Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/GAiUFGBXzmcGjcnapyW3AVmBsyk.roa
File:                     GAiUFGBXzmcGjcnapyW3AVmBsyk.roa (raw, json)
Hash identifier:          aBUcJhPD+nPnIsDG7UVBK11b1Q02dlft4ouITGkpvIw=
Subject key identifier:   18:08:94:14:60:57:CE:67:06:8D:C9:DA:A7:25:B7:01:59:81:B3:29
Certificate issuer:       /CN=dc5c532f3cd5e11e19feb19655d4f19926f02020
Certificate serial:       0190647614D84E9FD76EC494FA873F385144
Authority key identifier: DC:5C:53:2F:3C:D5:E1:1E:19:FE:B1:96:55:D4:F1:99:26:F0:20:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3FxTLzzV4R4Z_rGWVdTxmSbwICA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/GAiUFGBXzmcGjcnapyW3AVmBsyk.roa
Signing time:             Sat 29 Jun 2024 14:46:18 +0000
ROA not before:           Sat 29 Jun 2024 14:46:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208057
IP address blocks:        213.191.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/3FxTLzzV4R4Z_rGWVdTxmSbwICA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/3FxTLzzV4R4Z_rGWVdTxmSbwICA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3FxTLzzV4R4Z_rGWVdTxmSbwICA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:64:76:14:d8:4e:9f:d7:6e:c4:94:fa:87:3f:38:51:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc5c532f3cd5e11e19feb19655d4f19926f02020
        Validity
            Not Before: Jun 29 14:46:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=180894146057ce67068dc9daa725b7015981b329
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:4e:20:0f:a2:b0:40:0f:cf:74:a5:f0:4c:b3:
                    94:f0:fc:cb:4a:f7:75:cb:0b:11:0f:aa:e8:ac:0a:
                    e5:e2:71:f3:23:4e:8f:6b:d4:0e:98:cd:67:ac:a3:
                    e4:a8:bd:b7:09:39:06:c7:da:32:97:79:78:14:de:
                    5a:a0:cb:1b:24:f5:20:c2:2e:f5:47:78:32:93:cd:
                    8e:c3:96:1c:95:d0:49:78:5a:7c:f6:2a:3a:3c:0a:
                    2e:12:d7:4f:88:05:c3:f8:d7:91:b1:91:26:75:c5:
                    6d:38:7b:bf:a7:c8:68:d0:a6:d3:a5:f6:7a:1b:23:
                    c8:20:f4:b6:4c:14:63:d7:27:fe:66:0d:23:a4:9e:
                    21:53:34:39:93:ad:95:3e:64:68:46:93:73:d5:42:
                    b1:11:2a:fe:56:46:29:e5:e3:fe:ea:80:94:92:ae:
                    22:bc:9c:52:ff:93:5d:55:3b:87:e5:e5:46:85:4d:
                    aa:3a:f3:3c:6e:13:67:92:92:b7:ea:36:9e:a6:20:
                    c7:7c:91:91:4e:66:85:57:74:c8:92:0c:74:d8:38:
                    97:83:71:5c:16:a7:b6:36:82:92:92:77:16:d7:ba:
                    20:ae:80:4e:15:7a:43:95:a2:02:ed:2e:49:dc:de:
                    3e:37:29:1d:85:5c:b4:6e:48:cc:54:91:0e:a6:c6:
                    ed:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:08:94:14:60:57:CE:67:06:8D:C9:DA:A7:25:B7:01:59:81:B3:29
            X509v3 Authority Key Identifier:
