Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/GQWSjOsaceCi7QSzncHDsAV7YU8.roa
File:                     GQWSjOsaceCi7QSzncHDsAV7YU8.roa (raw, json)
Hash identifier:          4TLZut2CmyGC/gUY5ZpKW2NuSTjFov+IvfWZY+BykvM=
Subject key identifier:   19:05:92:8C:EB:1A:71:E0:A2:ED:04:B3:9D:C1:C3:B0:05:7B:61:4F
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       018EED681A02EB990F814B79E59CED4D96F9
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/GQWSjOsaceCi7QSzncHDsAV7YU8.roa
Signing time:             Wed 17 Apr 2024 18:53:26 +0000
ROA not before:           Wed 17 Apr 2024 18:53:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     139482
IP address blocks:        194.146.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ed:68:1a:02:eb:99:0f:81:4b:79:e5:9c:ed:4d:96:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Apr 17 18:53:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1905928ceb1a71e0a2ed04b39dc1c3b0057b614f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:1c:3b:85:1d:42:8a:61:53:a0:84:09:04:f5:
                    c6:06:36:df:cb:ff:b7:ad:0b:0a:0b:09:80:95:04:
                    83:05:82:3e:03:60:c2:1e:29:33:83:a0:a0:65:39:
                    51:ed:6c:42:8e:eb:4c:2a:c6:a1:2d:dc:f4:6d:76:
                    e8:0b:dc:8d:ee:4f:cc:a8:5c:d4:7d:d3:0e:fb:7b:
                    ff:bd:81:c0:12:30:92:ca:88:93:74:c0:06:20:9d:
                    03:47:a7:15:7a:59:4a:1d:68:9c:bc:57:30:c9:72:
                    d5:7d:d5:fc:51:6b:06:44:f9:3e:7f:9e:e5:94:e8:
                    5b:9a:0d:4b:62:77:62:c9:02:1f:d7:62:28:fc:11:
                    25:15:97:da:f3:08:fb:3b:f4:0e:cc:e0:a1:d4:67:
                    ab:89:c3:ad:af:bf:69:7b:a5:4e:b3:01:d6:70:7f:
                    6d:a1:4d:95:20:13:dc:a0:19:d9:af:0d:55:82:69:
                    d2:86:c0:53:09:9a:90:af:d1:42:b0:66:62:45:13:
                    a9:58:3f:77:58:54:c0:ac:9d:a9:d1:eb:5e:d3:c8:
                    67:68:39:7f:bc:b9:ee:c6:27:5b:d9:c5:6f:04:3f:
                    f2:ef:2a:c5:e5:4a:26:73:e4:24:bc:b6:bb:09:42:
                    e6:4d:7a:24:e4:08:20:8a:d7:fe:32:cd:ba:9b:e5:
                    0a:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:05:92:8C:EB:1A:71:E0:A2:ED:04:B3:9D:C1:C3:B0:05:7B:61:4F
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/GQWSjOsaceCi7QSzncHDsAV7YU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.146.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:71:63:be:bc:c3:c7:1e:04:9a:29:8a:24:be:0d:04:41:5a:
         3e:7a:1a:a1:5d:66:02:08:55:8c:50:88:39:e6:ec:3d:d8:fe:
         38:f4:a3:71:b1:5c:fc:5f:f9:42:c1:e3:74:b8:dd:1e:d6:29:
         8b:27:28:ba:64:7e:e9:37:c1:c2:32:1e:4f:f6:1d:3e:bd:62:
         41:38:07:41:1c:56:8d:74:92:1d:1e:c6:de:c6:f8:87:10:f2:
         a6:94:a4:7a:19:70:41:55:fb:15:d7:56:ab:3c:ba:32:aa:6a:
         19:bc:6d:0a:7f:be:06:df:ce:9c:68:b3:db:ca:70:91:09:a9:
         cd:0b:3a:b4:6a:97:46:5e:91:10:bd:04:e5:af:7b:6d:4d:ae:
         02:d4:a5:84:17:f4:f4:4c:4a:53:aa:91:58:1d:55:7a:49:76:
         d8:df:2e:67:8e:16:4e:61:70:6f:a3:16:bd:d2:8c:fc:99:64:
         4f:e1:61:34:c0:8a:2c:68:8b:ab:6e:71:70:15:71:8d:5a:4e:
         f7:5e:ff:1e:af:0b:ed:19:51:a0:c9:7e:53:3a:25:87:87:34:
         f9:57:c0:f4:e4:32:af:5c:c7:95:88:2b:fc:f4:71:1a:4a:f7:
         21:af:5f:c2:1f:f8:a7:0b:4e:17:3a:5b:37:7d:27:f6:f7:df:
         27:10:89:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7taBoC65kPgUt55ZztTZb5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjQwNDE3MTg1MzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTA1OTI4Y2ViMWE3MWUwYTJlZDA0YjM5ZGMxYzNiMDA1N2I2MTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBw7hR1CimFToIQJBPXGBjbfy/+3
rQsKCwmAlQSDBYI+A2DCHikzg6CgZTlR7WxCjutMKsahLdz0bXboC9yN7k/MqFzU
fdMO+3v/vYHAEjCSyoiTdMAGIJ0DR6cVellKHWicvFcwyXLVfdX8UWsGRPk+f57l
lOhbmg1LYndiyQIf12Io/BElFZfa8wj7O/QOzOCh1GericOtr79pe6VOswHWcH9t
oU2VIBPcoBnZrw1VgmnShsBTCZqQr9FCsGZiRROpWD93WFTArJ2p0ete08hnaDl/
vLnuxidb2cVvBD/y7yrF5Uomc+QkvLa7CULmTXok5Aggitf+Ms26m+UKoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBkFkozrGnHgou0Es53Bw7AFe2FPMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvR1FXU2pPc2FjZUNpN1FTem5jSERzQVY3WVU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpJcMA0G
CSqGSIb3DQEBCwUAA4IBAQB+cWO+vMPHHgSaKYokvg0EQVo+ehqhXWYCCFWMUIg5
5uw92P449KNxsVz8X/lCweN0uN0e1imLJyi6ZH7pN8HCMh5P9h0+vWJBOAdBHFaN
dJIdHsbexviHEPKmlKR6GXBBVfsV11arPLoyqmoZvG0Kf74G386caLPbynCRCanN
Czq0apdGXpEQvQTlr3ttTa4C1KWEF/T0TEpTqpFYHVV6SXbY3y5njhZOYXBvoxa9
0oz8mWRP4WE0wIosaIurbnFwFXGNWk73Xv8erwvtGVGgyX5TOiWHhzT5V8D05DKv
XMeViCv89HEaSvchr1/CH/inC04XOls3fSf2998nEIn2
-----END CERTIFICATE-----