Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/GUFH32n9EqP8NjkdKl7uYBq2pTE.roa
File:                     GUFH32n9EqP8NjkdKl7uYBq2pTE.roa (raw, json)
Hash identifier:          rH/oiswVoDXzmIFxSLTDH7WeRF2qzaBpUUgP7B1mM1E=
Subject key identifier:   19:41:47:DF:69:FD:12:A3:FC:36:39:1D:2A:5E:EE:60:1A:B6:A5:31
Certificate issuer:       /CN=0969a2a39635b797476f1f1633ae8f27bf33b533
Certificate serial:       0193030F1AEAA7FD4053DDA8F164CE83A303
Authority key identifier: 09:69:A2:A3:96:35:B7:97:47:6F:1F:16:33:AE:8F:27:BF:33:B5:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/GUFH32n9EqP8NjkdKl7uYBq2pTE.roa
Signing time:             Wed 06 Nov 2024 19:59:01 +0000
ROA not before:           Wed 06 Nov 2024 19:59:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214941
IP address blocks:        146.19.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:03:0f:1a:ea:a7:fd:40:53:dd:a8:f1:64:ce:83:a3:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0969a2a39635b797476f1f1633ae8f27bf33b533
        Validity
            Not Before: Nov  6 19:59:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=194147df69fd12a3fc36391d2a5eee601ab6a531
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:18:57:f8:49:fe:5e:29:dd:bb:bf:f2:5a:a1:
                    b2:7e:f3:91:57:3b:5c:5a:55:8f:22:4c:bc:5b:ef:
                    1c:b1:aa:ca:bb:08:c5:dc:a4:f0:54:fb:e4:86:53:
                    60:b5:b6:9b:11:b3:4e:93:c9:5c:b4:b1:f0:b2:ca:
                    24:8f:28:85:e5:f7:5f:90:aa:09:59:4a:08:d4:d0:
                    63:b4:cd:2e:10:7e:05:48:6b:35:2f:85:d0:00:f3:
                    c8:58:cc:c4:a7:22:07:10:4a:ba:22:88:d9:29:15:
                    83:28:4e:20:40:18:f5:c2:4a:bc:70:8c:3b:3c:4c:
                    b3:eb:60:ae:11:d4:35:d0:c0:02:63:1f:38:58:52:
                    a2:1e:04:cd:6d:a1:4d:58:07:7b:00:43:70:ee:61:
                    f5:99:aa:35:95:fe:ea:00:13:2b:fd:be:cf:90:20:
                    da:c7:cf:6f:ba:f3:74:24:b1:90:db:80:ae:7e:ce:
                    66:4b:2c:7d:57:34:ba:42:4f:c4:01:c1:66:2b:0c:
                    69:ad:1f:d1:bc:6a:6c:2f:3a:92:51:8f:7c:65:a6:
                    37:9d:e3:98:12:ff:41:50:9c:b3:b3:e8:30:42:8e:
                    1d:3c:59:36:84:af:da:43:2e:09:bd:78:13:40:72:
                    e9:e3:1b:dc:9f:a2:d5:25:d2:a4:99:62:5a:11:6c:
                    01:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:41:47:DF:69:FD:12:A3:FC:36:39:1D:2A:5E:EE:60:1A:B6:A5:31
            X509v3 Authority Key Identifier:
                keyid:09:69:A2:A3:96:35:B7:97:47:6F:1F:16:33:AE:8F:27:BF:33:B5:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/GUFH32n9EqP8NjkdKl7uYBq2pTE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:64:02:99:12:1c:a0:21:ef:67:12:f6:c7:c0:b1:cb:62:cd:
         e6:81:35:0e:b9:f6:3f:ed:a4:ff:e2:b2:22:18:ee:d1:4a:d4:
         f7:8b:94:b2:8f:ef:4c:db:a9:38:41:b1:08:3d:92:1b:5e:3a:
         de:86:58:de:c9:a8:46:67:45:cd:3b:82:8f:99:9e:b3:69:b4:
         e2:fd:e7:26:07:58:00:c5:18:cc:1e:16:61:5c:2a:ab:37:37:
         e6:97:28:e1:76:89:87:b8:f7:82:9c:b1:71:8a:27:53:42:73:
         e9:94:ea:b0:65:3a:6b:f7:21:a4:a1:eb:e4:58:08:ae:82:b9:
         75:51:c6:5f:a4:d0:5f:4f:b2:d4:33:50:90:1a:cb:af:9e:b0:
         d8:27:1d:19:e8:6d:af:d8:6e:9d:ba:a1:d1:b1:17:bd:ed:38:
         83:cc:d2:ee:0a:e3:2b:62:f1:45:fb:a2:a2:de:88:aa:ea:6f:
         f8:06:9c:fa:b3:5a:38:e5:a9:17:0d:5a:a6:e8:fb:a6:90:bc:
         af:81:f6:31:da:c1:55:15:69:d7:d8:81:f5:72:ba:04:e2:e6:
         71:b9:22:c8:00:1a:7d:c7:90:ea:ef:83:3a:fa:f3:95:e3:51:
         7d:ad:35:7b:df:f4:5c:78:58:ae:74:5e:d1:89:de:29:0f:9a:
         78:f7:98:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMDDxrqp/1AU92o8WTOg6MDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NjlhMmEzOTYzNWI3OTc0NzZmMWYxNjMzYWU4ZjI3YmYz
M2I1MzMwHhcNMjQxMTA2MTk1OTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTQxNDdkZjY5ZmQxMmEzZmMzNjM5MWQyYTVlZWU2MDFhYjZhNTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0RhX+En+Xindu7/yWqGyfvORVztc
WlWPIky8W+8csarKuwjF3KTwVPvkhlNgtbabEbNOk8lctLHwssokjyiF5fdfkKoJ
WUoI1NBjtM0uEH4FSGs1L4XQAPPIWMzEpyIHEEq6IojZKRWDKE4gQBj1wkq8cIw7
PEyz62CuEdQ10MACYx84WFKiHgTNbaFNWAd7AENw7mH1mao1lf7qABMr/b7PkCDa
x89vuvN0JLGQ24Cufs5mSyx9VzS6Qk/EAcFmKwxprR/RvGpsLzqSUY98ZaY3neOY
Ev9BUJyzs+gwQo4dPFk2hK/aQy4JvXgTQHLp4xvcn6LVJdKkmWJaEWwBYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBlBR99p/RKj/DY5HSpe7mAatqUxMB8GA1UdIwQY
MBaAFAlpoqOWNbeXR28fFjOujye/M7UzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1dtaW81WTF0NWRIYng4V002NlBKNzh6dFRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC82ZGI0MjctZjdkYy00ZWE5LWFlOTUt
NDE0OTA4NzJmYzRlLzEvR1VGSDMybjlFcVA4TmprZEtsN3VZQnEycFRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC82ZGI0MjctZjdkYy00ZWE5LWFlOTUtNDE0OTA4NzJmYzRl
LzEvQ1dtaW81WTF0NWRIYng4V002NlBKNzh6dFRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhM5MA0G
CSqGSIb3DQEBCwUAA4IBAQA5ZAKZEhygIe9nEvbHwLHLYs3mgTUOufY/7aT/4rIi
GO7RStT3i5Syj+9M26k4QbEIPZIbXjrehljeyahGZ0XNO4KPmZ6zabTi/ecmB1gA
xRjMHhZhXCqrNzfmlyjhdomHuPeCnLFxiidTQnPplOqwZTpr9yGkoevkWAiugrl1
UcZfpNBfT7LUM1CQGsuvnrDYJx0Z6G2v2G6duqHRsRe97TiDzNLuCuMrYvFF+6Ki
3oiq6m/4Bpz6s1o45akXDVqm6PumkLyvgfYx2sFVFWnX2IH1croE4uZxuSLIABp9
x5Dq74M6+vOV41F9rTV73/RceFiudF7Rid4pD5p495jO
-----END CERTIFICATE-----