Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/GLlNMQCG-BBX0mjEjyxfph_HnTc.roa
File:                     GLlNMQCG-BBX0mjEjyxfph_HnTc.roa (raw, json)
Hash identifier:          tuG45iNKNAHV/xcmGtiOC1wN94306bAb6fXC8g713S0=
Subject key identifier:   18:B9:4D:31:00:86:F8:10:57:D2:68:C4:8F:2C:5F:A6:1F:C7:9D:37
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0190EE888D414D662BF8FDA8F68FF54AD4F5
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/GLlNMQCG-BBX0mjEjyxfph_HnTc.roa
Signing time:             Fri 26 Jul 2024 10:14:04 +0000
ROA not before:           Fri 26 Jul 2024 10:14:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210619
IP address blocks:        104.233.63.0/24 maxlen: 24
                          104.239.49.0/24 maxlen: 24
                          104.239.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ee:88:8d:41:4d:66:2b:f8:fd:a8:f6:8f:f5:4a:d4:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jul 26 10:14:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18b94d310086f81057d268c48f2c5fa61fc79d37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:47:41:c1:93:7a:39:7f:05:8e:7f:48:31:f1:
                    56:a5:a5:2e:ee:89:a4:0e:7c:2e:4c:9e:f1:d2:5a:
                    38:34:90:e8:10:96:d8:34:f4:e9:17:4c:a7:00:8d:
                    49:cc:c8:d3:d2:a3:f4:fe:ca:63:3f:ec:15:ac:83:
                    02:b9:ea:83:e9:f4:a5:63:59:cb:3d:b2:34:5b:f6:
                    30:ec:74:af:cd:df:82:ed:14:1f:f3:47:a9:48:50:
                    65:ab:e7:94:57:ff:f0:26:54:ec:a5:43:1b:8f:d8:
                    f3:3b:ad:13:d6:1e:8f:9b:3a:9c:26:9a:d9:0c:9e:
                    b0:ea:3b:7f:c6:1d:2e:7d:2d:a2:ad:18:4d:e6:c6:
                    8d:d3:6e:ca:12:b9:5c:e1:9d:45:70:7b:bb:3b:e4:
                    a9:6c:f4:7c:50:0a:78:82:98:22:96:68:b5:a7:eb:
                    4e:d9:f8:7d:9d:ee:b5:d2:11:04:08:11:01:76:03:
                    28:62:ab:b0:4f:6b:f5:b7:50:a4:c8:ab:dd:49:e9:
                    ee:64:9b:a2:46:e5:16:d0:78:8f:8a:b9:8a:eb:d2:
                    d9:1a:a7:da:d8:2a:f5:ec:3d:6e:a3:d1:8a:da:66:
                    aa:96:75:21:7d:af:ef:dc:96:4a:18:2e:1a:28:72:
                    e3:f7:d9:08:be:49:9c:02:b9:1e:9e:bc:0c:6f:91:
                    dc:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:B9:4D:31:00:86:F8:10:57:D2:68:C4:8F:2C:5F:A6:1F:C7:9D:37
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/GLlNMQCG-BBX0mjEjyxfph_HnTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.233.63.0/24
                  104.239.49.0-104.239.50.255

    Signature Algorithm: sha256WithRSAEncryption
         23:80:c8:e9:cd:3e:6b:0b:97:c7:1b:36:b3:1e:f6:4d:72:1d:
         a4:e7:e4:c2:1e:32:97:34:1a:8e:ce:7b:a1:cf:3a:62:f2:47:
         1c:6d:2a:09:a3:4e:ca:99:b0:eb:46:62:d7:94:f9:59:16:e0:
         97:80:bc:f7:f8:5f:9f:d4:b8:f6:13:dc:7d:a0:be:00:6f:10:
         1f:b9:40:36:51:19:9c:b3:eb:92:65:d2:bf:4e:57:f2:c1:55:
         19:b9:da:8d:b4:dc:db:7d:50:9d:e7:62:fd:00:bf:ee:16:e2:
         b3:a7:1d:ef:e5:3b:b6:85:67:d0:18:95:e5:91:04:0b:64:b4:
         8f:7f:0d:83:34:b5:ce:03:f9:e6:e6:51:cb:7a:d2:c0:7f:a2:
         45:31:f4:82:02:f3:af:ec:1d:a2:ec:62:c8:a1:a1:55:53:9f:
         c9:46:11:49:a7:d0:b5:1e:98:f8:dc:8a:c9:70:d9:57:28:09:
         09:b7:a4:ea:8a:ca:e3:0a:0c:49:b3:3b:be:22:eb:e0:cd:1f:
         c5:d6:63:f4:17:68:e9:d9:b0:31:c1:76:97:30:fb:ca:b5:2a:
         1e:81:72:e7:23:84:51:05:20:cc:05:8b:bc:10:29:ed:4e:31:
         2a:59:89:d5:39:be:04:7c:77:65:9f:5a:36:a9:ee:c7:45:00:
         67:f5:75:f0
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZDuiI1BTWYr+P2o9o/1StT1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQwNzI2MTAxNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGI5NGQzMTAwODZmODEwNTdkMjY4YzQ4ZjJjNWZhNjFmYzc5ZDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3UdBwZN6OX8Fjn9IMfFWpaUu7omk
DnwuTJ7x0lo4NJDoEJbYNPTpF0ynAI1JzMjT0qP0/spjP+wVrIMCueqD6fSlY1nL
PbI0W/Yw7HSvzd+C7RQf80epSFBlq+eUV//wJlTspUMbj9jzO60T1h6PmzqcJprZ
DJ6w6jt/xh0ufS2irRhN5saN027KErlc4Z1FcHu7O+SpbPR8UAp4gpgilmi1p+tO
2fh9ne610hEECBEBdgMoYquwT2v1t1CkyKvdSenuZJuiRuUW0HiPirmK69LZGqfa
2Cr17D1uo9GK2maqlnUhfa/v3JZKGC4aKHLj99kIvkmcArkenrwMb5HcuQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFBi5TTEAhvgQV9JoxI8sX6Yfx503MB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvR0xsTk1RQ0ctQkJYMG1qRWp5eGZwaF9IblRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAaOk/MAwD
BABo7zEDBABo7zIwDQYJKoZIhvcNAQELBQADggEBACOAyOnNPmsLl8cbNrMe9k1y
HaTn5MIeMpc0Go7Oe6HPOmLyRxxtKgmjTsqZsOtGYteU+VkW4JeAvPf4X5/UuPYT
3H2gvgBvEB+5QDZRGZyz65Jl0r9OV/LBVRm52o203Nt9UJ3nYv0Av+4W4rOnHe/l
O7aFZ9AYleWRBAtktI9/DYM0tc4D+ebmUct60sB/okUx9IIC86/sHaLsYsihoVVT
n8lGEUmn0LUemPjcislw2VcoCQm3pOqKyuMKDEmzO74i6+DNH8XWY/QXaOnZsDHB
dpcw+8q1Kh6BcucjhFEFIMwFi7wQKe1OMSpZidU5vgR8d2WfWjap7sdFAGf1dfA=
-----END CERTIFICATE-----