Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/79024d-5b45-4ef4-b528-e9c7b5506e55/1/GZT9Q04j5QfgzF0fE9cV8jMBuJ4.roa
File:                     GZT9Q04j5QfgzF0fE9cV8jMBuJ4.roa (raw, json)
Hash identifier:          Y826ssOTzYQjOzqR86g4ilNIA75oyL3VVfREJ04iS48=
Subject key identifier:   19:94:FD:43:4E:23:E5:07:E0:CC:5D:1F:13:D7:15:F2:33:01:B8:9E
Certificate issuer:       /CN=0e98226cdcf741dcc8a42a659a8b3de2198188f9
Certificate serial:       018CC9BC5D1E802E138B9792297CA7B19D99
Authority key identifier: 0E:98:22:6C:DC:F7:41:DC:C8:A4:2A:65:9A:8B:3D:E2:19:81:88:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DpgibNz3QdzIpCplmos94hmBiPk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/79024d-5b45-4ef4-b528-e9c7b5506e55/1/GZT9Q04j5QfgzF0fE9cV8jMBuJ4.roa
Signing time:             Tue 02 Jan 2024 10:33:34 +0000
ROA not before:           Tue 02 Jan 2024 10:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197091
IP address blocks:        195.43.73.0/24 maxlen: 24
                          195.43.72.0/24 maxlen: 24
                          195.43.72.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/79024d-5b45-4ef4-b528-e9c7b5506e55/1/DpgibNz3QdzIpCplmos94hmBiPk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/79024d-5b45-4ef4-b528-e9c7b5506e55/1/DpgibNz3QdzIpCplmos94hmBiPk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DpgibNz3QdzIpCplmos94hmBiPk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:5d:1e:80:2e:13:8b:97:92:29:7c:a7:b1:9d:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e98226cdcf741dcc8a42a659a8b3de2198188f9
        Validity
            Not Before: Jan  2 10:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1994fd434e23e507e0cc5d1f13d715f23301b89e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:30:4a:46:cc:e3:be:d9:fe:8e:ca:21:03:33:
                    81:b9:64:ab:f0:5a:df:54:a3:a6:aa:b7:43:20:ab:
                    4a:ef:5d:bd:af:f3:5e:90:55:63:0c:99:4f:2a:b5:
                    94:93:2f:48:45:97:1e:88:47:d2:c0:6d:9c:0c:7c:
                    10:ad:1d:cc:0d:27:53:65:e9:6d:a0:45:67:79:af:
                    71:8a:a7:26:26:38:8b:b2:14:de:d2:f7:76:34:d2:
                    38:7a:c1:de:f9:7a:2b:2f:5d:94:54:03:1c:01:da:
                    0e:16:ff:ec:86:df:a1:2c:b1:19:e3:e0:c7:b1:e9:
                    35:a2:74:f8:40:bd:0a:57:6e:c0:32:11:90:a6:86:
                    bb:fb:22:1d:63:f1:20:d7:87:8c:45:f3:25:05:2d:
                    d9:82:10:fd:54:ab:88:31:5d:08:0b:af:d0:38:ff:
                    ab:78:c8:7a:47:7a:75:eb:e8:da:fd:17:4c:02:37:
                    3a:b9:37:c0:70:22:0e:08:44:2d:52:ed:21:81:db:
                    b9:10:b9:95:45:5c:a2:d3:35:77:01:ac:dd:d2:66:
                    50:31:3e:fe:85:13:c1:3c:54:3a:59:ab:a0:94:1d:
                    86:2f:b2:6b:40:a5:1d:16:70:e3:f5:36:1f:4e:2f:
                    00:29:d6:b1:0e:2e:02:5e:97:88:87:c9:75:0f:c6:
                    3a:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:94:FD:43:4E:23:E5:07:E0:CC:5D:1F:13:D7:15:F2:33:01:B8:9E
            X509v3 Authority Key Identifier:
                keyid:0E:98:22:6C:DC:F7:41:DC:C8:A4:2A:65:9A:8B:3D:E2:19:81:88:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DpgibNz3QdzIpCplmos94hmBiPk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/79024d-5b45-4ef4-b528-e9c7b5506e55/1/GZT9Q04j5QfgzF0fE9cV8jMBuJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/79024d-5b45-4ef4-b528-e9c7b5506e55/1/DpgibNz3QdzIpCplmos94hmBiPk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.43.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1a:e3:a2:bd:44:0f:47:80:59:bf:da:c8:df:3e:98:db:61:9d:
         97:53:79:3a:66:c4:54:b0:cf:3e:3b:58:fd:a1:68:0b:88:1f:
         7b:d8:53:74:6e:6a:02:58:3f:92:f9:13:8f:38:20:d9:6c:f1:
         fe:47:1d:ae:51:8a:30:00:fd:9e:f2:60:78:dd:02:3e:6f:17:
         fc:ae:f0:e5:56:f8:1d:ac:97:04:26:97:3f:cf:70:0d:ab:df:
         ee:dd:af:d3:d4:a2:62:58:f6:59:38:fc:0e:65:d5:21:88:6f:
         a9:37:60:03:58:db:ad:77:95:ed:a1:ef:65:9c:77:86:b5:aa:
         bf:0f:a2:16:9d:b9:c2:2a:9a:8e:09:f6:ba:69:86:d8:4b:e9:
         02:77:24:ae:76:ed:25:df:ee:de:a7:b6:bf:6d:e4:fc:a4:2e:
         df:f2:84:81:1c:2f:09:e1:34:54:0c:3f:9a:cb:33:39:5e:b5:
         9b:60:c8:ce:b9:8d:22:19:5d:4e:03:2a:31:c1:c1:bb:a6:fd:
         38:33:e3:dc:08:6c:47:0a:be:1d:74:a9:54:ee:47:8b:13:e8:
         a6:83:b8:64:20:c7:43:0f:20:9e:44:d1:0c:d7:4c:9d:0a:e7:
         47:d7:06:76:5e:0c:e6:56:9c:14:87:98:d4:e3:3b:59:26:f5:
         c0:72:18:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvF0egC4Ti5eSKXynsZ2ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlOTgyMjZjZGNmNzQxZGNjOGE0MmE2NTlhOGIzZGUyMTk4
MTg4ZjkwHhcNMjQwMTAyMTAzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTk0ZmQ0MzRlMjNlNTA3ZTBjYzVkMWYxM2Q3MTVmMjMzMDFiODllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzBKRszjvtn+jsohAzOBuWSr8Frf
VKOmqrdDIKtK7129r/NekFVjDJlPKrWUky9IRZceiEfSwG2cDHwQrR3MDSdTZelt
oEVnea9xiqcmJjiLshTe0vd2NNI4esHe+XorL12UVAMcAdoOFv/sht+hLLEZ4+DH
sek1onT4QL0KV27AMhGQpoa7+yIdY/Eg14eMRfMlBS3ZghD9VKuIMV0IC6/QOP+r
eMh6R3p16+ja/RdMAjc6uTfAcCIOCEQtUu0hgdu5ELmVRVyi0zV3Aazd0mZQMT7+
hRPBPFQ6WauglB2GL7JrQKUdFnDj9TYfTi8AKdaxDi4CXpeIh8l1D8Y6TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBmU/UNOI+UH4MxdHxPXFfIzAbieMB8GA1UdIwQY
MBaAFA6YImzc90HcyKQqZZqLPeIZgYj5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHBnaWJOejNRZHpJcENwbG1vczk0aG1CaVBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS83OTAyNGQtNWI0NS00ZWY0LWI1Mjgt
ZTljN2I1NTA2ZTU1LzEvR1pUOVEwNGo1UWZnekYwZkU5Y1Y4ak1CdUo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS83OTAyNGQtNWI0NS00ZWY0LWI1MjgtZTljN2I1NTA2ZTU1
LzEvRHBnaWJOejNRZHpJcENwbG1vczk0aG1CaVBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwytIMA0G
CSqGSIb3DQEBCwUAA4IBAQAa46K9RA9HgFm/2sjfPpjbYZ2XU3k6ZsRUsM8+O1j9
oWgLiB972FN0bmoCWD+S+ROPOCDZbPH+Rx2uUYowAP2e8mB43QI+bxf8rvDlVvgd
rJcEJpc/z3ANq9/u3a/T1KJiWPZZOPwOZdUhiG+pN2ADWNutd5Xtoe9lnHeGtaq/
D6IWnbnCKpqOCfa6aYbYS+kCdySudu0l3+7ep7a/beT8pC7f8oSBHC8J4TRUDD+a
yzM5XrWbYMjOuY0iGV1OAyoxwcG7pv04M+PcCGxHCr4ddKlU7keLE+img7hkIMdD
DyCeRNEM10ydCudH1wZ2XgzmVpwUh5jU4ztZJvXAchgO
-----END CERTIFICATE-----