Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/c25435-d23a-41a3-bc5e-53ecc6655f6b/1/GdL2cImNbZL9qBWoAtuOxfdJZLw.roa
File:                     GdL2cImNbZL9qBWoAtuOxfdJZLw.roa (raw, json)
Hash identifier:          S4jn/ys/U72HuToojOXrdHhGD/gf4ooBI0zjf3PfWFs=
Subject key identifier:   19:D2:F6:70:89:8D:6D:92:FD:A8:15:A8:02:DB:8E:C5:F7:49:64:BC
Certificate issuer:       /CN=56eb6a5fa3d217a2ee7d4a62d8461a6793ed5cb3
Certificate serial:       018D5FCD72AD042B22FBCCE7C64EC707B26B
Authority key identifier: 56:EB:6A:5F:A3:D2:17:A2:EE:7D:4A:62:D8:46:1A:67:93:ED:5C:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VutqX6PSF6LufUpi2EYaZ5PtXLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/c25435-d23a-41a3-bc5e-53ecc6655f6b/1/GdL2cImNbZL9qBWoAtuOxfdJZLw.roa
Signing time:             Wed 31 Jan 2024 13:55:16 +0000
ROA not before:           Wed 31 Jan 2024 13:55:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213184
IP address blocks:        91.201.106.0/24 maxlen: 24
                          2a0a:9100::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/c25435-d23a-41a3-bc5e-53ecc6655f6b/1/VutqX6PSF6LufUpi2EYaZ5PtXLM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/c25435-d23a-41a3-bc5e-53ecc6655f6b/1/VutqX6PSF6LufUpi2EYaZ5PtXLM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VutqX6PSF6LufUpi2EYaZ5PtXLM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5f:cd:72:ad:04:2b:22:fb:cc:e7:c6:4e:c7:07:b2:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56eb6a5fa3d217a2ee7d4a62d8461a6793ed5cb3
        Validity
            Not Before: Jan 31 13:55:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19d2f670898d6d92fda815a802db8ec5f74964bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:52:fb:31:da:a1:2f:fb:ff:0c:de:d9:c8:67:
                    24:11:2b:ca:21:26:22:04:38:6b:a8:66:f1:0a:ad:
                    a0:24:14:05:fd:98:f2:c5:3e:95:92:cd:eb:2d:42:
                    31:4e:60:7d:15:9a:8d:bd:62:2e:26:7a:72:84:95:
                    93:5a:5a:fd:68:86:b9:7c:fd:5d:b7:09:0e:f6:0b:
                    df:56:ee:0e:32:04:fa:25:d5:5f:8b:8e:63:a6:e4:
                    41:ae:ee:74:15:3f:83:b5:89:2b:2b:fa:e0:12:67:
                    f1:38:a2:2b:44:9f:86:d9:fa:c5:fc:f4:9d:0e:d3:
                    db:56:03:0a:a8:1c:93:5e:96:4a:fb:66:8c:d7:5b:
                    10:27:01:c3:d8:31:2c:a8:34:49:7a:5c:7a:82:cf:
                    96:ea:9c:f1:9f:30:1b:77:21:af:36:1a:71:ae:f9:
                    09:90:e4:69:1a:32:92:45:cc:66:d4:23:c0:e5:8e:
                    b2:bf:4c:b7:ad:aa:e4:98:92:fa:7a:37:61:bf:6e:
                    33:6e:fa:e8:e3:18:41:29:d6:e7:0e:28:f1:64:f1:
                    4f:55:13:99:12:59:28:0c:31:a4:45:0f:a7:30:58:
                    e3:cd:80:15:23:31:6e:9f:6e:12:1d:33:7c:a1:fc:
                    23:24:3b:c4:4e:6c:fc:4c:91:26:95:7a:7b:88:65:
                    43:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:D2:F6:70:89:8D:6D:92:FD:A8:15:A8:02:DB:8E:C5:F7:49:64:BC
            X509v3 Authority Key Identifier:
