Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/b92331-2bb4-4a59-9978-751b17d1c437/1/GTrXimjZE01RlTAFB3bwCO5zAvQ.roa
File:                     GTrXimjZE01RlTAFB3bwCO5zAvQ.roa (raw, json)
Hash identifier:          gH235ah1O5x+8eK9WY2NQ1dWAQzI9DQttUDavtwpjzA=
Subject key identifier:   19:3A:D7:8A:68:D9:13:4D:51:95:30:05:07:76:F0:08:EE:73:02:F4
Certificate issuer:       /CN=22c7cda75f4e15e486dee5a6501cbe2018bc0e0f
Certificate serial:       018CC64AB92B54A4B1D0ECCFF8A6DF03433D
Authority key identifier: 22:C7:CD:A7:5F:4E:15:E4:86:DE:E5:A6:50:1C:BE:20:18:BC:0E:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsfNp19OFeSG3uWmUBy-IBi8Dg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/b92331-2bb4-4a59-9978-751b17d1c437/1/GTrXimjZE01RlTAFB3bwCO5zAvQ.roa
Signing time:             Mon 01 Jan 2024 18:30:35 +0000
ROA not before:           Mon 01 Jan 2024 18:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29119
IP address blocks:        91.209.234.0/24 maxlen: 24
                          185.193.68.0/22 maxlen: 24
                          185.251.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/b92331-2bb4-4a59-9978-751b17d1c437/1/IsfNp19OFeSG3uWmUBy-IBi8Dg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/b92331-2bb4-4a59-9978-751b17d1c437/1/IsfNp19OFeSG3uWmUBy-IBi8Dg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsfNp19OFeSG3uWmUBy-IBi8Dg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:b9:2b:54:a4:b1:d0:ec:cf:f8:a6:df:03:43:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c7cda75f4e15e486dee5a6501cbe2018bc0e0f
        Validity
            Not Before: Jan  1 18:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=193ad78a68d9134d519530050776f008ee7302f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:7b:a1:b7:30:5e:18:da:b6:43:d6:2e:72:8d:
                    b2:fb:9d:44:27:fe:29:f3:fa:44:86:97:7e:5c:26:
                    5a:f5:d9:dc:01:c7:85:bc:cd:1e:ba:d3:12:91:cd:
                    d4:70:8b:47:25:c5:ac:54:b6:30:74:3f:27:06:e4:
                    5c:09:70:12:b8:ec:0d:5e:1b:d6:ce:d6:33:32:a9:
                    1a:07:16:1e:b2:ca:44:44:60:4b:53:17:34:ea:af:
                    08:7f:a7:f7:3e:82:48:ab:ae:07:e0:2b:3b:bb:4f:
                    cf:49:8b:fe:d6:0e:e2:bc:6f:a8:29:cc:8f:d4:73:
                    5d:1c:0e:05:05:af:53:82:d1:90:c9:6f:23:84:51:
                    da:13:d6:15:59:d1:1b:62:8a:58:d0:cd:44:38:0b:
                    aa:92:fe:0e:70:60:b6:c4:7d:99:a8:07:d0:d2:22:
                    c0:23:72:ec:c9:99:88:73:33:ed:37:08:3c:2e:07:
                    5c:e2:3a:a5:17:33:b9:38:e1:05:9d:1f:d7:b5:dc:
                    90:c8:c8:1e:46:24:71:7d:3d:ba:a1:98:25:e6:c4:
                    05:c5:1d:17:39:99:2a:33:cb:d4:43:9a:9b:be:bc:
                    83:f8:96:96:a0:73:ed:53:66:eb:c8:01:d1:c2:d7:
                    51:ed:44:ef:91:30:1e:47:9d:13:fe:a0:42:f5:2a:
                    87:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:3A:D7:8A:68:D9:13:4D:51:95:30:05:07:76:F0:08:EE:73:02:F4
            X509v3 Authority Key Identifier:
