Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/f8c445-0aab-4087-a0d3-9347591910a8/1/GYlRvXs1Zdvb45K-HqLdD1lx0Xk.roa
File:                     GYlRvXs1Zdvb45K-HqLdD1lx0Xk.roa (raw, json)
Hash identifier:          LsH8/524XJMJXLE/lJ03R9dmHJiOZvoqmGRDD05Za/M=
Subject key identifier:   19:89:51:BD:7B:35:65:DB:DB:E3:92:BE:1E:A2:DD:0F:59:71:D1:79
Certificate issuer:       /CN=aac6af0c29bebc7c485cf8001da9f19930ace45d
Certificate serial:       018CC2DAC18B4BEEB26FEF16DE3AE4751BB2
Authority key identifier: AA:C6:AF:0C:29:BE:BC:7C:48:5C:F8:00:1D:A9:F1:99:30:AC:E4:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qsavDCm-vHxIXPgAHanxmTCs5F0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/f8c445-0aab-4087-a0d3-9347591910a8/1/GYlRvXs1Zdvb45K-HqLdD1lx0Xk.roa
Signing time:             Mon 01 Jan 2024 02:29:25 +0000
ROA not before:           Mon 01 Jan 2024 02:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199290
IP address blocks:        185.79.4.0/22 maxlen: 24
                          185.241.28.0/22 maxlen: 24
                          185.196.16.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/f8c445-0aab-4087-a0d3-9347591910a8/1/qsavDCm-vHxIXPgAHanxmTCs5F0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/f8c445-0aab-4087-a0d3-9347591910a8/1/qsavDCm-vHxIXPgAHanxmTCs5F0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qsavDCm-vHxIXPgAHanxmTCs5F0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c1:8b:4b:ee:b2:6f:ef:16:de:3a:e4:75:1b:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aac6af0c29bebc7c485cf8001da9f19930ace45d
        Validity
            Not Before: Jan  1 02:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=198951bd7b3565dbdbe392be1ea2dd0f5971d179
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b6:c7:8d:2c:b8:d5:d0:e8:4c:5b:59:8e:6f:
                    7d:c9:49:b1:02:50:4a:6f:d8:80:22:fb:e6:ad:3f:
                    bf:07:11:2c:42:da:1a:f6:e5:ae:44:1b:93:d2:2f:
                    1a:ed:a6:1f:85:53:10:13:db:d1:f8:a2:08:b4:b2:
                    84:4a:84:35:50:a9:46:cd:4a:98:4e:40:00:7a:6e:
                    ba:5b:1c:51:4a:26:b3:bb:17:51:a9:f6:cf:0c:7e:
                    af:16:51:b6:18:61:0a:c4:9e:cb:3d:f8:8d:9a:89:
                    bc:b6:37:95:07:33:9f:01:1f:3f:b9:0c:b3:6f:e8:
                    55:26:b5:a1:f1:a7:71:2c:15:c6:27:d9:fa:8c:8d:
                    fa:a4:a3:bd:63:dd:4e:52:81:e3:ea:9a:73:2c:be:
                    25:02:e2:a2:4b:03:f1:ec:6f:cb:d4:67:0f:08:bd:
                    67:95:99:45:1d:5e:68:8d:63:66:c9:93:85:fc:72:
                    84:c5:7e:39:1b:eb:40:86:74:e2:02:ef:cb:a7:1a:
                    a7:35:ab:a8:22:80:e3:fc:dd:ed:96:5b:73:25:34:
                    62:fb:e0:01:f9:86:fc:73:2e:0c:fa:1f:de:6a:c4:
                    f8:1a:13:d5:03:93:3a:99:71:ea:a0:25:85:1a:e9:
                    66:c5:58:41:4e:77:e5:28:68:8e:fb:65:0f:2c:17:
                    ed:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:89:51:BD:7B:35:65:DB:DB:E3:92:BE:1E:A2:DD:0F:59:71:D1:79
            X509v3 Authority Key Identifier:
