Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/93e20f-8878-4058-8e01-ad01e30a61b2/1/GAnBcsaOYglC_8Zoq-_h__bWrtQ.roa
File:                     GAnBcsaOYglC_8Zoq-_h__bWrtQ.roa (raw, json)
Hash identifier:          Km/dmh7oLdeIkcIqFI9xW3jLc4fH79jBoqnP1WQgnlM=
Subject key identifier:   18:09:C1:72:C6:8E:62:09:42:FF:C6:68:AB:EF:E1:FF:F6:D6:AE:D4
Certificate issuer:       /CN=15f215ad274f35b24ac6a060b2f09399711bc17f
Certificate serial:       018CC3B671E1BCE53B511FBBE59DB0CD0E06
Authority key identifier: 15:F2:15:AD:27:4F:35:B2:4A:C6:A0:60:B2:F0:93:99:71:1B:C1:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfIVrSdPNbJKxqBgsvCTmXEbwX8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/93e20f-8878-4058-8e01-ad01e30a61b2/1/GAnBcsaOYglC_8Zoq-_h__bWrtQ.roa
Signing time:             Mon 01 Jan 2024 06:29:22 +0000
ROA not before:           Mon 01 Jan 2024 06:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205393
IP address blocks:        194.147.160.0/22 maxlen: 22
                          194.147.168.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/93e20f-8878-4058-8e01-ad01e30a61b2/1/FfIVrSdPNbJKxqBgsvCTmXEbwX8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/93e20f-8878-4058-8e01-ad01e30a61b2/1/FfIVrSdPNbJKxqBgsvCTmXEbwX8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfIVrSdPNbJKxqBgsvCTmXEbwX8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 06:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:71:e1:bc:e5:3b:51:1f:bb:e5:9d:b0:cd:0e:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f215ad274f35b24ac6a060b2f09399711bc17f
        Validity
            Not Before: Jan  1 06:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1809c172c68e620942ffc668abefe1fff6d6aed4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:b4:6a:aa:14:84:72:1a:d6:75:5d:5e:9c:ed:
                    b6:b7:6d:83:ad:1b:8e:06:93:89:1a:69:fe:56:6b:
                    c3:05:b5:13:81:8d:be:7c:58:fb:ae:13:8e:d2:4c:
                    a8:ea:15:85:2d:42:cf:db:c0:88:82:06:64:0b:23:
                    5f:8f:c9:3b:5a:c4:96:0a:d4:0d:84:d9:8a:6d:ec:
                    4b:84:7b:0a:92:ab:ce:92:36:d8:b7:90:13:a9:24:
                    da:e7:82:89:59:8a:8e:05:4c:dd:ee:9b:b4:24:4b:
                    d7:9e:dc:2e:8f:3c:f2:f7:9b:3e:94:ee:91:0e:27:
                    5e:34:32:6b:33:e8:90:a8:d3:df:73:de:b9:1a:5c:
                    c8:6b:7a:0e:26:2a:31:5e:d2:34:ce:f0:fa:0f:da:
                    92:3d:14:d1:30:fe:af:60:c0:f0:73:ee:93:87:5e:
                    f3:d5:0c:67:a1:d1:7d:09:17:f2:cb:89:ff:61:0d:
                    82:cf:52:16:a4:d9:79:5b:e3:5b:69:a8:7b:41:01:
                    2e:fa:8a:89:fb:1a:37:d2:a2:a4:93:18:e8:ef:ba:
                    fc:45:25:49:95:38:a0:f2:e3:dd:a1:fc:33:1f:f7:
                    85:68:44:cf:42:60:b2:3f:c7:24:32:d7:7e:06:6b:
                    ac:53:6b:47:5d:17:b3:a8:24:f3:c0:cc:14:55:0e:
                    d9:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:09:C1:72:C6:8E:62:09:42:FF:C6:68:AB:EF:E1:FF:F6:D6:AE:D4
            X509v3 Authority Key Identifier:
                keyid:15:F2:15:AD:27:4F:35:B2:4A:C6:A0:60:B2:F0:93:99:71:1B:C1:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfIVrSdPNbJKxqBgsvCTmXEbwX8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/93e20f-8878-4058-8e01-ad01e30a61b2/1/GAnBcsaOYglC_8Zoq-_h__bWrtQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/93e20f-8878-4058-8e01-ad01e30a61b2/1/FfIVrSdPNbJKxqBgsvCTmXEbwX8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.160.0/22
                  194.147.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         85:28:d1:e5:e7:72:ae:87:a3:8e:0e:07:32:26:b9:ef:bf:84:
         e2:49:7c:57:26:d2:68:67:c2:aa:df:f3:44:88:ea:a1:51:94:
         92:df:a4:5a:eb:98:3b:af:90:15:aa:18:6f:c9:a1:61:50:40:
         d1:d5:54:7f:d6:b1:3c:6f:14:da:f4:b6:06:85:88:55:ca:8a:
         2d:88:ed:9d:8a:f5:b0:5e:19:4e:ce:a7:e3:a6:ac:18:53:a6:
         2d:6a:ad:6c:de:f0:bc:cd:91:78:1b:26:ad:73:49:1b:90:9d:
         b7:72:0a:8b:4c:8a:64:c9:39:a4:b4:ee:f8:0b:1d:51:28:61:
         27:1d:b3:77:76:b2:ab:b2:ac:64:08:60:44:46:d6:d1:61:99:
         c6:0c:6b:18:79:23:01:ff:2d:4c:9f:39:e7:d4:0c:24:2b:1d:
         d5:74:10:80:87:0b:10:94:31:db:7e:33:59:2f:f4:f2:c1:ac:
         1b:5a:c0:c3:98:17:44:02:f0:b7:4e:d2:af:ce:36:cc:a0:d6:
         a1:73:b8:0f:ad:a3:be:ad:67:b3:11:70:45:9d:a7:c6:41:6c:
         81:72:fb:02:45:17:e3:29:09:35:48:d0:33:49:8f:36:70:d5:
         2c:a8:9e:24:57:77:77:e5:fa:50:05:94:37:40:c1:79:80:1f:
         4c:71:c9:d5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtnHhvOU7UR+75Z2wzQ4GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjIxNWFkMjc0ZjM1YjI0YWM2YTA2MGIyZjA5Mzk5NzEx
YmMxN2YwHhcNMjQwMTAxMDYyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODA5YzE3MmM2OGU2MjA5NDJmZmM2NjhhYmVmZTFmZmY2ZDZhZWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj7RqqhSEchrWdV1enO22t22DrRuO
BpOJGmn+VmvDBbUTgY2+fFj7rhOO0kyo6hWFLULP28CIggZkCyNfj8k7WsSWCtQN
hNmKbexLhHsKkqvOkjbYt5ATqSTa54KJWYqOBUzd7pu0JEvXntwujzzy95s+lO6R
DideNDJrM+iQqNPfc965GlzIa3oOJioxXtI0zvD6D9qSPRTRMP6vYMDwc+6Th17z
1QxnodF9CRfyy4n/YQ2Cz1IWpNl5W+Nbaah7QQEu+oqJ+xo30qKkkxjo77r8RSVJ
lTig8uPdofwzH/eFaETPQmCyP8ckMtd+BmusU2tHXRezqCTzwMwUVQ7ZiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBgJwXLGjmIJQv/GaKvv4f/21q7UMB8GA1UdIwQY
MBaAFBXyFa0nTzWySsagYLLwk5lxG8F/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZJVnJTZFBOYkpLeHFCZ3N2Q1RtWEVid1g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS85M2UyMGYtODg3OC00MDU4LThlMDEt
YWQwMWUzMGE2MWIyLzEvR0FuQmNzYU9ZZ2xDXzhab3EtX2hfX2JXcnRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS85M2UyMGYtODg3OC00MDU4LThlMDEtYWQwMWUzMGE2MWIy
LzEvRmZJVnJTZFBOYkpLeHFCZ3N2Q1RtWEVid1g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwpOgAwQB
wpOoMA0GCSqGSIb3DQEBCwUAA4IBAQCFKNHl53Kuh6OODgcyJrnvv4TiSXxXJtJo
Z8Kq3/NEiOqhUZSS36Ra65g7r5AVqhhvyaFhUEDR1VR/1rE8bxTa9LYGhYhVyoot
iO2divWwXhlOzqfjpqwYU6Ytaq1s3vC8zZF4Gyatc0kbkJ23cgqLTIpkyTmktO74
Cx1RKGEnHbN3drKrsqxkCGBERtbRYZnGDGsYeSMB/y1Mnznn1AwkKx3VdBCAhwsQ
lDHbfjNZL/TywawbWsDDmBdEAvC3TtKvzjbMoNahc7gPraO+rWezEXBFnafGQWyB
cvsCRRfjKQk1SNAzSY82cNUsqJ4kV3d35fpQBZQ3QMF5gB9MccnV
-----END CERTIFICATE-----