Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/Gl49lduMW2HKqvPObESY3WdxSkg.roa
File:                     Gl49lduMW2HKqvPObESY3WdxSkg.roa (raw, json)
Hash identifier:          fBhInUpOi8Z2Jcc4iASY6P0ueoEZvnze8GjQEBQO4tI=
Subject key identifier:   1A:5E:3D:95:DB:8C:5B:61:CA:AA:F3:CE:6C:44:98:DD:67:71:4A:48
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       018CC94D3AABDE09F6D4CCDAB8193E2D0BCA
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/Gl49lduMW2HKqvPObESY3WdxSkg.roa
Signing time:             Tue 02 Jan 2024 08:32:10 +0000
ROA not before:           Tue 02 Jan 2024 08:32:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6807
IP address blocks:        195.178.155.0/24 maxlen: 24
                          212.111.194.0/24 maxlen: 24
                          2a01:5c40:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Oct 2024 16:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:3a:ab:de:09:f6:d4:cc:da:b8:19:3e:2d:0b:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jan  2 08:32:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a5e3d95db8c5b61caaaf3ce6c4498dd67714a48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:48:ce:ac:c8:a2:f8:3e:3d:94:72:b1:30:2c:
                    f3:5d:2a:80:da:e5:dc:7d:e4:bf:4e:f6:72:bc:eb:
                    3a:e6:5b:49:74:16:b0:72:98:03:94:2b:94:55:0f:
                    64:3b:15:e6:9f:19:2c:4e:de:ba:56:75:1c:6f:8e:
                    11:14:c7:ce:22:64:7b:2d:f7:38:fe:3c:05:68:18:
                    53:7d:38:6d:22:44:a3:9b:af:2a:9b:c0:4c:12:c8:
                    9d:94:11:2d:b7:e4:db:ce:a7:f2:c8:f3:2c:c9:c3:
                    f6:15:ee:36:5c:a4:c0:e0:b4:82:2c:41:02:d1:5f:
                    7b:48:3f:a9:f1:45:13:b8:d9:99:1c:e0:f6:41:79:
                    aa:4a:18:29:47:a4:00:8e:46:f1:b6:55:a5:21:e5:
                    49:e6:be:78:15:16:d1:12:31:fc:43:66:57:99:72:
                    42:81:16:4d:e7:0f:8d:dc:2f:8f:bd:69:bb:07:2b:
                    cd:78:4e:eb:5c:7a:3b:0f:b0:2f:5a:df:8e:97:3c:
                    84:5e:a5:87:b2:5a:fa:af:d9:24:d8:d1:b7:96:58:
                    0e:c0:bd:df:b9:46:85:46:03:34:65:05:a2:92:1a:
                    b8:6d:9e:3c:82:7d:68:5b:83:4e:73:33:3a:02:19:
                    44:03:dd:39:cc:6f:e7:86:d9:82:a1:37:a3:65:c0:
                    11:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:5E:3D:95:DB:8C:5B:61:CA:AA:F3:CE:6C:44:98:DD:67:71:4A:48
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/Gl49lduMW2HKqvPObESY3WdxSkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.178.155.0/24
                  212.111.194.0/24
                IPv6:
                  2a01:5c40:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:c8:da:59:e1:6e:fb:a6:81:5b:2d:e9:75:de:0a:fe:e9:ef:
         c5:62:85:ac:45:fc:6f:7b:bb:72:4d:e1:a7:84:c6:6d:8a:d7:
         fc:0b:de:88:37:cc:af:22:94:cd:c5:a9:70:41:e7:c1:f2:24:
         48:3b:e9:4b:fa:39:d1:64:2c:91:d1:8b:38:04:60:5a:15:82:
         5c:49:97:e8:57:2b:e9:d9:2c:37:61:8b:b2:3d:87:cd:d8:8d:
         a8:38:b4:94:d8:d3:af:53:d1:af:26:b9:bd:23:05:2e:12:e1:
         a4:ba:29:3f:cc:5a:33:0f:85:2e:2c:68:ca:82:2a:fc:6f:85:
         e9:2f:6d:f0:87:fd:9c:d5:1e:4b:99:ec:f5:aa:f1:60:51:d1:
         87:16:af:4f:47:44:fc:62:1a:29:3d:5c:23:f5:32:4f:d0:dc:
         e6:c3:71:95:cc:ed:a5:03:2a:e9:0f:39:6e:35:9e:0f:d1:1d:
         f7:d8:57:96:00:c9:20:35:3f:38:12:ed:3c:5d:36:c3:73:4e:
         71:be:87:43:5f:90:9e:0e:e5:43:89:9f:db:55:c6:89:f6:79:
         26:46:06:a9:23:54:5a:ae:b4:29:de:7a:65:25:60:95:1f:07:
         88:da:d8:5e:98:1f:be:4d:d1:bb:0c:f9:6e:d7:c4:aa:d7:0c:
         76:90:9c:4a
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzJTTqr3gn21MzauBk+LQvKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQwMTAyMDgzMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTVlM2Q5NWRiOGM1YjYxY2FhYWYzY2U2YzQ0OThkZDY3NzE0YTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAikjOrMii+D49lHKxMCzzXSqA2uXc
feS/TvZyvOs65ltJdBawcpgDlCuUVQ9kOxXmnxksTt66VnUcb44RFMfOImR7Lfc4
/jwFaBhTfThtIkSjm68qm8BMEsidlBEtt+TbzqfyyPMsycP2Fe42XKTA4LSCLEEC
0V97SD+p8UUTuNmZHOD2QXmqShgpR6QAjkbxtlWlIeVJ5r54FRbREjH8Q2ZXmXJC
gRZN5w+N3C+PvWm7ByvNeE7rXHo7D7AvWt+OlzyEXqWHslr6r9kk2NG3llgOwL3f
uUaFRgM0ZQWikhq4bZ48gn1oW4NOczM6AhlEA905zG/nhtmCoTejZcAR9wIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFBpePZXbjFthyqrzzmxEmN1ncUpIMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvR2w0OWxkdU1XMkhLcXZQT2JFU1kzV2R4U2tnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAw7KbAwQA
1G/CMA8EAgACMAkDBwAqAVxAAAMwDQYJKoZIhvcNAQELBQADggEBAF3I2lnhbvum
gVst6XXeCv7p78VihaxF/G97u3JN4aeExm2K1/wL3og3zK8ilM3FqXBB58HyJEg7
6Uv6OdFkLJHRizgEYFoVglxJl+hXK+nZLDdhi7I9h83Yjag4tJTY069T0a8mub0j
BS4S4aS6KT/MWjMPhS4saMqCKvxvhekvbfCH/ZzVHkuZ7PWq8WBR0YcWr09HRPxi
Gik9XCP1Mk/Q3ObDcZXM7aUDKukPOW41ng/RHffYV5YAySA1PzgS7TxdNsNzTnG+
h0NfkJ4O5UOJn9tVxon2eSZGBqkjVFqutCneemUlYJUfB4ja2F6YH75N0bsM+W7X
xKrXDHaQnEo=
-----END CERTIFICATE-----