Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/8ba0dd-2fbb-4a6f-9a37-c2454ce28d48/1/GT1dqj5bvtAMqy1gX-Q5HLZvemY.roa
File:                     GT1dqj5bvtAMqy1gX-Q5HLZvemY.roa (raw, json)
Hash identifier:          6PZGyiBkPHzRboXX3zcq1YFVvCdh5o+aek91Tqcp8gs=
Subject key identifier:   19:3D:5D:AA:3E:5B:BE:D0:0C:AB:2D:60:5F:E4:39:1C:B6:6F:7A:66
Certificate issuer:       /CN=42c30371986df5d564ee67074717b66a02ff5712
Certificate serial:       018CC5DC20636E9CF4ECB0A1E27D5FE7B16A
Authority key identifier: 42:C3:03:71:98:6D:F5:D5:64:EE:67:07:47:17:B6:6A:02:FF:57:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QsMDcZht9dVk7mcHRxe2agL_VxI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/8ba0dd-2fbb-4a6f-9a37-c2454ce28d48/1/GT1dqj5bvtAMqy1gX-Q5HLZvemY.roa
Signing time:             Mon 01 Jan 2024 16:29:46 +0000
ROA not before:           Mon 01 Jan 2024 16:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57728
IP address blocks:        188.122.192.0/19 maxlen: 19
                          2a0a:b6c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/8ba0dd-2fbb-4a6f-9a37-c2454ce28d48/1/QsMDcZht9dVk7mcHRxe2agL_VxI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/8ba0dd-2fbb-4a6f-9a37-c2454ce28d48/1/QsMDcZht9dVk7mcHRxe2agL_VxI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QsMDcZht9dVk7mcHRxe2agL_VxI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 04:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:20:63:6e:9c:f4:ec:b0:a1:e2:7d:5f:e7:b1:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42c30371986df5d564ee67074717b66a02ff5712
        Validity
            Not Before: Jan  1 16:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=193d5daa3e5bbed00cab2d605fe4391cb66f7a66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:2a:9c:ed:21:7f:14:af:9b:7c:2e:f5:44:c8:
                    84:93:55:02:ea:41:f8:5b:c0:f7:23:39:1a:bc:7d:
                    42:65:22:e3:5d:f5:7a:4f:66:8e:88:51:87:b0:f3:
                    4e:61:ff:10:f7:d9:94:76:b4:45:4e:4c:93:11:8e:
                    47:af:c6:cc:00:97:de:ab:c1:90:2f:a1:02:74:7f:
                    fc:5d:f3:56:88:c8:99:c8:c3:24:8a:84:c2:20:6e:
                    5c:f4:be:60:23:d3:26:58:a8:7e:17:6a:0a:45:4d:
                    e0:d9:c8:56:d2:f0:2e:34:35:f7:e2:fc:eb:c7:92:
                    76:81:ae:f5:c3:79:cb:d5:dd:96:90:fe:6e:72:94:
                    ec:cf:6a:2e:2e:0a:22:ce:6f:87:52:d6:57:56:2c:
                    fb:f2:28:18:c9:7c:36:b1:3a:9c:86:85:4b:cd:8c:
                    c6:0b:07:79:cb:3f:73:42:f1:07:08:82:3b:54:41:
                    a6:ca:27:42:57:8c:c4:19:85:30:ab:fa:76:68:ee:
                    fe:cf:ad:e6:0d:54:e9:28:80:11:db:5e:81:ce:50:
                    6d:89:ee:d9:f6:a2:fe:4a:cf:e8:c5:71:33:f1:90:
                    cb:78:4c:ec:47:e2:b0:80:6c:da:ab:65:81:d7:3a:
                    4f:cb:c8:da:5e:92:2f:7c:29:91:e1:34:21:6a:d6:
                    b0:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:3D:5D:AA:3E:5B:BE:D0:0C:AB:2D:60:5F:E4:39:1C:B6:6F:7A:66
            X509v3 Authority Key Identifier:
