Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/0217e6-d2c3-46f8-8e49-3f1439a15f1b/1/GPyQee34Y8mZFlQIteSfIuhRr2I.roa
File:                     GPyQee34Y8mZFlQIteSfIuhRr2I.roa (raw, json)
Hash identifier:          8Re8HGn4121lQ42XjCWTd43/gNTaXC8Glhn1w0sMF58=
Subject key identifier:   18:FC:90:79:ED:F8:63:C9:99:16:54:08:B5:E4:9F:22:E8:51:AF:62
Certificate issuer:       /CN=a83084a09eddcf556d19b3b7355c9defe0a278f5
Certificate serial:       018CCA2A0C46EBBED9063F282CE3AA252DCE
Authority key identifier: A8:30:84:A0:9E:DD:CF:55:6D:19:B3:B7:35:5C:9D:EF:E0:A2:78:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qDCEoJ7dz1VtGbO3NVyd7-CiePU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/0217e6-d2c3-46f8-8e49-3f1439a15f1b/1/GPyQee34Y8mZFlQIteSfIuhRr2I.roa
Signing time:             Tue 02 Jan 2024 12:33:22 +0000
ROA not before:           Tue 02 Jan 2024 12:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198491
IP address blocks:        195.85.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/0217e6-d2c3-46f8-8e49-3f1439a15f1b/1/qDCEoJ7dz1VtGbO3NVyd7-CiePU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/0217e6-d2c3-46f8-8e49-3f1439a15f1b/1/qDCEoJ7dz1VtGbO3NVyd7-CiePU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qDCEoJ7dz1VtGbO3NVyd7-CiePU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:0c:46:eb:be:d9:06:3f:28:2c:e3:aa:25:2d:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83084a09eddcf556d19b3b7355c9defe0a278f5
        Validity
            Not Before: Jan  2 12:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18fc9079edf863c999165408b5e49f22e851af62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:65:81:4d:13:c6:75:84:59:fa:cd:f1:07:24:
                    88:5d:45:bc:54:09:e3:98:65:39:e0:1f:2e:70:d8:
                    1c:86:c8:33:fd:01:72:3c:eb:7a:07:42:a1:88:84:
                    a7:f3:d8:a8:20:e8:a2:00:15:30:c4:56:ee:12:f8:
                    c0:fe:71:b5:96:c3:7f:9e:0f:2c:7b:f1:7e:d8:28:
                    50:64:bb:76:d7:98:ae:47:92:7f:84:33:2f:0f:34:
                    45:3a:49:89:56:9d:b0:99:6d:e1:a0:9a:dc:d4:23:
                    e8:56:3e:b5:5c:56:1d:7c:7f:87:2e:a6:e5:45:2f:
                    ae:46:fb:7b:48:7d:ec:79:73:f9:0c:54:4b:d7:20:
                    74:f0:ae:fb:48:d0:47:5d:ee:00:d5:02:95:55:28:
                    91:12:ce:de:69:9e:fe:af:7d:54:97:d9:8e:8d:2f:
                    93:15:a8:32:42:a9:04:fb:e7:9d:a9:6c:e5:28:2e:
                    ed:b9:20:b2:9f:e6:d7:3a:86:ab:fb:ee:ca:30:75:
                    c1:e3:c7:58:37:a9:e1:45:89:6d:24:70:ad:ec:54:
                    6a:81:3f:8e:0a:9c:24:85:00:05:9b:a4:9e:27:4c:
                    30:96:c2:dd:cd:a8:dc:99:28:af:d8:c2:ae:5b:e4:
                    29:9c:fe:86:d6:b7:dc:b3:3b:d8:68:4c:cb:16:81:
                    bd:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:FC:90:79:ED:F8:63:C9:99:16:54:08:B5:E4:9F:22:E8:51:AF:62
            X509v3 Authority Key Identifier:
                keyid:A8:30:84:A0:9E:DD:CF:55:6D:19:B3:B7:35:5C:9D:EF:E0:A2:78:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qDCEoJ7dz1VtGbO3NVyd7-CiePU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/0217e6-d2c3-46f8-8e49-3f1439a15f1b/1/GPyQee34Y8mZFlQIteSfIuhRr2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/0217e6-d2c3-46f8-8e49-3f1439a15f1b/1/qDCEoJ7dz1VtGbO3NVyd7-CiePU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:47:b1:79:3d:9b:d3:d4:ca:91:b1:40:e5:e1:4e:ef:0f:42:
         59:67:c4:6f:6d:c7:3b:65:98:19:b0:70:55:4c:de:ea:4b:6f:
         54:3c:2f:5c:b2:3e:e2:29:74:66:e9:21:af:6b:6b:fa:23:ca:
         cc:f3:a9:42:a3:ef:4e:a8:c9:cf:29:92:a1:0d:90:7b:4a:7f:
         b5:2f:62:ac:bf:36:ee:54:76:d4:f0:6b:6b:27:33:93:3b:fd:
         c9:5a:1c:21:59:df:dd:e6:e6:17:28:5f:f9:4b:bf:b6:17:84:
         e7:54:b8:3a:a1:a4:a3:96:28:a2:aa:0e:65:70:9f:5f:8b:bf:
         09:45:74:bf:29:47:7d:87:f6:0d:ae:f6:38:48:14:c3:6f:72:
         1d:62:fe:63:f8:9a:b9:f1:3b:9a:0a:33:23:94:92:72:ae:53:
         59:44:63:87:de:eb:f6:7f:bb:6d:6c:7c:c4:02:a0:2e:2a:92:
         18:8e:ba:1b:76:a3:36:2e:63:92:31:4a:ee:2a:68:62:60:05:
         0d:3c:70:30:9e:bd:70:cf:4d:49:d7:58:b6:c4:68:5a:d6:62:
         b0:23:b1:fe:32:4c:5a:e1:0a:a1:4c:b7:aa:b8:cf:b9:44:75:
         e4:28:0c:11:b2:0b:10:f4:aa:4f:d1:c6:98:28:7e:92:48:23:
         f4:0c:19:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKgxG677ZBj8oLOOqJS3OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MzA4NGEwOWVkZGNmNTU2ZDE5YjNiNzM1NWM5ZGVmZTBh
Mjc4ZjUwHhcNMjQwMTAyMTIzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGZjOTA3OWVkZjg2M2M5OTkxNjU0MDhiNWU0OWYyMmU4NTFhZjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5GWBTRPGdYRZ+s3xBySIXUW8VAnj
mGU54B8ucNgchsgz/QFyPOt6B0KhiISn89ioIOiiABUwxFbuEvjA/nG1lsN/ng8s
e/F+2ChQZLt215iuR5J/hDMvDzRFOkmJVp2wmW3hoJrc1CPoVj61XFYdfH+HLqbl
RS+uRvt7SH3seXP5DFRL1yB08K77SNBHXe4A1QKVVSiREs7eaZ7+r31Ul9mOjS+T
FagyQqkE++edqWzlKC7tuSCyn+bXOoar++7KMHXB48dYN6nhRYltJHCt7FRqgT+O
CpwkhQAFm6SeJ0wwlsLdzajcmSiv2MKuW+QpnP6G1rfcszvYaEzLFoG9rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBj8kHnt+GPJmRZUCLXknyLoUa9iMB8GA1UdIwQY
MBaAFKgwhKCe3c9VbRmztzVcne/gonj1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcURDRW9KN2R6MVZ0R2JPM05WeWQ3LUNpZVBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS8wMjE3ZTYtZDJjMy00NmY4LThlNDkt
M2YxNDM5YTE1ZjFiLzEvR1B5UWVlMzRZOG1aRmxRSXRlU2ZJdWhScjJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS8wMjE3ZTYtZDJjMy00NmY4LThlNDktM2YxNDM5YTE1ZjFi
LzEvcURDRW9KN2R6MVZ0R2JPM05WeWQ3LUNpZVBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1XQMA0G
CSqGSIb3DQEBCwUAA4IBAQB9R7F5PZvT1MqRsUDl4U7vD0JZZ8Rvbcc7ZZgZsHBV
TN7qS29UPC9csj7iKXRm6SGva2v6I8rM86lCo+9OqMnPKZKhDZB7Sn+1L2Ksvzbu
VHbU8GtrJzOTO/3JWhwhWd/d5uYXKF/5S7+2F4TnVLg6oaSjliiiqg5lcJ9fi78J
RXS/KUd9h/YNrvY4SBTDb3IdYv5j+Jq58TuaCjMjlJJyrlNZRGOH3uv2f7ttbHzE
AqAuKpIYjrobdqM2LmOSMUruKmhiYAUNPHAwnr1wz01J11i2xGha1mKwI7H+Mkxa
4QqhTLequM+5RHXkKAwRsgsQ9KpP0caYKH6SSCP0DBlo
-----END CERTIFICATE-----