                keyid:DC:5C:53:2F:3C:D5:E1:1E:19:FE:B1:96:55:D4:F1:99:26:F0:20:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3FxTLzzV4R4Z_rGWVdTxmSbwICA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/GAiUFGBXzmcGjcnapyW3AVmBsyk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/db26ba-754d-4118-be31-4b6c1cf9fe4f/1/3FxTLzzV4R4Z_rGWVdTxmSbwICA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.191.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:b4:aa:81:58:5e:b9:e1:d2:93:b4:30:0c:6e:8a:df:d8:09:
         6b:5b:cd:be:41:d6:64:c3:29:74:a0:08:72:6b:5a:98:e6:68:
         d3:33:0f:49:45:ee:2e:1b:b1:71:55:03:eb:df:d0:c2:32:b9:
         a1:1e:52:fc:97:c8:87:54:73:77:a1:3d:c4:7d:26:c9:07:b3:
         cf:f2:e9:98:53:6a:36:71:59:b7:c2:92:f5:e5:45:de:2d:76:
         da:f7:d2:fb:67:d2:e6:db:f1:c4:ab:b1:32:c9:28:54:82:07:
         21:7a:7c:43:ba:14:ef:42:67:d7:0e:b6:20:8b:d6:03:c2:6d:
         a1:5f:7a:be:7f:f2:f2:27:7b:48:18:fc:0a:cb:2f:7d:07:87:
         ac:b0:b7:0d:eb:4f:b6:07:ca:96:e6:a5:31:b3:65:4d:df:fe:
         8b:01:1c:4d:9a:9b:8f:ad:44:c4:ac:83:f4:86:77:2f:09:3c:
         72:e9:e8:18:7e:44:6c:3e:5f:50:d3:af:9a:46:60:c0:53:59:
         96:22:34:9e:2e:9e:2e:d4:79:76:fc:ca:62:6f:14:e4:09:cf:
         69:b9:08:b6:1e:e6:c0:c0:82:53:49:a1:d9:9b:05:b7:17:0b:
         e7:eb:cd:4a:a5:dc:ac:a5:92:ec:88:83:50:19:a1:f5:43:37:
         85:ad:ba:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBkdhTYTp/XbsSU+oc/OFFEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNWM1MzJmM2NkNWUxMWUxOWZlYjE5NjU1ZDRmMTk5MjZm
MDIwMjAwHhcNMjQwNjI5MTQ0NjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODA4OTQxNDYwNTdjZTY3MDY4ZGM5ZGFhNzI1YjcwMTU5ODFiMzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9E4gD6KwQA/PdKXwTLOU8PzLSvd1
ywsRD6rorArl4nHzI06Pa9QOmM1nrKPkqL23CTkGx9oyl3l4FN5aoMsbJPUgwi71
R3gyk82Ow5YcldBJeFp89io6PAouEtdPiAXD+NeRsZEmdcVtOHu/p8ho0KbTpfZ6
GyPIIPS2TBRj1yf+Zg0jpJ4hUzQ5k62VPmRoRpNz1UKxESr+VkYp5eP+6oCUkq4i
vJxS/5NdVTuH5eVGhU2qOvM8bhNnkpK36jaepiDHfJGRTmaFV3TIkgx02DiXg3Fc
Fqe2NoKSkncW17ogroBOFXpDlaIC7S5J3N4+NykdhVy0bkjMVJEOpsbt6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBgIlBRgV85nBo3J2qcltwFZgbMpMB8GA1UdIwQY
MBaAFNxcUy881eEeGf6xllXU8Zkm8CAgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0Z4VEx6elY0UjRaX3JHV1ZkVHhtU2J3SUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9kYjI2YmEtNzU0ZC00MTE4LWJlMzEt
NGI2YzFjZjlmZTRmLzEvR0FpVUZHQlh6bWNHamNuYXB5VzNBVm1Cc3lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9kYjI2YmEtNzU0ZC00MTE4LWJlMzEtNGI2YzFjZjlmZTRm
LzEvM0Z4VEx6elY0UjRaX3JHV1ZkVHhtU2J3SUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1b+MMA0G
CSqGSIb3DQEBCwUAA4IBAQBOtKqBWF654dKTtDAMborf2AlrW82+QdZkwyl0oAhy
a1qY5mjTMw9JRe4uG7FxVQPr39DCMrmhHlL8l8iHVHN3oT3EfSbJB7PP8umYU2o2
cVm3wpL15UXeLXba99L7Z9Lm2/HEq7EyyShUggchenxDuhTvQmfXDrYgi9YDwm2h
X3q+f/LyJ3tIGPwKyy99B4essLcN60+2B8qW5qUxs2VN3/6LARxNmpuPrUTErIP0
hncvCTxy6egYfkRsPl9Q06+aRmDAU1mWIjSeLp4u1Hl2/MpibxTkCc9puQi2HubA
wIJTSaHZmwW3Fwvn681KpdyspZLsiINQGaH1QzeFrbo3
-----END CERTIFICATE-----