Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/9d43cb-841c-40f2-9d9f-75f47f07c4e3/1/GYtqm3qIDPCcO12-9OCbMUGuHjg.roa
File:                     GYtqm3qIDPCcO12-9OCbMUGuHjg.roa (raw, json)
Hash identifier:          TmpiphzC4W+sCHXBk5hv6nDgAnp95oy9bk9TNnuhJEg=
Subject key identifier:   19:8B:6A:9B:7A:88:0C:F0:9C:3B:5D:BE:F4:E0:9B:31:41:AE:1E:38
Certificate issuer:       /CN=5270786f17c41bd01626f72db239f208b5189bb0
Certificate serial:       018CC2DAB0F60E1BC50A306692B74EAD9301
Authority key identifier: 52:70:78:6F:17:C4:1B:D0:16:26:F7:2D:B2:39:F2:08:B5:18:9B:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UnB4bxfEG9AWJvctsjnyCLUYm7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/9d43cb-841c-40f2-9d9f-75f47f07c4e3/1/GYtqm3qIDPCcO12-9OCbMUGuHjg.roa
Signing time:             Mon 01 Jan 2024 02:29:21 +0000
ROA not before:           Mon 01 Jan 2024 02:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34814
IP address blocks:        193.0.204.0/22 maxlen: 24
                          195.191.58.0/23 maxlen: 24
                          193.46.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/9d43cb-841c-40f2-9d9f-75f47f07c4e3/1/UnB4bxfEG9AWJvctsjnyCLUYm7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/9d43cb-841c-40f2-9d9f-75f47f07c4e3/1/UnB4bxfEG9AWJvctsjnyCLUYm7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UnB4bxfEG9AWJvctsjnyCLUYm7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b0:f6:0e:1b:c5:0a:30:66:92:b7:4e:ad:93:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5270786f17c41bd01626f72db239f208b5189bb0
        Validity
            Not Before: Jan  1 02:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=198b6a9b7a880cf09c3b5dbef4e09b3141ae1e38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:86:57:75:91:0f:0f:38:e7:4f:05:af:c5:43:
                    c8:91:48:c2:34:7a:46:00:69:dd:19:27:4c:f2:a8:
                    99:67:ee:08:a0:a4:6c:c7:3b:60:5b:6d:50:f4:9e:
                    25:f3:74:f7:bf:3a:a1:b6:31:e2:c3:24:79:64:ab:
                    5d:d3:0f:8d:e6:ce:73:c8:73:81:0b:34:a7:3b:eb:
                    9e:7f:30:4d:fb:75:94:0d:e4:3d:45:93:61:2e:7a:
                    cc:7b:27:06:f4:b6:93:dc:fc:8e:9c:76:3f:a7:55:
                    d8:16:e4:2a:09:73:ce:f5:46:e1:0e:61:24:d8:d3:
                    53:59:fa:52:93:fb:1e:a7:6f:68:8d:d8:88:5d:78:
                    fb:d1:ed:ac:9d:59:09:1d:d1:de:e7:ec:44:8c:06:
                    2d:07:58:2f:48:29:ea:49:1c:84:96:27:48:7c:9c:
                    39:6d:72:3e:c1:29:cd:8e:a0:3b:ee:bd:af:98:fa:
                    9a:7d:d6:db:d2:3f:12:dd:3e:81:e6:d3:7d:c8:35:
                    92:fe:96:20:94:9f:ee:49:26:0d:87:60:d5:34:8e:
                    d6:55:6d:ca:6d:95:3f:86:20:65:27:f7:ac:b3:ac:
                    27:54:56:02:37:29:58:b4:b4:dc:91:d6:01:f2:47:
                    1f:d3:94:fb:05:14:cd:70:9a:b6:91:7d:09:d8:24:
                    62:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:8B:6A:9B:7A:88:0C:F0:9C:3B:5D:BE:F4:E0:9B:31:41:AE:1E:38
            X509v3 Authority Key Identifier:
