Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/88c995-ede0-4cc4-a66d-25baa8230fcb/1/GfLGR7OTqR7IvM9VAF8hpYCPpM0.roa
File:                     GfLGR7OTqR7IvM9VAF8hpYCPpM0.roa (raw, json)
Hash identifier:          dFo23y2okKOUuuOYKsKtpIA140pPCyKHi2tADmZeQG4=
Subject key identifier:   19:F2:C6:47:B3:93:A9:1E:C8:BC:CF:55:00:5F:21:A5:80:8F:A4:CD
Certificate issuer:       /CN=fbbf4d59cbd978ae1127c67fd22f04c62ff837cf
Certificate serial:       018CC492FC3DDEFB337972C210F2CC9D4F6A
Authority key identifier: FB:BF:4D:59:CB:D9:78:AE:11:27:C6:7F:D2:2F:04:C6:2F:F8:37:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-79NWcvZeK4RJ8Z_0i8Exi_4N88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/88c995-ede0-4cc4-a66d-25baa8230fcb/1/GfLGR7OTqR7IvM9VAF8hpYCPpM0.roa
Signing time:             Mon 01 Jan 2024 10:30:16 +0000
ROA not before:           Mon 01 Jan 2024 10:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51800
IP address blocks:        217.28.80.0/21 maxlen: 21
                          217.28.88.0/21 maxlen: 21
                          2a02:28a8::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/88c995-ede0-4cc4-a66d-25baa8230fcb/1/1-79NWcvZeK4RJ8Z_0i8Exi_4N88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/88c995-ede0-4cc4-a66d-25baa8230fcb/1/1-79NWcvZeK4RJ8Z_0i8Exi_4N88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-79NWcvZeK4RJ8Z_0i8Exi_4N88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:fc:3d:de:fb:33:79:72:c2:10:f2:cc:9d:4f:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbbf4d59cbd978ae1127c67fd22f04c62ff837cf
        Validity
            Not Before: Jan  1 10:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19f2c647b393a91ec8bccf55005f21a5808fa4cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:4a:e8:d8:77:ca:97:14:85:7d:8f:d2:0c:fd:
                    24:2c:43:68:3f:90:2f:26:d7:be:8c:4b:1c:25:f5:
                    dc:bd:2d:87:72:9e:48:63:0d:d4:a6:af:3d:3c:3b:
                    a6:e3:e7:29:51:72:50:2e:0c:dd:03:ce:6a:db:25:
                    c9:03:e7:00:d5:bc:94:a1:ac:29:5d:cb:18:1e:ec:
                    f7:b1:23:f8:71:08:d0:b3:88:e1:a5:c7:04:b7:de:
                    22:dd:b0:ae:5c:4a:ff:b4:cb:1b:c3:47:85:cc:f0:
                    49:14:ea:9e:f9:44:ac:1e:e2:17:f6:88:0b:ea:7f:
                    7d:f1:64:ae:a1:8f:4b:27:be:11:88:e4:31:a4:8c:
                    22:6c:79:d6:88:8c:ae:ee:a1:b9:fe:25:56:d3:88:
                    10:d4:f8:5f:56:df:40:32:f1:91:58:de:10:ae:96:
                    fc:99:94:84:35:5f:d1:db:7e:a7:79:9a:be:37:4e:
                    d3:c5:25:4c:fe:ec:37:d5:52:ca:96:f6:41:7e:3e:
                    6c:33:c9:f2:cd:66:16:81:6d:c9:53:b4:96:6a:71:
                    37:6b:05:4a:c4:c5:11:68:bb:05:e3:d2:c2:a3:a6:
                    0a:32:30:40:70:4a:e8:ac:37:5d:02:83:96:1f:e4:
                    f1:d9:a4:4a:24:cb:88:89:95:80:f7:c3:b7:24:58:
                    6c:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:F2:C6:47:B3:93:A9:1E:C8:BC:CF:55:00:5F:21:A5:80:8F:A4:CD
            X509v3 Authority Key Identifier:
