Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/838a78-7a70-448e-8e43-3c3be2c29f79/1/GaKRjGllR2mHxlWo3EN_PCT31Ew.roa
File:                     GaKRjGllR2mHxlWo3EN_PCT31Ew.roa (raw, json)
Hash identifier:          rJs9zpX26P+5ELxgSKt749R2FNL2bXTxaY0kSs+dxG4=
Subject key identifier:   19:A2:91:8C:69:65:47:69:87:C6:55:A8:DC:43:7F:3C:24:F7:D4:4C
Certificate issuer:       /CN=e929c3da5af4159c9363776ec33dc5bac70a324d
Certificate serial:       0193399E84809743BF7FBA03423F1CE6A2D7
Authority key identifier: E9:29:C3:DA:5A:F4:15:9C:93:63:77:6E:C3:3D:C5:BA:C7:0A:32:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6SnD2lr0FZyTY3duwz3FuscKMk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/838a78-7a70-448e-8e43-3c3be2c29f79/1/GaKRjGllR2mHxlWo3EN_PCT31Ew.roa
Signing time:             Sun 17 Nov 2024 10:15:09 +0000
ROA not before:           Sun 17 Nov 2024 10:15:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198766
IP address blocks:        176.115.240.0/20 maxlen: 20
                          193.8.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/838a78-7a70-448e-8e43-3c3be2c29f79/1/6SnD2lr0FZyTY3duwz3FuscKMk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/838a78-7a70-448e-8e43-3c3be2c29f79/1/6SnD2lr0FZyTY3duwz3FuscKMk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6SnD2lr0FZyTY3duwz3FuscKMk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:39:9e:84:80:97:43:bf:7f:ba:03:42:3f:1c:e6:a2:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e929c3da5af4159c9363776ec33dc5bac70a324d
        Validity
            Not Before: Nov 17 10:15:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19a2918c6965476987c655a8dc437f3c24f7d44c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:d3:41:d7:c4:d7:fe:73:ae:98:32:6c:34:c9:
                    c8:64:6e:4e:dd:0b:6a:dc:05:d6:ba:bc:56:16:be:
                    44:48:8d:c9:61:3b:55:22:90:9c:b1:79:00:b2:f4:
                    f5:bd:3d:f8:84:16:86:8e:81:b6:b1:07:7f:ac:76:
                    5e:15:e7:20:b9:76:26:0e:94:0e:37:8b:f2:22:36:
                    f1:fa:16:02:c0:de:8d:0c:f3:b3:21:1a:78:e9:3c:
                    26:2a:c9:86:05:f8:2b:4f:80:2c:e1:12:08:8a:32:
                    b1:12:de:14:5d:72:45:2e:35:aa:e0:fb:34:ce:36:
                    a0:38:aa:ef:2a:db:1d:e3:d4:14:07:1f:43:99:70:
                    01:77:bd:b1:90:5d:9a:39:20:d5:2c:52:d3:0c:a7:
                    12:5d:be:63:39:b4:75:1b:24:02:3e:9b:81:d8:08:
                    01:80:e3:15:c1:10:05:12:94:58:c5:a2:0a:1a:c4:
                    76:7e:1d:8b:04:19:de:b1:b8:01:fc:40:fb:30:7d:
                    cd:24:a8:92:9d:ce:af:8d:64:58:0c:1c:ca:7c:03:
                    93:f3:89:5a:12:0d:b3:aa:61:aa:0e:9a:19:46:83:
                    c8:ec:4d:3c:a5:37:90:ee:6b:7d:e9:17:c3:61:e5:
                    f3:51:c8:0e:f9:aa:7d:78:43:74:01:c5:b4:2e:7e:
                    36:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:A2:91:8C:69:65:47:69:87:C6:55:A8:DC:43:7F:3C:24:F7:D4:4C
            X509v3 Authority Key Identifier:
