Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/fd220b-5f70-49c2-9cc7-908419d39401/1/gVKmbGF_GYGmI3cfQwrudCTb5AM.roa
File:                     gVKmbGF_GYGmI3cfQwrudCTb5AM.roa (raw, json)
Hash identifier:          giKgNqapatZpSerF64A5k1RvAL6uIPUVnz/pzRD2j+g=
Subject key identifier:   81:52:A6:6C:61:7F:19:81:A6:23:77:1F:43:0A:EE:74:24:DB:E4:03
Certificate issuer:       /CN=bf6c1df662374d4aecd0c8b3f84312df42125599
Certificate serial:       018CC2DAE88CB771FF97F89D6AD95918CB08
Authority key identifier: BF:6C:1D:F6:62:37:4D:4A:EC:D0:C8:B3:F8:43:12:DF:42:12:55:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v2wd9mI3TUrs0Miz-EMS30ISVZk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/fd220b-5f70-49c2-9cc7-908419d39401/1/gVKmbGF_GYGmI3cfQwrudCTb5AM.roa
Signing time:             Mon 01 Jan 2024 02:29:35 +0000
ROA not before:           Mon 01 Jan 2024 02:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        194.33.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/fd220b-5f70-49c2-9cc7-908419d39401/1/v2wd9mI3TUrs0Miz-EMS30ISVZk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/fd220b-5f70-49c2-9cc7-908419d39401/1/v2wd9mI3TUrs0Miz-EMS30ISVZk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v2wd9mI3TUrs0Miz-EMS30ISVZk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e8:8c:b7:71:ff:97:f8:9d:6a:d9:59:18:cb:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf6c1df662374d4aecd0c8b3f84312df42125599
        Validity
            Not Before: Jan  1 02:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8152a66c617f1981a623771f430aee7424dbe403
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:b3:45:e2:ac:c8:03:7c:7d:c9:7a:d3:54:c6:
                    98:14:c3:66:5b:35:87:63:97:06:49:a0:83:79:04:
                    bc:f1:e4:30:99:3d:d2:e2:01:6b:f7:b8:41:42:9f:
                    44:59:fa:d1:f0:58:41:9c:78:b6:be:5b:0a:a5:89:
                    22:e1:bd:a1:1b:9d:5a:c8:35:ca:91:37:71:46:2d:
                    da:e2:6b:ee:b9:18:54:c3:c3:44:50:4b:a6:9c:49:
                    5b:fc:95:d2:bc:31:42:18:f4:53:2a:c9:c7:41:05:
                    c9:f4:02:b8:e6:28:e6:3c:ba:ff:38:9f:07:f9:36:
                    b0:35:5a:36:8a:4f:b8:29:4d:22:ad:47:44:99:4e:
                    eb:ca:69:2c:74:10:28:ef:bd:f0:f1:d8:c2:c7:cb:
                    6c:c2:c2:9f:74:7c:9a:72:45:fd:23:18:f5:fc:d7:
                    c6:25:68:a9:31:e9:ed:5a:26:35:ce:0f:45:a4:08:
                    cf:6b:83:c9:bd:ed:35:0f:b5:09:b1:78:4d:e6:75:
                    5c:c5:fd:81:4b:73:c2:bd:78:49:50:39:a3:22:68:
                    40:72:24:84:4e:62:aa:e6:94:a5:7d:d2:76:fe:80:
                    ff:6c:d2:03:9a:f8:6e:0d:84:70:37:4f:1f:9f:66:
                    ac:8c:ee:58:c9:ee:35:ca:f2:ff:36:26:8f:f7:63:
                    32:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:52:A6:6C:61:7F:19:81:A6:23:77:1F:43:0A:EE:74:24:DB:E4:03
            X509v3 Authority Key Identifier:
