Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/da96f5-3f33-46f9-a514-2befffd57fb7/1/GNZ9lBNN0fk-FlzHbPwEofqpIU0.roa
File:                     GNZ9lBNN0fk-FlzHbPwEofqpIU0.roa (raw, json)
Hash identifier:          oRn/UPDhfLUG50LiJX38JC+BFkpO2/98l4Oq5gRIEuM=
Subject key identifier:   18:D6:7D:94:13:4D:D1:F9:3E:16:5C:C7:6C:FC:04:A1:FA:A9:21:4D
Certificate issuer:       /CN=4196230e58decc0cbcfb15f56aa64dedd1f389f5
Certificate serial:       018CC26D8173A28E34C074ED2B87BC09CBA8
Authority key identifier: 41:96:23:0E:58:DE:CC:0C:BC:FB:15:F5:6A:A6:4D:ED:D1:F3:89:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QZYjDljezAy8-xX1aqZN7dHzifU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/da96f5-3f33-46f9-a514-2befffd57fb7/1/GNZ9lBNN0fk-FlzHbPwEofqpIU0.roa
Signing time:             Mon 01 Jan 2024 00:30:05 +0000
ROA not before:           Mon 01 Jan 2024 00:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        146.19.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/da96f5-3f33-46f9-a514-2befffd57fb7/1/QZYjDljezAy8-xX1aqZN7dHzifU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/da96f5-3f33-46f9-a514-2befffd57fb7/1/QZYjDljezAy8-xX1aqZN7dHzifU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QZYjDljezAy8-xX1aqZN7dHzifU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 12:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:81:73:a2:8e:34:c0:74:ed:2b:87:bc:09:cb:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4196230e58decc0cbcfb15f56aa64dedd1f389f5
        Validity
            Not Before: Jan  1 00:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18d67d94134dd1f93e165cc76cfc04a1faa9214d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:d9:74:d8:f3:1d:4f:25:72:51:91:cc:97:ec:
                    0a:01:5c:16:7b:0f:33:53:0d:f2:9e:d2:08:18:dc:
                    cb:6a:20:b2:84:6a:75:a7:2f:7d:58:1f:7e:a1:f3:
                    46:76:e3:d7:88:1b:88:6a:a2:57:82:25:1d:be:66:
                    c1:7d:6e:50:45:8c:5b:35:a5:4b:b6:55:db:a8:5f:
                    fc:a9:e1:13:9b:93:6c:ea:8e:1f:bd:ce:58:73:d2:
                    00:f9:8a:19:fc:3e:10:8e:7a:5b:2d:08:8c:01:f8:
                    19:44:9d:15:fa:92:9e:c5:0d:62:e5:9f:7d:43:01:
                    3a:48:65:e9:dd:27:ef:d9:fe:b4:97:83:a9:1c:8a:
                    7a:52:43:9f:83:2d:65:d0:15:14:76:c5:bd:f8:84:
                    e9:ee:ef:ec:e5:33:38:6b:f4:1b:e9:04:7d:52:46:
                    99:cd:ea:60:80:d6:51:68:ca:6f:2b:78:d4:08:ba:
                    d2:13:18:fc:f4:8d:80:a5:51:39:0d:6b:ba:78:2e:
                    61:c2:18:9a:83:67:97:3f:79:f1:3a:4c:89:85:a1:
                    79:70:96:d4:f7:09:94:b5:ae:96:03:f2:1a:80:d1:
                    c1:ea:71:b9:85:e6:cb:9c:5d:42:7e:17:e3:42:0d:
                    04:f4:fd:46:fc:77:4b:c3:7a:00:00:95:ee:b1:f5:
                    64:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:D6:7D:94:13:4D:D1:F9:3E:16:5C:C7:6C:FC:04:A1:FA:A9:21:4D
            X509v3 Authority Key Identifier:
                keyid:41:96:23:0E:58:DE:CC:0C:BC:FB:15:F5:6A:A6:4D:ED:D1:F3:89:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QZYjDljezAy8-xX1aqZN7dHzifU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/da96f5-3f33-46f9-a514-2befffd57fb7/1/GNZ9lBNN0fk-FlzHbPwEofqpIU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/da96f5-3f33-46f9-a514-2befffd57fb7/1/QZYjDljezAy8-xX1aqZN7dHzifU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:35:8c:ea:0b:7b:95:80:14:a2:59:bf:9a:45:e1:1f:32:01:
         70:6f:a4:fe:eb:9e:6f:b5:31:97:94:d5:89:ea:db:4d:b4:83:
         3d:f0:22:0a:f7:a1:8d:80:4f:43:01:f7:fa:cf:48:bd:c0:d8:
         f7:5d:11:5e:14:ba:66:8e:33:0a:b0:99:26:51:42:7b:5f:f1:
         68:44:69:74:bb:95:63:df:bb:62:fb:60:75:e0:d4:97:63:44:
         e6:d7:f7:26:1d:18:88:d7:03:8c:53:a5:6c:8b:eb:c4:71:38:
         72:4e:3e:e9:2b:f3:8f:a0:db:ef:9f:da:82:8e:1c:76:c9:25:
         14:ef:ff:29:d8:32:50:1c:1f:b4:b7:89:83:0e:d9:93:36:e9:
         2b:42:c9:5c:90:80:6d:f8:49:c3:ba:2d:40:f7:f9:63:32:9a:
         39:1e:84:33:47:5e:37:09:17:5e:b5:aa:f7:02:5f:a8:42:29:
         33:4d:65:bf:1e:2c:59:8a:9f:9d:17:69:da:0f:ec:96:89:4e:
         db:2a:91:eb:f6:cb:5e:d4:00:65:fa:27:19:9e:d3:2c:21:f5:
         ed:0f:e0:6c:3d:ff:6c:48:98:dd:c3:ff:88:50:93:8d:b6:cb:
         06:a6:95:45:3a:17:42:30:73:66:bd:8b:1b:1d:a1:65:69:4e:
         fe:4e:6d:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbYFzoo40wHTtK4e8CcuoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxOTYyMzBlNThkZWNjMGNiY2ZiMTVmNTZhYTY0ZGVkZDFm
Mzg5ZjUwHhcNMjQwMTAxMDAzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGQ2N2Q5NDEzNGRkMWY5M2UxNjVjYzc2Y2ZjMDRhMWZhYTkyMTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxtl02PMdTyVyUZHMl+wKAVwWew8z
Uw3yntIIGNzLaiCyhGp1py99WB9+ofNGduPXiBuIaqJXgiUdvmbBfW5QRYxbNaVL
tlXbqF/8qeETm5Ns6o4fvc5Yc9IA+YoZ/D4QjnpbLQiMAfgZRJ0V+pKexQ1i5Z99
QwE6SGXp3Sfv2f60l4OpHIp6UkOfgy1l0BUUdsW9+ITp7u/s5TM4a/Qb6QR9UkaZ
zepggNZRaMpvK3jUCLrSExj89I2ApVE5DWu6eC5hwhiag2eXP3nxOkyJhaF5cJbU
9wmUta6WA/IagNHB6nG5hebLnF1CfhfjQg0E9P1G/HdLw3oAAJXusfVkowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBjWfZQTTdH5PhZcx2z8BKH6qSFNMB8GA1UdIwQY
MBaAFEGWIw5Y3swMvPsV9WqmTe3R84n1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVpZakRsamV6QXk4LXhYMWFxWk43ZEh6aWZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9kYTk2ZjUtM2YzMy00NmY5LWE1MTQt
MmJlZmZmZDU3ZmI3LzEvR05aOWxCTk4wZmstRmx6SGJQd0VvZnFwSVUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9kYTk2ZjUtM2YzMy00NmY5LWE1MTQtMmJlZmZmZDU3ZmI3
LzEvUVpZakRsamV6QXk4LXhYMWFxWk43ZEh6aWZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhPBMA0G
CSqGSIb3DQEBCwUAA4IBAQBTNYzqC3uVgBSiWb+aReEfMgFwb6T+655vtTGXlNWJ
6ttNtIM98CIK96GNgE9DAff6z0i9wNj3XRFeFLpmjjMKsJkmUUJ7X/FoRGl0u5Vj
37ti+2B14NSXY0Tm1/cmHRiI1wOMU6Vsi+vEcThyTj7pK/OPoNvvn9qCjhx2ySUU
7/8p2DJQHB+0t4mDDtmTNukrQslckIBt+EnDui1A9/ljMpo5HoQzR143CRdetar3
Al+oQikzTWW/HixZip+dF2naD+yWiU7bKpHr9ste1ABl+icZntMsIfXtD+BsPf9s
SJjdw/+IUJONtssGppVFOhdCMHNmvYsbHaFlaU7+Tm0i
-----END CERTIFICATE-----