Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/GdXmxikGrR1baabP1RdjyTSOe0E.roa
File:                     GdXmxikGrR1baabP1RdjyTSOe0E.roa (raw, json)
Hash identifier:          bMDLnFU/nWtxQMlMMMqYNGRxtsP22ykzTqn5f4011Vs=
Subject key identifier:   19:D5:E6:C6:29:06:AD:1D:5B:69:A6:CF:D5:17:63:C9:34:8E:7B:41
Certificate issuer:       /CN=8ad9281aafefc8375ad8b4b7e604899555952237
Certificate serial:       018CC79561029AECECCF9D973682746EDEA4
Authority key identifier: 8A:D9:28:1A:AF:EF:C8:37:5A:D8:B4:B7:E6:04:89:95:55:95:22:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/itkoGq_vyDda2LS35gSJlVWVIjc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/GdXmxikGrR1baabP1RdjyTSOe0E.roa
Signing time:             Tue 02 Jan 2024 00:31:44 +0000
ROA not before:           Tue 02 Jan 2024 00:31:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57804
IP address blocks:        185.160.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/itkoGq_vyDda2LS35gSJlVWVIjc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/itkoGq_vyDda2LS35gSJlVWVIjc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/itkoGq_vyDda2LS35gSJlVWVIjc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:61:02:9a:ec:ec:cf:9d:97:36:82:74:6e:de:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ad9281aafefc8375ad8b4b7e604899555952237
        Validity
            Not Before: Jan  2 00:31:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19d5e6c62906ad1d5b69a6cfd51763c9348e7b41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ce:62:50:2d:be:93:3e:c1:47:3d:a6:3d:35:
                    c9:cf:65:e0:93:19:c1:19:69:9c:8d:c5:7f:ea:f9:
                    aa:08:b4:35:f8:6a:c0:7a:3c:84:79:3c:62:f1:f4:
                    e9:63:bb:10:f0:d7:0f:47:0c:99:0d:43:7b:7b:74:
                    cc:27:97:5c:66:8a:ec:b8:b4:a6:c8:7e:18:9c:1e:
                    90:89:c4:d5:af:cf:6f:76:e6:96:68:34:cb:b2:28:
                    93:36:7a:6b:65:8f:1b:f6:6a:a2:b3:5c:4f:fd:48:
                    e0:25:13:26:75:68:33:78:fd:a0:09:fb:86:b2:83:
                    73:74:7d:74:5f:75:0f:07:1f:b1:29:08:e6:ca:ba:
                    b1:a4:57:01:f6:2c:3d:8f:dc:3a:32:88:e4:73:88:
                    a7:64:b2:a6:62:90:54:f4:49:f0:57:61:ed:53:ec:
                    d3:95:1f:a6:43:b4:13:e5:ce:b9:ee:89:db:02:d3:
                    85:a8:1a:6f:43:32:62:8a:bd:ac:6c:43:58:08:b7:
                    26:c1:ba:f7:ce:45:2f:1c:06:80:cf:b5:89:cd:f3:
                    c6:c8:b3:b1:c9:43:6b:00:f7:00:3d:54:15:a7:9d:
                    8c:a9:03:66:29:c1:be:42:d1:78:f1:38:bd:aa:53:
                    43:9e:2b:74:48:6c:3e:b8:5a:9a:b7:5b:37:c4:fa:
                    d2:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:D5:E6:C6:29:06:AD:1D:5B:69:A6:CF:D5:17:63:C9:34:8E:7B:41
            X509v3 Authority Key Identifier:
