Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/r2GarAu_cxUknotuV_tr4cYFbWc.roa
File:                     r2GarAu_cxUknotuV_tr4cYFbWc.roa (raw, json)
Hash identifier:          Wse0u9gN8K1L3C2X+QpCbxYh3sFphETguoBKhLOKnkM=
Subject key identifier:   AF:61:9A:AC:0B:BF:73:15:24:9E:8B:6E:57:FB:6B:E1:C6:05:6D:67
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018CC492DC685628174DCAAF0005AE99FD68
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/r2GarAu_cxUknotuV_tr4cYFbWc.roa
Signing time:             Mon 01 Jan 2024 10:30:08 +0000
ROA not before:           Mon 01 Jan 2024 10:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58224
IP address blocks:        46.209.40.0/22 maxlen: 22
                          5.160.154.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:dc:68:56:28:17:4d:ca:af:00:05:ae:99:fd:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jan  1 10:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af619aac0bbf7315249e8b6e57fb6be1c6056d67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:05:2d:ff:a6:69:55:d9:d6:f3:58:13:7b:c4:
                    e5:09:a2:5d:0c:3c:bf:b8:54:a0:9f:6b:cb:34:6e:
                    f7:73:9c:d1:92:d1:77:52:ae:60:8a:15:a2:2b:1c:
                    24:00:87:64:f9:f8:cc:21:3b:14:64:e1:75:4c:66:
                    29:57:ef:89:d4:79:03:95:89:59:55:b4:07:64:51:
                    5c:89:e8:c2:5d:15:7a:39:7e:fe:f7:47:32:23:e0:
                    62:b2:3b:b4:35:80:78:0e:86:45:8e:cb:8b:62:92:
                    b3:9e:c2:2b:3a:74:cf:f1:7d:08:85:1f:9b:23:8c:
                    67:f4:5d:77:11:1f:3e:92:51:3a:43:48:cc:1d:9c:
                    10:f3:92:be:ca:c6:68:cd:40:ae:21:d7:5a:13:ed:
                    66:66:7c:f7:e3:72:55:e0:4e:f5:4f:8f:95:4a:b0:
                    1d:7d:ed:75:16:24:8e:cd:33:56:c7:2d:b3:4d:45:
                    e3:71:07:9d:de:9a:30:1c:dd:01:6a:cb:4f:38:43:
                    a3:d2:9f:cc:ec:4a:be:8b:ee:ed:b2:3e:5b:8e:7c:
                    4a:d5:f8:c1:9e:01:3b:9d:c7:d1:e6:40:e3:63:b5:
                    c2:de:9c:28:34:b5:ba:31:0f:8c:d1:32:35:98:1f:
                    38:68:bb:0b:9b:2b:f1:4f:35:88:bc:60:52:cf:cb:
                    1e:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:61:9A:AC:0B:BF:73:15:24:9E:8B:6E:57:FB:6B:E1:C6:05:6D:67
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/r2GarAu_cxUknotuV_tr4cYFbWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.154.0/23
                  46.209.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0e:70:6a:ab:cd:77:8e:e2:c4:0e:41:a7:d4:b3:66:a4:fc:1c:
         fb:5a:1b:5a:a9:b1:e5:b3:3d:89:4a:88:e4:74:60:4d:b6:4a:
         7e:5e:dd:a1:d9:7c:64:a6:84:73:e3:25:2d:fe:e9:a2:06:76:
         91:dc:7e:a3:d4:6e:9a:4d:78:70:27:a3:fa:12:84:7e:f5:2e:
         ca:0a:40:31:c1:ab:fe:72:29:3b:c4:bb:1c:ba:57:6f:f4:3f:
         fa:bc:84:31:84:22:1b:7e:82:90:dc:39:f8:15:71:7a:d8:3d:
         1e:61:c7:4f:af:e3:a1:52:75:4f:fd:f0:a1:dc:c2:f0:50:d5:
         b1:a2:05:33:0a:02:e5:ef:f6:0e:a4:ba:64:39:31:79:f2:66:
         17:43:3b:13:7a:a9:ae:8b:4b:ed:00:93:8a:f6:a8:8f:b4:c4:
         26:23:3a:0d:fc:56:2b:20:ef:af:98:e2:78:b5:ff:b3:ee:30:
         a9:74:7c:4a:dd:5c:11:36:1a:fe:28:ea:6d:f8:79:1e:8e:bc:
         51:0f:e8:a9:ab:90:dd:82:f2:bd:28:b1:87:60:46:ae:35:4b:
         da:d3:d3:98:9e:56:08:99:31:2b:5b:fe:53:e9:0b:e1:8a:74:
         22:eb:10:3c:5f:71:a8:71:59:ac:0b:12:14:7d:2f:7f:f6:f3:
         1f:9a:48:6c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEktxoVigXTcqvAAWumf1oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwMTAxMTAzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjYxOWFhYzBiYmY3MzE1MjQ5ZThiNmU1N2ZiNmJlMWM2MDU2ZDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkgUt/6ZpVdnW81gTe8TlCaJdDDy/
uFSgn2vLNG73c5zRktF3Uq5gihWiKxwkAIdk+fjMITsUZOF1TGYpV++J1HkDlYlZ
VbQHZFFciejCXRV6OX7+90cyI+Bisju0NYB4DoZFjsuLYpKznsIrOnTP8X0IhR+b
I4xn9F13ER8+klE6Q0jMHZwQ85K+ysZozUCuIddaE+1mZnz343JV4E71T4+VSrAd
fe11FiSOzTNWxy2zTUXjcQed3powHN0BastPOEOj0p/M7Eq+i+7tsj5bjnxK1fjB
ngE7ncfR5kDjY7XC3pwoNLW6MQ+M0TI1mB84aLsLmyvxTzWIvGBSz8seAwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK9hmqwLv3MVJJ6Lblf7a+HGBW1nMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvcjJHYXJBdV9jeFVrbm90dVZfdHI0Y1lGYldjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBBaCaAwQC
LtEoMA0GCSqGSIb3DQEBCwUAA4IBAQAOcGqrzXeO4sQOQafUs2ak/Bz7WhtaqbHl
sz2JSojkdGBNtkp+Xt2h2XxkpoRz4yUt/umiBnaR3H6j1G6aTXhwJ6P6EoR+9S7K
CkAxwav+cik7xLsculdv9D/6vIQxhCIbfoKQ3Dn4FXF62D0eYcdPr+OhUnVP/fCh
3MLwUNWxogUzCgLl7/YOpLpkOTF58mYXQzsTeqmui0vtAJOK9qiPtMQmIzoN/FYr
IO+vmOJ4tf+z7jCpdHxK3VwRNhr+KOpt+HkejrxRD+ipq5DdgvK9KLGHYEauNUva
09OYnlYImTErW/5T6QvhinQi6xA8X3GocVmsCxIUfS9/9vMfmkhs
-----END CERTIFICATE-----