Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/2ff76d-f116-4430-8407-6e29efdfd4e3/1/GPc9BhHFO4k-Mv2IP0hUF295pf8.roa
File:                     GPc9BhHFO4k-Mv2IP0hUF295pf8.roa (raw, json)
Hash identifier:          i9qY3lnaMqEOEtj9IhcEV6Um6uZw4dkFWU7828D5g9s=
Subject key identifier:   18:F7:3D:06:11:C5:3B:89:3E:32:FD:88:3F:48:54:17:6F:79:A5:FF
Certificate issuer:       /CN=29f9670ee2a30eac8c0a39dc47ff7a8cd2473b00
Certificate serial:       018E1870FA4EF10EE353B48C803CCAAD7A5B
Authority key identifier: 29:F9:67:0E:E2:A3:0E:AC:8C:0A:39:DC:47:FF:7A:8C:D2:47:3B:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KflnDuKjDqyMCjncR_96jNJHOwA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/2ff76d-f116-4430-8407-6e29efdfd4e3/1/GPc9BhHFO4k-Mv2IP0hUF295pf8.roa
Signing time:             Thu 07 Mar 2024 10:24:00 +0000
ROA not before:           Thu 07 Mar 2024 10:24:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209114
IP address blocks:        193.33.120.0/24 maxlen: 24
                          194.31.130.0/24 maxlen: 24
                          2a12:6e40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/2ff76d-f116-4430-8407-6e29efdfd4e3/1/KflnDuKjDqyMCjncR_96jNJHOwA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/2ff76d-f116-4430-8407-6e29efdfd4e3/1/KflnDuKjDqyMCjncR_96jNJHOwA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KflnDuKjDqyMCjncR_96jNJHOwA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:18:70:fa:4e:f1:0e:e3:53:b4:8c:80:3c:ca:ad:7a:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29f9670ee2a30eac8c0a39dc47ff7a8cd2473b00
        Validity
            Not Before: Mar  7 10:24:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18f73d0611c53b893e32fd883f4854176f79a5ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:84:be:65:51:e2:e9:8c:1b:de:0f:33:4c:45:
                    59:34:51:09:2d:8a:e5:3a:62:cf:93:e2:e0:c6:b1:
                    f3:13:39:4e:79:e7:f0:ef:80:c6:58:4b:b5:61:3f:
                    0a:7a:00:c1:f5:b9:64:6b:95:c3:4f:58:1c:e7:38:
                    b6:bf:68:04:39:79:c8:6c:bb:75:cf:a4:42:37:da:
                    4c:30:f7:e5:d8:8c:31:82:5b:4f:cd:b1:19:3d:70:
                    4c:6c:e2:5a:16:67:b4:5c:50:05:4c:f9:1e:19:c3:
                    22:61:71:4f:ea:d6:a8:31:71:98:54:c3:06:7c:57:
                    0d:b2:4b:8e:b0:06:9f:85:18:7e:28:f8:cc:07:fd:
                    1c:94:25:13:23:67:96:4f:4e:53:39:c9:7b:b5:18:
                    97:45:d6:a9:ec:e9:06:25:75:7b:cc:98:ac:9b:a3:
                    15:2a:c4:9e:00:b8:68:9d:b4:4e:51:83:fd:08:09:
                    03:23:ff:24:41:e6:ef:87:1a:d0:4a:d3:da:90:8a:
                    1c:85:b5:c6:c7:a1:60:b5:6a:3e:2e:66:07:bf:2f:
                    bc:cb:c3:7c:17:e4:8b:9b:2c:d8:5f:2c:8e:c6:ea:
                    35:d0:09:c9:2c:36:a7:e0:87:b0:e1:5f:2a:d5:2e:
                    7b:48:68:8d:f7:39:bf:f7:8c:56:39:0b:2b:2b:6e:
                    75:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:F7:3D:06:11:C5:3B:89:3E:32:FD:88:3F:48:54:17:6F:79:A5:FF
            X509v3 Authority Key Identifier:
                keyid:29:F9:67:0E:E2:A3:0E:AC:8C:0A:39:DC:47:FF:7A:8C:D2:47:3B:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KflnDuKjDqyMCjncR_96jNJHOwA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/2ff76d-f116-4430-8407-6e29efdfd4e3/1/GPc9BhHFO4k-Mv2IP0hUF295pf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/2ff76d-f116-4430-8407-6e29efdfd4e3/1/KflnDuKjDqyMCjncR_96jNJHOwA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.120.0/24
                  194.31.130.0/24
                IPv6:
                  2a12:6e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:2d:a6:29:00:de:c0:47:fc:de:57:4a:2a:cd:a8:75:d8:d6:
         8c:5a:7d:9c:60:ad:2d:b9:22:29:c7:da:0e:d1:2c:78:d8:71:
         f2:97:5c:21:81:72:31:2c:08:fb:ab:99:65:48:05:90:26:75:
         1c:c6:67:9c:aa:97:47:28:e9:5b:fc:1d:de:8e:10:75:86:8c:
         a5:c6:77:04:0c:d9:f3:4a:2d:79:eb:73:eb:8e:11:63:a1:34:
         52:39:65:19:69:39:a7:35:24:60:db:25:80:53:6f:1b:2a:1d:
         fc:22:99:a7:55:83:b1:1c:87:0a:65:52:a6:14:72:a8:45:49:
         a7:0f:17:fc:78:16:ed:d8:a0:03:83:b7:28:12:a1:21:97:3f:
         e9:45:d6:8e:1d:8e:b0:79:7c:31:75:f3:91:64:b4:bb:50:c0:
         41:07:82:a9:fe:3d:a3:1a:2f:d8:88:05:84:c2:ad:92:02:c5:
         8b:04:6e:ec:ff:e8:11:d6:a0:1f:f3:77:49:f9:5a:71:75:c3:
         7e:3e:b5:55:73:82:e8:64:a7:2a:80:70:df:7b:8b:54:8d:ab:
         ec:5e:ea:2f:c1:c6:e0:e3:47:57:44:96:1b:d0:3a:1a:7b:f9:
         f2:6c:89:dd:b3:9d:ef:02:c5:1e:db:51:fa:c1:51:dc:7d:dd:
         f5:18:4f:f8
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY4YcPpO8Q7jU7SMgDzKrXpbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5Zjk2NzBlZTJhMzBlYWM4YzBhMzlkYzQ3ZmY3YThjZDI0
NzNiMDAwHhcNMjQwMzA3MTAyNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGY3M2QwNjExYzUzYjg5M2UzMmZkODgzZjQ4NTQxNzZmNzlhNWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhYS+ZVHi6Ywb3g8zTEVZNFEJLYrl
OmLPk+LgxrHzEzlOeefw74DGWEu1YT8KegDB9blka5XDT1gc5zi2v2gEOXnIbLt1
z6RCN9pMMPfl2IwxgltPzbEZPXBMbOJaFme0XFAFTPkeGcMiYXFP6taoMXGYVMMG
fFcNskuOsAafhRh+KPjMB/0clCUTI2eWT05TOcl7tRiXRdap7OkGJXV7zJism6MV
KsSeALhonbROUYP9CAkDI/8kQebvhxrQStPakIochbXGx6FgtWo+LmYHvy+8y8N8
F+SLmyzYXyyOxuo10AnJLDan4Iew4V8q1S57SGiN9zm/94xWOQsrK251OQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBj3PQYRxTuJPjL9iD9IVBdveaX/MB8GA1UdIwQY
MBaAFCn5Zw7iow6sjAo53Ef/eozSRzsAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2ZsbkR1S2pEcXlNQ2puY1JfOTZqTkpIT3dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8yZmY3NmQtZjExNi00NDMwLTg0MDct
NmUyOWVmZGZkNGUzLzEvR1BjOUJoSEZPNGstTXYySVAwaFVGMjk1cGY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8yZmY3NmQtZjExNi00NDMwLTg0MDctNmUyOWVmZGZkNGUz
LzEvS2ZsbkR1S2pEcXlNQ2puY1JfOTZqTkpIT3dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAwSF4AwQA
wh+CMA0EAgACMAcDBQMqEm5AMA0GCSqGSIb3DQEBCwUAA4IBAQB7LaYpAN7AR/ze
V0oqzah12NaMWn2cYK0tuSIpx9oO0Sx42HHyl1whgXIxLAj7q5llSAWQJnUcxmec
qpdHKOlb/B3ejhB1hoylxncEDNnzSi1563PrjhFjoTRSOWUZaTmnNSRg2yWAU28b
Kh38IpmnVYOxHIcKZVKmFHKoRUmnDxf8eBbt2KADg7coEqEhlz/pRdaOHY6weXwx
dfORZLS7UMBBB4Kp/j2jGi/YiAWEwq2SAsWLBG7s/+gR1qAf83dJ+VpxdcN+PrVV
c4LoZKcqgHDfe4tUjavsXuovwcbg40dXRJYb0Doae/nybInds53vAsUe21H6wVHc
fd31GE/4
-----END CERTIFICATE-----