                keyid:FB:BF:4D:59:CB:D9:78:AE:11:27:C6:7F:D2:2F:04:C6:2F:F8:37:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-79NWcvZeK4RJ8Z_0i8Exi_4N88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/88c995-ede0-4cc4-a66d-25baa8230fcb/1/GfLGR7OTqR7IvM9VAF8hpYCPpM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/88c995-ede0-4cc4-a66d-25baa8230fcb/1/1-79NWcvZeK4RJ8Z_0i8Exi_4N88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.28.80.0/20
                IPv6:
                  2a02:28a8::/32

    Signature Algorithm: sha256WithRSAEncryption
         51:f4:f3:d8:33:98:4d:d2:6b:de:61:57:67:d7:3e:f3:b4:df:
         bf:9d:90:b2:c8:8d:99:39:19:82:30:01:c8:0d:de:fd:67:51:
         e4:45:a5:24:ea:8d:90:80:9c:8b:93:c6:7d:2f:81:4c:ee:5c:
         96:be:2b:7d:62:8f:d8:55:98:50:ce:df:0f:8a:2d:63:9d:19:
         9e:37:a8:4a:d9:82:7e:e0:98:09:a8:ab:d0:c2:1d:bb:cb:5b:
         3f:1c:df:75:1e:a5:0b:be:9e:b2:9c:9a:97:f4:92:86:e5:e0:
         f0:8d:b8:e1:02:52:37:f7:90:bf:39:9d:c2:0c:3e:8c:09:23:
         85:69:cf:af:b2:6e:32:6f:60:b2:99:f0:64:39:be:ae:ee:0e:
         37:90:3c:06:90:77:37:79:23:f9:d2:fa:db:80:09:ca:1b:8e:
         6c:45:0d:1c:b1:6d:9a:27:ca:b5:d3:95:2f:8e:05:4e:6c:cf:
         7c:d6:8e:9d:6d:d3:06:7b:27:1c:4e:16:c4:cb:58:55:74:5a:
         74:e1:47:69:58:10:23:fe:a5:41:6c:5d:52:c7:1d:ab:90:c2:
         33:4e:61:8b:0f:d7:c6:74:ac:ed:a0:da:99:07:f9:ed:82:b4:
         fe:0a:3a:dc:d1:64:6f:e8:13:8e:6f:50:66:65:0d:a5:25:5e:
         d1:c9:49:cd
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEkvw93vszeXLCEPLMnU9qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiYmY0ZDU5Y2JkOTc4YWUxMTI3YzY3ZmQyMmYwNGM2MmZm
ODM3Y2YwHhcNMjQwMTAxMTAzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWYyYzY0N2IzOTNhOTFlYzhiY2NmNTUwMDVmMjFhNTgwOGZhNGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiEro2HfKlxSFfY/SDP0kLENoP5Av
Jte+jEscJfXcvS2Hcp5IYw3Upq89PDum4+cpUXJQLgzdA85q2yXJA+cA1byUoawp
XcsYHuz3sSP4cQjQs4jhpccEt94i3bCuXEr/tMsbw0eFzPBJFOqe+USsHuIX9ogL
6n998WSuoY9LJ74RiOQxpIwibHnWiIyu7qG5/iVW04gQ1PhfVt9AMvGRWN4Qrpb8
mZSENV/R236neZq+N07TxSVM/uw31VLKlvZBfj5sM8nyzWYWgW3JU7SWanE3awVK
xMURaLsF49LCo6YKMjBAcErorDddAoOWH+Tx2aRKJMuIiZWA98O3JFhs+wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBnyxkezk6keyLzPVQBfIaWAj6TNMB8GA1UdIwQY
MBaAFPu/TVnL2XiuESfGf9IvBMYv+DfPMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS03OU5XY3ZaZUs0Uko4Wl8waThFeGlfNE44OC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQvODhjOTk1LWVkZTAtNGNjNC1hNjZk
LTI1YmFhODIzMGZjYi8xL0dmTEdSN09UcVI3SXZNOVZBRjhocFlDUHBNMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzQvODhjOTk1LWVkZTAtNGNjNC1hNjZkLTI1YmFhODIzMGZj
Yi8xLzEtNzlOV2N2WmVLNFJKOFpfMGk4RXhpXzROODguY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBATZHFAw
DQQCAAIwBwMFACoCKKgwDQYJKoZIhvcNAQELBQADggEBAFH089gzmE3Sa95hV2fX
PvO037+dkLLIjZk5GYIwAcgN3v1nUeRFpSTqjZCAnIuTxn0vgUzuXJa+K31ij9hV
mFDO3w+KLWOdGZ43qErZgn7gmAmoq9DCHbvLWz8c33UepQu+nrKcmpf0kobl4PCN
uOECUjf3kL85ncIMPowJI4Vpz6+ybjJvYLKZ8GQ5vq7uDjeQPAaQdzd5I/nS+tuA
CcobjmxFDRyxbZonyrXTlS+OBU5sz3zWjp1t0wZ7JxxOFsTLWFV0WnThR2lYECP+
pUFsXVLHHauQwjNOYYsP18Z0rO2g2pkH+e2CtP4KOtzRZG/oE45vUGZlDaUlXtHJ
Sc0=
-----END CERTIFICATE-----