Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/f96532-d7ff-4538-bccd-2d38e7779348/1/GS048ncjeEAO10aTXM-G1NECLIE.roa
File:                     GS048ncjeEAO10aTXM-G1NECLIE.roa (raw, json)
Hash identifier:          mQdsgNFvE8Ge/gSshLuU/8gqvSs4TUoWRP0OO5FafFY=
Subject key identifier:   19:2D:38:F2:77:23:78:40:0E:D7:46:93:5C:CF:86:D4:D1:02:2C:81
Certificate issuer:       /CN=ba2f1a11de190c81c0b7752cf52b569425dc54cb
Certificate serial:       018CC8715ABF0533C6CCA6C2DE11DF810073
Authority key identifier: BA:2F:1A:11:DE:19:0C:81:C0:B7:75:2C:F5:2B:56:94:25:DC:54:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ui8aEd4ZDIHAt3Us9StWlCXcVMs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/f96532-d7ff-4538-bccd-2d38e7779348/1/GS048ncjeEAO10aTXM-G1NECLIE.roa
Signing time:             Tue 02 Jan 2024 04:32:01 +0000
ROA not before:           Tue 02 Jan 2024 04:32:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12779
IP address blocks:        195.177.254.0/24 maxlen: 24
                          2a02:c480::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/f96532-d7ff-4538-bccd-2d38e7779348/1/ui8aEd4ZDIHAt3Us9StWlCXcVMs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/f96532-d7ff-4538-bccd-2d38e7779348/1/ui8aEd4ZDIHAt3Us9StWlCXcVMs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ui8aEd4ZDIHAt3Us9StWlCXcVMs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:5a:bf:05:33:c6:cc:a6:c2:de:11:df:81:00:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba2f1a11de190c81c0b7752cf52b569425dc54cb
        Validity
            Not Before: Jan  2 04:32:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=192d38f2772378400ed746935ccf86d4d1022c81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:c6:99:b9:6e:01:f4:ba:df:d0:6e:8d:2d:be:
                    62:14:f3:37:20:92:00:b8:94:fb:6d:eb:f9:77:b5:
                    6d:79:75:66:10:5c:84:64:b4:ef:3e:ff:43:ed:23:
                    fe:e9:a3:4a:86:18:dc:06:cc:84:ad:ad:a5:50:6f:
                    88:9f:b8:43:da:a0:8d:9d:cb:71:36:cf:39:47:48:
                    fa:8b:cc:40:21:f9:52:3d:a4:cc:0c:d8:09:b7:00:
                    f2:d0:93:67:6a:ef:9a:62:b5:43:00:3c:4f:16:b3:
                    ef:5d:4c:5c:77:c1:4f:a8:9c:15:c1:8f:02:35:6f:
                    2e:18:7e:f7:aa:8d:24:4b:29:ce:97:33:e2:7b:e7:
                    92:7c:27:f9:07:05:67:82:bd:60:a4:b8:7e:c1:db:
                    52:5a:2f:a4:b9:c3:5d:5b:46:a8:c7:1c:4b:19:5e:
                    e1:d6:1b:f3:93:18:dd:92:b1:3e:f4:c2:a1:85:ff:
                    d1:88:91:30:8c:25:7d:9a:e5:2a:7a:fd:20:54:0b:
                    cb:f7:d8:8d:dd:ce:c2:4d:19:4f:03:cd:ea:25:f9:
                    9e:bb:42:73:31:00:7e:61:f2:d0:68:1a:9a:e9:0c:
                    fe:d8:0b:b8:bc:c1:a3:5b:6b:b2:03:e2:5d:0b:5e:
                    65:04:41:30:1d:34:b7:a5:c3:8d:48:a5:72:02:ee:
                    37:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:2D:38:F2:77:23:78:40:0E:D7:46:93:5C:CF:86:D4:D1:02:2C:81
            X509v3 Authority Key Identifier:
