Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/a01f82-9193-4199-95a8-83ae5d9c832f/1/GXEw_qGCVwAVM9baiwHSxUI6R4w.roa
File:                     GXEw_qGCVwAVM9baiwHSxUI6R4w.roa (raw, json)
Hash identifier:          QYSV3lFUMuEiJCmTTlWmNNBw6s2ju6vB8Y5+ydoZND0=
Subject key identifier:   19:71:30:FE:A1:82:57:00:15:33:D6:DA:8B:01:D2:C5:42:3A:47:8C
Certificate issuer:       /CN=a59ac8323ebb6be20fae89d098ca24138f8c9005
Certificate serial:       018CC8012E9483541CEB690075C18EFBC557
Authority key identifier: A5:9A:C8:32:3E:BB:6B:E2:0F:AE:89:D0:98:CA:24:13:8F:8C:90:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pZrIMj67a-IPronQmMokE4-MkAU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/a01f82-9193-4199-95a8-83ae5d9c832f/1/GXEw_qGCVwAVM9baiwHSxUI6R4w.roa
Signing time:             Tue 02 Jan 2024 02:29:29 +0000
ROA not before:           Tue 02 Jan 2024 02:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34663
IP address blocks:        85.159.96.0/21 maxlen: 21
                          185.94.120.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/a01f82-9193-4199-95a8-83ae5d9c832f/1/pZrIMj67a-IPronQmMokE4-MkAU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/a01f82-9193-4199-95a8-83ae5d9c832f/1/pZrIMj67a-IPronQmMokE4-MkAU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pZrIMj67a-IPronQmMokE4-MkAU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:2e:94:83:54:1c:eb:69:00:75:c1:8e:fb:c5:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a59ac8323ebb6be20fae89d098ca24138f8c9005
        Validity
            Not Before: Jan  2 02:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=197130fea18257001533d6da8b01d2c5423a478c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:60:6c:59:89:ad:97:fe:75:d4:fc:43:93:02:
                    da:02:45:94:26:db:f1:24:30:14:8b:3b:ce:05:1d:
                    35:1f:90:35:f8:21:93:34:f5:97:52:72:00:77:d2:
                    6b:fe:fe:2b:c5:f4:89:b3:84:ef:99:11:0e:06:c3:
                    87:4f:b4:7a:cf:39:03:82:5a:d7:a2:f7:a4:91:f6:
                    63:61:9a:ff:15:37:c0:f5:77:2c:20:e0:13:c9:2b:
                    2c:01:c2:a8:76:fd:3b:58:4f:57:3f:0d:c2:f8:c0:
                    08:0f:27:64:fa:e5:6d:c9:4d:05:04:ad:83:cd:ae:
                    9c:f5:92:24:5b:7b:0e:5d:fb:30:72:c0:47:b5:5f:
                    40:eb:c4:cb:eb:3f:10:60:dc:20:1c:31:4a:de:a8:
                    ec:ee:9d:fa:f7:5e:83:11:89:f0:20:14:87:1e:45:
                    d1:f7:19:ed:dc:30:80:95:6c:d2:73:80:79:9f:56:
                    52:0b:e1:a2:1a:c3:3b:03:90:76:c4:3d:23:01:be:
                    d7:bd:a5:08:be:84:f3:ba:55:1f:44:dd:5f:a4:c8:
                    8d:e6:b2:9f:1c:34:50:91:b1:ee:7e:fc:35:bc:c4:
                    ed:60:70:2b:59:c8:d9:55:ed:6a:7b:47:02:70:d8:
                    ac:84:6f:a1:a0:ac:9e:de:af:f8:ad:71:8b:6f:30:
                    df:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:71:30:FE:A1:82:57:00:15:33:D6:DA:8B:01:D2:C5:42:3A:47:8C
            X509v3 Authority Key Identifier:
                keyid:A5:9A:C8:32:3E:BB:6B:E2:0F:AE:89:D0:98:CA:24:13:8F:8C:90:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pZrIMj67a-IPronQmMokE4-MkAU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/a01f82-9193-4199-95a8-83ae5d9c832f/1/GXEw_qGCVwAVM9baiwHSxUI6R4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/a01f82-9193-4199-95a8-83ae5d9c832f/1/pZrIMj67a-IPronQmMokE4-MkAU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.159.96.0/21
                  185.94.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         84:26:b5:7a:56:cf:6f:74:a4:fa:62:e0:90:08:70:eb:c1:4f:
         54:5d:9a:18:22:3c:16:19:fa:06:b9:eb:44:e8:f7:94:17:68:
         eb:37:17:84:ab:cf:aa:b6:24:7a:ba:23:95:b4:de:50:e2:22:
         69:cc:cc:7c:ea:d8:03:63:bb:32:42:68:ef:bb:fc:20:49:9f:
         2b:a3:51:e9:9f:5e:32:e3:d7:6a:14:97:cf:64:65:7c:79:e4:
         61:d8:b6:e0:9e:be:b5:66:65:14:62:79:fc:0b:cb:80:f8:36:
         d8:96:29:72:49:b3:f4:5e:bd:38:66:d2:9a:c7:9d:f6:b7:8c:
         e5:3c:a3:cd:a1:99:50:4d:23:69:97:f6:c9:4f:28:7f:d8:6e:
         7c:0f:94:5f:4f:9e:22:af:0a:01:ed:f0:58:88:2d:81:df:46:
         bd:48:26:70:a9:f6:16:82:ca:33:01:f9:2d:e9:e4:09:ad:fc:
         af:95:ad:fd:f3:d1:aa:60:0a:17:f9:0c:4c:3f:0d:f4:fd:2e:
         a6:e4:5b:b5:bf:aa:56:bb:86:a8:0e:ee:e3:04:85:06:d8:fe:
         85:45:08:5e:94:54:83:ef:b1:43:74:00:1c:2c:8a:f6:f8:97:
         5a:0b:dc:f8:52:53:13:d9:a2:2f:02:5f:70:5f:68:ce:7b:6e:
         5c:b7:ef:a4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAS6Ug1Qc62kAdcGO+8VXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1OWFjODMyM2ViYjZiZTIwZmFlODlkMDk4Y2EyNDEzOGY4
YzkwMDUwHhcNMjQwMTAyMDIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTcxMzBmZWExODI1NzAwMTUzM2Q2ZGE4YjAxZDJjNTQyM2E0NzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2BsWYmtl/511PxDkwLaAkWUJtvx
JDAUizvOBR01H5A1+CGTNPWXUnIAd9Jr/v4rxfSJs4TvmREOBsOHT7R6zzkDglrX
ovekkfZjYZr/FTfA9XcsIOATySssAcKodv07WE9XPw3C+MAIDydk+uVtyU0FBK2D
za6c9ZIkW3sOXfswcsBHtV9A68TL6z8QYNwgHDFK3qjs7p36916DEYnwIBSHHkXR
9xnt3DCAlWzSc4B5n1ZSC+GiGsM7A5B2xD0jAb7XvaUIvoTzulUfRN1fpMiN5rKf
HDRQkbHufvw1vMTtYHArWcjZVe1qe0cCcNishG+hoKye3q/4rXGLbzDf3wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBlxMP6hglcAFTPW2osB0sVCOkeMMB8GA1UdIwQY
MBaAFKWayDI+u2viD66J0JjKJBOPjJAFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFpySU1qNjdhLUlQcm9uUW1Nb2tFNC1Na0FVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9hMDFmODItOTE5My00MTk5LTk1YTgt
ODNhZTVkOWM4MzJmLzEvR1hFd19xR0NWd0FWTTliYWl3SFN4VUk2UjR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9hMDFmODItOTE5My00MTk5LTk1YTgtODNhZTVkOWM4MzJm
LzEvcFpySU1qNjdhLUlQcm9uUW1Nb2tFNC1Na0FVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDVZ9gAwQC
uV54MA0GCSqGSIb3DQEBCwUAA4IBAQCEJrV6Vs9vdKT6YuCQCHDrwU9UXZoYIjwW
GfoGuetE6PeUF2jrNxeEq8+qtiR6uiOVtN5Q4iJpzMx86tgDY7syQmjvu/wgSZ8r
o1Hpn14y49dqFJfPZGV8eeRh2Lbgnr61ZmUUYnn8C8uA+DbYlilySbP0Xr04ZtKa
x532t4zlPKPNoZlQTSNpl/bJTyh/2G58D5RfT54irwoB7fBYiC2B30a9SCZwqfYW
gsozAfkt6eQJrfyvla3989GqYAoX+QxMPw30/S6m5Fu1v6pWu4aoDu7jBIUG2P6F
RQhelFSD77FDdAAcLIr2+JdaC9z4UlMT2aIvAl9wX2jOe25ct++k
-----END CERTIFICATE-----