Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/333c1a-e4a5-496d-9a81-b791b989af29/1/GdG9CS4ieDqfztDt69BlMRWVY9M.roa
File:                     GdG9CS4ieDqfztDt69BlMRWVY9M.roa (raw, json)
Hash identifier:          bA4/r5m7llSQJyr0caHsTpCUdDXdy/tLEDp5e/wpHjc=
Subject key identifier:   19:D1:BD:09:2E:22:78:3A:9F:CE:D0:ED:EB:D0:65:31:15:95:63:D3
Certificate issuer:       /CN=d8a3cacdf8f33514be3abdc52c50ec864675e955
Certificate serial:       018CC64A95CE016247E77B7E4DCAEEF0CFF8
Authority key identifier: D8:A3:CA:CD:F8:F3:35:14:BE:3A:BD:C5:2C:50:EC:86:46:75:E9:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2KPKzfjzNRS-Or3FLFDshkZ16VU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/333c1a-e4a5-496d-9a81-b791b989af29/1/GdG9CS4ieDqfztDt69BlMRWVY9M.roa
Signing time:             Mon 01 Jan 2024 18:30:25 +0000
ROA not before:           Mon 01 Jan 2024 18:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15380
IP address blocks:        193.0.231.0/24 maxlen: 24
                          2001:678:a20::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/333c1a-e4a5-496d-9a81-b791b989af29/1/2KPKzfjzNRS-Or3FLFDshkZ16VU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/333c1a-e4a5-496d-9a81-b791b989af29/1/2KPKzfjzNRS-Or3FLFDshkZ16VU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2KPKzfjzNRS-Or3FLFDshkZ16VU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 19:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:95:ce:01:62:47:e7:7b:7e:4d:ca:ee:f0:cf:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8a3cacdf8f33514be3abdc52c50ec864675e955
        Validity
            Not Before: Jan  1 18:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19d1bd092e22783a9fced0edebd06531159563d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:db:f2:e8:6f:fe:2c:76:e4:0c:c8:b3:69:32:
                    f7:bf:a3:ce:39:65:17:18:82:6d:23:d1:ab:43:14:
                    a6:75:cc:c1:cd:ed:a1:4b:6e:d3:f0:49:0b:46:86:
                    2e:a6:88:78:91:02:f3:30:65:0e:db:7b:b2:45:d9:
                    fc:ee:c2:d3:d7:40:f5:8c:4a:8c:ab:ce:03:7b:e6:
                    c5:e3:61:04:a0:6f:28:f5:a0:34:fb:77:58:61:93:
                    1e:3b:3d:07:2c:95:59:39:9c:a4:07:2e:40:17:d5:
                    20:a7:fa:5f:8c:17:09:21:31:4e:a3:02:9d:83:47:
                    6b:f2:a6:ec:65:43:8e:06:e3:99:f2:b0:b9:e4:6f:
                    70:d5:e7:8a:00:41:d2:bd:24:6a:e0:1d:8b:72:48:
                    9d:58:4d:0f:fa:05:c1:bd:0b:c1:0c:77:a3:97:ce:
                    92:2c:2e:8b:47:e3:2f:05:c2:f1:d4:6d:bd:1b:e4:
                    ec:a4:9d:5a:79:f8:e1:18:3a:a0:4a:71:e2:6c:09:
                    39:e7:5f:05:3a:1e:b6:50:48:a8:c7:42:1f:8f:56:
                    2d:44:90:ae:44:c1:4a:98:c6:80:48:51:f9:b4:e9:
                    98:31:ab:1e:0a:48:02:d3:85:75:4c:68:1b:9a:63:
                    2d:9c:96:21:73:0b:3b:eb:84:3b:e5:b4:f9:91:a1:
                    a1:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:D1:BD:09:2E:22:78:3A:9F:CE:D0:ED:EB:D0:65:31:15:95:63:D3
            X509v3 Authority Key Identifier:
                keyid:D8:A3:CA:CD:F8:F3:35:14:BE:3A:BD:C5:2C:50:EC:86:46:75:E9:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2KPKzfjzNRS-Or3FLFDshkZ16VU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/333c1a-e4a5-496d-9a81-b791b989af29/1/GdG9CS4ieDqfztDt69BlMRWVY9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/333c1a-e4a5-496d-9a81-b791b989af29/1/2KPKzfjzNRS-Or3FLFDshkZ16VU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.231.0/24
                IPv6:
                  2001:678:a20::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:b0:b4:d3:b2:22:f1:af:fb:07:c2:cb:d2:12:ba:f0:71:90:
         1d:7f:9b:9c:86:b2:ba:7b:44:62:4d:b0:93:be:32:5f:cf:34:
         e7:69:09:72:19:0c:77:12:2a:50:3f:7c:6f:91:8a:ad:3b:27:
         8c:5f:37:e5:6c:2a:5c:d6:f2:95:9b:a9:04:70:65:6f:ff:fb:
         4e:f1:cd:7c:be:c8:7a:57:f4:8e:74:58:20:9b:06:ad:90:f0:
         91:84:84:92:6a:a8:85:84:3a:03:0d:61:72:bd:2e:28:8c:a6:
         48:30:63:d7:cf:a6:bf:85:ec:3a:97:c8:d0:15:be:18:68:09:
         40:71:6f:52:1b:c3:46:69:38:1d:b9:b9:5e:81:58:07:8d:c3:
         21:40:fa:6c:38:e2:1f:c7:67:33:9d:37:8f:5d:69:96:f5:c1:
         26:99:ff:dd:6e:89:00:43:16:91:b2:7b:fe:50:33:4a:da:68:
         8c:5b:3b:28:77:92:58:a0:bf:54:74:f0:b9:a1:37:47:c9:74:
         4a:25:78:09:76:9b:26:d7:0f:71:48:60:b2:22:50:d9:cf:84:
         4f:3c:dd:56:ed:f4:f0:8f:59:b1:50:e0:c6:4c:09:19:48:ad:
         39:b4:f7:4a:66:67:49:c0:7a:39:c0:a5:37:4b:0b:27:87:7a:
         ae:7b:a5:02
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGSpXOAWJH53t+Tcru8M/4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4YTNjYWNkZjhmMzM1MTRiZTNhYmRjNTJjNTBlYzg2NDY3
NWU5NTUwHhcNMjQwMTAxMTgzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWQxYmQwOTJlMjI3ODNhOWZjZWQwZWRlYmQwNjUzMTE1OTU2M2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtvy6G/+LHbkDMizaTL3v6POOWUX
GIJtI9GrQxSmdczBze2hS27T8EkLRoYupoh4kQLzMGUO23uyRdn87sLT10D1jEqM
q84De+bF42EEoG8o9aA0+3dYYZMeOz0HLJVZOZykBy5AF9Ugp/pfjBcJITFOowKd
g0dr8qbsZUOOBuOZ8rC55G9w1eeKAEHSvSRq4B2LckidWE0P+gXBvQvBDHejl86S
LC6LR+MvBcLx1G29G+TspJ1aefjhGDqgSnHibAk5518FOh62UEiox0Ifj1YtRJCu
RMFKmMaASFH5tOmYMaseCkgC04V1TGgbmmMtnJYhcws764Q75bT5kaGhOQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBnRvQkuIng6n87Q7evQZTEVlWPTMB8GA1UdIwQY
MBaAFNijys348zUUvjq9xSxQ7IZGdelVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMktQS3pmanpOUlMtT3IzRkxGRHNoa1oxNlZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zMzNjMWEtZTRhNS00OTZkLTlhODEt
Yjc5MWI5ODlhZjI5LzEvR2RHOUNTNGllRHFmenREdDY5QmxNUldWWTlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zMzNjMWEtZTRhNS00OTZkLTlhODEtYjc5MWI5ODlhZjI5
LzEvMktQS3pmanpOUlMtT3IzRkxGRHNoa1oxNlZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwQDnMA8E
AgACMAkDBwAgAQZ4CiAwDQYJKoZIhvcNAQELBQADggEBAEywtNOyIvGv+wfCy9IS
uvBxkB1/m5yGsrp7RGJNsJO+Ml/PNOdpCXIZDHcSKlA/fG+Riq07J4xfN+VsKlzW
8pWbqQRwZW//+07xzXy+yHpX9I50WCCbBq2Q8JGEhJJqqIWEOgMNYXK9LiiMpkgw
Y9fPpr+F7DqXyNAVvhhoCUBxb1Ibw0ZpOB25uV6BWAeNwyFA+mw44h/HZzOdN49d
aZb1wSaZ/91uiQBDFpGye/5QM0raaIxbOyh3kligv1R08LmhN0fJdEoleAl2mybX
D3FIYLIiUNnPhE883Vbt9PCPWbFQ4MZMCRlIrTm090pmZ0nAejnApTdLCyeHeq57
pQI=
-----END CERTIFICATE-----