Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/7a96d1-cf1b-4f47-93ee-259fe1750eeb/1/GIzPCEuKJSX2evavd6Flcr9Fh0Q.roa
File:                     GIzPCEuKJSX2evavd6Flcr9Fh0Q.roa (raw, json)
Hash identifier:          hCwgv3Z6/BGim9DbI5RtIaf8j2Vz/hVPEE884jqp0lQ=
Subject key identifier:   18:8C:CF:08:4B:8A:25:25:F6:7A:F6:AF:77:A1:65:72:BF:45:87:44
Certificate issuer:       /CN=fcf9ada9b28b6997fda1c468a8d869638407a0bb
Certificate serial:       018CC8DE1031A51F49DCF128F2D0ED9F7D47
Authority key identifier: FC:F9:AD:A9:B2:8B:69:97:FD:A1:C4:68:A8:D8:69:63:84:07:A0:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_PmtqbKLaZf9ocRoqNhpY4QHoLs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/7a96d1-cf1b-4f47-93ee-259fe1750eeb/1/GIzPCEuKJSX2evavd6Flcr9Fh0Q.roa
Signing time:             Tue 02 Jan 2024 06:30:45 +0000
ROA not before:           Tue 02 Jan 2024 06:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202814
IP address blocks:        171.22.140.0/22 maxlen: 24
                          185.139.192.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/7a96d1-cf1b-4f47-93ee-259fe1750eeb/1/_PmtqbKLaZf9ocRoqNhpY4QHoLs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/7a96d1-cf1b-4f47-93ee-259fe1750eeb/1/_PmtqbKLaZf9ocRoqNhpY4QHoLs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_PmtqbKLaZf9ocRoqNhpY4QHoLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:10:31:a5:1f:49:dc:f1:28:f2:d0:ed:9f:7d:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fcf9ada9b28b6997fda1c468a8d869638407a0bb
        Validity
            Not Before: Jan  2 06:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=188ccf084b8a2525f67af6af77a16572bf458744
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:92:7a:b0:f4:9d:a7:71:46:6d:07:51:9a:eb:
                    42:2d:a6:53:4e:28:71:92:d3:b4:f4:6c:3c:1e:ff:
                    b4:7c:66:9c:63:3c:8e:6c:15:bc:9d:b0:3e:66:9e:
                    c9:01:90:1e:19:67:fd:8d:7b:05:64:cb:fb:0c:83:
                    f8:ee:35:33:ef:57:11:36:45:9e:d2:80:c9:c2:bb:
                    9a:bc:f9:f0:18:38:4f:5e:41:9a:5e:1b:3f:46:32:
                    46:f3:d5:c7:6d:d0:cb:ac:ed:4c:85:52:0a:61:be:
                    c7:40:d2:59:01:42:82:64:00:c2:16:48:ec:44:6c:
                    dd:d7:1a:54:f2:b0:70:13:ee:fe:76:40:8f:9c:b8:
                    e2:0f:ce:2d:f5:eb:a6:22:fd:84:a0:e7:5f:fa:23:
                    13:3c:f8:1d:8c:17:f5:cd:46:64:0a:50:5d:04:23:
                    ce:46:82:d8:71:bf:bc:f3:7e:b4:4c:c1:54:19:2c:
                    74:93:ad:84:7f:3c:85:42:df:96:07:b6:e4:62:a3:
                    7d:92:56:d7:57:12:be:65:e4:6d:68:4a:92:a4:79:
                    40:01:9f:01:19:a6:0e:8a:cc:2f:e1:00:3b:3b:ea:
                    8f:6f:30:9a:ad:ca:58:ea:06:00:2f:3b:87:3d:21:
                    ed:39:dc:57:a4:11:93:8e:f5:a6:fc:16:0e:d5:44:
                    66:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:8C:CF:08:4B:8A:25:25:F6:7A:F6:AF:77:A1:65:72:BF:45:87:44
            X509v3 Authority Key Identifier:
