Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/a8f02b-6563-40a9-a35a-1f09bb6db1b6/1/GU7LJlWOmvKqbfhyTHULbE7Q3JI.roa
File:                     GU7LJlWOmvKqbfhyTHULbE7Q3JI.roa (raw, json)
Hash identifier:          G9pBM5B2pGYho2cPCNbIlsyWeIwomP7LULNZf88ttpg=
Subject key identifier:   19:4E:CB:26:55:8E:9A:F2:AA:6D:F8:72:4C:75:0B:6C:4E:D0:DC:92
Certificate issuer:       /CN=8b511865930299763e0e5f2d82567dc5a1d53e79
Certificate serial:       01932AE549C135F7E13025D2C807BDAF3C7F
Authority key identifier: 8B:51:18:65:93:02:99:76:3E:0E:5F:2D:82:56:7D:C5:A1:D5:3E:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i1EYZZMCmXY-Dl8tglZ9xaHVPnk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/a8f02b-6563-40a9-a35a-1f09bb6db1b6/1/GU7LJlWOmvKqbfhyTHULbE7Q3JI.roa
Signing time:             Thu 14 Nov 2024 13:38:09 +0000
ROA not before:           Thu 14 Nov 2024 13:38:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15461
IP address blocks:        91.219.220.0/22 maxlen: 32
                          193.93.12.0/22 maxlen: 32
                          2001:67c:f84::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/a8f02b-6563-40a9-a35a-1f09bb6db1b6/1/i1EYZZMCmXY-Dl8tglZ9xaHVPnk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/a8f02b-6563-40a9-a35a-1f09bb6db1b6/1/i1EYZZMCmXY-Dl8tglZ9xaHVPnk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i1EYZZMCmXY-Dl8tglZ9xaHVPnk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2a:e5:49:c1:35:f7:e1:30:25:d2:c8:07:bd:af:3c:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b511865930299763e0e5f2d82567dc5a1d53e79
        Validity
            Not Before: Nov 14 13:38:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=194ecb26558e9af2aa6df8724c750b6c4ed0dc92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:6c:73:dc:f1:55:78:11:76:13:0c:fd:22:95:
                    18:57:23:4b:1f:c9:17:ae:4c:19:63:40:3c:be:77:
                    bf:a4:f4:70:9f:8e:7f:85:4f:8a:e9:23:9c:78:3a:
                    26:11:7b:45:8b:f6:55:f1:63:f9:66:26:ed:d5:08:
                    1d:a4:b6:68:07:8d:af:d6:a2:e7:ff:94:75:fc:1c:
                    77:93:9d:59:38:3a:7e:b6:b6:4d:97:78:05:d7:c6:
                    42:da:64:0f:cc:ba:73:d6:85:66:e2:cf:e0:1c:db:
                    1d:a5:68:fd:b2:8f:6e:ca:6a:4f:10:8f:0f:6b:16:
                    c8:5c:20:3d:98:de:92:c7:3e:03:57:4c:b2:bd:c7:
                    e5:ab:bf:ad:91:d5:a7:19:33:e7:b8:2f:86:48:ba:
                    3c:f4:a0:4f:78:57:db:5a:23:30:18:81:ce:92:cc:
                    9b:37:85:58:67:39:66:db:f5:51:28:b2:95:57:fb:
                    b6:ef:74:60:1c:c0:85:8e:40:57:ab:a8:c0:c3:09:
                    6f:f3:c7:4a:9a:fe:fb:11:e4:79:2b:80:25:3f:d7:
                    9e:42:25:b6:53:03:19:a2:08:65:0f:04:23:87:3b:
                    9e:2f:48:05:9c:ae:0c:a8:7d:fd:03:20:86:2a:0e:
                    cc:cb:7c:46:0e:64:de:81:15:73:d4:65:ef:d6:f6:
                    48:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:4E:CB:26:55:8E:9A:F2:AA:6D:F8:72:4C:75:0B:6C:4E:D0:DC:92
            X509v3 Authority Key Identifier:
                keyid:8B:51:18:65:93:02:99:76:3E:0E:5F:2D:82:56:7D:C5:A1:D5:3E:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i1EYZZMCmXY-Dl8tglZ9xaHVPnk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/a8f02b-6563-40a9-a35a-1f09bb6db1b6/1/GU7LJlWOmvKqbfhyTHULbE7Q3JI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/a8f02b-6563-40a9-a35a-1f09bb6db1b6/1/i1EYZZMCmXY-Dl8tglZ9xaHVPnk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.219.220.0/22
                  193.93.12.0/22
                IPv6:
                  2001:67c:f84::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:48:9c:62:f8:9d:69:89:70:75:bc:0c:75:85:18:71:b5:98:
         b0:4b:30:c4:06:76:62:24:0b:b7:39:38:fb:98:54:52:6a:19:
         d0:75:52:e5:6a:48:89:f0:fa:98:33:36:81:23:0d:90:16:0c:
         bf:53:9c:27:4c:be:82:5e:c1:46:a1:80:89:92:fa:f5:94:f4:
         d3:34:8e:e4:03:76:09:1d:66:d2:6d:42:91:98:57:ba:8a:4c:
         51:40:6d:58:21:df:81:91:8a:00:6a:27:62:13:df:db:fe:b9:
         a1:66:8e:29:03:5b:64:ee:63:35:ac:9c:32:73:6e:de:52:71:
         34:74:57:14:f3:1c:34:fc:53:ae:56:81:14:3e:c6:f5:3b:41:
         27:93:4e:69:03:ff:d2:eb:74:20:94:58:8c:ab:c6:f7:76:86:
         0d:d7:1f:dc:56:ef:a7:54:08:fa:20:ac:a4:11:48:29:c8:b9:
         66:6f:3f:c9:bd:cf:7d:7a:08:3b:9f:17:d7:66:fd:35:5f:59:
         6a:d2:ee:68:ef:10:1c:8e:02:38:91:67:d6:08:e9:e0:a4:da:
         5b:97:92:d2:a9:5f:99:2d:ae:1e:e5:e6:ca:0c:eb:75:d8:7e:
         d8:6c:f9:04:de:fc:f8:32:5e:31:84:9a:a4:6b:9f:e9:a8:24:
         38:28:0c:35
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZMq5UnBNffhMCXSyAe9rzx/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiNTExODY1OTMwMjk5NzYzZTBlNWYyZDgyNTY3ZGM1YTFk
NTNlNzkwHhcNMjQxMTE0MTMzODA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTRlY2IyNjU1OGU5YWYyYWE2ZGY4NzI0Yzc1MGI2YzRlZDBkYzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2xz3PFVeBF2Ewz9IpUYVyNLH8kX
rkwZY0A8vne/pPRwn45/hU+K6SOceDomEXtFi/ZV8WP5Zibt1QgdpLZoB42v1qLn
/5R1/Bx3k51ZODp+trZNl3gF18ZC2mQPzLpz1oVm4s/gHNsdpWj9so9uympPEI8P
axbIXCA9mN6Sxz4DV0yyvcflq7+tkdWnGTPnuC+GSLo89KBPeFfbWiMwGIHOksyb
N4VYZzlm2/VRKLKVV/u273RgHMCFjkBXq6jAwwlv88dKmv77EeR5K4AlP9eeQiW2
UwMZoghlDwQjhzueL0gFnK4MqH39AyCGKg7My3xGDmTegRVz1GXv1vZIVQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFBlOyyZVjpryqm34ckx1C2xO0NySMB8GA1UdIwQY
MBaAFItRGGWTApl2Pg5fLYJWfcWh1T55MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTFFWVpaTUNtWFktRGw4dGdsWjl4YUhWUG5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9hOGYwMmItNjU2My00MGE5LWEzNWEt
MWYwOWJiNmRiMWI2LzEvR1U3TEpsV09tdktxYmZoeVRIVUxiRTdRM0pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9hOGYwMmItNjU2My00MGE5LWEzNWEtMWYwOWJiNmRiMWI2
LzEvaTFFWVpaTUNtWFktRGw4dGdsWjl4YUhWUG5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQCW9vcAwQC
wV0MMA8EAgACMAkDBwAgAQZ8D4QwDQYJKoZIhvcNAQELBQADggEBAGxInGL4nWmJ
cHW8DHWFGHG1mLBLMMQGdmIkC7c5OPuYVFJqGdB1UuVqSInw+pgzNoEjDZAWDL9T
nCdMvoJewUahgImS+vWU9NM0juQDdgkdZtJtQpGYV7qKTFFAbVgh34GRigBqJ2IT
39v+uaFmjikDW2TuYzWsnDJzbt5ScTR0VxTzHDT8U65WgRQ+xvU7QSeTTmkD/9Lr
dCCUWIyrxvd2hg3XH9xW76dUCPogrKQRSCnIuWZvP8m9z316CDufF9dm/TVfWWrS
7mjvEByOAjiRZ9YI6eCk2luXktKpX5ktrh7l5soM63XYfths+QTe/PgyXjGEmqRr
n+moJDgoDDU=
-----END CERTIFICATE-----