Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/8b5f7c-b3ae-4b58-81bb-25a40c075f12/1/G-2KKGHiByw7dsVM12SC1Z7tWgc.roa
File:                     G-2KKGHiByw7dsVM12SC1Z7tWgc.roa (raw, json)
Hash identifier:          kHAVa+cyCSegV8y65nCEvK2H7ogXdrdR62CRwRoesiw=
Subject key identifier:   1B:ED:8A:28:61:E2:07:2C:3B:76:C5:4C:D7:64:82:D5:9E:ED:5A:07
Certificate issuer:       /CN=463f917077f8f3d0e338c742ea21d64358d19d52
Certificate serial:       019059BF2A307F730B4D0BDD15C366173536
Authority key identifier: 46:3F:91:70:77:F8:F3:D0:E3:38:C7:42:EA:21:D6:43:58:D1:9D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rj-RcHf489DjOMdC6iHWQ1jRnVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/8b5f7c-b3ae-4b58-81bb-25a40c075f12/1/G-2KKGHiByw7dsVM12SC1Z7tWgc.roa
Signing time:             Thu 27 Jun 2024 12:50:18 +0000
ROA not before:           Thu 27 Jun 2024 12:50:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        195.2.202.0/23 maxlen: 24
                          195.93.132.0/24 maxlen: 24
                          195.93.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/8b5f7c-b3ae-4b58-81bb-25a40c075f12/1/Rj-RcHf489DjOMdC6iHWQ1jRnVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/8b5f7c-b3ae-4b58-81bb-25a40c075f12/1/Rj-RcHf489DjOMdC6iHWQ1jRnVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rj-RcHf489DjOMdC6iHWQ1jRnVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:59:bf:2a:30:7f:73:0b:4d:0b:dd:15:c3:66:17:35:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=463f917077f8f3d0e338c742ea21d64358d19d52
        Validity
            Not Before: Jun 27 12:50:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1bed8a2861e2072c3b76c54cd76482d59eed5a07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:e1:3e:7d:eb:d7:77:55:bd:99:c4:01:8e:2d:
                    d9:d2:30:49:6e:82:4a:5b:3f:23:6a:a2:65:2d:fe:
                    99:c0:a5:2a:2e:cc:8a:56:62:cf:4c:11:86:a5:40:
                    75:92:75:d4:5e:9d:58:d8:d6:5f:84:2b:bf:6a:ad:
                    db:12:23:90:8e:19:f0:74:a5:97:87:34:a1:39:80:
                    d2:93:a8:fd:51:be:e9:dc:07:57:05:bd:86:a6:a1:
                    80:74:94:90:ee:39:e9:45:c8:3e:95:9c:c5:96:4c:
                    b0:9a:0f:1b:70:2d:a1:61:d3:47:5c:53:6b:2f:0c:
                    c5:72:e4:a2:ad:a6:d0:f2:69:7c:fc:db:59:19:93:
                    bb:7e:18:84:09:0a:68:92:18:3a:bb:81:fb:9d:09:
                    3d:4a:91:fe:c7:c5:b8:d9:52:7c:ab:2c:ae:ac:cc:
                    6e:39:c8:4d:b5:7e:8d:34:cd:cf:6f:d5:f5:68:a9:
                    43:b2:e5:54:27:05:d8:c9:b8:99:c4:69:01:29:c1:
                    ff:3d:94:56:69:47:5f:9c:9d:c8:f1:f0:0c:12:84:
                    4e:c5:85:bd:61:78:49:67:e2:f4:55:16:60:bc:c1:
                    0b:81:26:78:e7:db:7e:ff:00:b9:7e:d0:80:a0:5b:
                    e8:be:2f:1f:b2:c3:85:ad:a2:2f:8c:9d:21:01:db:
                    22:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:ED:8A:28:61:E2:07:2C:3B:76:C5:4C:D7:64:82:D5:9E:ED:5A:07
            X509v3 Authority Key Identifier:
                keyid:46:3F:91:70:77:F8:F3:D0:E3:38:C7:42:EA:21:D6:43:58:D1:9D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rj-RcHf489DjOMdC6iHWQ1jRnVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/8b5f7c-b3ae-4b58-81bb-25a40c075f12/1/G-2KKGHiByw7dsVM12SC1Z7tWgc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/8b5f7c-b3ae-4b58-81bb-25a40c075f12/1/Rj-RcHf489DjOMdC6iHWQ1jRnVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.2.202.0/23
                  195.93.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:b4:68:d5:f4:86:19:13:74:85:87:c4:ab:6a:14:68:10:e0:
         07:01:d9:8d:5e:36:ec:d9:40:85:63:d3:67:67:92:19:a2:75:
         3a:59:54:33:9d:83:62:d1:ac:aa:1c:88:e7:74:3e:e3:32:c9:
         d9:76:99:63:22:06:75:51:95:32:a9:17:1a:bd:ac:2b:28:3a:
         58:e3:09:43:5d:67:ef:77:5c:43:3b:ae:64:19:49:d2:84:69:
         a8:2e:87:bc:e6:63:25:07:22:ba:02:4b:f4:52:ab:dd:b0:66:
         1f:6c:af:6d:1a:28:75:ff:13:14:0c:8a:98:b3:bd:21:be:36:
         18:ca:5d:c1:dd:fc:c9:cb:d5:dc:a0:02:1e:eb:d2:1d:49:ad:
         97:c9:20:50:1b:ef:88:25:9b:80:4e:c4:88:ef:12:29:ee:8c:
         20:8c:72:c5:b9:82:d8:15:6b:d4:e8:92:af:52:c6:80:a4:ab:
         77:da:47:39:d2:60:f0:24:74:c6:c0:4d:43:d9:d3:e8:d0:1f:
         cb:bc:19:2b:4b:e8:e3:aa:3f:3a:52:a4:2a:44:70:63:f2:f8:
         75:3e:7f:c2:5e:b5:ae:b2:36:9c:94:19:46:39:84:57:5b:b0:
         7b:b8:4d:cf:1b:e4:6e:29:5d:ea:0a:d3:63:e6:ef:26:c8:94:
         ea:89:8c:4f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZBZvyowf3MLTQvdFcNmFzU2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2M2Y5MTcwNzdmOGYzZDBlMzM4Yzc0MmVhMjFkNjQzNThk
MTlkNTIwHhcNMjQwNjI3MTI1MDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmVkOGEyODYxZTIwNzJjM2I3NmM1NGNkNzY0ODJkNTllZWQ1YTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0+E+fevXd1W9mcQBji3Z0jBJboJK
Wz8jaqJlLf6ZwKUqLsyKVmLPTBGGpUB1knXUXp1Y2NZfhCu/aq3bEiOQjhnwdKWX
hzShOYDSk6j9Ub7p3AdXBb2GpqGAdJSQ7jnpRcg+lZzFlkywmg8bcC2hYdNHXFNr
LwzFcuSirabQ8ml8/NtZGZO7fhiECQpokhg6u4H7nQk9SpH+x8W42VJ8qyyurMxu
OchNtX6NNM3Pb9X1aKlDsuVUJwXYybiZxGkBKcH/PZRWaUdfnJ3I8fAMEoROxYW9
YXhJZ+L0VRZgvMELgSZ459t+/wC5ftCAoFvovi8fssOFraIvjJ0hAdsiPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBvtiihh4gcsO3bFTNdkgtWe7VoHMB8GA1UdIwQY
MBaAFEY/kXB3+PPQ4zjHQuoh1kNY0Z1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmotUmNIZjQ4OURqT01kQzZpSFdRMWpSblZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC84YjVmN2MtYjNhZS00YjU4LTgxYmIt
MjVhNDBjMDc1ZjEyLzEvRy0yS0tHSGlCeXc3ZHNWTTEyU0MxWjd0V2djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC84YjVmN2MtYjNhZS00YjU4LTgxYmItMjVhNDBjMDc1ZjEy
LzEvUmotUmNIZjQ4OURqT01kQzZpSFdRMWpSblZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwwLKAwQB
w12EMA0GCSqGSIb3DQEBCwUAA4IBAQBGtGjV9IYZE3SFh8SrahRoEOAHAdmNXjbs
2UCFY9NnZ5IZonU6WVQznYNi0ayqHIjndD7jMsnZdpljIgZ1UZUyqRcavawrKDpY
4wlDXWfvd1xDO65kGUnShGmoLoe85mMlByK6Akv0UqvdsGYfbK9tGih1/xMUDIqY
s70hvjYYyl3B3fzJy9XcoAIe69IdSa2XySBQG++IJZuATsSI7xIp7owgjHLFuYLY
FWvU6JKvUsaApKt32kc50mDwJHTGwE1D2dPo0B/LvBkrS+jjqj86UqQqRHBj8vh1
Pn/CXrWusjaclBlGOYRXW7B7uE3PG+RuKV3qCtNj5u8myJTqiYxP
-----END CERTIFICATE-----