                keyid:FC:F9:AD:A9:B2:8B:69:97:FD:A1:C4:68:A8:D8:69:63:84:07:A0:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_PmtqbKLaZf9ocRoqNhpY4QHoLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/7a96d1-cf1b-4f47-93ee-259fe1750eeb/1/GIzPCEuKJSX2evavd6Flcr9Fh0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/7a96d1-cf1b-4f47-93ee-259fe1750eeb/1/_PmtqbKLaZf9ocRoqNhpY4QHoLs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.140.0/22
                  185.139.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:d9:1d:0a:ca:c4:c7:b0:91:bd:83:3c:6a:18:30:76:83:a7:
         dc:e4:e2:e8:fb:ac:0d:be:89:4a:b0:30:29:7f:64:14:0f:67:
         db:6e:33:d2:f9:cb:1a:7d:73:a9:da:f6:36:86:d1:06:53:15:
         70:fe:0e:5e:2f:55:ba:2a:4f:7c:14:a5:3e:9c:8e:10:a9:7a:
         13:13:0d:c0:13:be:08:fb:df:33:01:e8:b5:e5:9d:47:07:98:
         5f:52:be:d7:6b:b2:86:d3:c1:bd:98:ef:89:43:1b:5e:f6:19:
         de:c2:d4:fb:b9:2c:7a:28:05:42:11:47:b7:0b:70:f0:37:a4:
         bb:60:6d:85:3e:f8:bd:fe:0d:91:4a:f2:05:4b:e5:b3:a1:65:
         28:5a:fe:57:9e:49:65:2c:58:97:da:8b:f4:1a:4d:b4:48:d4:
         9f:c8:f9:8c:b8:48:ae:d5:08:b2:ea:9b:e6:26:f7:a2:ae:f0:
         24:8c:ca:19:e3:26:2b:36:c8:4c:3c:06:17:43:48:e7:c6:2b:
         de:49:07:49:f4:09:48:23:47:e9:45:b1:11:80:fd:b2:37:c3:
         fc:e4:9d:17:b3:a8:14:e9:27:58:8d:dc:93:56:5e:46:50:7e:
         29:f7:b5:f1:9f:f6:6c:34:13:2f:75:ae:81:71:b9:7d:5d:73:
         c9:10:0c:02
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3hAxpR9J3PEo8tDtn31HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjZjlhZGE5YjI4YjY5OTdmZGExYzQ2OGE4ZDg2OTYzODQw
N2EwYmIwHhcNMjQwMTAyMDYzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODhjY2YwODRiOGEyNTI1ZjY3YWY2YWY3N2ExNjU3MmJmNDU4NzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5J6sPSdp3FGbQdRmutCLaZTTihx
ktO09Gw8Hv+0fGacYzyObBW8nbA+Zp7JAZAeGWf9jXsFZMv7DIP47jUz71cRNkWe
0oDJwruavPnwGDhPXkGaXhs/RjJG89XHbdDLrO1MhVIKYb7HQNJZAUKCZADCFkjs
RGzd1xpU8rBwE+7+dkCPnLjiD84t9eumIv2EoOdf+iMTPPgdjBf1zUZkClBdBCPO
RoLYcb+88360TMFUGSx0k62EfzyFQt+WB7bkYqN9klbXVxK+ZeRtaEqSpHlAAZ8B
GaYOiswv4QA7O+qPbzCarcpY6gYALzuHPSHtOdxXpBGTjvWm/BYO1URm9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBiMzwhLiiUl9nr2r3ehZXK/RYdEMB8GA1UdIwQY
MBaAFPz5ramyi2mX/aHEaKjYaWOEB6C7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1BtdHFiS0xhWmY5b2NSb3FOaHBZNFFIb0xzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS83YTk2ZDEtY2YxYi00ZjQ3LTkzZWUt
MjU5ZmUxNzUwZWViLzEvR0l6UENFdUtKU1gyZXZhdmQ2RmxjcjlGaDBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS83YTk2ZDEtY2YxYi00ZjQ3LTkzZWUtMjU5ZmUxNzUwZWVi
LzEvX1BtdHFiS0xhWmY5b2NSb3FOaHBZNFFIb0xzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCqxaMAwQC
uYvAMA0GCSqGSIb3DQEBCwUAA4IBAQCB2R0KysTHsJG9gzxqGDB2g6fc5OLo+6wN
volKsDApf2QUD2fbbjPS+csafXOp2vY2htEGUxVw/g5eL1W6Kk98FKU+nI4QqXoT
Ew3AE74I+98zAei15Z1HB5hfUr7Xa7KG08G9mO+JQxte9hnewtT7uSx6KAVCEUe3
C3DwN6S7YG2FPvi9/g2RSvIFS+WzoWUoWv5XnkllLFiX2ov0Gk20SNSfyPmMuEiu
1Qiy6pvmJveirvAkjMoZ4yYrNshMPAYXQ0jnxiveSQdJ9AlII0fpRbERgP2yN8P8
5J0Xs6gU6SdYjdyTVl5GUH4p97Xxn/ZsNBMvda6Bcbl9XXPJEAwC
-----END CERTIFICATE-----