                keyid:AA:C6:AF:0C:29:BE:BC:7C:48:5C:F8:00:1D:A9:F1:99:30:AC:E4:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qsavDCm-vHxIXPgAHanxmTCs5F0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/f8c445-0aab-4087-a0d3-9347591910a8/1/GYlRvXs1Zdvb45K-HqLdD1lx0Xk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/f8c445-0aab-4087-a0d3-9347591910a8/1/qsavDCm-vHxIXPgAHanxmTCs5F0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.79.4.0/22
                  185.196.16.0/22
                  185.241.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:4a:48:1f:19:f9:50:e8:e1:15:4d:89:3f:2e:35:ae:f5:20:
         d4:05:71:38:42:2e:75:b0:8d:7b:71:e4:94:72:db:0d:19:87:
         de:73:2e:e0:80:0e:34:28:21:87:3f:bd:96:a5:31:18:8a:47:
         6e:65:22:ca:30:5d:1b:7d:fb:01:01:e3:ed:33:69:ca:44:dd:
         50:82:27:66:a5:65:c9:0b:07:8e:07:65:ac:b0:fd:c2:bd:ee:
         0c:2e:c5:c8:28:8c:af:40:91:c9:21:11:f2:0d:cd:b2:41:57:
         bf:51:e5:9d:87:8d:c1:5f:9f:8c:e8:8e:cf:50:d9:1d:6e:bd:
         99:99:a5:b9:23:41:1a:37:62:c8:2f:fa:48:1c:73:a8:30:75:
         6f:fc:c3:3f:99:02:bd:0d:a1:14:40:e0:08:de:32:6c:da:e2:
         42:ab:90:02:30:45:1c:45:d7:47:66:ec:5f:08:93:00:b1:41:
         26:fc:63:26:ec:c9:5a:98:85:3d:44:e8:0a:35:d4:3f:42:1a:
         5a:c2:b3:8e:37:ca:93:02:b8:29:de:83:d0:2d:c0:17:ee:81:
         7f:51:e8:23:3e:29:19:ea:27:35:41:d0:9a:34:f9:14:f3:78:
         6f:fd:98:8c:ca:1c:30:d4:29:09:6e:0b:3e:17:80:0f:3d:0b:
         a4:67:fb:8e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzC2sGLS+6yb+8W3jrkdRuyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhYzZhZjBjMjliZWJjN2M0ODVjZjgwMDFkYTlmMTk5MzBh
Y2U0NWQwHhcNMjQwMTAxMDIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTg5NTFiZDdiMzU2NWRiZGJlMzkyYmUxZWEyZGQwZjU5NzFkMTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLbHjSy41dDoTFtZjm99yUmxAlBK
b9iAIvvmrT+/BxEsQtoa9uWuRBuT0i8a7aYfhVMQE9vR+KIItLKESoQ1UKlGzUqY
TkAAem66WxxRSiazuxdRqfbPDH6vFlG2GGEKxJ7LPfiNmom8tjeVBzOfAR8/uQyz
b+hVJrWh8adxLBXGJ9n6jI36pKO9Y91OUoHj6ppzLL4lAuKiSwPx7G/L1GcPCL1n
lZlFHV5ojWNmyZOF/HKExX45G+tAhnTiAu/LpxqnNauoIoDj/N3tlltzJTRi++AB
+Yb8cy4M+h/easT4GhPVA5M6mXHqoCWFGulmxVhBTnflKGiO+2UPLBftOwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBmJUb17NWXb2+OSvh6i3Q9ZcdF5MB8GA1UdIwQY
MBaAFKrGrwwpvrx8SFz4AB2p8ZkwrORdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXNhdkRDbS12SHhJWFBnQUhhbnhtVENzNUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9mOGM0NDUtMGFhYi00MDg3LWEwZDMt
OTM0NzU5MTkxMGE4LzEvR1lsUnZYczFaZHZiNDVLLUhxTGREMWx4MFhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9mOGM0NDUtMGFhYi00MDg3LWEwZDMtOTM0NzU5MTkxMGE4
LzEvcXNhdkRDbS12SHhJWFBnQUhhbnhtVENzNUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuU8EAwQC
ucQQAwQCufEcMA0GCSqGSIb3DQEBCwUAA4IBAQBiSkgfGflQ6OEVTYk/LjWu9SDU
BXE4Qi51sI17ceSUctsNGYfecy7ggA40KCGHP72WpTEYikduZSLKMF0bffsBAePt
M2nKRN1QgidmpWXJCweOB2WssP3Cve4MLsXIKIyvQJHJIRHyDc2yQVe/UeWdh43B
X5+M6I7PUNkdbr2ZmaW5I0EaN2LIL/pIHHOoMHVv/MM/mQK9DaEUQOAI3jJs2uJC
q5ACMEUcRddHZuxfCJMAsUEm/GMm7MlamIU9ROgKNdQ/QhpawrOON8qTArgp3oPQ
LcAX7oF/UegjPikZ6ic1QdCaNPkU83hv/ZiMyhww1CkJbgs+F4APPQukZ/uO
-----END CERTIFICATE-----