                keyid:52:70:78:6F:17:C4:1B:D0:16:26:F7:2D:B2:39:F2:08:B5:18:9B:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UnB4bxfEG9AWJvctsjnyCLUYm7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/9d43cb-841c-40f2-9d9f-75f47f07c4e3/1/GYtqm3qIDPCcO12-9OCbMUGuHjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/9d43cb-841c-40f2-9d9f-75f47f07c4e3/1/UnB4bxfEG9AWJvctsjnyCLUYm7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.204.0/22
                  193.46.201.0/24
                  195.191.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9a:ff:dc:4a:69:a5:34:7c:a9:73:3d:92:a3:6f:1c:00:44:91:
         dd:44:67:b1:70:b2:30:6b:2f:24:d6:0c:dc:4c:1c:54:4b:6b:
         6d:b0:76:b4:f3:0f:23:85:ec:dc:72:57:79:9e:54:6e:f7:c0:
         ea:48:f2:6a:c6:2d:4c:a2:32:3e:18:16:c2:45:ea:62:83:81:
         6d:51:20:16:0b:7b:67:4e:bb:d3:ea:10:2a:c9:a2:fa:88:14:
         5a:13:11:5f:54:92:27:fe:a5:63:71:60:1a:9f:c7:a2:fb:98:
         94:c5:c2:99:eb:14:89:72:28:0b:f2:1e:37:14:3c:f9:e5:77:
         34:a4:29:d9:86:e8:d8:6d:b4:8a:ef:25:02:92:67:2b:99:c6:
         e2:7d:80:ad:a7:76:8f:e7:a9:53:09:51:9d:24:28:ea:28:41:
         a2:a4:50:78:a5:bb:bc:bc:b7:16:b2:35:63:f7:03:b8:fb:2b:
         58:fb:c3:ca:a9:9b:1a:de:f7:4b:6e:f4:b6:ad:66:9b:d1:e1:
         5a:f7:7e:62:4d:6e:73:80:59:5d:e8:68:1e:90:3b:81:49:0f:
         ee:a2:61:86:01:c7:99:ed:ab:87:98:70:c7:33:64:08:fc:41:
         98:4f:83:5b:b7:af:5d:c7:2b:40:73:0e:80:3c:cf:6f:75:f9:
         52:91:6b:46
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzC2rD2DhvFCjBmkrdOrZMBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNzA3ODZmMTdjNDFiZDAxNjI2ZjcyZGIyMzlmMjA4YjUx
ODliYjAwHhcNMjQwMTAxMDIyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOThiNmE5YjdhODgwY2YwOWMzYjVkYmVmNGUwOWIzMTQxYWUxZTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAooZXdZEPDzjnTwWvxUPIkUjCNHpG
AGndGSdM8qiZZ+4IoKRsxztgW21Q9J4l83T3vzqhtjHiwyR5ZKtd0w+N5s5zyHOB
CzSnO+uefzBN+3WUDeQ9RZNhLnrMeycG9LaT3PyOnHY/p1XYFuQqCXPO9UbhDmEk
2NNTWfpSk/sep29ojdiIXXj70e2snVkJHdHe5+xEjAYtB1gvSCnqSRyElidIfJw5
bXI+wSnNjqA77r2vmPqafdbb0j8S3T6B5tN9yDWS/pYglJ/uSSYNh2DVNI7WVW3K
bZU/hiBlJ/ess6wnVFYCNylYtLTckdYB8kcf05T7BRTNcJq2kX0J2CRi5wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBmLapt6iAzwnDtdvvTgmzFBrh44MB8GA1UdIwQY
MBaAFFJweG8XxBvQFib3LbI58gi1GJuwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW5CNGJ4ZkVHOUFXSnZjdHNqbnlDTFVZbTdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC85ZDQzY2ItODQxYy00MGYyLTlkOWYt
NzVmNDdmMDdjNGUzLzEvR1l0cW0zcUlEUENjTzEyLTlPQ2JNVUd1SGpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC85ZDQzY2ItODQxYy00MGYyLTlkOWYtNzVmNDdmMDdjNGUz
LzEvVW5CNGJ4ZkVHOUFXSnZjdHNqbnlDTFVZbTdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCwQDMAwQA
wS7JAwQBw786MA0GCSqGSIb3DQEBCwUAA4IBAQCa/9xKaaU0fKlzPZKjbxwARJHd
RGexcLIway8k1gzcTBxUS2ttsHa08w8jhezccld5nlRu98DqSPJqxi1MojI+GBbC
Repig4FtUSAWC3tnTrvT6hAqyaL6iBRaExFfVJIn/qVjcWAan8ei+5iUxcKZ6xSJ
cigL8h43FDz55Xc0pCnZhujYbbSK7yUCkmcrmcbifYCtp3aP56lTCVGdJCjqKEGi
pFB4pbu8vLcWsjVj9wO4+ytY+8PKqZsa3vdLbvS2rWab0eFa935iTW5zgFld6Gge
kDuBSQ/uomGGAceZ7auHmHDHM2QI/EGYT4Nbt69dxytAcw6APM9vdflSkWtG
-----END CERTIFICATE-----