Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/3b51c9-b37b-4767-88d9-5df6a463035b/1/GTh-G6yI2S6LlNyn0_SA5MyDt5I.roa
File:                     GTh-G6yI2S6LlNyn0_SA5MyDt5I.roa (raw, json)
Hash identifier:          zVqWn+3LerJ53wNT0CBkYX7z6mikTo0ypXKu4Pmpyak=
Subject key identifier:   19:38:7E:1B:AC:88:D9:2E:8B:94:DC:A7:D3:F4:80:E4:CC:83:B7:92
Certificate issuer:       /CN=a6a05904ec81746a0a66d207f5d36f8d97888a0d
Certificate serial:       019320E48F2C068127EE4329F7676E14DAD0
Authority key identifier: A6:A0:59:04:EC:81:74:6A:0A:66:D2:07:F5:D3:6F:8D:97:88:8A:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pqBZBOyBdGoKZtIH9dNvjZeIig0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/3b51c9-b37b-4767-88d9-5df6a463035b/1/GTh-G6yI2S6LlNyn0_SA5MyDt5I.roa
Signing time:             Tue 12 Nov 2024 15:01:09 +0000
ROA not before:           Tue 12 Nov 2024 15:01:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60318
IP address blocks:        193.104.157.0/24 maxlen: 24
                          2a06:b300::/48 maxlen: 48
                          2a06:b300:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/3b51c9-b37b-4767-88d9-5df6a463035b/1/pqBZBOyBdGoKZtIH9dNvjZeIig0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/3b51c9-b37b-4767-88d9-5df6a463035b/1/pqBZBOyBdGoKZtIH9dNvjZeIig0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pqBZBOyBdGoKZtIH9dNvjZeIig0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:20:e4:8f:2c:06:81:27:ee:43:29:f7:67:6e:14:da:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6a05904ec81746a0a66d207f5d36f8d97888a0d
        Validity
            Not Before: Nov 12 15:01:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19387e1bac88d92e8b94dca7d3f480e4cc83b792
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:e4:44:97:50:93:09:e4:3d:c7:82:76:db:c2:
                    de:97:d2:ff:93:b2:76:db:51:2d:88:35:ec:70:e6:
                    d4:f5:66:94:68:04:4e:13:40:92:2c:c1:51:31:14:
                    3e:31:4a:85:ba:07:ee:89:d4:ed:ac:df:5b:ae:23:
                    11:bd:72:70:dc:b6:32:32:b9:59:af:50:ce:26:30:
                    0f:a2:83:32:be:32:a1:a4:4b:fc:6d:07:35:66:50:
                    3e:46:24:bc:b7:3d:a6:6a:cf:d6:67:0a:e1:dc:b7:
                    16:44:7e:cf:c1:d5:c7:d4:39:85:63:05:e3:51:b2:
                    ad:56:fc:57:29:f5:3a:79:ff:10:ff:81:c0:77:0b:
                    57:a5:fe:57:99:2c:3e:88:78:df:44:b8:24:f8:91:
                    ba:2a:aa:f9:a4:08:c2:a1:20:57:3d:e7:82:d8:99:
                    38:76:45:18:e1:ad:16:83:83:2e:ac:d8:fc:fa:4d:
                    1a:fc:3f:b9:69:a8:31:0e:bd:25:56:5d:f4:e4:2c:
                    cb:f3:bf:c2:a7:24:aa:30:38:0c:83:cf:b8:e0:c7:
                    02:99:56:37:f5:83:85:4a:0f:a1:37:2b:43:40:4c:
                    33:69:4f:81:80:7b:79:40:c4:02:8d:21:66:1d:c9:
                    e7:5f:6f:a8:aa:73:3f:56:09:2a:ad:e1:34:d3:04:
                    a7:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:38:7E:1B:AC:88:D9:2E:8B:94:DC:A7:D3:F4:80:E4:CC:83:B7:92
            X509v3 Authority Key Identifier:
                keyid:A6:A0:59:04:EC:81:74:6A:0A:66:D2:07:F5:D3:6F:8D:97:88:8A:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pqBZBOyBdGoKZtIH9dNvjZeIig0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3b51c9-b37b-4767-88d9-5df6a463035b/1/GTh-G6yI2S6LlNyn0_SA5MyDt5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3b51c9-b37b-4767-88d9-5df6a463035b/1/pqBZBOyBdGoKZtIH9dNvjZeIig0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.157.0/24
                IPv6:
                  2a06:b300::/47

    Signature Algorithm: sha256WithRSAEncryption
         07:4d:ae:2b:fe:3d:28:c8:47:3c:33:76:38:a3:3e:32:57:ad:
         10:7e:59:9a:a5:cb:e2:53:d3:3a:fa:82:b8:dd:b3:65:e8:29:
         c3:27:e2:44:6f:13:0a:ad:c0:7c:41:6e:d6:37:ce:b1:6f:d3:
         5d:ea:55:b2:ef:ae:3e:e5:62:8e:a7:48:86:4e:4e:02:4e:4f:
         96:3c:4b:66:4f:ae:15:b4:11:64:67:e5:9b:38:04:b6:57:57:
         42:4e:54:23:5a:d8:93:4b:87:fa:3d:36:e2:98:80:35:93:49:
         78:b1:46:1f:68:6f:8e:4a:b0:0a:e5:45:fa:b7:e3:67:02:9e:
         c8:d9:49:44:56:ab:bf:ac:f9:f0:9f:45:7f:33:8f:98:fc:76:
         b4:50:7b:55:34:02:d6:5b:3c:b2:3d:6e:39:2f:87:93:ce:98:
         81:77:01:00:05:ff:de:31:03:27:ca:be:9d:14:53:60:a7:24:
         49:aa:b5:e9:b4:8d:78:e7:fa:53:a0:cb:ce:27:ba:72:26:12:
         6a:f5:c4:eb:0a:b1:02:8c:57:2f:d7:1c:03:55:7a:c4:9c:bd:
         a2:6b:10:13:f7:26:21:24:b1:76:65:a8:79:d8:0f:df:be:17:
         30:d1:4a:a5:34:aa:57:d1:3f:3f:28:57:02:e1:51:07:90:6c:
         f6:36:ea:52
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZMg5I8sBoEn7kMp92duFNrQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2YTA1OTA0ZWM4MTc0NmEwYTY2ZDIwN2Y1ZDM2ZjhkOTc4
ODhhMGQwHhcNMjQxMTEyMTUwMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTM4N2UxYmFjODhkOTJlOGI5NGRjYTdkM2Y0ODBlNGNjODNiNzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5OREl1CTCeQ9x4J228Lel9L/k7J2
21EtiDXscObU9WaUaAROE0CSLMFRMRQ+MUqFugfuidTtrN9briMRvXJw3LYyMrlZ
r1DOJjAPooMyvjKhpEv8bQc1ZlA+RiS8tz2mas/WZwrh3LcWRH7PwdXH1DmFYwXj
UbKtVvxXKfU6ef8Q/4HAdwtXpf5XmSw+iHjfRLgk+JG6Kqr5pAjCoSBXPeeC2Jk4
dkUY4a0Wg4MurNj8+k0a/D+5aagxDr0lVl305CzL87/CpySqMDgMg8+44McCmVY3
9YOFSg+hNytDQEwzaU+BgHt5QMQCjSFmHcnnX2+oqnM/VgkqreE00wSncQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBk4fhusiNkui5Tcp9P0gOTMg7eSMB8GA1UdIwQY
MBaAFKagWQTsgXRqCmbSB/XTb42XiIoNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHFCWkJPeUJkR29LWnRJSDlkTnZqWmVJaWcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8zYjUxYzktYjM3Yi00NzY3LTg4ZDkt
NWRmNmE0NjMwMzViLzEvR1RoLUc2eUkyUzZMbE55bjBfU0E1TXlEdDVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8zYjUxYzktYjM3Yi00NzY3LTg4ZDktNWRmNmE0NjMwMzVi
LzEvcHFCWkJPeUJkR29LWnRJSDlkTnZqWmVJaWcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwWidMA8E
AgACMAkDBwEqBrMAAAAwDQYJKoZIhvcNAQELBQADggEBAAdNriv+PSjIRzwzdjij
PjJXrRB+WZqly+JT0zr6grjds2XoKcMn4kRvEwqtwHxBbtY3zrFv013qVbLvrj7l
Yo6nSIZOTgJOT5Y8S2ZPrhW0EWRn5Zs4BLZXV0JOVCNa2JNLh/o9NuKYgDWTSXix
Rh9ob45KsArlRfq342cCnsjZSURWq7+s+fCfRX8zj5j8drRQe1U0AtZbPLI9bjkv
h5POmIF3AQAF/94xAyfKvp0UU2CnJEmqtem0jXjn+lOgy84nunImEmr1xOsKsQKM
Vy/XHANVesScvaJrEBP3JiEksXZlqHnYD9++FzDRSqU0qlfRPz8oVwLhUQeQbPY2
6lI=
-----END CERTIFICATE-----