Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/GAbRPZdVtbnpNK8h7nC6-u551hY.roa
File:                     GAbRPZdVtbnpNK8h7nC6-u551hY.roa (raw, json)
Hash identifier:          audy+GgvZLwVwkvRfEVJx7bFrj3m4fs9ZaYISixB/q8=
Subject key identifier:   18:06:D1:3D:97:55:B5:B9:E9:34:AF:21:EE:70:BA:FA:EE:79:D6:16
Certificate issuer:       /CN=e801f23ce821c264d67727536ec183537594c5f2
Certificate serial:       018CC4936C4386109486BE058ECE5E9F4C0A
Authority key identifier: E8:01:F2:3C:E8:21:C2:64:D6:77:27:53:6E:C1:83:53:75:94:C5:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/GAbRPZdVtbnpNK8h7nC6-u551hY.roa
Signing time:             Mon 01 Jan 2024 10:30:44 +0000
ROA not before:           Mon 01 Jan 2024 10:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43844
IP address blocks:        212.25.130.0/23 maxlen: 24
                          212.25.144.0/21 maxlen: 21
                          212.25.152.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6c:43:86:10:94:86:be:05:8e:ce:5e:9f:4c:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e801f23ce821c264d67727536ec183537594c5f2
        Validity
            Not Before: Jan  1 10:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1806d13d9755b5b9e934af21ee70bafaee79d616
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:d5:6a:79:ca:f5:e5:55:1f:25:a4:ae:c8:7e:
                    43:06:50:39:ca:22:5f:4f:b2:e7:61:82:4a:06:02:
                    cd:60:00:8e:af:2c:3c:d2:a8:68:17:aa:d8:45:9e:
                    1a:32:68:2d:91:1e:9b:65:92:51:2b:4e:ce:00:b7:
                    42:ec:e5:67:b5:a2:4b:c8:88:6a:97:fb:17:b5:c4:
                    9e:e7:a7:b8:c2:eb:82:8c:8e:5c:dd:ad:57:74:d8:
                    0b:e6:26:b6:54:ed:3d:b0:87:0d:b0:e1:d9:30:d8:
                    85:e8:75:c3:fb:2f:1b:bb:03:f2:ce:4a:d8:92:cf:
                    85:37:cd:ee:89:f1:03:23:cb:e8:07:d9:94:da:75:
                    2b:c7:20:37:d8:17:b0:4c:bf:37:bd:63:c0:58:9f:
                    a9:6d:d5:31:e3:47:57:01:d4:e7:f2:5c:bc:cd:0d:
                    78:74:e1:26:1e:f0:c5:f2:8f:06:cb:93:03:e9:bd:
                    d3:f7:fc:04:5d:f0:f1:ac:d2:e3:08:db:08:0f:ed:
                    07:e8:7c:6f:65:70:e0:1e:50:27:47:a7:c0:70:fe:
                    2d:cb:e4:7e:55:e4:6d:18:5d:cb:52:2a:61:58:92:
                    fb:26:79:01:f9:04:4f:5e:f6:70:82:9c:cb:b3:5b:
                    17:e8:a2:00:a4:ec:4f:6a:35:2e:26:0b:7b:e8:c4:
                    ff:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:06:D1:3D:97:55:B5:B9:E9:34:AF:21:EE:70:BA:FA:EE:79:D6:16
            X509v3 Authority Key Identifier:
                keyid:E8:01:F2:3C:E8:21:C2:64:D6:77:27:53:6E:C1:83:53:75:94:C5:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/GAbRPZdVtbnpNK8h7nC6-u551hY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.25.130.0/23
