Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/aGSP9vTojYL08PVCENFTanL33Og.roa
File:                     aGSP9vTojYL08PVCENFTanL33Og.roa (raw, json)
Hash identifier:          guFRRGG/MztN4mHxOEGvDfBDLg/yquwfDuBF+q+fEMY=
Subject key identifier:   68:64:8F:F6:F4:E8:8D:82:F4:F0:F5:42:10:D1:53:6A:72:F7:DC:E8
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       0190CB48B7FFB5EDB1949E62F88467C2B5FD
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/aGSP9vTojYL08PVCENFTanL33Og.roa
Signing time:             Fri 19 Jul 2024 13:57:38 +0000
ROA not before:           Fri 19 Jul 2024 13:57:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60446
IP address blocks:        213.238.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:cb:48:b7:ff:b5:ed:b1:94:9e:62:f8:84:67:c2:b5:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Jul 19 13:57:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68648ff6f4e88d82f4f0f54210d1536a72f7dce8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:81:50:cf:5e:ff:ad:ca:3e:96:30:b0:52:68:
                    f6:a7:5d:5d:ae:ac:33:09:12:32:4e:f5:66:a9:d7:
                    c4:9b:c5:fd:e3:e1:70:fb:ef:b7:32:b9:69:14:fa:
                    a0:e1:48:b7:f9:6f:b2:fc:e6:4f:d6:53:b3:a6:2f:
                    e6:ed:62:1c:20:3b:f4:d9:8d:09:ca:fd:81:cc:f0:
                    4b:e2:e3:dd:87:db:d2:aa:68:13:a6:ba:57:2e:69:
                    63:c5:8b:b4:9d:ee:c0:a2:7d:c4:66:24:ec:e4:b7:
                    9a:3c:87:69:21:18:72:52:46:1d:fd:d4:77:73:55:
                    53:64:a1:c1:6a:62:d7:f1:14:f5:7f:d1:0e:31:df:
                    60:ac:22:0a:df:95:e1:2c:0a:8e:92:3a:3a:fa:11:
                    ab:46:85:a5:07:9f:5d:1a:e3:e6:a1:3a:01:1f:b9:
                    d8:ed:7a:9a:8d:a4:17:72:d4:9d:32:18:08:65:82:
                    b4:a4:74:af:58:fe:a1:10:af:4f:08:e8:f3:c5:bc:
                    ec:a1:37:02:03:fd:f4:5a:90:84:b5:5b:2e:b3:85:
                    49:8e:ee:97:7f:29:9b:64:4f:95:08:69:6a:72:42:
                    f8:04:c8:0f:b9:90:da:99:5e:13:ce:c6:42:fe:eb:
                    40:73:49:a2:a2:ea:87:c6:90:5f:ad:ca:7c:43:63:
                    e3:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:64:8F:F6:F4:E8:8D:82:F4:F0:F5:42:10:D1:53:6A:72:F7:DC:E8
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/aGSP9vTojYL08PVCENFTanL33Og.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:d9:a7:e2:1a:9f:92:ff:21:c0:59:14:d1:32:c0:82:7c:c8:
         f3:28:5b:64:32:db:90:da:e6:8f:94:10:ae:9d:e1:d9:f8:5a:
         a6:9c:28:ec:aa:0c:4a:a2:71:fa:12:41:a8:f2:6a:3d:9a:2c:
         8d:cb:52:27:59:86:60:f6:2b:15:32:af:b7:ed:03:7f:67:f9:
         81:65:ce:bb:70:08:60:3f:0b:50:b5:0b:01:83:e7:8b:fe:3f:
         92:d9:74:1a:eb:64:dd:51:bd:ec:99:03:d0:a9:f6:39:2f:fa:
         da:31:5a:08:c5:65:2b:94:6b:7e:36:9d:22:00:d4:6a:b0:f5:
         68:ed:91:32:9d:2f:7c:17:56:ba:73:37:0c:a0:7e:cd:70:1f:
         82:3f:16:b0:b0:c4:76:74:c3:4c:5b:73:36:5e:36:b5:32:e8:
         2d:65:8a:06:22:5d:bd:7e:53:32:ff:a9:57:a0:10:00:f4:7f:
         97:ae:7b:d3:a3:be:7b:ac:3e:80:ea:1a:e1:83:ee:61:73:ae:
         34:2e:98:04:c4:f4:03:50:8a:94:f9:2d:57:15:27:53:6d:d1:
         ac:5e:42:ba:7e:d0:83:c4:d8:7b:7f:db:cb:da:67:11:56:67:
         0e:5c:5b:e1:37:95:4a:cd:f3:bb:a0:ac:d2:ca:0b:9b:66:83:
         90:9c:35:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDLSLf/te2xlJ5i+IRnwrX9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjQwNzE5MTM1NzM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODY0OGZmNmY0ZTg4ZDgyZjRmMGY1NDIxMGQxNTM2YTcyZjdkY2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAooFQz17/rco+ljCwUmj2p11drqwz
CRIyTvVmqdfEm8X94+Fw+++3MrlpFPqg4Ui3+W+y/OZP1lOzpi/m7WIcIDv02Y0J
yv2BzPBL4uPdh9vSqmgTprpXLmljxYu0ne7Aon3EZiTs5LeaPIdpIRhyUkYd/dR3
c1VTZKHBamLX8RT1f9EOMd9grCIK35XhLAqOkjo6+hGrRoWlB59dGuPmoToBH7nY
7XqajaQXctSdMhgIZYK0pHSvWP6hEK9PCOjzxbzsoTcCA/30WpCEtVsus4VJju6X
fymbZE+VCGlqckL4BMgPuZDamV4TzsZC/utAc0miouqHxpBfrcp8Q2PjeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGhkj/b06I2C9PD1QhDRU2py99zoMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvYUdTUDl2VG9qWUwwOFBWQ0VORlRhbkwzM09nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e6rMA0G
CSqGSIb3DQEBCwUAA4IBAQBe2afiGp+S/yHAWRTRMsCCfMjzKFtkMtuQ2uaPlBCu
neHZ+FqmnCjsqgxKonH6EkGo8mo9miyNy1InWYZg9isVMq+37QN/Z/mBZc67cAhg
PwtQtQsBg+eL/j+S2XQa62TdUb3smQPQqfY5L/raMVoIxWUrlGt+Np0iANRqsPVo
7ZEynS98F1a6czcMoH7NcB+CPxawsMR2dMNMW3M2Xja1MugtZYoGIl29flMy/6lX
oBAA9H+XrnvTo757rD6A6hrhg+5hc640LpgExPQDUIqU+S1XFSdTbdGsXkK6ftCD
xNh7f9vL2mcRVmcOXFvhN5VKzfO7oKzSygubZoOQnDXw
-----END CERTIFICATE-----