Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/GIw83l2PP42EjLXUySlU07YyJRI.roa
File:                     GIw83l2PP42EjLXUySlU07YyJRI.roa (raw, json)
Hash identifier:          WQAqr4S+41lTw9c42sywo5KBkNll6Ys9svWEnvrOWHU=
Subject key identifier:   18:8C:3C:DE:5D:8F:3F:8D:84:8C:B5:D4:C9:29:54:D3:B6:32:25:12
Certificate issuer:       /CN=73975d5da9da8a074b33fbcb5c09d503a3b443a1
Certificate serial:       01907E5FFE3A20B8AA1944F2EB0B5D20A2D2
Authority key identifier: 73:97:5D:5D:A9:DA:8A:07:4B:33:FB:CB:5C:09:D5:03:A3:B4:43:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c5ddXanaigdLM_vLXAnVA6O0Q6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/GIw83l2PP42EjLXUySlU07YyJRI.roa
Signing time:             Thu 04 Jul 2024 15:32:18 +0000
ROA not before:           Thu 04 Jul 2024 15:32:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214624
IP address blocks:        185.86.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/c5ddXanaigdLM_vLXAnVA6O0Q6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/c5ddXanaigdLM_vLXAnVA6O0Q6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c5ddXanaigdLM_vLXAnVA6O0Q6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:7e:5f:fe:3a:20:b8:aa:19:44:f2:eb:0b:5d:20:a2:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73975d5da9da8a074b33fbcb5c09d503a3b443a1
        Validity
            Not Before: Jul  4 15:32:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=188c3cde5d8f3f8d848cb5d4c92954d3b6322512
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:8f:7b:33:b8:30:c7:46:9d:d1:5a:37:5e:28:
                    ef:a0:e7:8d:e6:18:a9:15:b3:7a:ae:06:49:28:dd:
                    9c:7f:14:9d:d3:9a:64:1f:d0:36:d1:25:2f:c2:81:
                    6b:02:7d:1c:71:ba:e2:a7:ef:fa:e6:17:e7:1d:c9:
                    9d:c4:15:0a:96:2e:01:e8:50:75:4c:2d:57:d1:76:
                    6e:ed:8d:a2:77:7a:7e:fe:1b:73:1f:63:86:9d:2f:
                    b7:6c:c7:e5:33:70:77:7c:58:27:a5:44:88:51:a1:
                    66:58:0f:13:1e:e0:78:98:a8:00:6f:e2:53:ae:3a:
                    ed:87:e8:0e:b7:4f:64:3c:3b:9a:02:dc:2a:56:36:
                    e4:6a:35:87:32:c2:13:a8:ca:12:ae:d4:8d:bb:9a:
                    b9:1d:83:b3:3a:9c:27:de:17:8d:49:57:14:4d:4f:
                    4b:02:d0:3c:71:f0:71:1c:2f:6d:66:37:79:ba:16:
                    e3:6f:27:9f:9d:d8:f7:3c:77:ff:fb:63:44:84:25:
                    07:2d:12:1f:e9:79:d6:3f:98:02:83:b5:eb:61:61:
                    40:17:10:46:ce:f1:95:29:65:c9:32:48:86:a5:da:
                    e0:d0:9f:31:9e:57:e1:11:b3:72:a0:ca:27:c7:15:
                    47:f7:e9:18:88:2e:18:ee:d2:05:38:ee:37:5a:53:
                    e4:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:8C:3C:DE:5D:8F:3F:8D:84:8C:B5:D4:C9:29:54:D3:B6:32:25:12
            X509v3 Authority Key Identifier:
                keyid:73:97:5D:5D:A9:DA:8A:07:4B:33:FB:CB:5C:09:D5:03:A3:B4:43:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5ddXanaigdLM_vLXAnVA6O0Q6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/GIw83l2PP42EjLXUySlU07YyJRI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/f0172e-69c2-422f-8296-9e80d0d87c2d/1/c5ddXanaigdLM_vLXAnVA6O0Q6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.86.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:d2:3c:6f:d0:9a:ef:25:38:99:fe:18:9d:84:ff:ce:98:87:
         28:a9:ea:7b:19:5e:56:32:4c:a3:4b:7f:80:47:1e:c1:6d:d2:
         e0:89:81:ff:6d:2f:44:14:b5:f1:ce:f5:51:84:11:48:99:b8:
         b9:5e:fb:12:57:cf:2f:80:0f:82:ca:d5:6d:a3:43:1a:fc:2e:
         49:45:d1:e2:80:19:07:90:f0:d6:50:24:f5:76:c0:3e:81:66:
         99:cb:bc:6b:47:6c:4d:ab:a8:8a:10:a6:32:fd:8d:27:db:3f:
         94:0f:29:71:e5:ea:f6:6c:6f:12:ab:83:26:34:37:32:71:ba:
         50:c4:3e:1b:40:f8:9f:91:bc:c7:91:f0:ad:cf:7c:1a:ae:cd:
         52:c4:02:ed:3a:17:3d:8e:50:5d:06:4d:62:74:1e:9b:e5:75:
         6a:58:d9:7b:1b:ec:22:c8:e9:7a:a1:bb:19:23:11:3b:d8:90:
         44:b5:3c:6c:95:b7:67:b6:14:43:a9:04:4e:2f:34:c5:c0:6d:
         a7:56:ba:07:49:92:c4:74:41:f5:85:cc:60:92:c0:c2:0b:bf:
         0b:95:a5:8b:8a:15:82:a3:5f:8f:0a:c8:26:33:cd:95:b7:4b:
         ee:fa:4b:72:65:19:53:17:42:45:09:d5:65:a7:0c:d8:f4:e3:
         b1:a2:4e:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZB+X/46ILiqGUTy6wtdIKLSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczOTc1ZDVkYTlkYThhMDc0YjMzZmJjYjVjMDlkNTAzYTNi
NDQzYTEwHhcNMjQwNzA0MTUzMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODhjM2NkZTVkOGYzZjhkODQ4Y2I1ZDRjOTI5NTRkM2I2MzIyNTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1I97M7gwx0ad0Vo3XijvoOeN5hip
FbN6rgZJKN2cfxSd05pkH9A20SUvwoFrAn0ccbrip+/65hfnHcmdxBUKli4B6FB1
TC1X0XZu7Y2id3p+/htzH2OGnS+3bMflM3B3fFgnpUSIUaFmWA8THuB4mKgAb+JT
rjrth+gOt09kPDuaAtwqVjbkajWHMsITqMoSrtSNu5q5HYOzOpwn3heNSVcUTU9L
AtA8cfBxHC9tZjd5uhbjbyefndj3PHf/+2NEhCUHLRIf6XnWP5gCg7XrYWFAFxBG
zvGVKWXJMkiGpdrg0J8xnlfhEbNyoMonxxVH9+kYiC4Y7tIFOO43WlPkeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBiMPN5djz+NhIy11MkpVNO2MiUSMB8GA1UdIwQY
MBaAFHOXXV2p2ooHSzP7y1wJ1QOjtEOhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzVkZFhhbmFpZ2RMTV92TFhBblZBNk8wUTZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9mMDE3MmUtNjljMi00MjJmLTgyOTYt
OWU4MGQwZDg3YzJkLzEvR0l3ODNsMlBQNDJFakxYVXlTbFUwN1l5SlJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9mMDE3MmUtNjljMi00MjJmLTgyOTYtOWU4MGQwZDg3YzJk
LzEvYzVkZFhhbmFpZ2RMTV92TFhBblZBNk8wUTZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVbhMA0G
CSqGSIb3DQEBCwUAA4IBAQBt0jxv0JrvJTiZ/hidhP/OmIcoqep7GV5WMkyjS3+A
Rx7BbdLgiYH/bS9EFLXxzvVRhBFImbi5XvsSV88vgA+CytVto0Ma/C5JRdHigBkH
kPDWUCT1dsA+gWaZy7xrR2xNq6iKEKYy/Y0n2z+UDylx5er2bG8Sq4MmNDcycbpQ
xD4bQPifkbzHkfCtz3wars1SxALtOhc9jlBdBk1idB6b5XVqWNl7G+wiyOl6obsZ
IxE72JBEtTxslbdnthRDqQROLzTFwG2nVroHSZLEdEH1hcxgksDCC78LlaWLihWC
o1+PCsgmM82Vt0vu+ktyZRlTF0JFCdVlpwzY9OOxok4q
-----END CERTIFICATE-----