Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/f83781-2949-48c7-8900-20167cd42b82/1/GB6CDhfnI9wsb8FUGQizZS_9biY.roa
File:                     GB6CDhfnI9wsb8FUGQizZS_9biY.roa (raw, json)
Hash identifier:          wXECxsgtGDgbSSMs1vIK3Lxrp/xd+DGgPAHr4x3f+rs=
Subject key identifier:   18:1E:82:0E:17:E7:23:DC:2C:6F:C1:54:19:08:B3:65:2F:FD:6E:26
Certificate issuer:       /CN=2f2709cb399c4e168ccbda16db136b5bc8b96dd6
Certificate serial:       018CC871571888AFB978E3F8E70D38523BAF
Authority key identifier: 2F:27:09:CB:39:9C:4E:16:8C:CB:DA:16:DB:13:6B:5B:C8:B9:6D:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LycJyzmcThaMy9oW2xNrW8i5bdY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/f83781-2949-48c7-8900-20167cd42b82/1/GB6CDhfnI9wsb8FUGQizZS_9biY.roa
Signing time:             Tue 02 Jan 2024 04:32:00 +0000
ROA not before:           Tue 02 Jan 2024 04:32:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198657
IP address blocks:        91.237.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/f83781-2949-48c7-8900-20167cd42b82/1/LycJyzmcThaMy9oW2xNrW8i5bdY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/f83781-2949-48c7-8900-20167cd42b82/1/LycJyzmcThaMy9oW2xNrW8i5bdY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LycJyzmcThaMy9oW2xNrW8i5bdY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 10:02:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:57:18:88:af:b9:78:e3:f8:e7:0d:38:52:3b:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f2709cb399c4e168ccbda16db136b5bc8b96dd6
        Validity
            Not Before: Jan  2 04:32:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=181e820e17e723dc2c6fc1541908b3652ffd6e26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:8f:78:5b:0d:4f:df:d4:33:88:fb:df:d0:ac:
                    df:a2:a7:dc:6c:f9:73:24:3d:f2:eb:ae:7a:c8:7e:
                    1f:64:0d:88:ea:d7:c4:96:f0:e5:2b:f0:7a:58:4b:
                    bf:d0:0b:02:4d:43:7f:ac:db:b1:a4:bf:ec:8b:d9:
                    2a:c3:ab:2b:52:d5:00:70:0b:87:41:da:2c:65:37:
                    23:13:5b:74:26:0c:b1:30:93:72:6a:65:3a:5b:f0:
                    cd:bb:11:ad:80:39:0b:34:71:5a:69:8d:f5:4a:07:
                    bb:d4:3a:69:88:b6:e7:7e:be:dc:28:15:91:cd:98:
                    4b:bd:61:06:27:f4:e3:36:c7:cd:fd:b9:f7:54:d4:
                    a0:48:27:4a:04:fd:12:ce:44:f2:8b:d9:65:d2:02:
                    06:30:c4:31:62:5b:62:f4:42:98:84:42:d6:a8:fd:
                    73:de:3b:8f:d5:f9:a6:8e:a2:7e:4d:67:c7:68:65:
                    35:6d:e7:1a:b5:71:0a:8c:42:76:2c:bd:62:87:d2:
                    f6:b4:cd:eb:3a:c9:80:e5:88:85:22:18:16:ee:07:
                    29:97:a3:07:35:f7:e8:89:0c:c0:ac:cc:45:a9:61:
                    9b:8f:c5:01:e8:45:f8:7f:c4:c3:a2:3a:aa:06:dc:
                    47:30:48:46:e1:ad:20:20:86:ad:93:77:9c:6c:bd:
                    81:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:1E:82:0E:17:E7:23:DC:2C:6F:C1:54:19:08:B3:65:2F:FD:6E:26
            X509v3 Authority Key Identifier:
                keyid:2F:27:09:CB:39:9C:4E:16:8C:CB:DA:16:DB:13:6B:5B:C8:B9:6D:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LycJyzmcThaMy9oW2xNrW8i5bdY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/f83781-2949-48c7-8900-20167cd42b82/1/GB6CDhfnI9wsb8FUGQizZS_9biY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/f83781-2949-48c7-8900-20167cd42b82/1/LycJyzmcThaMy9oW2xNrW8i5bdY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:8e:f8:88:8e:30:42:f5:9a:4a:fa:1f:6e:4b:e5:1c:07:c3:
         ae:27:7b:aa:8a:26:61:2e:5d:76:48:d6:e6:6f:4c:95:8c:2a:
         1d:6e:34:3e:88:d4:04:db:2f:ab:2e:15:3b:25:09:d8:3b:60:
         e8:6c:89:67:37:f6:ed:e7:d9:bc:2c:d4:94:d7:7a:b9:e2:d0:
         6f:24:d2:90:fd:f6:7a:4a:ed:fc:90:78:89:07:c5:1b:d1:66:
         0d:ed:97:a2:27:f7:92:58:f8:ab:c0:2a:b1:53:cb:4a:87:47:
         fc:5b:bd:c8:72:d0:1a:21:1f:d4:28:4e:dd:fd:f5:96:9a:4f:
         20:bd:ad:ef:a4:3d:b0:0c:41:af:00:cf:76:f3:4c:4d:1a:14:
         40:22:a8:9f:06:25:c8:82:af:e4:5f:1b:27:f6:bc:74:6b:2f:
         50:0d:7a:54:89:97:62:68:3a:1a:95:19:5b:f9:54:68:ff:7f:
         4f:8f:5b:74:83:b9:ff:53:f6:f1:7a:ee:81:86:cd:8c:0b:e0:
         0c:d5:c5:ff:0c:1b:12:da:c1:a4:d4:a2:fc:9f:0b:69:91:82:
         07:3e:af:bd:f6:73:32:9e:17:f1:72:03:d2:72:05:cd:ed:ad:
         e9:2d:c5:7f:55:06:92:b6:a0:73:50:0e:c3:16:21:08:07:d6:
         f7:de:ec:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcVcYiK+5eOP45w04UjuvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMjcwOWNiMzk5YzRlMTY4Y2NiZGExNmRiMTM2YjViYzhi
OTZkZDYwHhcNMjQwMTAyMDQzMjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODFlODIwZTE3ZTcyM2RjMmM2ZmMxNTQxOTA4YjM2NTJmZmQ2ZTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9Y94Ww1P39QziPvf0KzfoqfcbPlz
JD3y6656yH4fZA2I6tfElvDlK/B6WEu/0AsCTUN/rNuxpL/si9kqw6srUtUAcAuH
QdosZTcjE1t0JgyxMJNyamU6W/DNuxGtgDkLNHFaaY31Sge71DppiLbnfr7cKBWR
zZhLvWEGJ/TjNsfN/bn3VNSgSCdKBP0SzkTyi9ll0gIGMMQxYlti9EKYhELWqP1z
3juP1fmmjqJ+TWfHaGU1becatXEKjEJ2LL1ih9L2tM3rOsmA5YiFIhgW7gcpl6MH
NffoiQzArMxFqWGbj8UB6EX4f8TDojqqBtxHMEhG4a0gIIatk3ecbL2BTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBgegg4X5yPcLG/BVBkIs2Uv/W4mMB8GA1UdIwQY
MBaAFC8nCcs5nE4WjMvaFtsTa1vIuW3WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHljSnl6bWNUaGFNeTlvVzJ4TnJXOGk1YmRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9mODM3ODEtMjk0OS00OGM3LTg5MDAt
MjAxNjdjZDQyYjgyLzEvR0I2Q0RoZm5JOXdzYjhGVUdRaXpaU185YmlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9mODM3ODEtMjk0OS00OGM3LTg5MDAtMjAxNjdjZDQyYjgy
LzEvTHljSnl6bWNUaGFNeTlvVzJ4TnJXOGk1YmRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+3sMA0G
CSqGSIb3DQEBCwUAA4IBAQBejviIjjBC9ZpK+h9uS+UcB8OuJ3uqiiZhLl12SNbm
b0yVjCodbjQ+iNQE2y+rLhU7JQnYO2DobIlnN/bt59m8LNSU13q54tBvJNKQ/fZ6
Su38kHiJB8Ub0WYN7ZeiJ/eSWPirwCqxU8tKh0f8W73IctAaIR/UKE7d/fWWmk8g
va3vpD2wDEGvAM9280xNGhRAIqifBiXIgq/kXxsn9rx0ay9QDXpUiZdiaDoalRlb
+VRo/39Pj1t0g7n/U/bxeu6Bhs2MC+AM1cX/DBsS2sGk1KL8nwtpkYIHPq+99nMy
nhfxcgPScgXN7a3pLcV/VQaStqBzUA7DFiEIB9b33uyH
-----END CERTIFICATE-----