                  212.25.144.0-212.25.155.255

    Signature Algorithm: sha256WithRSAEncryption
         04:56:ef:6e:e8:ee:f1:26:64:90:5a:05:1a:6c:9c:ba:aa:e7:
         bc:6a:e9:fe:ba:68:ef:a7:d3:3e:b3:27:c0:84:f6:fd:df:85:
         7e:9b:0e:05:75:b7:b7:44:c1:48:e9:df:5c:2f:67:d1:a4:34:
         f5:72:83:f5:ab:68:17:c9:ac:70:a5:f6:ff:6d:91:9e:73:d1:
         e5:8d:3c:6d:dc:b6:da:33:87:97:9d:75:7d:94:63:1f:17:fc:
         1f:bc:1e:06:da:dc:e6:c3:5b:ae:40:60:b8:d6:87:6f:89:5e:
         05:e2:46:58:2c:39:15:69:2b:84:1e:e0:fa:92:4c:7e:01:ec:
         e6:d2:e5:c2:f5:53:2e:d6:e0:7e:56:ce:ef:70:c0:f4:16:02:
         c3:4d:bf:d0:5d:7d:46:46:ae:32:83:19:7e:95:80:3a:15:88:
         44:cc:d7:1e:4f:40:a1:c5:de:bd:f2:9f:78:96:33:a2:e6:60:
         57:20:f5:4d:57:79:7a:5d:73:5b:64:64:72:65:6b:e7:9c:69:
         58:5b:09:44:ab:49:29:c1:df:5d:93:ae:b0:f7:15:4c:d0:99:
         f7:c6:de:8b:07:7c:be:fa:02:69:6d:b6:03:19:a7:d5:f6:f1:
         63:a8:97:fd:a1:94:8d:85:18:dc:7d:c6:ae:94:95:f3:5f:31:
         05:b4:3a:5d
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzEk2xDhhCUhr4Fjs5en0wKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MDFmMjNjZTgyMWMyNjRkNjc3Mjc1MzZlYzE4MzUzNzU5
NGM1ZjIwHhcNMjQwMTAxMTAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODA2ZDEzZDk3NTViNWI5ZTkzNGFmMjFlZTcwYmFmYWVlNzlkNjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNVqecr15VUfJaSuyH5DBlA5yiJf
T7LnYYJKBgLNYACOryw80qhoF6rYRZ4aMmgtkR6bZZJRK07OALdC7OVntaJLyIhq
l/sXtcSe56e4wuuCjI5c3a1XdNgL5ia2VO09sIcNsOHZMNiF6HXD+y8buwPyzkrY
ks+FN83uifEDI8voB9mU2nUrxyA32BewTL83vWPAWJ+pbdUx40dXAdTn8ly8zQ14
dOEmHvDF8o8Gy5MD6b3T9/wEXfDxrNLjCNsID+0H6HxvZXDgHlAnR6fAcP4ty+R+
VeRtGF3LUiphWJL7JnkB+QRPXvZwgpzLs1sX6KIApOxPajUuJgt76MT/lQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFBgG0T2XVbW56TSvIe5wuvruedYWMB8GA1UdIwQY
MBaAFOgB8jzoIcJk1ncnU27Bg1N1lMXyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkFIeVBPZ2h3bVRXZHlkVGJzR0RVM1dVeGZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9lYWI0ZDgtNmFmZC00ZjgxLWFiMTAt
NDY0ZWIxODNiNTY4LzEvR0FiUlBaZFZ0Ym5wTks4aDduQzYtdTU1MWhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9lYWI0ZDgtNmFmZC00ZjgxLWFiMTAtNDY0ZWIxODNiNTY4
LzEvNkFIeVBPZ2h3bVRXZHlkVGJzR0RVM1dVeGZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQB1BmCMAwD
BATUGZADBALUGZgwDQYJKoZIhvcNAQELBQADggEBAARW727o7vEmZJBaBRpsnLqq
57xq6f66aO+n0z6zJ8CE9v3fhX6bDgV1t7dEwUjp31wvZ9GkNPVyg/WraBfJrHCl
9v9tkZ5z0eWNPG3cttozh5eddX2UYx8X/B+8Hgba3ObDW65AYLjWh2+JXgXiRlgs
ORVpK4Qe4PqSTH4B7ObS5cL1Uy7W4H5Wzu9wwPQWAsNNv9BdfUZGrjKDGX6VgDoV
iETM1x5PQKHF3r3yn3iWM6LmYFcg9U1XeXpdc1tkZHJla+ecaVhbCUSrSSnB312T
rrD3FUzQmffG3osHfL76AmlttgMZp9X28WOol/2hlI2FGNx9xq6UlfNfMQW0Ol0=
-----END CERTIFICATE-----