Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/GG5l3019Cmza1q1gEOWQhyEeHUo.roa
File:                     GG5l3019Cmza1q1gEOWQhyEeHUo.roa (raw, json)
Hash identifier:          Jjh5YvreGpkRAcWUqyubR/zeu4LyseTGZV1B8GuN8Ww=
Subject key identifier:   18:6E:65:DF:4D:7D:0A:6C:DA:D6:AD:60:10:E5:90:87:21:1E:1D:4A
Certificate issuer:       /CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
Certificate serial:       0190353CC92BD6397787508648EC820FE5F1
Authority key identifier: F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/GG5l3019Cmza1q1gEOWQhyEeHUo.roa
Signing time:             Thu 20 Jun 2024 10:41:34 +0000
ROA not before:           Thu 20 Jun 2024 10:41:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20853
IP address blocks:        194.29.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 07:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:35:3c:c9:2b:d6:39:77:87:50:86:48:ec:82:0f:e5:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
        Validity
            Not Before: Jun 20 10:41:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=186e65df4d7d0a6cdad6ad6010e59087211e1d4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:8d:a7:d9:c0:bf:ac:8c:5e:07:54:a4:2c:bf:
                    ba:1d:20:21:ea:8a:6c:8a:ff:6c:82:d2:08:df:e7:
                    cf:d8:70:26:c8:1f:26:d1:aa:3b:93:ff:fb:b0:0e:
                    57:d5:83:91:a1:39:d8:d6:ac:af:70:91:c0:2a:94:
                    02:e3:ff:6f:77:53:28:99:a2:1d:16:f0:13:f1:d4:
                    20:29:22:12:12:e2:49:ed:8f:ba:67:3e:75:34:70:
                    a2:4a:15:d3:16:d4:a0:dc:80:c7:15:36:a8:dd:1d:
                    5f:f8:cc:9d:27:00:ee:e5:83:05:cb:e4:a1:7f:1b:
                    97:0f:11:1b:8b:04:0b:d1:82:05:5b:c6:ae:df:db:
                    d3:0e:f8:4d:74:a4:1b:0b:d9:67:cf:31:98:4d:1e:
                    6b:6a:30:9b:57:ec:48:c4:2a:98:4c:5f:1b:74:57:
                    5f:ac:42:03:e8:82:3b:39:04:42:ae:02:e8:05:77:
                    3c:59:23:1a:10:35:37:62:30:e9:0f:8c:60:68:8b:
                    11:2d:ab:80:a8:cf:7d:05:aa:7e:58:c7:6e:c9:eb:
                    f7:96:5f:8c:d6:f9:02:d8:f8:f6:75:8e:08:59:73:
                    37:4d:cf:b1:62:3b:7d:94:c3:57:01:d1:40:c0:e0:
                    ee:03:e5:ff:90:21:5e:d8:0b:07:3d:43:d9:1d:17:
                    b0:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:6E:65:DF:4D:7D:0A:6C:DA:D6:AD:60:10:E5:90:87:21:1E:1D:4A
            X509v3 Authority Key Identifier:
                keyid:F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/GG5l3019Cmza1q1gEOWQhyEeHUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.29.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:df:57:77:0f:05:3b:55:f4:cb:02:a6:19:df:03:80:f8:a7:
         2e:7d:ed:d5:79:0b:e9:67:99:17:35:0b:df:fa:f1:6f:c4:c2:
         fd:25:d1:87:d5:17:11:f9:52:64:72:e8:6c:ac:88:92:10:33:
         e5:15:89:d2:94:01:61:ab:81:25:ff:a9:5c:92:90:0d:05:cb:
         c2:31:b1:59:25:af:ea:3a:a9:77:d8:74:2f:67:bc:a5:2e:34:
         03:3d:a7:7f:b6:76:61:fa:8b:f5:c9:e0:64:e0:54:c0:d5:47:
         41:b7:ed:28:16:0e:db:4d:8d:93:48:dc:ce:4d:a5:b6:79:8e:
         cc:33:af:5d:2b:b0:19:e8:02:1b:49:22:33:4f:1a:af:22:be:
         02:6b:50:1a:b9:14:e8:a5:b3:bd:57:f7:a1:fc:44:19:ec:80:
         d6:9a:37:d9:40:33:e3:78:92:50:24:12:c4:a3:ff:b8:c7:73:
         a3:a4:ec:5c:e5:57:75:e7:8a:8f:07:12:bb:cc:ec:69:8c:3f:
         7e:9c:c0:a4:60:50:61:94:aa:71:bf:ed:90:9e:6f:57:9f:cf:
         e3:7b:97:df:87:2a:02:f2:ed:57:56:3a:90:c9:e4:d7:14:1f:
         21:f5:93:de:c0:84:06:e7:4b:24:8c:78:42:8c:37:cf:08:1f:
         11:c7:ad:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZA1PMkr1jl3h1CGSOyCD+XxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZmIzMmQyMjY2YjFmOWJjZTU3Y2FjOThiYzAyNDdmMmM5
MTk3ZjIwHhcNMjQwNjIwMTA0MTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODZlNjVkZjRkN2QwYTZjZGFkNmFkNjAxMGU1OTA4NzIxMWUxZDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5I2n2cC/rIxeB1SkLL+6HSAh6ops
iv9sgtII3+fP2HAmyB8m0ao7k//7sA5X1YORoTnY1qyvcJHAKpQC4/9vd1MomaId
FvAT8dQgKSISEuJJ7Y+6Zz51NHCiShXTFtSg3IDHFTao3R1f+MydJwDu5YMFy+Sh
fxuXDxEbiwQL0YIFW8au39vTDvhNdKQbC9lnzzGYTR5rajCbV+xIxCqYTF8bdFdf
rEID6II7OQRCrgLoBXc8WSMaEDU3YjDpD4xgaIsRLauAqM99Bap+WMduyev3ll+M
1vkC2Pj2dY4IWXM3Tc+xYjt9lMNXAdFAwODuA+X/kCFe2AsHPUPZHRewIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBhuZd9NfQps2tatYBDlkIchHh1KMB8GA1UdIwQY
MBaAFPX7MtImax+bzlfKyYvAJH8skZfyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAt
MmQxNDNkN2I4NTNjLzEvR0c1bDMwMTlDbXphMXExZ0VPV1FoeUVlSFVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAtMmQxNDNkN2I4NTNj
LzEvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh1DMA0G
CSqGSIb3DQEBCwUAA4IBAQC831d3DwU7VfTLAqYZ3wOA+Kcufe3VeQvpZ5kXNQvf
+vFvxML9JdGH1RcR+VJkcuhsrIiSEDPlFYnSlAFhq4El/6lckpANBcvCMbFZJa/q
Oql32HQvZ7ylLjQDPad/tnZh+ov1yeBk4FTA1UdBt+0oFg7bTY2TSNzOTaW2eY7M
M69dK7AZ6AIbSSIzTxqvIr4Ca1AauRTopbO9V/eh/EQZ7IDWmjfZQDPjeJJQJBLE
o/+4x3OjpOxc5Vd154qPBxK7zOxpjD9+nMCkYFBhlKpxv+2Qnm9Xn8/je5ffhyoC
8u1XVjqQyeTXFB8h9ZPewIQG50skjHhCjDfPCB8Rx62r
-----END CERTIFICATE-----