Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/GvesPV3ovY0qaUXjE7QoWqPCu-I.roa
File:                     GvesPV3ovY0qaUXjE7QoWqPCu-I.roa (raw, json)
Hash identifier:          5wD+bTgu/ptjjGBqxOW4cm9adypJrOOVMzdpSNrFCsc=
Subject key identifier:   1A:F7:AC:3D:5D:E8:BD:8D:2A:69:45:E3:13:B4:28:5A:A3:C2:BB:E2
Certificate issuer:       /CN=bc4703e08ca0d6a310cbc643ffcb307ff6cdc65c
Certificate serial:       018CC86EFBBB7ADE915FF9F4BEC8869F0E76
Authority key identifier: BC:47:03:E0:8C:A0:D6:A3:10:CB:C6:43:FF:CB:30:7F:F6:CD:C6:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/GvesPV3ovY0qaUXjE7QoWqPCu-I.roa
Signing time:             Tue 02 Jan 2024 04:29:25 +0000
ROA not before:           Tue 02 Jan 2024 04:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57643
IP address blocks:        185.188.164.0/22 maxlen: 22
                          185.174.120.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 Nov 2024 17:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:fb:bb:7a:de:91:5f:f9:f4:be:c8:86:9f:0e:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc4703e08ca0d6a310cbc643ffcb307ff6cdc65c
        Validity
            Not Before: Jan  2 04:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1af7ac3d5de8bd8d2a6945e313b4285aa3c2bbe2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:26:dd:b9:7a:1f:88:d7:40:f6:c6:c5:8a:b4:
                    e7:aa:2c:ab:9d:fd:41:ee:46:80:b6:8a:37:6c:86:
                    80:d6:30:c8:32:c3:e2:ab:a1:a7:d7:97:5c:2a:10:
                    ec:b3:36:55:a7:3d:97:4e:4a:1b:5f:74:90:0f:c3:
                    f3:a0:d1:e1:b7:85:c4:44:dc:fd:08:b2:36:aa:29:
                    08:7a:7a:bf:84:62:34:0c:07:e3:40:c8:71:87:89:
                    bc:d0:11:0c:cd:fa:18:c1:f7:76:62:97:b2:18:dc:
                    4b:11:c9:75:87:13:03:c2:b5:bc:dc:c7:5b:01:ef:
                    d3:84:1d:3a:43:5a:42:1d:ad:49:55:c9:07:c5:8f:
                    ce:0c:33:ba:81:0d:11:28:f7:cf:b7:f1:05:45:b9:
                    13:a7:5f:05:19:bc:c3:04:a8:0e:a7:ac:4a:8f:25:
                    c1:12:1e:67:c9:d5:ec:b6:1a:d8:34:ad:2d:49:ef:
                    d0:fb:7d:03:2b:cb:3e:e7:65:5a:d1:5e:ea:f0:75:
                    0a:b6:3e:50:fb:b5:2e:7a:3e:81:c9:f1:5b:a3:10:
                    9a:83:53:d0:34:18:60:08:d5:b5:32:6d:72:b9:fe:
                    fe:fb:1f:68:c8:11:46:c8:70:eb:b7:a3:4b:cc:28:
                    71:1c:85:d2:d9:97:ba:33:86:14:9a:96:7c:bb:9c:
                    94:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:F7:AC:3D:5D:E8:BD:8D:2A:69:45:E3:13:B4:28:5A:A3:C2:BB:E2
            X509v3 Authority Key Identifier:
                keyid:BC:47:03:E0:8C:A0:D6:A3:10:CB:C6:43:FF:CB:30:7F:F6:CD:C6:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/GvesPV3ovY0qaUXjE7QoWqPCu-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/863ba0-0476-43d7-8be7-66eda228fec7/1/vEcD4Iyg1qMQy8ZD_8swf_bNxlw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.174.120.0/22