                keyid:42:C3:03:71:98:6D:F5:D5:64:EE:67:07:47:17:B6:6A:02:FF:57:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QsMDcZht9dVk7mcHRxe2agL_VxI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/8ba0dd-2fbb-4a6f-9a37-c2454ce28d48/1/GT1dqj5bvtAMqy1gX-Q5HLZvemY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/8ba0dd-2fbb-4a6f-9a37-c2454ce28d48/1/QsMDcZht9dVk7mcHRxe2agL_VxI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.122.192.0/19
                IPv6:
                  2a0a:b6c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         5c:bf:27:ac:41:b4:f5:3c:87:d3:8c:4e:b9:d9:24:02:13:ca:
         72:df:d8:c2:7a:8f:4d:45:1b:d4:5d:ad:46:65:32:88:b9:05:
         9f:0e:87:22:f1:12:26:db:17:f7:c7:02:66:02:1b:d6:a4:ee:
         91:11:ab:56:df:c5:d1:15:93:8a:5c:8b:33:b3:85:69:fa:74:
         56:97:ee:e6:f8:0e:58:a5:c9:70:a9:f1:01:dc:7b:c2:49:61:
         a7:72:5f:7e:43:4a:6e:8a:53:25:39:1d:ab:82:78:9d:24:4a:
         c2:98:40:75:35:67:eb:6b:ee:a3:c3:4d:ed:51:62:06:61:f5:
         83:49:58:ac:f1:97:00:2e:7f:7f:30:26:79:53:7c:93:84:f9:
         de:fa:c6:da:d4:e4:57:c1:02:f7:41:c7:1d:e1:29:d2:82:cf:
         bb:e0:70:1c:88:41:54:85:65:d6:9e:dc:0b:af:2a:fe:8e:be:
         18:4f:2e:63:a1:ce:e2:39:25:ee:a7:0a:0a:00:51:18:a0:16:
         65:66:18:de:51:90:51:6f:7f:66:8b:b4:7c:19:af:26:6a:d7:
         f3:7e:e1:26:a7:6e:20:57:6a:6c:3d:10:4c:7c:b5:61:19:fa:
         25:3c:2d:39:d0:bf:38:56:2a:ee:f1:95:6d:91:22:65:36:43:
         36:8a:8b:7e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3CBjbpz07LCh4n1f57FqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyYzMwMzcxOTg2ZGY1ZDU2NGVlNjcwNzQ3MTdiNjZhMDJm
ZjU3MTIwHhcNMjQwMTAxMTYyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTNkNWRhYTNlNWJiZWQwMGNhYjJkNjA1ZmU0MzkxY2I2NmY3YTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5iqc7SF/FK+bfC71RMiEk1UC6kH4
W8D3IzkavH1CZSLjXfV6T2aOiFGHsPNOYf8Q99mUdrRFTkyTEY5Hr8bMAJfeq8GQ
L6ECdH/8XfNWiMiZyMMkioTCIG5c9L5gI9MmWKh+F2oKRU3g2chW0vAuNDX34vzr
x5J2ga71w3nL1d2WkP5ucpTsz2ouLgoizm+HUtZXViz78igYyXw2sTqchoVLzYzG
Cwd5yz9zQvEHCII7VEGmyidCV4zEGYUwq/p2aO7+z63mDVTpKIAR216BzlBtie7Z
9qL+Ss/oxXEz8ZDLeEzsR+KwgGzaq2WB1zpPy8jaXpIvfCmR4TQhatawhwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBk9Xao+W77QDKstYF/kORy2b3pmMB8GA1UdIwQY
MBaAFELDA3GYbfXVZO5nB0cXtmoC/1cSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXNNRGNaaHQ5ZFZrN21jSFJ4ZTJhZ0xfVnhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC84YmEwZGQtMmZiYi00YTZmLTlhMzct
YzI0NTRjZTI4ZDQ4LzEvR1QxZHFqNWJ2dEFNcXkxZ1gtUTVITFp2ZW1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC84YmEwZGQtMmZiYi00YTZmLTlhMzctYzI0NTRjZTI4ZDQ4
LzEvUXNNRGNaaHQ5ZFZrN21jSFJ4ZTJhZ0xfVnhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFvHrAMA0E
AgACMAcDBQAqCrbAMA0GCSqGSIb3DQEBCwUAA4IBAQBcvyesQbT1PIfTjE652SQC
E8py39jCeo9NRRvUXa1GZTKIuQWfDoci8RIm2xf3xwJmAhvWpO6REatW38XRFZOK
XIszs4Vp+nRWl+7m+A5YpclwqfEB3HvCSWGncl9+Q0puilMlOR2rgnidJErCmEB1
NWfra+6jw03tUWIGYfWDSVis8ZcALn9/MCZ5U3yThPne+sba1ORXwQL3Qccd4SnS
gs+74HAciEFUhWXWntwLryr+jr4YTy5joc7iOSXupwoKAFEYoBZlZhjeUZBRb39m
i7R8Ga8matfzfuEmp24gV2psPRBMfLVhGfolPC050L84Viru8ZVtkSJlNkM2iot+
-----END CERTIFICATE-----