Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/36703a-122b-4116-b317-ca5fccbf7a8c/1/gJVUuFctIMng49fZ5XrOExqE7Kg.roa
File:                     gJVUuFctIMng49fZ5XrOExqE7Kg.roa (raw, json)
Hash identifier:          AjXgyvwr+2wkKsBsGacI51ggw2wrnyZKulgWM9gAZTA=
Subject key identifier:   80:95:54:B8:57:2D:20:C9:E0:E3:D7:D9:E5:7A:CE:13:1A:84:EC:A8
Certificate issuer:       /CN=193743467b4da41c6295e9351153309586ba2399
Certificate serial:       018CC6B8FD9BED259E691CDBE809D9B6F9AF
Authority key identifier: 19:37:43:46:7B:4D:A4:1C:62:95:E9:35:11:53:30:95:86:BA:23:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GTdDRntNpBxilek1EVMwlYa6I5k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/36703a-122b-4116-b317-ca5fccbf7a8c/1/gJVUuFctIMng49fZ5XrOExqE7Kg.roa
Signing time:             Mon 01 Jan 2024 20:31:01 +0000
ROA not before:           Mon 01 Jan 2024 20:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59268
IP address blocks:        45.65.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/36703a-122b-4116-b317-ca5fccbf7a8c/1/GTdDRntNpBxilek1EVMwlYa6I5k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/36703a-122b-4116-b317-ca5fccbf7a8c/1/GTdDRntNpBxilek1EVMwlYa6I5k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GTdDRntNpBxilek1EVMwlYa6I5k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:fd:9b:ed:25:9e:69:1c:db:e8:09:d9:b6:f9:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=193743467b4da41c6295e9351153309586ba2399
        Validity
            Not Before: Jan  1 20:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=809554b8572d20c9e0e3d7d9e57ace131a84eca8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:58:89:ba:d6:ed:73:cc:51:ae:30:ec:d9:a6:
                    76:9b:06:6a:0a:87:f8:34:f9:8d:05:8c:47:77:bf:
                    a5:28:10:ff:dd:3e:1f:0d:b9:59:c2:bc:dc:00:3b:
                    1e:5a:7f:01:5f:de:60:9a:7e:c7:d3:c6:c9:10:46:
                    f3:45:e4:1e:5c:74:94:ec:bc:39:33:b5:10:91:64:
                    c1:5a:16:0c:40:5b:74:e8:9f:b1:4a:c8:d2:41:9f:
                    b8:f1:5e:90:14:24:b1:fb:ca:93:a7:73:64:75:3f:
                    91:95:87:e7:b1:67:1e:d1:fc:f1:35:d1:96:99:80:
                    99:43:a8:e5:de:59:2c:43:01:93:d1:72:90:52:81:
                    23:b1:c5:7a:68:f1:ab:50:4b:ee:79:f9:06:26:82:
                    c5:d7:f1:3c:16:6a:a1:9b:2b:71:aa:7b:9a:e1:ef:
                    ee:67:e7:0c:18:df:45:4c:c1:e2:64:77:b5:f8:8b:
                    46:84:df:a9:f1:ba:b7:5d:3b:f4:7c:b9:c5:f8:38:
                    af:93:23:60:98:57:0d:03:75:f0:92:35:df:fa:03:
                    3e:d2:d2:11:97:94:1d:3f:53:fc:51:10:ac:14:7c:
                    db:3b:cb:3b:71:63:35:14:99:44:1e:14:8d:47:df:
                    65:40:8d:1a:47:a2:6c:0f:be:87:d8:6b:69:f9:d0:
                    af:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:95:54:B8:57:2D:20:C9:E0:E3:D7:D9:E5:7A:CE:13:1A:84:EC:A8
            X509v3 Authority Key Identifier:
                keyid:19:37:43:46:7B:4D:A4:1C:62:95:E9:35:11:53:30:95:86:BA:23:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GTdDRntNpBxilek1EVMwlYa6I5k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/36703a-122b-4116-b317-ca5fccbf7a8c/1/gJVUuFctIMng49fZ5XrOExqE7Kg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/36703a-122b-4116-b317-ca5fccbf7a8c/1/GTdDRntNpBxilek1EVMwlYa6I5k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.65.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:dd:8d:c1:92:bb:94:be:4b:c0:9d:dd:1a:1f:24:d8:00:3f:
         c3:69:ae:12:cb:68:96:7a:54:2c:17:55:a9:70:a5:d4:e1:88:
         e7:00:0c:23:6e:2d:04:f4:f8:84:45:bb:b5:31:3f:8b:90:4f:
         3d:65:01:a5:8d:16:54:83:8e:07:c6:fd:55:ac:62:23:44:ea:
         c6:d6:ea:4e:cd:23:48:f0:0d:59:df:b5:f1:78:36:4c:ec:1b:
         9d:8b:05:39:51:ad:f0:64:e2:99:fe:4f:68:90:41:00:d6:eb:
         66:2c:4a:7e:66:8c:b2:38:07:21:28:08:cb:f8:61:e1:bd:1a:
         28:53:8e:1d:a9:f4:a1:62:67:1b:41:fe:e9:8e:1d:9b:f8:fb:
         8a:b9:50:2a:58:f9:07:f9:88:1f:67:dc:1f:3a:5f:31:17:0f:
         99:9d:d1:8a:a1:b9:ec:b8:08:db:21:cd:cb:86:0a:71:43:7e:
         b4:dc:63:cb:00:d4:ea:69:89:42:f8:b3:de:fb:ee:1f:f2:22:
         70:6a:4e:40:3f:1e:46:e4:5f:16:db:a2:ef:d2:89:89:13:91:
         f0:56:5f:12:2b:4a:fe:07:2c:33:17:bd:a4:0d:ea:7c:10:90:
         fb:49:94:7e:02:c8:13:72:f7:23:13:d4:71:2e:4d:f7:1f:74:
         43:e9:b7:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuP2b7SWeaRzb6AnZtvmvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5Mzc0MzQ2N2I0ZGE0MWM2Mjk1ZTkzNTExNTMzMDk1ODZi
YTIzOTkwHhcNMjQwMTAxMjAzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDk1NTRiODU3MmQyMGM5ZTBlM2Q3ZDllNTdhY2UxMzFhODRlY2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm1iJutbtc8xRrjDs2aZ2mwZqCof4
NPmNBYxHd7+lKBD/3T4fDblZwrzcADseWn8BX95gmn7H08bJEEbzReQeXHSU7Lw5
M7UQkWTBWhYMQFt06J+xSsjSQZ+48V6QFCSx+8qTp3NkdT+RlYfnsWce0fzxNdGW
mYCZQ6jl3lksQwGT0XKQUoEjscV6aPGrUEvuefkGJoLF1/E8Fmqhmytxqnua4e/u
Z+cMGN9FTMHiZHe1+ItGhN+p8bq3XTv0fLnF+DivkyNgmFcNA3XwkjXf+gM+0tIR
l5QdP1P8URCsFHzbO8s7cWM1FJlEHhSNR99lQI0aR6JsD76H2Gtp+dCvaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFICVVLhXLSDJ4OPX2eV6zhMahOyoMB8GA1UdIwQY
MBaAFBk3Q0Z7TaQcYpXpNRFTMJWGuiOZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1RkRFJudE5wQnhpbGVrMUVWTXdsWWE2STVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8zNjcwM2EtMTIyYi00MTE2LWIzMTct
Y2E1ZmNjYmY3YThjLzEvZ0pWVXVGY3RJTW5nNDlmWjVYck9FeHFFN0tnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8zNjcwM2EtMTIyYi00MTE2LWIzMTctY2E1ZmNjYmY3YThj
LzEvR1RkRFJudE5wQnhpbGVrMUVWTXdsWWE2STVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUFGMA0G
CSqGSIb3DQEBCwUAA4IBAQC83Y3BkruUvkvAnd0aHyTYAD/Daa4Sy2iWelQsF1Wp
cKXU4YjnAAwjbi0E9PiERbu1MT+LkE89ZQGljRZUg44Hxv1VrGIjROrG1upOzSNI
8A1Z37XxeDZM7BudiwU5Ua3wZOKZ/k9okEEA1utmLEp+ZoyyOAchKAjL+GHhvRoo
U44dqfShYmcbQf7pjh2b+PuKuVAqWPkH+YgfZ9wfOl8xFw+ZndGKobnsuAjbIc3L
hgpxQ3603GPLANTqaYlC+LPe++4f8iJwak5APx5G5F8W26Lv0omJE5HwVl8SK0r+
BywzF72kDep8EJD7SZR+AsgTcvcjE9RxLk33H3RD6bem
-----END CERTIFICATE-----