIFICATE-----