                keyid:22:C7:CD:A7:5F:4E:15:E4:86:DE:E5:A6:50:1C:BE:20:18:BC:0E:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsfNp19OFeSG3uWmUBy-IBi8Dg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b92331-2bb4-4a59-9978-751b17d1c437/1/GTrXimjZE01RlTAFB3bwCO5zAvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b92331-2bb4-4a59-9978-751b17d1c437/1/IsfNp19OFeSG3uWmUBy-IBi8Dg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.234.0/24
                  185.193.68.0/22
                  185.251.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:53:ed:f9:c9:1b:b4:53:f4:e5:cb:ad:15:0f:a4:a0:c3:e7:
         f5:fc:b3:a8:cc:ca:89:41:58:8e:77:76:f1:f1:9d:15:9c:96:
         7a:22:1e:93:3b:76:2e:dd:52:56:de:b5:38:4e:f5:76:78:9c:
         89:ba:d1:e6:b1:96:f3:e2:cb:b1:c6:e3:06:63:54:4e:0e:87:
         03:6a:99:ff:eb:45:92:dc:65:5a:ec:e3:73:0f:b4:c8:90:68:
         b1:b7:b0:d1:0f:4c:70:03:1f:d9:11:02:d5:e7:dd:99:59:25:
         dd:46:b4:f6:6e:78:82:f9:53:dc:29:35:54:05:a3:6d:ec:3c:
         da:c2:ab:c0:b3:57:bd:1b:f2:45:43:12:3c:e0:be:0b:2b:f3:
         c1:45:d2:50:ee:4e:8c:4c:38:84:ec:3b:fb:4f:0c:e7:d4:93:
         0b:0b:61:4f:ef:97:dd:59:22:dd:27:d9:2b:7c:14:77:95:80:
         c1:4e:23:97:b4:d1:3b:82:6a:80:39:f6:6a:df:e9:95:83:ce:
         5f:ad:bf:a4:e6:ba:50:72:19:06:25:5b:f9:63:8c:df:4f:fc:
         a9:8a:b0:1d:36:5b:af:85:f5:15:1c:54:1e:69:f3:c5:dd:f5:
         ba:12:1c:d5:ef:0e:3e:59:5e:04:0b:40:d7:04:51:87:2b:c8:
         87:96:de:d9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGSrkrVKSx0OzP+KbfA0M9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzdjZGE3NWY0ZTE1ZTQ4NmRlZTVhNjUwMWNiZTIwMThi
YzBlMGYwHhcNMjQwMTAxMTgzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTNhZDc4YTY4ZDkxMzRkNTE5NTMwMDUwNzc2ZjAwOGVlNzMwMmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunuhtzBeGNq2Q9Yuco2y+51EJ/4p
8/pEhpd+XCZa9dncAceFvM0eutMSkc3UcItHJcWsVLYwdD8nBuRcCXASuOwNXhvW
ztYzMqkaBxYesspERGBLUxc06q8If6f3PoJIq64H4Cs7u0/PSYv+1g7ivG+oKcyP
1HNdHA4FBa9TgtGQyW8jhFHaE9YVWdEbYopY0M1EOAuqkv4OcGC2xH2ZqAfQ0iLA
I3LsyZmIczPtNwg8Lgdc4jqlFzO5OOEFnR/XtdyQyMgeRiRxfT26oZgl5sQFxR0X
OZkqM8vUQ5qbvryD+JaWoHPtU2bryAHRwtdR7UTvkTAeR50T/qBC9SqH5QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBk614po2RNNUZUwBQd28AjucwL0MB8GA1UdIwQY
MBaAFCLHzadfThXkht7lplAcviAYvA4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNmTnAxOU9GZVNHM3VXbVVCeS1JQmk4RGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9iOTIzMzEtMmJiNC00YTU5LTk5Nzgt
NzUxYjE3ZDFjNDM3LzEvR1RyWGltalpFMDFSbFRBRkIzYndDTzV6QXZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9iOTIzMzEtMmJiNC00YTU5LTk5NzgtNzUxYjE3ZDFjNDM3
LzEvSXNmTnAxOU9GZVNHM3VXbVVCeS1JQmk4RGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW9HqAwQC
ucFEAwQAufsNMA0GCSqGSIb3DQEBCwUAA4IBAQAwU+35yRu0U/Tly60VD6Sgw+f1
/LOozMqJQViOd3bx8Z0VnJZ6Ih6TO3Yu3VJW3rU4TvV2eJyJutHmsZbz4suxxuMG
Y1RODocDapn/60WS3GVa7ONzD7TIkGixt7DRD0xwAx/ZEQLV592ZWSXdRrT2bniC
+VPcKTVUBaNt7DzawqvAs1e9G/JFQxI84L4LK/PBRdJQ7k6MTDiE7Dv7Twzn1JML
C2FP75fdWSLdJ9krfBR3lYDBTiOXtNE7gmqAOfZq3+mVg85frb+k5rpQchkGJVv5
Y4zfT/ypirAdNluvhfUVHFQeafPF3fW6EhzV7w4+WV4EC0DXBFGHK8iHlt7Z
-----END CERTIFICATE-----