Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/198c6b-d715-47b6-86c0-4d22c6b5b1fe/1/RSGS_A9ZhHfhPs-Xd-2yBhaUx04.roa
File:                     RSGS_A9ZhHfhPs-Xd-2yBhaUx04.roa (raw, json)
Hash identifier:          9DeIEWauvtB5gVJpol9lD4tGpJrhuAMpwlj+8F7c68c=
Subject key identifier:   45:21:92:FC:0F:59:84:77:E1:3E:CF:97:77:ED:B2:06:16:94:C7:4E
Certificate issuer:       /CN=762656c5e66b82c04654be1a25629b1fd6a59456
Certificate serial:       018CC8015CA8DBB02A9780B862A1194A2728
Authority key identifier: 76:26:56:C5:E6:6B:82:C0:46:54:BE:1A:25:62:9B:1F:D6:A5:94:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/diZWxeZrgsBGVL4aJWKbH9allFY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/198c6b-d715-47b6-86c0-4d22c6b5b1fe/1/RSGS_A9ZhHfhPs-Xd-2yBhaUx04.roa
Signing time:             Tue 02 Jan 2024 02:29:41 +0000
ROA not before:           Tue 02 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13984
IP address blocks:        193.25.186.0/23 maxlen: 23
                          2a09:6d80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/198c6b-d715-47b6-86c0-4d22c6b5b1fe/1/diZWxeZrgsBGVL4aJWKbH9allFY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/198c6b-d715-47b6-86c0-4d22c6b5b1fe/1/diZWxeZrgsBGVL4aJWKbH9allFY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/diZWxeZrgsBGVL4aJWKbH9allFY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5c:a8:db:b0:2a:97:80:b8:62:a1:19:4a:27:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=762656c5e66b82c04654be1a25629b1fd6a59456
        Validity
            Not Before: Jan  2 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=452192fc0f598477e13ecf9777edb2061694c74e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:10:ec:92:0b:7d:a0:30:59:53:63:6c:67:73:
                    f1:ce:e9:b2:c4:9e:99:86:67:64:86:6d:4c:d0:1f:
                    c7:76:40:aa:2f:b9:2d:55:75:ab:0b:34:a7:47:d0:
                    2d:5d:e5:dd:06:40:50:8f:96:1a:70:2b:75:f0:c8:
                    4a:22:e4:d3:b3:bd:07:a0:c7:71:7e:61:87:2d:1e:
                    19:a7:33:fc:8d:9d:43:f0:f5:cf:4d:3e:ae:cc:7c:
                    95:bc:82:ba:2b:0e:35:6a:33:df:36:df:9e:5f:c6:
                    9f:de:eb:5b:fc:f1:b3:57:97:89:ea:b9:41:c8:1d:
                    d1:56:d4:8f:98:26:9e:69:84:02:ec:b9:a3:48:6a:
                    32:ef:4a:36:ba:9f:c1:9e:0c:8e:d5:6f:e0:c9:4d:
                    8b:65:18:fe:26:5e:2d:5b:68:33:49:c4:8b:d3:ab:
                    db:38:ef:e5:e1:b0:f7:c2:51:37:34:cd:dd:05:3f:
                    61:ab:27:a4:c6:6b:e9:8a:4b:8b:22:f3:b2:6b:3a:
                    bb:3b:9d:5b:de:5d:63:aa:ca:e1:44:79:8d:d8:49:
                    1f:c3:35:76:7a:8e:02:74:01:cd:46:56:88:9a:49:
                    1f:cd:c0:1a:14:97:04:b8:92:69:ad:b6:33:e5:f2:
                    61:fa:13:67:3a:92:77:7f:68:59:83:0f:42:5f:94:
                    33:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:21:92:FC:0F:59:84:77:E1:3E:CF:97:77:ED:B2:06:16:94:C7:4E
            X509v3 Authority Key Identifier:
                keyid:76:26:56:C5:E6:6B:82:C0:46:54:BE:1A:25:62:9B:1F:D6:A5:94:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/diZWxeZrgsBGVL4aJWKbH9allFY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/198c6b-d715-47b6-86c0-4d22c6b5b1fe/1/RSGS_A9ZhHfhPs-Xd-2yBhaUx04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/198c6b-d715-47b6-86c0-4d22c6b5b1fe/1/diZWxeZrgsBGVL4aJWKbH9allFY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.186.0/23
                IPv6:
                  2a09:6d80::/32

    Signature Algorithm: sha256WithRSAEncryption
         08:74:1c:08:7a:ef:8f:fd:fa:bc:1c:6b:a0:1c:29:f9:31:28:
         c9:96:d0:cc:1a:ab:7a:ca:3d:23:7a:db:e3:d3:62:79:7d:f6:
         d8:32:05:a0:d9:85:6d:06:b0:83:e1:27:9e:e2:37:11:e6:9a:
         ff:a6:3a:c0:11:ee:0b:bc:0f:f5:40:6a:52:4d:cd:19:76:1a:
         42:3b:ad:94:8a:8f:7c:9d:4a:b7:0b:41:67:e0:9a:5b:e3:93:
         98:d4:71:b8:0f:de:00:ab:b2:1b:07:13:95:4e:af:67:26:75:
         ad:76:33:8f:d5:d0:98:c1:73:bb:b3:b2:b1:f6:ae:f6:24:a7:
         0e:56:ab:06:b0:a2:af:de:2c:75:3f:a7:35:5a:08:33:50:69:
         e2:c6:cf:1a:f3:d2:24:70:69:76:37:e0:b5:1c:79:2c:8d:87:
         82:69:dd:0a:22:2c:ee:d9:07:c3:75:ea:7f:ed:34:93:a2:7e:
         03:e5:1a:87:d6:0e:c7:66:4f:ca:61:d9:29:4b:a8:60:44:bc:
         aa:c6:52:10:65:9c:2c:99:fb:0d:a2:a1:f0:c8:bc:ba:38:43:
         87:6c:a6:25:4e:9f:95:e9:15:5e:8b:f2:e3:cf:6e:65:5e:0a:
         ce:98:3a:f6:19:2c:10:9f:23:cc:0a:88:eb:9a:5d:31:1f:b3:
         bb:e4:4e:39
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAVyo27Aql4C4YqEZSicoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2MjY1NmM1ZTY2YjgyYzA0NjU0YmUxYTI1NjI5YjFmZDZh
NTk0NTYwHhcNMjQwMTAyMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTIxOTJmYzBmNTk4NDc3ZTEzZWNmOTc3N2VkYjIwNjE2OTRjNzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohDskgt9oDBZU2NsZ3PxzumyxJ6Z
hmdkhm1M0B/HdkCqL7ktVXWrCzSnR9AtXeXdBkBQj5YacCt18MhKIuTTs70HoMdx
fmGHLR4ZpzP8jZ1D8PXPTT6uzHyVvIK6Kw41ajPfNt+eX8af3utb/PGzV5eJ6rlB
yB3RVtSPmCaeaYQC7LmjSGoy70o2up/BngyO1W/gyU2LZRj+Jl4tW2gzScSL06vb
OO/l4bD3wlE3NM3dBT9hqyekxmvpikuLIvOyazq7O51b3l1jqsrhRHmN2EkfwzV2
eo4CdAHNRlaImkkfzcAaFJcEuJJprbYz5fJh+hNnOpJ3f2hZgw9CX5QzcwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEUhkvwPWYR34T7Pl3ftsgYWlMdOMB8GA1UdIwQY
MBaAFHYmVsXma4LARlS+GiVimx/WpZRWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGlaV3hlWnJnc0JHVkw0YUpXS2JIOWFsbEZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8xOThjNmItZDcxNS00N2I2LTg2YzAt
NGQyMmM2YjViMWZlLzEvUlNHU19BOVpoSGZoUHMtWGQtMnlCaGFVeDA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8xOThjNmItZDcxNS00N2I2LTg2YzAtNGQyMmM2YjViMWZl
LzEvZGlaV3hlWnJnc0JHVkw0YUpXS2JIOWFsbEZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBwRm6MA0E
AgACMAcDBQAqCW2AMA0GCSqGSIb3DQEBCwUAA4IBAQAIdBwIeu+P/fq8HGugHCn5
MSjJltDMGqt6yj0jetvj02J5ffbYMgWg2YVtBrCD4See4jcR5pr/pjrAEe4LvA/1
QGpSTc0ZdhpCO62Uio98nUq3C0Fn4Jpb45OY1HG4D94Aq7IbBxOVTq9nJnWtdjOP
1dCYwXO7s7Kx9q72JKcOVqsGsKKv3ix1P6c1WggzUGnixs8a89IkcGl2N+C1HHks
jYeCad0KIizu2QfDdep/7TSTon4D5RqH1g7HZk/KYdkpS6hgRLyqxlIQZZwsmfsN
oqHwyLy6OEOHbKYlTp+V6RVei/Ljz25lXgrOmDr2GSwQnyPMCojrml0xH7O75E45
-----END CERTIFICATE-----