Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/GWvT-RRTnp-qOBoPT1MnwCxM_gU.roa
File:                     GWvT-RRTnp-qOBoPT1MnwCxM_gU.roa (raw, json)
Hash identifier:          zgEHj16ZBfVPCutdfM9s3/0Im3bsvAbZO4aiuJnZByA=
Subject key identifier:   19:6B:D3:F9:14:53:9E:9F:AA:38:1A:0F:4F:53:27:C0:2C:4C:FE:05
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       018CC56E13520716DECF3BFDBF9F7815658E
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/GWvT-RRTnp-qOBoPT1MnwCxM_gU.roa
Signing time:             Mon 01 Jan 2024 14:29:34 +0000
ROA not before:           Mon 01 Jan 2024 14:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203879
IP address blocks:        81.18.48.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:13:52:07:16:de:cf:3b:fd:bf:9f:78:15:65:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jan  1 14:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=196bd3f914539e9faa381a0f4f5327c02c4cfe05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:92:70:f2:28:f5:bf:88:f3:31:e7:1b:80:56:
                    ba:2c:38:f2:b2:8d:9c:27:b8:1d:db:64:05:11:1b:
                    4b:4b:80:5d:c0:ec:34:54:33:f1:8b:49:8b:97:23:
                    1d:bf:60:26:ee:72:99:5a:ab:d6:3a:76:73:8e:1e:
                    08:91:3b:6f:a5:fc:a3:59:c4:d9:b4:c8:00:c5:24:
                    de:20:ce:25:c3:43:52:34:c4:f4:72:e5:75:e2:f1:
                    9e:1e:14:75:15:93:4e:be:e9:a8:90:15:ec:c6:a2:
                    3e:f0:42:f3:a1:5a:d8:51:e0:38:fe:2f:90:ea:25:
                    fb:3e:e3:93:ff:e8:fd:96:d9:f8:d5:40:f4:fd:92:
                    dc:1a:fd:1b:e2:4c:14:54:57:58:c1:0c:f1:10:38:
                    2c:0e:11:12:a9:92:a4:39:74:ed:0a:13:2e:d7:3f:
                    b7:ee:48:e0:1d:b2:fe:96:95:ea:db:60:71:78:a9:
                    09:7e:94:c3:78:fc:3c:bd:60:5e:fe:f7:7e:60:08:
                    d4:b7:4b:57:9d:fe:33:b5:95:4e:7b:68:eb:19:68:
                    db:a2:2e:8b:04:e4:22:25:e2:fc:d3:8a:fb:a6:e2:
                    57:8e:40:da:fd:e8:49:3b:59:75:57:c9:ad:af:0b:
                    7b:97:02:df:fa:3d:a5:dd:c8:e0:e7:3e:4f:f3:c0:
                    4f:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:6B:D3:F9:14:53:9E:9F:AA:38:1A:0F:4F:53:27:C0:2C:4C:FE:05
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/GWvT-RRTnp-qOBoPT1MnwCxM_gU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.18.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:62:9f:d3:56:cc:ae:72:59:0b:1c:fe:bf:e6:4b:79:22:e2:
         04:5d:ad:42:2a:b9:bb:35:33:43:cf:e1:4d:2e:d4:ab:0e:73:
         3c:d1:e6:63:ef:6a:07:63:90:79:cb:16:f0:fc:85:26:26:c4:
         00:97:77:69:36:61:34:e2:d5:43:05:a5:32:cb:33:37:a4:46:
         0b:a6:8c:ed:ca:28:04:3b:ee:3a:1f:90:33:a2:80:d8:7c:f8:
         f8:71:ff:44:fe:85:e9:8d:19:3f:e8:42:86:4e:fe:c0:1e:02:
         80:b5:aa:e3:d3:f1:e4:32:42:bc:51:bd:81:37:90:2d:6e:2a:
         35:3a:bf:cb:7b:87:cd:50:f6:10:b3:a0:e1:31:87:49:ea:5e:
         29:00:ef:12:1b:4d:04:94:85:93:d8:60:7f:e6:b0:35:09:78:
         f9:43:c7:1d:58:e9:9f:05:cd:04:00:57:90:15:e1:9c:2b:70:
         cf:cd:82:e0:6c:59:87:25:82:df:63:1d:84:4e:f6:b6:87:d8:
         59:a9:8e:10:c3:96:89:26:bc:53:1e:17:0b:91:4e:2e:b6:6b:
         01:1a:18:40:d7:8d:e7:a4:75:48:f0:39:f7:c8:70:f7:c5:3f:
         d4:0e:95:7a:04:70:ac:b0:62:7c:b2:2f:fe:ca:b8:6d:aa:63:
         26:05:79:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhNSBxbezzv9v594FWWOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjQwMTAxMTQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTZiZDNmOTE0NTM5ZTlmYWEzODFhMGY0ZjUzMjdjMDJjNGNmZTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiJJw8ij1v4jzMecbgFa6LDjyso2c
J7gd22QFERtLS4BdwOw0VDPxi0mLlyMdv2Am7nKZWqvWOnZzjh4IkTtvpfyjWcTZ
tMgAxSTeIM4lw0NSNMT0cuV14vGeHhR1FZNOvumokBXsxqI+8ELzoVrYUeA4/i+Q
6iX7PuOT/+j9ltn41UD0/ZLcGv0b4kwUVFdYwQzxEDgsDhESqZKkOXTtChMu1z+3
7kjgHbL+lpXq22BxeKkJfpTDePw8vWBe/vd+YAjUt0tXnf4ztZVOe2jrGWjboi6L
BOQiJeL804r7puJXjkDa/ehJO1l1V8mtrwt7lwLf+j2l3cjg5z5P88BPFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBlr0/kUU56fqjgaD09TJ8AsTP4FMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvR1d2VC1SUlRucC1xT0JvUFQxTW53Q3hNX2dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURIwMA0G
CSqGSIb3DQEBCwUAA4IBAQAMYp/TVsyuclkLHP6/5kt5IuIEXa1CKrm7NTNDz+FN
LtSrDnM80eZj72oHY5B5yxbw/IUmJsQAl3dpNmE04tVDBaUyyzM3pEYLpoztyigE
O+46H5AzooDYfPj4cf9E/oXpjRk/6EKGTv7AHgKAtarj0/HkMkK8Ub2BN5Atbio1
Or/Le4fNUPYQs6DhMYdJ6l4pAO8SG00ElIWT2GB/5rA1CXj5Q8cdWOmfBc0EAFeQ
FeGcK3DPzYLgbFmHJYLfYx2ETva2h9hZqY4Qw5aJJrxTHhcLkU4utmsBGhhA143n
pHVI8Dn3yHD3xT/UDpV6BHCssGJ8si/+yrhtqmMmBXkW
-----END CERTIFICATE-----