Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/GesJNjy5y8XPRS9F2fPSGw-L5aE.roa
File:                     GesJNjy5y8XPRS9F2fPSGw-L5aE.roa (raw, json)
Hash identifier:          LuIlahiqHYKrRz78ea68aIMcO+MkUDl0cSLrYgrft9U=
Subject key identifier:   19:EB:09:36:3C:B9:CB:C5:CF:45:2F:45:D9:F3:D2:1B:0F:8B:E5:A1
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       018CC7275004B93ABF56157D5E582FFFF56B
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/GesJNjy5y8XPRS9F2fPSGw-L5aE.roa
Signing time:             Mon 01 Jan 2024 22:31:31 +0000
ROA not before:           Mon 01 Jan 2024 22:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48779
IP address blocks:        213.238.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:50:04:b9:3a:bf:56:15:7d:5e:58:2f:ff:f5:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Jan  1 22:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19eb09363cb9cbc5cf452f45d9f3d21b0f8be5a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:67:7c:1e:0d:73:bc:63:16:af:a6:fb:bb:e4:
                    36:4e:35:38:62:04:ba:7c:60:32:45:61:ac:ae:d6:
                    e8:2c:54:bc:ba:1e:8c:50:33:ae:d5:08:40:7d:44:
                    26:a5:b1:33:cc:31:a4:39:cf:a2:cc:46:8a:81:6a:
                    78:22:84:3c:10:b9:d5:f3:b3:7c:30:66:a9:d1:84:
                    d7:39:0a:b6:0c:a4:bc:ed:3f:d9:d1:aa:ca:b9:e7:
                    2c:d7:2e:44:e1:71:55:80:0c:4d:7c:6a:44:65:47:
                    cd:6c:8d:f9:e2:21:8b:b5:7a:3b:06:57:25:97:9d:
                    3a:1e:db:bb:be:89:92:03:fe:0a:23:ab:ea:3b:c8:
                    fd:c8:37:62:55:5e:d5:ae:e5:93:1f:bb:16:ac:9e:
                    17:e1:e1:c6:38:69:8f:09:03:ff:f1:42:39:6c:0f:
                    ee:0c:ac:e0:4b:45:6f:81:c3:7c:7d:86:4b:6b:10:
                    a4:ca:9a:91:d6:44:71:21:45:57:29:b9:d7:9d:4b:
                    10:19:2c:38:7d:5f:79:78:a2:9a:99:2e:34:c5:2c:
                    f9:cf:79:d6:1b:86:a1:4c:71:90:ab:6f:ee:09:a3:
                    96:64:71:60:92:b4:2e:70:a8:96:c2:d2:f2:f9:3c:
                    e5:39:4d:c2:7d:ce:83:b6:f7:50:bb:f3:e0:0e:14:
                    cf:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:EB:09:36:3C:B9:CB:C5:CF:45:2F:45:D9:F3:D2:1B:0F:8B:E5:A1
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/GesJNjy5y8XPRS9F2fPSGw-L5aE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:68:0e:9b:30:54:56:71:62:07:b4:8c:25:44:ad:16:c3:56:
         1e:00:b8:4a:de:a5:82:58:dc:e1:5d:68:f5:b3:83:0a:6b:16:
         44:09:38:ee:63:6f:67:31:47:db:3c:18:e1:38:ab:48:8e:60:
         db:3c:11:67:77:e8:a9:6c:b3:ef:aa:f8:31:9c:08:53:4e:ee:
         ea:77:ac:d6:79:90:af:7f:e9:89:b5:c4:9c:c2:db:6a:de:30:
         c6:df:4f:27:69:c0:d8:b6:a5:4a:4e:8d:a5:1c:94:89:af:c8:
         6c:47:68:d8:5d:57:58:7b:e7:e3:81:21:12:55:57:4d:7e:2f:
         82:aa:75:07:14:1a:b1:0a:8b:d3:78:2c:dd:c6:b6:b3:7f:8b:
         aa:04:4b:e1:dc:e1:35:81:06:57:1d:1d:97:0b:1f:8d:ad:1a:
         be:78:38:65:da:e2:fd:90:1a:71:8b:74:2f:cd:86:be:76:b0:
         b5:b2:dc:7d:c9:e3:b1:73:35:29:27:a2:27:42:fa:d8:6a:a8:
         2a:71:c8:18:d5:9f:01:7e:9b:d6:74:ef:57:9c:90:5f:56:80:
         71:aa:cb:77:3f:6c:b0:d1:38:08:b3:c4:2e:54:00:0c:e1:a4:
         54:b4:0a:b8:40:2e:c8:b3:7b:38:a9:be:94:41:9f:86:72:3f:
         41:bb:54:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ1AEuTq/VhV9Xlgv//VrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjQwMTAxMjIzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWViMDkzNjNjYjljYmM1Y2Y0NTJmNDVkOWYzZDIxYjBmOGJlNWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi2d8Hg1zvGMWr6b7u+Q2TjU4YgS6
fGAyRWGsrtboLFS8uh6MUDOu1QhAfUQmpbEzzDGkOc+izEaKgWp4IoQ8ELnV87N8
MGap0YTXOQq2DKS87T/Z0arKuecs1y5E4XFVgAxNfGpEZUfNbI354iGLtXo7Blcl
l506Htu7vomSA/4KI6vqO8j9yDdiVV7VruWTH7sWrJ4X4eHGOGmPCQP/8UI5bA/u
DKzgS0VvgcN8fYZLaxCkypqR1kRxIUVXKbnXnUsQGSw4fV95eKKamS40xSz5z3nW
G4ahTHGQq2/uCaOWZHFgkrQucKiWwtLy+TzlOU3Cfc6DtvdQu/PgDhTPHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBnrCTY8ucvFz0UvRdnz0hsPi+WhMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvR2VzSk5qeTV5OFhQUlM5RjJmUFNHdy1MNWFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e6gMA0G
CSqGSIb3DQEBCwUAA4IBAQBBaA6bMFRWcWIHtIwlRK0Ww1YeALhK3qWCWNzhXWj1
s4MKaxZECTjuY29nMUfbPBjhOKtIjmDbPBFnd+ipbLPvqvgxnAhTTu7qd6zWeZCv
f+mJtcScwttq3jDG308nacDYtqVKTo2lHJSJr8hsR2jYXVdYe+fjgSESVVdNfi+C
qnUHFBqxCovTeCzdxrazf4uqBEvh3OE1gQZXHR2XCx+NrRq+eDhl2uL9kBpxi3Qv
zYa+drC1stx9yeOxczUpJ6InQvrYaqgqccgY1Z8BfpvWdO9XnJBfVoBxqst3P2yw
0TgIs8QuVAAM4aRUtAq4QC7Is3s4qb6UQZ+Gcj9Bu1Qb
-----END CERTIFICATE-----