Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/GZ91j603TEZZrDSB9W6UUeFd_6U.roa
File:                     GZ91j603TEZZrDSB9W6UUeFd_6U.roa (raw, json)
Hash identifier:          /Anihxg/frfmT2xXCDSlthT5V6X1QRIxPmmyWRi2HJw=
Subject key identifier:   19:9F:75:8F:AD:37:4C:46:59:AC:34:81:F5:6E:94:51:E1:5D:FF:A5
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019428276F7BC75CB3CB0FE35CB973454CEE
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/GZ91j603TEZZrDSB9W6UUeFd_6U.roa
Signing time:             Thu 02 Jan 2025 17:54:20 +0000
ROA not before:           Thu 02 Jan 2025 17:54:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214172
IP address blocks:        212.192.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:6f:7b:c7:5c:b3:cb:0f:e3:5c:b9:73:45:4c:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  2 17:54:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=199f758fad374c4659ac3481f56e9451e15dffa5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:e6:07:a3:02:ae:6e:19:65:1c:bd:7b:c1:8f:
                    06:ef:a7:5d:8b:14:fc:8d:df:31:df:95:23:eb:77:
                    41:76:5f:69:c7:ca:38:af:d0:44:d7:14:56:09:dc:
                    5d:d5:14:e8:8c:36:94:fc:69:f0:7f:59:93:a3:bc:
                    13:6c:c1:00:1e:08:a8:d8:89:40:88:dd:e0:65:8c:
                    d5:ab:de:dd:6e:44:e6:a6:b2:91:dc:ae:2f:f2:d9:
                    34:2b:3c:da:a3:16:48:1d:fc:5f:22:0d:c3:44:11:
                    5c:f1:27:b2:20:3e:7b:4a:b4:51:62:13:3d:46:d7:
                    8b:62:b4:c8:a1:98:1e:f1:47:33:6b:18:ad:84:20:
                    57:41:04:50:53:aa:95:5b:a8:6a:6d:d1:1e:d2:5d:
                    7a:fc:ae:ae:3c:34:cd:9d:82:43:87:4b:d6:3b:b4:
                    1b:4a:b3:1e:5d:d5:e5:7f:39:a0:e3:06:d5:cd:7a:
                    5f:13:b8:69:8a:f2:1f:c4:a7:0a:15:8e:e2:18:7a:
                    f9:21:28:27:f4:28:95:f6:23:6b:ce:80:42:02:87:
                    dd:b1:ed:00:98:19:0f:3e:d1:c9:2b:00:4d:31:27:
                    85:6c:56:99:07:76:56:0e:e3:90:ac:84:cb:6e:c6:
                    d6:90:b0:ac:0a:41:fa:b5:48:84:74:7d:5a:4f:f9:
                    cb:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:9F:75:8F:AD:37:4C:46:59:AC:34:81:F5:6E:94:51:E1:5D:FF:A5
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/GZ91j603TEZZrDSB9W6UUeFd_6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.192.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:3f:45:55:17:c0:be:36:88:41:32:53:1a:b9:58:93:bc:b0:
         2d:5b:fa:d6:8c:d8:37:66:b8:20:b5:de:b8:4a:0d:60:70:e4:
         fb:16:80:2a:3c:14:f9:c8:81:36:1b:d0:ef:5a:53:88:67:be:
         9d:cf:66:29:68:6b:76:dc:d5:0d:cc:e7:a2:29:70:54:70:17:
         0b:af:79:53:88:0f:9f:47:dc:69:d8:7e:f2:44:f3:82:4e:72:
         3e:63:5f:22:33:08:f8:32:d4:0f:87:ff:13:26:00:04:1c:60:
         6e:a8:03:c9:6a:64:39:1f:ec:b8:e1:65:13:49:66:4f:f0:51:
         b1:4b:2e:0c:24:2b:a9:e2:ec:06:b9:77:15:7a:01:15:88:af:
         d9:ad:f2:a9:38:b2:da:07:ec:5d:d8:ec:38:11:84:2a:8f:dc:
         d1:68:d7:42:81:95:a4:93:c2:f3:11:36:6f:69:7f:99:b5:55:
         9c:ab:cc:92:f4:29:25:e5:98:12:f9:e9:87:9a:a8:0c:9b:e6:
         83:10:61:fe:6a:fb:1e:88:6f:17:c1:3d:43:13:c4:64:2b:26:
         e3:1e:6a:d9:97:47:5a:dc:fe:32:3c:50:b8:e2:b2:a7:6c:4c:
         2a:0d:f1:c3:3b:af:73:98:31:a1:d4:15:9c:c7:c2:b7:27:74:
         b7:2c:66:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ297x1yzyw/jXLlzRUzuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTAyMTc1NDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTlmNzU4ZmFkMzc0YzQ2NTlhYzM0ODFmNTZlOTQ1MWUxNWRmZmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuYHowKubhllHL17wY8G76ddixT8
jd8x35Uj63dBdl9px8o4r9BE1xRWCdxd1RTojDaU/Gnwf1mTo7wTbMEAHgio2IlA
iN3gZYzVq97dbkTmprKR3K4v8tk0KzzaoxZIHfxfIg3DRBFc8SeyID57SrRRYhM9
RteLYrTIoZge8UczaxithCBXQQRQU6qVW6hqbdEe0l16/K6uPDTNnYJDh0vWO7Qb
SrMeXdXlfzmg4wbVzXpfE7hpivIfxKcKFY7iGHr5ISgn9CiV9iNrzoBCAofdse0A
mBkPPtHJKwBNMSeFbFaZB3ZWDuOQrITLbsbWkLCsCkH6tUiEdH1aT/nLNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBmfdY+tN0xGWaw0gfVulFHhXf+lMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvR1o5MWo2MDNURVpackRTQjlXNlVVZUZkXzZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MAEMA0G
CSqGSIb3DQEBCwUAA4IBAQAvP0VVF8C+NohBMlMauViTvLAtW/rWjNg3Zrggtd64
Sg1gcOT7FoAqPBT5yIE2G9DvWlOIZ76dz2YpaGt23NUNzOeiKXBUcBcLr3lTiA+f
R9xp2H7yRPOCTnI+Y18iMwj4MtQPh/8TJgAEHGBuqAPJamQ5H+y44WUTSWZP8FGx
Sy4MJCup4uwGuXcVegEViK/ZrfKpOLLaB+xd2Ow4EYQqj9zRaNdCgZWkk8LzETZv
aX+ZtVWcq8yS9Ckl5ZgS+emHmqgMm+aDEGH+avseiG8XwT1DE8RkKybjHmrZl0da
3P4yPFC44rKnbEwqDfHDO69zmDGh1BWcx8K3J3S3LGZf
-----END CERTIFICATE-----