Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/9EvgLkXcD5z1yMacnFd67G_n0Yo.roa
File:                     9EvgLkXcD5z1yMacnFd67G_n0Yo.roa (raw, json)
Hash identifier:          FYaTan8YNXOSwmIGifLrDElRPFxbFtY1kIADzyDghnw=
Subject key identifier:   F4:4B:E0:2E:45:DC:0F:9C:F5:C8:C6:9C:9C:57:7A:EC:6F:E7:D1:8A
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       019213BF7AB65AF372DEB497AE8987E4D6A4
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/9EvgLkXcD5z1yMacnFd67G_n0Yo.roa
Signing time:             Sat 21 Sep 2024 08:42:48 +0000
ROA not before:           Sat 21 Sep 2024 08:42:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396856
IP address blocks:        188.64.108.0/22 maxlen: 24
                          188.64.110.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:13:bf:7a:b6:5a:f3:72:de:b4:97:ae:89:87:e4:d6:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Sep 21 08:42:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f44be02e45dc0f9cf5c8c69c9c577aec6fe7d18a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:5a:23:6d:8d:04:ef:95:a7:f9:21:f7:e0:a4:
                    ac:ca:0d:6f:75:e6:cb:1c:1c:00:0e:c2:2a:b1:05:
                    8b:72:94:ce:e7:b4:4e:5e:01:ff:3d:21:2a:f0:89:
                    b4:8f:0d:b2:00:75:36:b0:80:f1:40:c3:ea:29:58:
                    4b:f3:2d:38:6a:ef:12:ab:70:94:b7:bb:de:c5:ef:
                    dc:10:ee:24:44:ad:f6:02:ba:41:9a:62:f9:58:1c:
                    f7:1f:94:71:14:95:9d:bb:f8:95:1d:c8:ae:87:85:
                    30:45:f7:22:f1:67:71:c0:9a:46:bf:fb:93:58:c6:
                    be:57:7a:c7:44:29:28:25:0f:f8:ce:82:37:43:ab:
                    f7:56:17:9d:f3:14:d7:26:e5:e5:57:50:2f:c1:05:
                    c3:66:b8:47:92:bb:71:32:9b:2c:b6:a4:33:67:bd:
                    29:eb:3b:91:03:91:e1:59:c1:3d:ec:81:92:32:3a:
                    3b:4c:5c:cd:54:d1:f3:61:35:96:30:04:f1:61:b3:
                    28:ff:d5:f4:d5:59:e0:cd:db:aa:13:1a:7a:04:20:
                    99:eb:be:1b:0c:e1:0b:3f:75:1e:ec:d2:1f:b0:63:
                    c5:d3:4d:ea:49:bf:6d:ec:70:9c:b2:3e:75:d6:57:
                    fb:84:f8:bd:7a:08:9d:1f:6b:f2:02:60:1f:cd:5e:
                    22:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:4B:E0:2E:45:DC:0F:9C:F5:C8:C6:9C:9C:57:7A:EC:6F:E7:D1:8A
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/9EvgLkXcD5z1yMacnFd67G_n0Yo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.64.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         54:eb:51:86:6d:1f:55:14:61:17:f0:60:77:31:f6:fa:92:1a:
         62:b1:6e:93:4c:99:d3:00:1b:c1:dc:f2:ae:f3:da:06:94:0c:
         0f:89:c2:cf:f2:a3:f7:a5:de:5d:58:46:b6:63:83:e7:2c:66:
         79:31:82:37:f4:89:2f:50:ef:21:2d:dc:68:88:fb:f3:28:64:
         db:2e:4d:4f:95:01:bf:86:6b:66:28:ae:f1:54:96:e9:ee:e7:
         d1:22:97:d3:33:9e:e2:96:69:e0:4d:69:51:43:c0:e8:09:eb:
         52:64:f4:02:4e:a0:15:a8:d4:f3:52:3f:4a:e9:e5:0a:10:d2:
         b3:ab:a8:88:6b:c9:25:bc:e4:94:02:ae:0e:1e:66:ee:9e:2f:
         85:c1:8b:95:a5:4a:fb:80:6b:bf:46:03:13:81:9d:b9:38:44:
         f2:19:18:01:f7:b5:e7:61:02:b7:af:3a:29:a6:52:25:99:78:
         dd:18:a6:f2:5b:58:97:42:3f:cb:e9:df:2e:74:e5:cc:00:e9:
         95:ff:1c:b0:17:62:20:0e:e9:bc:52:b8:3d:17:5c:4f:e9:88:
         9f:02:2f:32:77:0a:0d:6e:38:87:41:2b:ec:1d:22:1f:87:a8:
         bf:af:96:17:b4:0e:fd:fd:5b:ed:66:1a:af:b7:04:8d:31:41:
         10:6c:e7:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZITv3q2WvNy3rSXromH5NakMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjQwOTIxMDg0MjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDRiZTAyZTQ1ZGMwZjljZjVjOGM2OWM5YzU3N2FlYzZmZTdkMThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1ojbY0E75Wn+SH34KSsyg1vdebL
HBwADsIqsQWLcpTO57ROXgH/PSEq8Im0jw2yAHU2sIDxQMPqKVhL8y04au8Sq3CU
t7vexe/cEO4kRK32ArpBmmL5WBz3H5RxFJWdu/iVHciuh4UwRfci8WdxwJpGv/uT
WMa+V3rHRCkoJQ/4zoI3Q6v3Vhed8xTXJuXlV1AvwQXDZrhHkrtxMpsstqQzZ70p
6zuRA5HhWcE97IGSMjo7TFzNVNHzYTWWMATxYbMo/9X01VngzduqExp6BCCZ674b
DOELP3Ue7NIfsGPF003qSb9t7HCcsj511lf7hPi9egidH2vyAmAfzV4iwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPRL4C5F3A+c9cjGnJxXeuxv59GKMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvOUV2Z0xrWGNENXoxeU1hY25GZDY3R19uMFlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvEBsMA0G
CSqGSIb3DQEBCwUAA4IBAQBU61GGbR9VFGEX8GB3Mfb6khpisW6TTJnTABvB3PKu
89oGlAwPicLP8qP3pd5dWEa2Y4PnLGZ5MYI39IkvUO8hLdxoiPvzKGTbLk1PlQG/
hmtmKK7xVJbp7ufRIpfTM57ilmngTWlRQ8DoCetSZPQCTqAVqNTzUj9K6eUKENKz
q6iIa8klvOSUAq4OHmbuni+FwYuVpUr7gGu/RgMTgZ25OETyGRgB97XnYQK3rzop
plIlmXjdGKbyW1iXQj/L6d8udOXMAOmV/xywF2IgDum8Urg9F1xP6YifAi8ydwoN
bjiHQSvsHSIfh6i/r5YXtA79/VvtZhqvtwSNMUEQbOeG
-----END CERTIFICATE-----