                keyid:BF:6C:1D:F6:62:37:4D:4A:EC:D0:C8:B3:F8:43:12:DF:42:12:55:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v2wd9mI3TUrs0Miz-EMS30ISVZk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/fd220b-5f70-49c2-9cc7-908419d39401/1/gVKmbGF_GYGmI3cfQwrudCTb5AM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/fd220b-5f70-49c2-9cc7-908419d39401/1/v2wd9mI3TUrs0Miz-EMS30ISVZk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:ff:78:3f:ec:5a:5c:39:1a:57:d9:30:aa:eb:18:a9:f0:6d:
         2a:48:82:5c:9c:85:f4:da:4a:a9:66:82:e4:00:3b:e9:77:77:
         e2:b8:11:98:7c:64:b1:09:6e:4c:19:30:9c:f3:7c:02:c5:74:
         60:50:2a:25:bd:41:ac:c6:e3:a9:14:85:fb:64:2f:30:43:8d:
         f4:0a:56:7d:43:86:86:e9:f4:47:82:bb:20:d4:b7:f3:f0:23:
         7d:e4:0a:70:7f:b3:8f:f5:1d:6c:a3:e8:32:f3:98:05:04:56:
         f9:6e:ee:c1:e7:b0:1a:ca:d1:82:ac:05:0d:9d:7c:47:e0:60:
         0f:4e:d5:8f:14:0a:ef:9f:a2:f3:33:c6:50:01:83:e4:76:f9:
         bf:bc:43:7b:53:ba:41:89:7e:98:2a:6c:0c:9a:58:4a:63:84:
         6d:bf:be:09:ee:04:14:2f:ec:42:6d:05:ee:8b:01:49:f8:aa:
         ea:1a:5a:d4:1c:23:32:57:5b:32:f7:5e:24:a1:72:13:2e:4c:
         cf:ac:7c:e9:c8:ac:27:0d:33:67:7e:6a:55:d5:33:16:b9:ef:
         3a:9a:7a:00:93:cf:0c:87:0e:1f:e4:a0:e8:f8:55:4d:e7:39:
         44:e7:d2:ff:50:29:4e:1e:b1:c3:f3:a0:aa:07:7d:4a:2d:19:
         ab:93:4d:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2uiMt3H/l/idatlZGMsIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmNmMxZGY2NjIzNzRkNGFlY2QwYzhiM2Y4NDMxMmRmNDIx
MjU1OTkwHhcNMjQwMTAxMDIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTUyYTY2YzYxN2YxOTgxYTYyMzc3MWY0MzBhZWU3NDI0ZGJlNDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAibNF4qzIA3x9yXrTVMaYFMNmWzWH
Y5cGSaCDeQS88eQwmT3S4gFr97hBQp9EWfrR8FhBnHi2vlsKpYki4b2hG51ayDXK
kTdxRi3a4mvuuRhUw8NEUEumnElb/JXSvDFCGPRTKsnHQQXJ9AK45ijmPLr/OJ8H
+TawNVo2ik+4KU0irUdEmU7rymksdBAo773w8djCx8tswsKfdHyackX9Ixj1/NfG
JWipMentWiY1zg9FpAjPa4PJve01D7UJsXhN5nVcxf2BS3PCvXhJUDmjImhAciSE
TmKq5pSlfdJ2/oD/bNIDmvhuDYRwN08fn2asjO5Yye41yvL/NiaP92MyOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIFSpmxhfxmBpiN3H0MK7nQk2+QDMB8GA1UdIwQY
MBaAFL9sHfZiN01K7NDIs/hDEt9CElWZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjJ3ZDltSTNUVXJzME1pei1FTVMzMElTVlprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9mZDIyMGItNWY3MC00OWMyLTljYzct
OTA4NDE5ZDM5NDAxLzEvZ1ZLbWJHRl9HWUdtSTNjZlF3cnVkQ1RiNUFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9mZDIyMGItNWY3MC00OWMyLTljYzctOTA4NDE5ZDM5NDAx
LzEvdjJ3ZDltSTNUVXJzME1pei1FTVMzMElTVlprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiG4MA0G
CSqGSIb3DQEBCwUAA4IBAQAh/3g/7FpcORpX2TCq6xip8G0qSIJcnIX02kqpZoLk
ADvpd3fiuBGYfGSxCW5MGTCc83wCxXRgUColvUGsxuOpFIX7ZC8wQ430ClZ9Q4aG
6fRHgrsg1Lfz8CN95Apwf7OP9R1so+gy85gFBFb5bu7B57AaytGCrAUNnXxH4GAP
TtWPFArvn6LzM8ZQAYPkdvm/vEN7U7pBiX6YKmwMmlhKY4Rtv74J7gQUL+xCbQXu
iwFJ+KrqGlrUHCMyV1sy914koXITLkzPrHzpyKwnDTNnfmpV1TMWue86mnoAk88M
hw4f5KDo+FVN5zlE59L/UClOHrHD86CqB31KLRmrk02T
-----END CERTIFICATE-----