Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/792737-6a02-424b-82cb-a29ce7da10fd/1/GGyhB1m-Tb_5SN-B0_bWL7cC-B0.roa
File:                     GGyhB1m-Tb_5SN-B0_bWL7cC-B0.roa (raw, json)
Hash identifier:          XcWIQiQk5fM4Fgt6muLj97S1PUDk1ox/BdoKjil/svM=
Subject key identifier:   18:6C:A1:07:59:BE:4D:BF:F9:48:DF:81:D3:F6:D6:2F:B7:02:F8:1D
Certificate issuer:       /CN=cf40fdd82a0fdf3b70be18221eeba60d801ed7bf
Certificate serial:       018CC79573AED5A03622E0E64613E449B5F6
Authority key identifier: CF:40:FD:D8:2A:0F:DF:3B:70:BE:18:22:1E:EB:A6:0D:80:1E:D7:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z0D92CoP3ztwvhgiHuumDYAe178.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/792737-6a02-424b-82cb-a29ce7da10fd/1/GGyhB1m-Tb_5SN-B0_bWL7cC-B0.roa
Signing time:             Tue 02 Jan 2024 00:31:49 +0000
ROA not before:           Tue 02 Jan 2024 00:31:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206804
IP address blocks:        185.51.134.0/24 maxlen: 24
                          2001:1548:206::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/792737-6a02-424b-82cb-a29ce7da10fd/1/z0D92CoP3ztwvhgiHuumDYAe178.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/792737-6a02-424b-82cb-a29ce7da10fd/1/z0D92CoP3ztwvhgiHuumDYAe178.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z0D92CoP3ztwvhgiHuumDYAe178.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:73:ae:d5:a0:36:22:e0:e6:46:13:e4:49:b5:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf40fdd82a0fdf3b70be18221eeba60d801ed7bf
        Validity
            Not Before: Jan  2 00:31:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=186ca10759be4dbff948df81d3f6d62fb702f81d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:79:8a:8a:d3:19:84:da:6e:e0:6f:a7:0f:ee:
                    d8:96:95:15:e9:43:25:66:ef:92:15:15:d0:d4:b3:
                    0c:90:f6:ec:c4:18:5e:fc:11:20:9e:6c:0c:8c:ed:
                    31:e1:35:70:07:93:e1:63:0a:08:a8:0f:e7:4f:3f:
                    5d:a4:64:78:df:89:b5:0b:65:79:e8:fc:22:0d:85:
                    44:1a:8d:36:20:6c:6a:80:95:dc:f2:97:d2:0e:5c:
                    09:26:75:e3:d6:44:75:7f:8e:cc:00:4f:89:0e:a7:
                    cc:fa:51:be:3a:b4:a9:fa:0a:c1:b7:dc:7d:c3:1b:
                    94:e7:09:36:4d:a9:54:ae:33:4f:b6:08:3f:cb:2f:
                    8f:e9:8b:a7:70:fb:d3:7a:4f:df:df:5a:1a:7c:ba:
                    32:f5:e6:a2:98:45:03:c2:bd:c1:f3:f8:98:b8:c3:
                    9e:bb:72:ec:85:08:83:f5:49:bd:f5:9f:e0:80:66:
                    67:bd:32:30:bb:07:92:0d:1d:57:e4:eb:4e:ec:8d:
                    de:60:3c:d7:67:93:ce:bc:82:e6:e5:ab:ca:fb:27:
                    28:f8:46:7f:7f:d0:b3:45:51:dc:94:96:a6:f6:53:
                    90:a3:bd:89:d8:27:3a:6b:54:8c:6e:5b:70:44:72:
                    d7:00:99:a8:13:22:d1:4e:c7:ce:2b:7b:ef:6e:60:
                    18:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:6C:A1:07:59:BE:4D:BF:F9:48:DF:81:D3:F6:D6:2F:B7:02:F8:1D
            X509v3 Authority Key Identifier:
                keyid:CF:40:FD:D8:2A:0F:DF:3B:70:BE:18:22:1E:EB:A6:0D:80:1E:D7:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z0D92CoP3ztwvhgiHuumDYAe178.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/792737-6a02-424b-82cb-a29ce7da10fd/1/GGyhB1m-Tb_5SN-B0_bWL7cC-B0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/792737-6a02-424b-82cb-a29ce7da10fd/1/z0D92CoP3ztwvhgiHuumDYAe178.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.51.134.0/24
                IPv6:
                  2001:1548:206::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:f0:d6:41:52:9d:61:72:fa:94:60:3f:cc:cf:26:bd:b1:de:
         71:61:74:40:7e:28:22:80:f8:09:0a:81:9d:ab:0f:96:0c:44:
         83:8b:a1:2d:00:3f:aa:21:a1:d9:16:8e:b7:49:b6:22:d0:b5:
         c4:e4:ee:e3:62:70:9d:25:9c:71:dd:82:27:af:65:92:88:a8:
         c7:01:41:6d:08:6c:71:18:5b:9c:cd:97:b0:0f:d3:b9:0a:22:
         ca:69:f9:ee:84:2d:05:0f:9e:ac:11:1b:54:d8:69:d9:eb:64:
         8c:40:42:6f:e5:70:2c:45:2c:56:a2:ea:99:c5:f9:d5:37:0f:
         a6:04:d3:18:a6:b6:56:04:3a:31:39:f0:d3:c4:c9:0f:d1:59:
         5d:ba:ec:96:03:f8:0b:ad:d5:cf:be:a6:ea:c9:d0:aa:2e:cb:
         b7:2c:92:5c:89:33:04:6c:8e:2e:b6:f9:b5:e7:8a:b2:a6:49:
         6e:be:8a:43:9e:5f:ba:3e:3a:f4:21:95:a6:97:f8:a9:5d:6a:
         8b:0a:ad:32:5f:81:8d:45:38:13:44:5c:3e:1d:9e:f6:14:1a:
         7b:40:48:88:fc:59:6d:47:fa:9e:7e:02:8e:6c:fa:ba:f0:1d:
         d6:b7:10:ef:b3:61:04:c5:d9:b9:3f:20:2d:a9:90:4e:f7:75:
         03:04:eb:7a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHlXOu1aA2IuDmRhPkSbX2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmNDBmZGQ4MmEwZmRmM2I3MGJlMTgyMjFlZWJhNjBkODAx
ZWQ3YmYwHhcNMjQwMTAyMDAzMTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODZjYTEwNzU5YmU0ZGJmZjk0OGRmODFkM2Y2ZDYyZmI3MDJmODFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlnmKitMZhNpu4G+nD+7YlpUV6UMl
Zu+SFRXQ1LMMkPbsxBhe/BEgnmwMjO0x4TVwB5PhYwoIqA/nTz9dpGR434m1C2V5
6PwiDYVEGo02IGxqgJXc8pfSDlwJJnXj1kR1f47MAE+JDqfM+lG+OrSp+grBt9x9
wxuU5wk2TalUrjNPtgg/yy+P6YuncPvTek/f31oafLoy9eaimEUDwr3B8/iYuMOe
u3LshQiD9Um99Z/ggGZnvTIwuweSDR1X5OtO7I3eYDzXZ5POvILm5avK+yco+EZ/
f9CzRVHclJam9lOQo72J2Cc6a1SMbltwRHLXAJmoEyLRTsfOK3vvbmAY+QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBhsoQdZvk2/+UjfgdP21i+3AvgdMB8GA1UdIwQY
MBaAFM9A/dgqD987cL4YIh7rpg2AHte/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejBEOTJDb1AzenR3dmhnaUh1dW1EWUFlMTc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS83OTI3MzctNmEwMi00MjRiLTgyY2It
YTI5Y2U3ZGExMGZkLzEvR0d5aEIxbS1UYl81U04tQjBfYldMN2NDLUIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS83OTI3MzctNmEwMi00MjRiLTgyY2ItYTI5Y2U3ZGExMGZk
LzEvejBEOTJDb1AzenR3dmhnaUh1dW1EWUFlMTc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuTOGMA8E
AgACMAkDBwAgARVIAgYwDQYJKoZIhvcNAQELBQADggEBAB3w1kFSnWFy+pRgP8zP
Jr2x3nFhdEB+KCKA+AkKgZ2rD5YMRIOLoS0AP6ohodkWjrdJtiLQtcTk7uNicJ0l
nHHdgievZZKIqMcBQW0IbHEYW5zNl7AP07kKIspp+e6ELQUPnqwRG1TYadnrZIxA
Qm/lcCxFLFai6pnF+dU3D6YE0ximtlYEOjE58NPEyQ/RWV267JYD+Aut1c++purJ
0Kouy7csklyJMwRsji62+bXnirKmSW6+ikOeX7o+OvQhlaaX+KldaosKrTJfgY1F
OBNEXD4dnvYUGntASIj8WW1H+p5+Ao5s+rrwHda3EO+zYQTF2bk/IC2pkE73dQME
63o=
-----END CERTIFICATE-----