Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/GPLHNbsumX1-Wsvgyo2eAM7DR3Q.roa
File:                     GPLHNbsumX1-Wsvgyo2eAM7DR3Q.roa (raw, json)
Hash identifier:          nm7UArLL/LYQfbzQVPCbFcxWemBz4kRCdSzVdvgRD6E=
Subject key identifier:   18:F2:C7:35:BB:2E:99:7D:7E:5A:CB:E0:CA:8D:9E:00:CE:C3:47:74
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348E55C8AA5585C74C5D077013D51EE
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/GPLHNbsumX1-Wsvgyo2eAM7DR3Q.roa
Signing time:             Mon 01 Jan 2024 04:29:43 +0000
ROA not before:           Mon 01 Jan 2024 04:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208813
IP address blocks:        194.209.6.0/24 maxlen: 24
                          2001:918:fff2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e5:5c:8a:a5:58:5c:74:c5:d0:77:01:3d:51:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18f2c735bb2e997d7e5acbe0ca8d9e00cec34774
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:43:a2:8f:15:34:cb:a6:50:5a:11:72:21:79:
                    e5:20:a1:d8:f5:f4:d1:bb:9f:4f:b1:9c:1b:20:a6:
                    4a:44:86:59:d4:c0:fd:74:5c:c0:19:69:0b:20:bb:
                    a0:d3:57:d7:83:6d:d0:72:b8:f4:67:83:a1:64:4c:
                    78:ea:e1:9f:2e:ed:95:cf:9a:db:c8:a1:08:92:72:
                    bc:d9:b9:d4:e3:fa:73:a9:b2:cd:8a:2a:be:cd:36:
                    ae:cf:79:9c:59:94:65:6f:31:46:33:06:8b:e9:28:
                    25:d5:ee:23:92:d1:c8:f4:57:3d:4a:a5:6e:f6:12:
                    37:e9:ed:87:6e:55:b0:99:0f:97:2a:1e:3d:96:f9:
                    ef:2e:eb:c6:d9:8e:a5:f0:2f:02:07:17:3c:61:ed:
                    ff:c1:a9:2b:a5:fe:b5:01:70:9f:ee:91:f6:9f:64:
                    80:8d:4b:7e:21:96:85:4e:05:d6:11:c6:03:c1:fd:
                    1d:fc:1f:8e:9f:09:cf:02:7c:4d:1c:a3:99:76:0f:
                    92:e2:f3:fa:56:cd:2e:45:ad:18:88:fa:ba:75:21:
                    01:52:9b:47:e0:cf:06:15:f4:20:1f:e5:9c:32:ab:
                    f1:83:52:86:f0:d0:55:10:17:d8:f3:b4:0b:30:bb:
                    89:33:59:76:a0:4a:a6:5e:bf:e2:83:f8:2c:f7:c7:
                    48:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:F2:C7:35:BB:2E:99:7D:7E:5A:CB:E0:CA:8D:9E:00:CE:C3:47:74
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/GPLHNbsumX1-Wsvgyo2eAM7DR3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.6.0/24
                IPv6:
                  2001:918:fff2::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:0d:af:86:b1:4b:b8:5d:8a:c9:d9:c1:f7:9e:6c:7b:f4:d3:
         86:09:40:a6:99:2e:c3:ee:95:9b:11:94:f8:2d:89:8f:50:81:
         24:fb:6f:b2:23:e6:1c:bd:27:c6:6c:5a:64:ad:10:e4:7b:d7:
         f0:1a:ef:cd:16:4c:1f:b1:02:8d:55:7b:51:b9:a5:5c:05:1b:
         44:b7:ea:3f:f0:12:69:ae:51:89:d6:a5:67:5e:f5:9f:96:d3:
         35:24:59:9f:3a:4a:d3:56:1e:b0:82:5d:04:c8:d4:e6:2f:29:
         82:2f:b7:fb:c7:9f:c9:88:89:74:95:9f:ea:80:e1:fa:b0:e7:
         af:8b:63:95:2c:70:51:60:04:fe:7f:b1:f7:bd:cb:18:de:00:
         ed:84:15:4c:41:96:0c:5d:11:3e:69:e3:af:7d:f5:9d:04:84:
         5a:98:ed:d9:e2:e4:61:f5:11:84:36:22:20:79:bf:79:0d:c6:
         da:67:c2:2e:a9:d1:28:44:6f:3c:fc:53:2a:ae:2a:a1:65:95:
         97:dc:35:bd:11:bf:57:5c:08:6d:20:92:4d:c6:c5:67:29:82:
         d6:ef:bb:19:3a:17:8e:ca:1b:b8:b0:01:5f:1a:7a:00:20:a1:
         c8:08:8d:c6:cd:eb:25:72:7a:13:58:7d:bc:c6:38:30:c1:1c:
         83:cd:c5:3c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDSOVciqVYXHTF0HcBPVHuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGYyYzczNWJiMmU5OTdkN2U1YWNiZTBjYThkOWUwMGNlYzM0Nzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0OijxU0y6ZQWhFyIXnlIKHY9fTR
u59PsZwbIKZKRIZZ1MD9dFzAGWkLILug01fXg23Qcrj0Z4OhZEx46uGfLu2Vz5rb
yKEIknK82bnU4/pzqbLNiiq+zTauz3mcWZRlbzFGMwaL6Sgl1e4jktHI9Fc9SqVu
9hI36e2HblWwmQ+XKh49lvnvLuvG2Y6l8C8CBxc8Ye3/wakrpf61AXCf7pH2n2SA
jUt+IZaFTgXWEcYDwf0d/B+OnwnPAnxNHKOZdg+S4vP6Vs0uRa0YiPq6dSEBUptH
4M8GFfQgH+WcMqvxg1KG8NBVEBfY87QLMLuJM1l2oEqmXr/ig/gs98dIGQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBjyxzW7Lpl9flrL4MqNngDOw0d0MB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvR1BMSE5ic3VtWDEtV3N2Z3lvMmVBTTdEUjNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwtEGMA8E
AgACMAkDBwAgAQkY//IwDQYJKoZIhvcNAQELBQADggEBADwNr4axS7hdisnZwfee
bHv004YJQKaZLsPulZsRlPgtiY9QgST7b7Ij5hy9J8ZsWmStEOR71/Aa780WTB+x
Ao1Ve1G5pVwFG0S36j/wEmmuUYnWpWde9Z+W0zUkWZ86StNWHrCCXQTI1OYvKYIv
t/vHn8mIiXSVn+qA4fqw56+LY5UscFFgBP5/sfe9yxjeAO2EFUxBlgxdET5p4699
9Z0EhFqY7dni5GH1EYQ2IiB5v3kNxtpnwi6p0ShEbzz8UyquKqFllZfcNb0Rv1dc
CG0gkk3GxWcpgtbvuxk6F47KG7iwAV8aegAgocgIjcbN6yVyehNYfbzGODDBHIPN
xTw=
-----END CERTIFICATE-----