                keyid:8A:D9:28:1A:AF:EF:C8:37:5A:D8:B4:B7:E6:04:89:95:55:95:22:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/itkoGq_vyDda2LS35gSJlVWVIjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/GdXmxikGrR1baabP1RdjyTSOe0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/itkoGq_vyDda2LS35gSJlVWVIjc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:89:c5:9a:d9:bd:28:c7:16:37:69:a1:d5:e7:7c:9d:13:cb:
         09:94:a0:86:eb:f4:39:a7:99:55:c8:39:e9:e1:a8:f3:b2:3a:
         d7:43:83:71:9e:84:d5:c8:a7:9a:9e:6d:59:54:44:5d:42:98:
         46:71:19:aa:8b:1c:ff:c6:d5:6e:a2:f2:29:6d:3b:85:df:d7:
         d0:6d:cc:3c:12:7a:bd:6f:77:7b:41:f5:f7:16:f5:db:c6:c8:
         a4:9e:1f:d7:e4:a8:ae:02:40:22:92:ab:58:19:6c:31:da:1a:
         fa:12:72:14:b6:a5:25:4b:1d:9c:e5:05:f8:d3:cd:31:bd:1f:
         f5:33:7c:de:ed:51:b6:95:bc:59:e6:84:7a:70:08:7c:b9:db:
         3c:b9:c6:c6:8a:ab:cf:29:0e:93:6d:2b:d2:4e:62:31:84:18:
         1f:17:2e:c2:20:38:16:e1:19:00:ae:8d:5d:d4:29:30:09:6a:
         1b:5c:d0:ac:bd:44:26:72:a7:c1:74:24:3e:b3:c3:e0:1a:8c:
         86:f3:d9:ad:02:70:63:f6:c3:65:d8:80:c3:e6:05:59:f7:50:
         82:43:43:94:bf:e0:26:9b:5c:33:b2:c6:04:ef:42:75:fa:ae:
         d8:10:dc:7c:53:4c:1d:fe:0c:f5:e6:56:9d:91:95:bd:77:64:
         48:25:f8:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlWECmuzsz52XNoJ0bt6kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZDkyODFhYWZlZmM4Mzc1YWQ4YjRiN2U2MDQ4OTk1NTU5
NTIyMzcwHhcNMjQwMTAyMDAzMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWQ1ZTZjNjI5MDZhZDFkNWI2OWE2Y2ZkNTE3NjNjOTM0OGU3YjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv85iUC2+kz7BRz2mPTXJz2XgkxnB
GWmcjcV/6vmqCLQ1+GrAejyEeTxi8fTpY7sQ8NcPRwyZDUN7e3TMJ5dcZorsuLSm
yH4YnB6QicTVr89vduaWaDTLsiiTNnprZY8b9mqis1xP/UjgJRMmdWgzeP2gCfuG
soNzdH10X3UPBx+xKQjmyrqxpFcB9iw9j9w6Mojkc4inZLKmYpBU9EnwV2HtU+zT
lR+mQ7QT5c657onbAtOFqBpvQzJiir2sbENYCLcmwbr3zkUvHAaAz7WJzfPGyLOx
yUNrAPcAPVQVp52MqQNmKcG+QtF48Ti9qlNDnit0SGw+uFqat1s3xPrSbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBnV5sYpBq0dW2mmz9UXY8k0jntBMB8GA1UdIwQY
MBaAFIrZKBqv78g3Wti0t+YEiZVVlSI3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXRrb0dxX3Z5RGRhMkxTMzVnU0psVldWSWpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8wNTg1MDktMmZlNy00ODZiLWI0YWQt
OGM3NGY5ZGQ2N2ZjLzEvR2RYbXhpa0dyUjFiYWFiUDFSZGp5VFNPZTBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8wNTg1MDktMmZlNy00ODZiLWI0YWQtOGM3NGY5ZGQ2N2Zj
LzEvaXRrb0dxX3Z5RGRhMkxTMzVnU0psVldWSWpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaBbMA0G
CSqGSIb3DQEBCwUAA4IBAQBGicWa2b0oxxY3aaHV53ydE8sJlKCG6/Q5p5lVyDnp
4ajzsjrXQ4NxnoTVyKeanm1ZVERdQphGcRmqixz/xtVuovIpbTuF39fQbcw8Enq9
b3d7QfX3FvXbxsiknh/X5KiuAkAikqtYGWwx2hr6EnIUtqUlSx2c5QX4080xvR/1
M3ze7VG2lbxZ5oR6cAh8uds8ucbGiqvPKQ6TbSvSTmIxhBgfFy7CIDgW4RkAro1d
1CkwCWobXNCsvUQmcqfBdCQ+s8PgGoyG89mtAnBj9sNl2IDD5gVZ91CCQ0OUv+Am
m1wzssYE70J1+q7YENx8U0wd/gz15ladkZW9d2RIJfhh
-----END CERTIFICATE-----