                keyid:BA:2F:1A:11:DE:19:0C:81:C0:B7:75:2C:F5:2B:56:94:25:DC:54:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ui8aEd4ZDIHAt3Us9StWlCXcVMs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/f96532-d7ff-4538-bccd-2d38e7779348/1/GS048ncjeEAO10aTXM-G1NECLIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/f96532-d7ff-4538-bccd-2d38e7779348/1/ui8aEd4ZDIHAt3Us9StWlCXcVMs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.177.254.0/24
                IPv6:
                  2a02:c480::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:03:36:2f:ee:15:32:6d:2f:24:fd:cf:fb:e3:bc:10:5a:36:
         03:34:06:f8:9f:f9:40:c9:d2:d9:89:41:2d:d1:78:12:67:ae:
         88:b3:cf:38:bb:91:39:0c:c3:42:ef:d3:81:6e:f8:7b:36:df:
         5a:9f:21:13:39:5b:bc:f8:49:26:6b:2f:74:16:96:3c:9a:3d:
         6f:11:c0:34:ca:28:16:32:fb:e8:84:72:ae:5e:ed:61:76:56:
         23:bb:ca:12:12:19:9f:dd:ab:ee:47:71:39:62:5b:8a:55:ec:
         c5:a4:b9:fa:ff:6f:1f:9e:c5:9a:ea:7f:35:e1:26:16:70:e3:
         96:d7:85:69:50:43:a2:31:73:8d:11:5a:51:d3:8c:c8:d8:89:
         d2:68:37:32:bf:36:f4:92:7e:ff:d2:be:8a:34:99:97:df:6a:
         b4:31:89:2b:59:2f:f9:ca:27:6b:2c:47:c7:6a:29:25:1c:81:
         1c:be:93:e9:7c:14:47:0b:9e:b5:b2:ee:8f:39:45:dc:06:a2:
         19:75:cb:57:9a:2a:54:cd:57:df:68:3b:3e:8c:9c:5d:14:e0:
         a1:65:92:bc:c2:f3:69:c9:56:79:d5:71:a8:29:fd:3b:be:e6:
         10:56:87:cc:3a:f1:1b:d8:90:35:95:5a:2d:a3:c5:ad:8d:20:
         a0:d8:3c:17
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIcVq/BTPGzKbC3hHfgQBzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhMmYxYTExZGUxOTBjODFjMGI3NzUyY2Y1MmI1Njk0MjVk
YzU0Y2IwHhcNMjQwMTAyMDQzMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTJkMzhmMjc3MjM3ODQwMGVkNzQ2OTM1Y2NmODZkNGQxMDIyYzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg8aZuW4B9Lrf0G6NLb5iFPM3IJIA
uJT7bev5d7VteXVmEFyEZLTvPv9D7SP+6aNKhhjcBsyEra2lUG+In7hD2qCNnctx
Ns85R0j6i8xAIflSPaTMDNgJtwDy0JNnau+aYrVDADxPFrPvXUxcd8FPqJwVwY8C
NW8uGH73qo0kSynOlzPie+eSfCf5BwVngr1gpLh+wdtSWi+kucNdW0aoxxxLGV7h
1hvzkxjdkrE+9MKhhf/RiJEwjCV9muUqev0gVAvL99iN3c7CTRlPA83qJfmeu0Jz
MQB+YfLQaBqa6Qz+2Au4vMGjW2uyA+JdC15lBEEwHTS3pcONSKVyAu43BwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBktOPJ3I3hADtdGk1zPhtTRAiyBMB8GA1UdIwQY
MBaAFLovGhHeGQyBwLd1LPUrVpQl3FTLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWk4YUVkNFpESUhBdDNVczlTdFdsQ1hjVk1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9mOTY1MzItZDdmZi00NTM4LWJjY2Qt
MmQzOGU3Nzc5MzQ4LzEvR1MwNDhuY2plRUFPMTBhVFhNLUcxTkVDTElFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9mOTY1MzItZDdmZi00NTM4LWJjY2QtMmQzOGU3Nzc5MzQ4
LzEvdWk4YUVkNFpESUhBdDNVczlTdFdsQ1hjVk1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAw7H+MA0E
AgACMAcDBQAqAsSAMA0GCSqGSIb3DQEBCwUAA4IBAQBGAzYv7hUybS8k/c/747wQ
WjYDNAb4n/lAydLZiUEt0XgSZ66Is884u5E5DMNC79OBbvh7Nt9anyETOVu8+Ekm
ay90FpY8mj1vEcA0yigWMvvohHKuXu1hdlYju8oSEhmf3avuR3E5YluKVezFpLn6
/28fnsWa6n814SYWcOOW14VpUEOiMXONEVpR04zI2InSaDcyvzb0kn7/0r6KNJmX
32q0MYkrWS/5yidrLEfHaiklHIEcvpPpfBRHC561su6POUXcBqIZdctXmipUzVff
aDs+jJxdFOChZZK8wvNpyVZ51XGoKf07vuYQVofMOvEb2JA1lVoto8WtjSCg2DwX
-----END CERTIFICATE-----