                keyid:56:EB:6A:5F:A3:D2:17:A2:EE:7D:4A:62:D8:46:1A:67:93:ED:5C:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VutqX6PSF6LufUpi2EYaZ5PtXLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c25435-d23a-41a3-bc5e-53ecc6655f6b/1/GdL2cImNbZL9qBWoAtuOxfdJZLw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c25435-d23a-41a3-bc5e-53ecc6655f6b/1/VutqX6PSF6LufUpi2EYaZ5PtXLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.106.0/24
                IPv6:
                  2a0a:9100::/29

    Signature Algorithm: sha256WithRSAEncryption
         55:f6:3b:6f:9b:44:43:c4:9e:47:1f:b5:e4:c1:fe:fb:d8:4c:
         4a:64:38:ed:85:35:07:23:69:9f:39:0e:cc:25:14:cf:55:89:
         a4:37:75:87:b2:58:41:c9:fe:e6:96:8a:c6:17:31:2e:92:d4:
         35:91:4f:09:34:5a:0e:cd:6d:1a:3d:78:33:99:eb:7e:2a:81:
         e5:61:64:b9:26:af:2c:c7:d5:9b:df:e3:b1:a0:82:63:76:49:
         e1:1f:d6:14:76:50:50:71:9f:8b:50:36:c4:24:32:d2:62:17:
         a9:5e:83:50:cd:dc:48:67:2b:34:45:56:6e:c9:d0:30:c6:8c:
         3f:97:92:0c:9a:63:78:c7:7f:c9:16:fa:e5:e7:55:af:d7:d0:
         97:ff:2e:55:43:d7:4d:51:0d:d1:b2:6c:37:92:3b:68:1e:51:
         89:1f:b5:42:86:ce:e9:7a:40:ab:14:89:bd:94:a3:5c:b0:89:
         8c:02:94:a4:e5:a9:a0:f1:cc:32:72:e7:56:b3:16:0a:5b:e9:
         89:91:e0:ac:d1:8f:14:49:5e:af:95:fb:a8:fd:14:5c:d4:ad:
         bf:19:99:ac:c0:92:12:c9:35:15:c0:37:e2:9e:30:f3:a6:a5:
         71:8d:41:98:34:f6:ca:a8:ec:60:ea:6c:13:12:e3:ff:b1:d4:
         34:74:ba:3d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY1fzXKtBCsi+8znxk7HB7JrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2ZWI2YTVmYTNkMjE3YTJlZTdkNGE2MmQ4NDYxYTY3OTNl
ZDVjYjMwHhcNMjQwMTMxMTM1NTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWQyZjY3MDg5OGQ2ZDkyZmRhODE1YTgwMmRiOGVjNWY3NDk2NGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1L7MdqhL/v/DN7ZyGckESvKISYi
BDhrqGbxCq2gJBQF/ZjyxT6Vks3rLUIxTmB9FZqNvWIuJnpyhJWTWlr9aIa5fP1d
twkO9gvfVu4OMgT6JdVfi45jpuRBru50FT+DtYkrK/rgEmfxOKIrRJ+G2frF/PSd
DtPbVgMKqByTXpZK+2aM11sQJwHD2DEsqDRJelx6gs+W6pzxnzAbdyGvNhpxrvkJ
kORpGjKSRcxm1CPA5Y6yv0y3rarkmJL6ejdhv24zbvro4xhBKdbnDijxZPFPVROZ
ElkoDDGkRQ+nMFjjzYAVIzFun24SHTN8ofwjJDvETmz8TJEmlXp7iGVDrQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBnS9nCJjW2S/agVqALbjsX3SWS8MB8GA1UdIwQY
MBaAFFbral+j0hei7n1KYthGGmeT7VyzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnV0cVg2UFNGNkx1ZlVwaTJFWWFaNVB0WExNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9jMjU0MzUtZDIzYS00MWEzLWJjNWUt
NTNlY2M2NjU1ZjZiLzEvR2RMMmNJbU5iWkw5cUJXb0F0dU94ZmRKWkx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9jMjU0MzUtZDIzYS00MWEzLWJjNWUtNTNlY2M2NjU1ZjZi
LzEvVnV0cVg2UFNGNkx1ZlVwaTJFWWFaNVB0WExNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW8lqMA0E
AgACMAcDBQMqCpEAMA0GCSqGSIb3DQEBCwUAA4IBAQBV9jtvm0RDxJ5HH7Xkwf77
2ExKZDjthTUHI2mfOQ7MJRTPVYmkN3WHslhByf7mlorGFzEuktQ1kU8JNFoOzW0a
PXgzmet+KoHlYWS5Jq8sx9Wb3+OxoIJjdknhH9YUdlBQcZ+LUDbEJDLSYhepXoNQ
zdxIZys0RVZuydAwxow/l5IMmmN4x3/JFvrl51Wv19CX/y5VQ9dNUQ3Rsmw3kjto
HlGJH7VChs7pekCrFIm9lKNcsImMApSk5amg8cwycudWsxYKW+mJkeCs0Y8USV6v
lfuo/RRc1K2/GZmswJISyTUVwDfinjDzpqVxjUGYNPbKqOxg6mwTEuP/sdQ0dLo9
-----END CERTIFICATE-----