Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/GLNjfJPbeYN12aHG6twKNiwB9a4.roa
File:                     GLNjfJPbeYN12aHG6twKNiwB9a4.roa (raw, json)
Hash identifier:          J0zPVDTVkOvkO41vNVdQQeNPVLU0/cAXTDdfKp31/A8=
Subject key identifier:   18:B3:63:7C:93:DB:79:83:75:D9:A1:C6:EA:DC:0A:36:2C:01:F5:AE
Certificate issuer:       /CN=21e86ff9973c93abe6398f031966c29d75a3ba86
Certificate serial:       018CC794224A7574ED64F49CE4657FA32671
Authority key identifier: 21:E8:6F:F9:97:3C:93:AB:E6:39:8F:03:19:66:C2:9D:75:A3:BA:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/GLNjfJPbeYN12aHG6twKNiwB9a4.roa
Signing time:             Tue 02 Jan 2024 00:30:23 +0000
ROA not before:           Tue 02 Jan 2024 00:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40793
IP address blocks:        144.2.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:22:4a:75:74:ed:64:f4:9c:e4:65:7f:a3:26:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21e86ff9973c93abe6398f031966c29d75a3ba86
        Validity
            Not Before: Jan  2 00:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18b3637c93db798375d9a1c6eadc0a362c01f5ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:bd:d6:9d:e2:ab:20:64:03:24:8e:ec:74:1d:
                    46:b2:79:a6:6a:29:2c:91:8e:eb:7b:a9:8f:f7:62:
                    a3:ed:5e:ad:b4:f7:ce:40:89:9d:e7:d7:25:11:06:
                    da:28:c9:97:13:2b:30:42:f0:ff:f6:cf:68:63:1c:
                    f7:18:0a:e5:8e:2c:73:30:a1:85:57:6b:19:10:3b:
                    05:e5:22:9b:b8:64:8e:bb:0b:a8:80:91:84:0c:9b:
                    a2:82:09:79:ca:29:1d:ac:59:a3:ba:0a:0a:7b:78:
                    35:ce:41:49:7f:39:0e:5e:2c:81:0e:d7:83:91:b4:
                    1b:68:29:78:a7:4b:83:12:d4:5f:73:78:66:06:08:
                    45:ad:de:a6:2a:0a:87:c1:2e:e2:9b:cf:aa:0e:6b:
                    ab:45:51:3c:74:8e:d7:b7:ce:38:1a:0a:0f:c2:af:
                    a5:60:77:10:6e:fb:d7:21:da:f7:0a:d4:e4:6b:71:
                    7a:fe:13:61:b9:0f:6b:d5:24:bc:ff:aa:7d:88:42:
                    bf:42:c4:e1:2e:c2:1f:ea:ae:cf:cb:63:97:a0:31:
                    b5:cd:a0:bb:c1:28:67:65:84:36:51:df:cd:3a:7e:
                    9b:36:b9:ce:92:be:51:32:29:b0:7d:49:05:34:db:
                    00:0d:07:a7:81:09:fa:17:cc:0c:e0:df:9c:7c:b4:
                    ca:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:B3:63:7C:93:DB:79:83:75:D9:A1:C6:EA:DC:0A:36:2C:01:F5:AE
            X509v3 Authority Key Identifier:
                keyid:21:E8:6F:F9:97:3C:93:AB:E6:39:8F:03:19:66:C2:9D:75:A3:BA:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/GLNjfJPbeYN12aHG6twKNiwB9a4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.2.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:35:ad:c8:ab:78:d4:f2:be:49:58:6a:53:01:15:e6:2c:76:
         18:a7:16:e4:d6:f2:46:7c:ba:46:57:a1:46:f4:e3:ee:7d:ab:
         75:09:5b:74:00:6a:c9:3d:65:b6:76:93:21:b4:51:16:2b:cf:
         4f:ee:4b:eb:59:59:d0:f1:13:9d:94:ee:80:d9:06:e5:90:2b:
         49:0e:a2:88:6b:03:7a:c1:33:b5:e2:1e:4b:90:d5:71:2f:33:
         30:81:98:a7:22:2e:91:16:b2:d6:97:35:a7:4f:ff:fe:13:65:
         4a:c6:cb:cd:a8:1d:1e:55:c8:3c:2e:fc:e4:f1:30:07:e7:8e:
         eb:b9:55:65:28:fa:3c:13:70:05:ef:03:cb:9f:c6:53:e3:b7:
         87:87:0a:bb:c3:b5:1b:01:99:5e:90:53:b5:7f:3b:ac:01:e0:
         ea:5a:c8:8f:b4:cd:4c:3d:ff:42:5d:9b:9b:f5:ea:57:08:33:
         9e:10:4a:ed:1e:ab:f5:6d:ed:94:e1:d2:f5:1f:92:ae:eb:7c:
         0e:fa:e0:1e:47:6a:fd:4f:64:7c:23:25:1c:ec:84:bc:91:b5:
         89:df:18:d6:b8:7a:00:29:e4:22:ac:b8:96:21:f8:aa:5f:cc:
         71:5f:f8:7e:b2:83:51:ba:58:1a:48:39:42:62:d6:20:90:06:
         32:f0:bd:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlCJKdXTtZPSc5GV/oyZxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxZTg2ZmY5OTczYzkzYWJlNjM5OGYwMzE5NjZjMjlkNzVh
M2JhODYwHhcNMjQwMTAyMDAzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGIzNjM3YzkzZGI3OTgzNzVkOWExYzZlYWRjMGEzNjJjMDFmNWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzb3WneKrIGQDJI7sdB1Gsnmmaiks
kY7re6mP92Kj7V6ttPfOQImd59clEQbaKMmXEyswQvD/9s9oYxz3GArljixzMKGF
V2sZEDsF5SKbuGSOuwuogJGEDJuiggl5yikdrFmjugoKe3g1zkFJfzkOXiyBDteD
kbQbaCl4p0uDEtRfc3hmBghFrd6mKgqHwS7im8+qDmurRVE8dI7Xt844GgoPwq+l
YHcQbvvXIdr3CtTka3F6/hNhuQ9r1SS8/6p9iEK/QsThLsIf6q7Py2OXoDG1zaC7
wShnZYQ2Ud/NOn6bNrnOkr5RMimwfUkFNNsADQengQn6F8wM4N+cfLTKlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBizY3yT23mDddmhxurcCjYsAfWuMB8GA1UdIwQY
MBaAFCHob/mXPJOr5jmPAxlmwp11o7qGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWVodi1aYzhrNnZtT1k4REdXYkNuWFdqdW9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8yZjZkZDAtYjc2Zi00N2Q1LWE0YWIt
MzJmZWViNTY2ZWU2LzEvR0xOamZKUGJlWU4xMmFIRzZ0d0tOaXdCOWE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8yZjZkZDAtYjc2Zi00N2Q1LWE0YWItMzJmZWViNTY2ZWU2
LzEvSWVodi1aYzhrNnZtT1k4REdXYkNuWFdqdW9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkAITMA0G
CSqGSIb3DQEBCwUAA4IBAQA2Na3Iq3jU8r5JWGpTARXmLHYYpxbk1vJGfLpGV6FG
9OPufat1CVt0AGrJPWW2dpMhtFEWK89P7kvrWVnQ8ROdlO6A2QblkCtJDqKIawN6
wTO14h5LkNVxLzMwgZinIi6RFrLWlzWnT//+E2VKxsvNqB0eVcg8Lvzk8TAH547r
uVVlKPo8E3AF7wPLn8ZT47eHhwq7w7UbAZlekFO1fzusAeDqWsiPtM1MPf9CXZub
9epXCDOeEErtHqv1be2U4dL1H5Ku63wO+uAeR2r9T2R8IyUc7IS8kbWJ3xjWuHoA
KeQirLiWIfiqX8xxX/h+soNRulgaSDlCYtYgkAYy8L2j
-----END CERTIFICATE-----