Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/GtLY_pVhwlWDavIVEM6RpYEN4Xs.roa
File:                     GtLY_pVhwlWDavIVEM6RpYEN4Xs.roa (raw, json)
Hash identifier:          0Dhnw+/t6GwxU7dK+dfW8qZLKBJfXJGn83iUQrNAFSA=
Subject key identifier:   1A:D2:D8:FE:95:61:C2:55:83:6A:F2:15:10:CE:91:A5:81:0D:E1:7B
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       018CC56E8EF84D5B8532140F85D583586212
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/GtLY_pVhwlWDavIVEM6RpYEN4Xs.roa
Signing time:             Mon 01 Jan 2024 14:30:06 +0000
ROA not before:           Mon 01 Jan 2024 14:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24891
IP address blocks:        82.222.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:8e:f8:4d:5b:85:32:14:0f:85:d5:83:58:62:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: Jan  1 14:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ad2d8fe9561c255836af21510ce91a5810de17b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:03:45:b6:df:4e:26:a3:c4:bc:fa:89:90:df:
                    de:80:84:05:5a:2a:e5:51:12:65:30:4f:b5:d1:7c:
                    1a:6a:c4:37:2a:62:1d:86:ab:75:a0:3d:3e:fa:80:
                    f1:23:ec:71:ff:ec:20:ba:89:67:56:81:45:37:3a:
                    68:1f:47:5d:6c:c6:95:9b:51:1e:52:fc:07:06:9d:
                    89:df:8f:d1:d1:18:f9:66:20:f6:91:eb:da:a0:5f:
                    0f:f9:04:c2:5d:36:a0:e7:ee:d0:c6:8c:7e:57:fa:
                    ab:3f:86:74:c5:ab:c0:3a:9f:f8:10:27:0a:3b:ea:
                    1e:a7:a0:55:30:c7:2f:91:19:ef:00:93:2a:ab:db:
                    19:26:c4:c2:a4:04:4a:9c:92:54:df:6a:ed:44:c0:
                    ba:3a:fd:d5:2e:72:62:50:a7:91:99:af:1c:38:45:
                    9c:ce:90:c5:12:6c:7f:d9:1c:11:5d:c1:79:fb:71:
                    f6:bb:dd:c6:8d:2c:78:54:cc:27:72:4f:90:c4:6a:
                    3b:50:47:9f:31:5c:50:ee:36:17:4f:e6:55:9a:d0:
                    bc:ca:fb:48:72:47:72:50:eb:ad:59:50:b6:9a:2f:
                    14:f0:b3:80:de:1f:64:5d:d8:91:5b:83:24:a4:fc:
                    79:80:64:17:23:8e:7b:97:73:4a:b4:92:b2:b3:99:
                    96:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:D2:D8:FE:95:61:C2:55:83:6A:F2:15:10:CE:91:A5:81:0D:E1:7B
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/GtLY_pVhwlWDavIVEM6RpYEN4Xs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.222.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:35:5c:2d:1f:b8:47:c5:ce:2e:51:a5:89:cc:06:8d:4f:14:
         af:11:54:e7:1f:50:c3:4f:00:bf:7c:74:32:45:86:15:f9:7d:
         c9:ed:4e:66:84:01:98:78:f0:ec:e1:de:2d:30:5e:6d:f8:85:
         20:6a:ae:d3:6c:58:54:53:e3:a7:42:f7:27:c1:db:92:2b:f8:
         5a:da:3c:bb:8a:33:a6:8c:77:e8:35:62:81:17:96:dc:b0:85:
         4a:8f:a1:93:83:b9:2a:55:88:a0:82:d4:ff:e7:14:e2:34:02:
         74:58:35:5c:9d:37:68:31:dd:74:0a:c9:b4:28:cd:df:42:75:
         c6:43:1c:87:0d:e0:4b:de:db:18:e2:00:d1:9b:40:f1:04:ff:
         3d:83:5c:bf:c5:4b:cf:3f:60:ec:db:03:40:d3:7d:fb:57:c0:
         4d:33:68:cf:32:26:b1:9e:59:9d:09:82:84:1e:a4:13:6b:15:
         9b:0a:40:25:a3:34:41:10:d4:94:4f:d2:ae:8a:5d:d4:b2:33:
         e0:bf:11:31:30:93:15:77:30:61:63:00:23:ca:fb:45:5a:c8:
         9d:9c:75:0c:0a:f6:93:49:ec:01:ac:06:11:73:de:c3:e1:ee:
         84:94:37:ad:e7:97:d5:38:83:98:f0:82:28:09:0e:91:70:fa:
         f3:1c:f3:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbo74TVuFMhQPhdWDWGISMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjQwMTAxMTQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWQyZDhmZTk1NjFjMjU1ODM2YWYyMTUxMGNlOTFhNTgxMGRlMTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwNFtt9OJqPEvPqJkN/egIQFWirl
URJlME+10XwaasQ3KmIdhqt1oD0++oDxI+xx/+wguolnVoFFNzpoH0ddbMaVm1Ee
UvwHBp2J34/R0Rj5ZiD2kevaoF8P+QTCXTag5+7Qxox+V/qrP4Z0xavAOp/4ECcK
O+oep6BVMMcvkRnvAJMqq9sZJsTCpARKnJJU32rtRMC6Ov3VLnJiUKeRma8cOEWc
zpDFEmx/2RwRXcF5+3H2u93GjSx4VMwnck+QxGo7UEefMVxQ7jYXT+ZVmtC8yvtI
ckdyUOutWVC2mi8U8LOA3h9kXdiRW4MkpPx5gGQXI457l3NKtJKys5mW6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBrS2P6VYcJVg2ryFRDOkaWBDeF7MB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEvR3RMWV9wVmh3bFdEYXZJVkVNNlJwWUVONFhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUt6pMA0G
CSqGSIb3DQEBCwUAA4IBAQAdNVwtH7hHxc4uUaWJzAaNTxSvEVTnH1DDTwC/fHQy
RYYV+X3J7U5mhAGYePDs4d4tMF5t+IUgaq7TbFhUU+OnQvcnwduSK/ha2jy7ijOm
jHfoNWKBF5bcsIVKj6GTg7kqVYiggtT/5xTiNAJ0WDVcnTdoMd10Csm0KM3fQnXG
QxyHDeBL3tsY4gDRm0DxBP89g1y/xUvPP2Ds2wNA0337V8BNM2jPMiaxnlmdCYKE
HqQTaxWbCkAlozRBENSUT9Kuil3UsjPgvxExMJMVdzBhYwAjyvtFWsidnHUMCvaT
SewBrAYRc97D4e6ElDet55fVOIOY8IIoCQ6RcPrzHPOi
-----END CERTIFICATE-----