                  185.188.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:38:d3:83:12:af:c8:91:8d:34:05:66:79:ac:b3:bd:37:6f:
         79:4e:2c:ce:b0:31:41:25:19:d3:21:72:07:bb:a2:c4:e6:65:
         cd:6a:23:82:9d:08:47:f5:d0:28:ac:85:91:24:b9:5d:93:d9:
         b1:0a:ca:fb:6a:44:21:bf:8d:6d:67:fe:33:4d:68:80:bf:6b:
         93:bc:fb:f1:89:b8:2e:da:bd:7b:be:f8:6e:86:34:b4:aa:6e:
         a4:9a:c6:d1:4d:d7:1d:e7:8d:d2:d0:8c:b0:39:63:d0:a5:d2:
         e8:83:e8:7b:b2:0c:bb:ea:db:67:c1:4c:e7:9e:7e:ae:0e:71:
         82:98:f6:77:d7:f4:0b:e6:f6:b3:5a:47:37:f6:88:96:a2:9e:
         4f:9a:09:f6:bf:8a:75:63:d0:2f:52:89:97:d1:4d:d7:ce:74:
         c5:9a:48:b0:87:52:34:76:6f:89:b9:3c:cd:13:66:c5:7f:fc:
         d0:35:71:b5:2b:18:52:b5:51:09:bf:c6:fe:5c:83:cd:b0:0f:
         e7:12:50:20:90:fa:8c:27:9b:7e:e5:ad:5c:ae:20:28:a3:98:
         75:2a:59:06:35:59:ee:9c:ee:ca:7e:19:4a:1a:89:c2:2c:cb:
         5d:fc:83:22:15:97:63:27:ea:34:fa:8d:ee:35:c7:a3:a7:79:
         fd:27:de:6b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIbvu7et6RX/n0vsiGnw52MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNDcwM2UwOGNhMGQ2YTMxMGNiYzY0M2ZmY2IzMDdmZjZj
ZGM2NWMwHhcNMjQwMTAyMDQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWY3YWMzZDVkZThiZDhkMmE2OTQ1ZTMxM2I0Mjg1YWEzYzJiYmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtybduXofiNdA9sbFirTnqiyrnf1B
7kaAtoo3bIaA1jDIMsPiq6Gn15dcKhDsszZVpz2XTkobX3SQD8PzoNHht4XERNz9
CLI2qikIenq/hGI0DAfjQMhxh4m80BEMzfoYwfd2YpeyGNxLEcl1hxMDwrW83Mdb
Ae/ThB06Q1pCHa1JVckHxY/ODDO6gQ0RKPfPt/EFRbkTp18FGbzDBKgOp6xKjyXB
Eh5nydXsthrYNK0tSe/Q+30DK8s+52Va0V7q8HUKtj5Q+7Uuej6ByfFboxCag1PQ
NBhgCNW1Mm1yuf7++x9oyBFGyHDrt6NLzChxHIXS2Ze6M4YUmpZ8u5yUJQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBr3rD1d6L2NKmlF4xO0KFqjwrviMB8GA1UdIwQY
MBaAFLxHA+CMoNajEMvGQ//LMH/2zcZcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkVjRDRJeWcxcU1ReThaRF84c3dmX2JOeGx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy84NjNiYTAtMDQ3Ni00M2Q3LThiZTct
NjZlZGEyMjhmZWM3LzEvR3Zlc1BWM292WTBxYVVYakU3UW9XcVBDdS1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy84NjNiYTAtMDQ3Ni00M2Q3LThiZTctNjZlZGEyMjhmZWM3
LzEvdkVjRDRJeWcxcU1ReThaRF84c3dmX2JOeGx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCua54AwQC
ubykMA0GCSqGSIb3DQEBCwUAA4IBAQAdONODEq/IkY00BWZ5rLO9N295TizOsDFB
JRnTIXIHu6LE5mXNaiOCnQhH9dAorIWRJLldk9mxCsr7akQhv41tZ/4zTWiAv2uT
vPvxibgu2r17vvhuhjS0qm6kmsbRTdcd543S0IywOWPQpdLog+h7sgy76ttnwUzn
nn6uDnGCmPZ31/QL5vazWkc39oiWop5Pmgn2v4p1Y9AvUomX0U3XznTFmkiwh1I0
dm+JuTzNE2bFf/zQNXG1KxhStVEJv8b+XIPNsA/nElAgkPqMJ5t+5a1criAoo5h1
KlkGNVnunO7KfhlKGonCLMtd/IMiFZdjJ+o0+o3uNcejp3n9J95r
-----END CERTIFICATE-----