Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/363ba7-89e3-495f-aa2e-c1eb73ffd416/1/GDJk5AZDHi9I9gzerzotMCsSvXI.roa
File:                     GDJk5AZDHi9I9gzerzotMCsSvXI.roa (raw, json)
Hash identifier:          KcUwSc1IcWkpX/fxElf0tOT17ofBNrgUbJHoJnzRuU4=
Subject key identifier:   18:32:64:E4:06:43:1E:2F:48:F6:0C:DE:AF:3A:2D:30:2B:12:BD:72
Certificate issuer:       /CN=c36806ea062f6053841288b446e2e0ded5b2f2e7
Certificate serial:       018CC3B67E521BFDEDC8134D9E96CD922EF6
Authority key identifier: C3:68:06:EA:06:2F:60:53:84:12:88:B4:46:E2:E0:DE:D5:B2:F2:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w2gG6gYvYFOEEoi0RuLg3tWy8uc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/363ba7-89e3-495f-aa2e-c1eb73ffd416/1/GDJk5AZDHi9I9gzerzotMCsSvXI.roa
Signing time:             Mon 01 Jan 2024 06:29:26 +0000
ROA not before:           Mon 01 Jan 2024 06:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202605
IP address blocks:        185.156.36.0/22 maxlen: 22
                          2a07:9a00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/363ba7-89e3-495f-aa2e-c1eb73ffd416/1/w2gG6gYvYFOEEoi0RuLg3tWy8uc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/363ba7-89e3-495f-aa2e-c1eb73ffd416/1/w2gG6gYvYFOEEoi0RuLg3tWy8uc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w2gG6gYvYFOEEoi0RuLg3tWy8uc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 18:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:7e:52:1b:fd:ed:c8:13:4d:9e:96:cd:92:2e:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c36806ea062f6053841288b446e2e0ded5b2f2e7
        Validity
            Not Before: Jan  1 06:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=183264e406431e2f48f60cdeaf3a2d302b12bd72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:5b:92:81:98:2d:d1:bd:90:30:49:0f:50:c7:
                    0d:5f:64:65:8a:c5:f9:06:77:e7:10:c0:81:f9:79:
                    00:c6:62:ae:43:15:f7:e9:e1:ca:ff:6f:7b:0a:85:
                    a4:f6:b4:a9:23:c3:06:c5:84:99:2e:00:fb:fa:d4:
                    62:e0:89:cd:2b:05:0f:40:9d:6f:76:96:11:a7:f4:
                    de:d1:a3:79:07:7c:a2:4b:93:24:71:20:5f:87:fd:
                    c7:43:5d:e6:95:21:b1:21:de:27:a3:52:73:8f:dc:
                    f7:28:c0:a8:c5:68:98:d7:2a:54:4b:ab:f1:31:58:
                    c6:58:4d:39:d6:96:a8:65:a7:0a:d3:6c:9c:48:dd:
                    5f:22:f3:79:1b:35:b5:ae:e8:4b:0b:5d:62:b6:10:
                    fa:02:08:a8:ce:ee:4f:17:8f:2d:fe:57:1b:8a:e5:
                    44:85:5e:ba:46:2f:f4:5f:c4:81:0a:37:29:96:85:
                    22:10:84:3f:e0:79:58:7c:5c:73:2c:2d:f2:33:95:
                    9e:bc:18:bb:fc:60:e7:69:db:a3:47:40:e7:0a:02:
                    54:eb:71:5f:9c:fa:00:61:90:71:61:60:8e:f1:bc:
                    29:d0:02:e5:88:21:f3:92:7a:b1:71:fa:ae:3b:60:
                    a0:52:aa:c1:c7:f3:01:db:74:b3:43:08:39:08:89:
                    a5:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:32:64:E4:06:43:1E:2F:48:F6:0C:DE:AF:3A:2D:30:2B:12:BD:72
            X509v3 Authority Key Identifier:
                keyid:C3:68:06:EA:06:2F:60:53:84:12:88:B4:46:E2:E0:DE:D5:B2:F2:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w2gG6gYvYFOEEoi0RuLg3tWy8uc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/363ba7-89e3-495f-aa2e-c1eb73ffd416/1/GDJk5AZDHi9I9gzerzotMCsSvXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/363ba7-89e3-495f-aa2e-c1eb73ffd416/1/w2gG6gYvYFOEEoi0RuLg3tWy8uc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.36.0/22
                IPv6:
                  2a07:9a00::/29

    Signature Algorithm: sha256WithRSAEncryption
         64:8c:4d:44:9e:54:76:b3:39:69:03:87:01:cd:32:82:e7:af:
         99:fe:35:bf:f3:3a:7a:a0:46:f3:2a:de:cd:cb:07:c8:4d:9b:
         1c:1e:05:55:69:4e:ae:b6:94:f2:a8:d1:41:90:bf:65:7e:ec:
         5f:7d:5e:4d:66:b0:af:e7:11:20:1f:30:07:1e:74:b2:2e:29:
         6f:f8:d5:19:52:86:59:c2:88:3f:44:7a:8b:39:73:2c:2a:6b:
         4c:cb:2d:35:12:8a:ef:3e:54:be:c2:8b:ee:65:9d:c8:5d:e2:
         e5:f0:cd:2b:74:09:71:de:63:48:a2:aa:e9:a1:08:be:6d:6d:
         b6:a9:74:26:f5:0d:75:f6:02:c5:61:87:64:66:e4:6b:7c:8c:
         ac:2c:6f:8e:16:1e:37:cd:db:84:20:98:9f:9b:af:04:67:a2:
         ed:29:ad:2f:76:6a:af:b2:c4:c9:cb:f8:c0:b3:f4:c4:df:f9:
         26:2b:a7:33:c3:94:5c:6d:34:c3:3e:99:10:73:05:e2:dd:f3:
         3e:d9:ca:95:71:4e:d6:88:68:ce:bf:c3:8c:af:38:26:d3:cd:
         53:1b:8f:4a:df:fc:c0:6a:c1:12:69:8e:b7:da:a9:49:e8:6d:
         7a:a0:6c:de:fc:0e:e7:bc:60:73:8f:47:d1:81:3f:0c:20:f9:
         b6:0d:d3:ea
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtn5SG/3tyBNNnpbNki72MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNjgwNmVhMDYyZjYwNTM4NDEyODhiNDQ2ZTJlMGRlZDVi
MmYyZTcwHhcNMjQwMTAxMDYyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODMyNjRlNDA2NDMxZTJmNDhmNjBjZGVhZjNhMmQzMDJiMTJiZDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFuSgZgt0b2QMEkPUMcNX2RlisX5
BnfnEMCB+XkAxmKuQxX36eHK/297CoWk9rSpI8MGxYSZLgD7+tRi4InNKwUPQJ1v
dpYRp/Te0aN5B3yiS5MkcSBfh/3HQ13mlSGxId4no1Jzj9z3KMCoxWiY1ypUS6vx
MVjGWE051paoZacK02ycSN1fIvN5GzW1ruhLC11ithD6Agiozu5PF48t/lcbiuVE
hV66Ri/0X8SBCjcploUiEIQ/4HlYfFxzLC3yM5WevBi7/GDnadujR0DnCgJU63Ff
nPoAYZBxYWCO8bwp0ALliCHzknqxcfquO2CgUqrBx/MB23SzQwg5CImlxwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBgyZOQGQx4vSPYM3q86LTArEr1yMB8GA1UdIwQY
MBaAFMNoBuoGL2BThBKItEbi4N7VsvLnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzJnRzZnWXZZRk9FRW9pMFJ1TGczdFd5OHVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi8zNjNiYTctODllMy00OTVmLWFhMmUt
YzFlYjczZmZkNDE2LzEvR0RKazVBWkRIaTlJOWd6ZXJ6b3RNQ3NTdlhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi8zNjNiYTctODllMy00OTVmLWFhMmUtYzFlYjczZmZkNDE2
LzEvdzJnRzZnWXZZRk9FRW9pMFJ1TGczdFd5OHVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZwkMA0E
AgACMAcDBQMqB5oAMA0GCSqGSIb3DQEBCwUAA4IBAQBkjE1EnlR2szlpA4cBzTKC
56+Z/jW/8zp6oEbzKt7NywfITZscHgVVaU6utpTyqNFBkL9lfuxffV5NZrCv5xEg
HzAHHnSyLilv+NUZUoZZwog/RHqLOXMsKmtMyy01EorvPlS+wovuZZ3IXeLl8M0r
dAlx3mNIoqrpoQi+bW22qXQm9Q119gLFYYdkZuRrfIysLG+OFh43zduEIJifm68E
Z6LtKa0vdmqvssTJy/jAs/TE3/kmK6czw5RcbTTDPpkQcwXi3fM+2cqVcU7WiGjO
v8OMrzgm081TG49K3/zAasESaY632qlJ6G16oGze/A7nvGBzj0fRgT8MIPm2DdPq
-----END CERTIFICATE-----