Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/99be80-152c-4b65-8b32-0718aa8dd9a7/1/pGDYisQVL2BUGulNE7Y5piT07UA.roa
File:                     pGDYisQVL2BUGulNE7Y5piT07UA.roa (raw, json)
Hash identifier:          9AsqfzS45F+ILjQAz0Gnw2+j0nysR1Azv1ex3v4CU/U=
Subject key identifier:   A4:60:D8:8A:C4:15:2F:60:54:1A:E9:4D:13:B6:39:A6:24:F4:ED:40
Certificate issuer:       /CN=af934ec694af68134b7514c10dcd13857b459e38
Certificate serial:       018CC3B692208F36FBE12FE159C759969A9A
Authority key identifier: AF:93:4E:C6:94:AF:68:13:4B:75:14:C1:0D:CD:13:85:7B:45:9E:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r5NOxpSvaBNLdRTBDc0ThXtFnjg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/99be80-152c-4b65-8b32-0718aa8dd9a7/1/pGDYisQVL2BUGulNE7Y5piT07UA.roa
Signing time:             Mon 01 Jan 2024 06:29:31 +0000
ROA not before:           Mon 01 Jan 2024 06:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61193
IP address blocks:        213.232.198.0/24 maxlen: 24
                          2a10:dc00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/99be80-152c-4b65-8b32-0718aa8dd9a7/1/r5NOxpSvaBNLdRTBDc0ThXtFnjg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/99be80-152c-4b65-8b32-0718aa8dd9a7/1/r5NOxpSvaBNLdRTBDc0ThXtFnjg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r5NOxpSvaBNLdRTBDc0ThXtFnjg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:05:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:92:20:8f:36:fb:e1:2f:e1:59:c7:59:96:9a:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af934ec694af68134b7514c10dcd13857b459e38
        Validity
            Not Before: Jan  1 06:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a460d88ac4152f60541ae94d13b639a624f4ed40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:14:30:cd:73:35:47:72:e3:39:46:54:64:bb:
                    7d:ef:8b:d6:be:0c:21:0c:cf:87:61:d6:83:ba:98:
                    b2:1c:42:a9:54:97:e8:03:72:5f:10:d8:ec:e6:ef:
                    82:68:08:dc:76:90:66:34:de:1d:f1:59:18:1b:db:
                    96:89:68:52:39:5a:e8:40:3e:e5:9a:12:d9:76:f6:
                    6c:4a:62:e4:d6:59:87:2c:14:18:ef:9f:51:cd:a5:
                    80:a1:63:fc:17:c0:93:d4:0b:d6:2f:69:9f:35:93:
                    3c:b2:17:d2:4b:b9:90:7d:b8:e4:47:47:25:af:3c:
                    4f:89:7f:3e:fc:9a:3a:c4:98:80:7d:04:97:f4:db:
                    ba:c7:da:41:9c:b7:74:7f:09:81:2c:c3:fd:a6:4b:
                    3d:07:a6:ca:22:f1:81:57:25:49:d9:e6:95:7a:7d:
                    30:48:5c:5a:45:37:fe:35:8e:a4:f8:d8:8c:2a:f0:
                    59:b1:9c:9b:1c:90:4a:14:a4:e3:42:66:6b:8e:65:
                    26:59:07:1c:48:97:80:32:5b:ce:c5:42:43:c5:e5:
                    77:8a:84:eb:0d:5b:31:9a:4b:65:8a:0c:18:fd:e4:
                    b7:52:28:60:94:ff:68:da:90:77:69:1a:35:0d:2d:
                    ae:6e:38:12:e1:e8:74:d7:8e:d4:5f:70:2a:9b:0a:
                    5f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:60:D8:8A:C4:15:2F:60:54:1A:E9:4D:13:B6:39:A6:24:F4:ED:40
            X509v3 Authority Key Identifier:
                keyid:AF:93:4E:C6:94:AF:68:13:4B:75:14:C1:0D:CD:13:85:7B:45:9E:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r5NOxpSvaBNLdRTBDc0ThXtFnjg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/99be80-152c-4b65-8b32-0718aa8dd9a7/1/pGDYisQVL2BUGulNE7Y5piT07UA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/99be80-152c-4b65-8b32-0718aa8dd9a7/1/r5NOxpSvaBNLdRTBDc0ThXtFnjg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.232.198.0/24
                IPv6:
                  2a10:dc00::/29

    Signature Algorithm: sha256WithRSAEncryption
         68:3e:8d:42:d6:c4:b7:cd:79:c7:87:11:23:fe:db:5b:b4:f7:
         e7:bc:a7:d5:81:49:80:9e:71:aa:8a:50:5e:59:8f:81:70:5a:
         fb:32:94:33:8c:39:4e:17:2f:b4:6a:02:05:1c:2c:2b:39:e3:
         b2:e4:a6:6f:3d:b7:ea:dd:b1:ae:ee:45:d2:f0:d9:ad:7c:36:
         56:64:3e:c9:f9:45:e3:9c:24:e1:59:15:00:e2:e6:53:45:b9:
         2b:8b:d2:c7:70:1d:d0:10:ba:3f:2a:e2:4d:35:a2:f1:8e:ab:
         58:c5:17:0c:8b:c9:6e:3a:0e:f2:7e:aa:51:11:36:b0:4a:64:
         51:b0:d8:7a:29:96:58:93:39:39:bf:97:73:a1:88:ff:36:27:
         b0:b6:ee:3b:a1:b6:12:bb:fa:ac:98:05:e0:67:25:11:23:ec:
         f9:bb:b3:b3:53:12:eb:91:e2:07:8a:82:1e:4a:fa:76:62:a5:
         32:5a:ee:f0:4b:df:74:b9:1a:37:63:26:d5:4d:cd:ef:46:2f:
         cb:1c:9d:1b:08:ce:46:a5:63:d4:8b:0c:cf:d4:b3:99:d1:7e:
         83:7b:75:ad:7a:a0:1b:61:7d:31:41:1e:82:df:ed:fa:9e:20:
         2e:05:4c:0c:ce:d7:e8:c1:e2:53:e6:86:a0:38:98:a9:b8:b0:
         5a:ca:70:b3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtpIgjzb74S/hWcdZlpqaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmOTM0ZWM2OTRhZjY4MTM0Yjc1MTRjMTBkY2QxMzg1N2I0
NTllMzgwHhcNMjQwMTAxMDYyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDYwZDg4YWM0MTUyZjYwNTQxYWU5NGQxM2I2MzlhNjI0ZjRlZDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhQwzXM1R3LjOUZUZLt974vWvgwh
DM+HYdaDupiyHEKpVJfoA3JfENjs5u+CaAjcdpBmNN4d8VkYG9uWiWhSOVroQD7l
mhLZdvZsSmLk1lmHLBQY759RzaWAoWP8F8CT1AvWL2mfNZM8shfSS7mQfbjkR0cl
rzxPiX8+/Jo6xJiAfQSX9Nu6x9pBnLd0fwmBLMP9pks9B6bKIvGBVyVJ2eaVen0w
SFxaRTf+NY6k+NiMKvBZsZybHJBKFKTjQmZrjmUmWQccSJeAMlvOxUJDxeV3ioTr
DVsxmktligwY/eS3UihglP9o2pB3aRo1DS2ubjgS4eh0147UX3AqmwpfZQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKRg2IrEFS9gVBrpTRO2OaYk9O1AMB8GA1UdIwQY
MBaAFK+TTsaUr2gTS3UUwQ3NE4V7RZ44MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjVOT3hwU3ZhQk5MZFJUQkRjMFRoWHRGbmpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85OWJlODAtMTUyYy00YjY1LThiMzIt
MDcxOGFhOGRkOWE3LzEvcEdEWWlzUVZMMkJVR3VsTkU3WTVwaVQwN1VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85OWJlODAtMTUyYy00YjY1LThiMzItMDcxOGFhOGRkOWE3
LzEvcjVOT3hwU3ZhQk5MZFJUQkRjMFRoWHRGbmpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA1ejGMA0E
AgACMAcDBQMqENwAMA0GCSqGSIb3DQEBCwUAA4IBAQBoPo1C1sS3zXnHhxEj/ttb
tPfnvKfVgUmAnnGqilBeWY+BcFr7MpQzjDlOFy+0agIFHCwrOeOy5KZvPbfq3bGu
7kXS8NmtfDZWZD7J+UXjnCThWRUA4uZTRbkri9LHcB3QELo/KuJNNaLxjqtYxRcM
i8luOg7yfqpRETawSmRRsNh6KZZYkzk5v5dzoYj/Niewtu47obYSu/qsmAXgZyUR
I+z5u7OzUxLrkeIHioIeSvp2YqUyWu7wS990uRo3YybVTc3vRi/LHJ0bCM5GpWPU
iwzP1LOZ0X6De3WteqAbYX0xQR6C3+36niAuBUwMztfoweJT5oagOJipuLBaynCz
-----END CERTIFICATE-----