                keyid:E9:29:C3:DA:5A:F4:15:9C:93:63:77:6E:C3:3D:C5:BA:C7:0A:32:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6SnD2lr0FZyTY3duwz3FuscKMk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/838a78-7a70-448e-8e43-3c3be2c29f79/1/GaKRjGllR2mHxlWo3EN_PCT31Ew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/838a78-7a70-448e-8e43-3c3be2c29f79/1/6SnD2lr0FZyTY3duwz3FuscKMk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.115.240.0/20
                  193.8.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:f4:80:0b:7e:8e:f9:46:c8:cd:17:81:ef:b9:f6:09:24:b3:
         03:92:14:66:97:79:af:dc:1f:7f:c0:58:d1:30:19:3d:5e:a7:
         80:3e:ec:0b:8d:bc:a1:98:a8:0b:13:e2:93:0f:bf:1d:f1:21:
         c1:48:2b:07:2b:1e:eb:f1:0c:e4:1f:8f:0c:15:53:00:69:4e:
         39:d4:15:90:1e:62:62:2e:2d:3e:c5:58:e3:aa:14:86:4b:f1:
         dd:aa:15:83:c4:6a:92:52:a1:e5:19:eb:2e:01:36:d0:c7:2f:
         4d:fd:fd:91:75:72:0e:f4:49:8f:17:bb:e6:87:9a:f9:4f:93:
         be:69:5d:08:bd:80:bb:03:0d:e9:98:67:4a:6b:11:b5:73:13:
         b8:a6:00:8b:c0:6f:9b:9b:9b:da:e8:54:df:e8:fa:10:04:7b:
         6c:17:6e:43:35:22:01:c5:b5:99:49:6c:2d:65:9b:d6:c7:f3:
         c7:3a:c6:ba:63:bb:a2:e5:88:75:37:76:2a:b9:ba:c6:1b:b7:
         67:87:5b:bc:d7:21:37:d9:7c:60:3b:c1:cc:31:8d:50:f9:7e:
         12:3d:01:e5:47:7e:21:65:97:9a:8b:7e:11:ad:90:ce:52:c1:
         a9:cb:e6:f7:6e:dc:2a:4b:f1:96:84:11:fd:1a:67:37:28:84:
         02:8b:d0:ab
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZM5noSAl0O/f7oDQj8c5qLXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MjljM2RhNWFmNDE1OWM5MzYzNzc2ZWMzM2RjNWJhYzcw
YTMyNGQwHhcNMjQxMTE3MTAxNTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWEyOTE4YzY5NjU0NzY5ODdjNjU1YThkYzQzN2YzYzI0ZjdkNDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdNB18TX/nOumDJsNMnIZG5O3Qtq
3AXWurxWFr5ESI3JYTtVIpCcsXkAsvT1vT34hBaGjoG2sQd/rHZeFecguXYmDpQO
N4vyIjbx+hYCwN6NDPOzIRp46TwmKsmGBfgrT4As4RIIijKxEt4UXXJFLjWq4Ps0
zjagOKrvKtsd49QUBx9DmXABd72xkF2aOSDVLFLTDKcSXb5jObR1GyQCPpuB2AgB
gOMVwRAFEpRYxaIKGsR2fh2LBBnesbgB/ED7MH3NJKiSnc6vjWRYDBzKfAOT84la
Eg2zqmGqDpoZRoPI7E08pTeQ7mt96RfDYeXzUcgO+ap9eEN0AcW0Ln42SwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBmikYxpZUdph8ZVqNxDfzwk99RMMB8GA1UdIwQY
MBaAFOkpw9pa9BWck2N3bsM9xbrHCjJNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlNuRDJscjBGWnlUWTNkdXd6M0Z1c2NLTWswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC84MzhhNzgtN2E3MC00NDhlLThlNDMt
M2MzYmUyYzI5Zjc5LzEvR2FLUmpHbGxSMm1IeGxXbzNFTl9QQ1QzMUV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC84MzhhNzgtN2E3MC00NDhlLThlNDMtM2MzYmUyYzI5Zjc5
LzEvNlNuRDJscjBGWnlUWTNkdXd6M0Z1c2NLTWswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEsHPwAwQA
wQgtMA0GCSqGSIb3DQEBCwUAA4IBAQDH9IALfo75RsjNF4HvufYJJLMDkhRml3mv
3B9/wFjRMBk9XqeAPuwLjbyhmKgLE+KTD78d8SHBSCsHKx7r8QzkH48MFVMAaU45
1BWQHmJiLi0+xVjjqhSGS/HdqhWDxGqSUqHlGesuATbQxy9N/f2RdXIO9EmPF7vm
h5r5T5O+aV0IvYC7Aw3pmGdKaxG1cxO4pgCLwG+bm5va6FTf6PoQBHtsF25DNSIB
xbWZSWwtZZvWx/PHOsa6Y7ui5Yh1N3YqubrGG7dnh1u81yE32XxgO8HMMY1Q+X4S
PQHlR34hZZeai34RrZDOUsGpy+b3btwqS/GWhBH9Gmc3KIQCi9Cr
-----END CERTIFICATE-----