Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/32a353-6659-480b-abf7-eb073797ac66/1/GL43VxH_h-aWzE3G-2pFMtY1WM4.roa
File:                     GL43VxH_h-aWzE3G-2pFMtY1WM4.roa (raw, json)
Hash identifier:          GegNsbMfLWk2tMOCfqZsrF9iNh5KkVnxnNq29fJOObI=
Subject key identifier:   18:BE:37:57:11:FF:87:E6:96:CC:4D:C6:FB:6A:45:32:D6:35:58:CE
Certificate issuer:       /CN=4570d28fc49aa0ae808c383f587f3ea4cfeb049d
Certificate serial:       019427B5F3457D1585811F7E269A4B2BE750
Authority key identifier: 45:70:D2:8F:C4:9A:A0:AE:80:8C:38:3F:58:7F:3E:A4:CF:EB:04:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RXDSj8SaoK6AjDg_WH8-pM_rBJ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/32a353-6659-480b-abf7-eb073797ac66/1/GL43VxH_h-aWzE3G-2pFMtY1WM4.roa
Signing time:             Thu 02 Jan 2025 15:50:23 +0000
ROA not before:           Thu 02 Jan 2025 15:50:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49028
IP address blocks:        185.165.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/32a353-6659-480b-abf7-eb073797ac66/1/RXDSj8SaoK6AjDg_WH8-pM_rBJ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/32a353-6659-480b-abf7-eb073797ac66/1/RXDSj8SaoK6AjDg_WH8-pM_rBJ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RXDSj8SaoK6AjDg_WH8-pM_rBJ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:f3:45:7d:15:85:81:1f:7e:26:9a:4b:2b:e7:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4570d28fc49aa0ae808c383f587f3ea4cfeb049d
        Validity
            Not Before: Jan  2 15:50:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18be375711ff87e696cc4dc6fb6a4532d63558ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d6:b2:e6:b4:f8:31:3d:b2:30:82:08:2e:68:
                    ce:85:01:ef:84:88:e1:f1:4a:bd:e0:a5:7e:c7:db:
                    c5:d4:05:1d:63:f2:96:bb:51:94:81:12:bc:3a:85:
                    20:14:19:9d:0f:6c:ba:31:32:8b:76:1b:e7:10:c6:
                    17:c6:d0:fc:03:de:a1:84:9e:ef:13:8d:be:6e:95:
                    62:ea:c1:89:c1:19:e7:a4:bf:12:a5:2a:5c:fb:3f:
                    92:fc:23:dd:48:b2:21:ec:70:ec:ce:b6:bd:e0:84:
                    a0:48:b3:0b:8c:c1:c1:a5:41:66:a9:2e:d6:d2:02:
                    12:7c:2c:b2:a6:ce:3c:8c:17:65:1d:3c:25:79:6e:
                    bd:7a:68:1a:77:bb:55:6a:9a:dd:eb:08:90:8d:81:
                    ad:26:7a:3b:b9:82:c1:e5:a2:71:18:63:3d:14:73:
                    f8:f5:d1:cc:45:18:63:cb:e0:a4:b0:c7:92:f1:3b:
                    de:e0:28:c5:4e:2f:db:7f:44:92:c0:79:34:69:0c:
                    69:53:a1:08:c1:3a:bd:94:37:f6:37:b7:ff:c8:d9:
                    b4:d5:fe:97:bf:6b:ed:49:2b:19:08:ba:ef:2f:4c:
                    69:8f:b6:18:05:a8:da:ad:64:4f:8d:d8:88:91:76:
                    77:98:1e:01:c9:dc:77:f4:f1:6a:b6:5a:1a:45:4d:
                    d1:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:BE:37:57:11:FF:87:E6:96:CC:4D:C6:FB:6A:45:32:D6:35:58:CE
            X509v3 Authority Key Identifier:
                keyid:45:70:D2:8F:C4:9A:A0:AE:80:8C:38:3F:58:7F:3E:A4:CF:EB:04:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RXDSj8SaoK6AjDg_WH8-pM_rBJ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/32a353-6659-480b-abf7-eb073797ac66/1/GL43VxH_h-aWzE3G-2pFMtY1WM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/32a353-6659-480b-abf7-eb073797ac66/1/RXDSj8SaoK6AjDg_WH8-pM_rBJ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:d8:dc:af:7c:cc:5a:fd:a7:bf:35:6a:bc:a4:e8:fc:4e:55:
         21:04:b2:da:b4:93:d8:58:25:50:65:58:22:9d:c8:39:3b:76:
         90:47:a9:80:ee:50:e2:23:5e:1e:5c:80:a8:d3:a1:95:c9:d5:
         54:9f:66:d5:fc:95:52:a2:50:ce:af:22:96:af:b3:2a:fb:3a:
         fd:01:09:27:4a:6a:30:e2:cc:3c:03:31:24:be:d4:fb:7e:87:
         a3:30:1e:4e:fb:b8:44:c7:39:12:21:69:c6:18:08:64:a6:0e:
         d2:35:cb:aa:15:13:ac:70:59:66:26:6f:49:bc:f5:1c:0e:6a:
         b9:dd:36:2f:17:41:88:c0:12:b0:75:1e:a5:89:a9:25:54:9d:
         e6:19:19:bd:02:49:ae:d4:86:a6:ad:cc:e0:9e:2e:e0:3e:8f:
         68:69:8a:5b:c9:b7:6f:dd:b6:b8:61:e7:7d:e5:ce:1b:75:78:
         6a:84:2d:08:1c:40:17:85:2d:15:96:8f:e2:ae:10:68:1f:45:
         28:e4:e2:7a:d4:ed:72:a7:32:00:62:5d:a5:73:ac:c1:dc:c6:
         c3:53:27:8c:be:1e:cd:3c:db:e0:c6:d3:fe:f6:f5:d3:97:c8:
         ae:12:74:ab:69:88:9d:4a:58:b2:34:44:7b:47:cc:0b:9d:cc:
         1a:a6:63:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntfNFfRWFgR9+JppLK+dQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1NzBkMjhmYzQ5YWEwYWU4MDhjMzgzZjU4N2YzZWE0Y2Zl
YjA0OWQwHhcNMjUwMTAyMTU1MDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGJlMzc1NzExZmY4N2U2OTZjYzRkYzZmYjZhNDUzMmQ2MzU1OGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9ay5rT4MT2yMIIILmjOhQHvhIjh
8Uq94KV+x9vF1AUdY/KWu1GUgRK8OoUgFBmdD2y6MTKLdhvnEMYXxtD8A96hhJ7v
E42+bpVi6sGJwRnnpL8SpSpc+z+S/CPdSLIh7HDszra94ISgSLMLjMHBpUFmqS7W
0gISfCyyps48jBdlHTwleW69emgad7tVaprd6wiQjYGtJno7uYLB5aJxGGM9FHP4
9dHMRRhjy+CksMeS8Tve4CjFTi/bf0SSwHk0aQxpU6EIwTq9lDf2N7f/yNm01f6X
v2vtSSsZCLrvL0xpj7YYBajarWRPjdiIkXZ3mB4Bydx39PFqtloaRU3R3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBi+N1cR/4fmlsxNxvtqRTLWNVjOMB8GA1UdIwQY
MBaAFEVw0o/EmqCugIw4P1h/PqTP6wSdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlhEU2o4U2FvSzZBakRnX1dIOC1wTV9yQkowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8zMmEzNTMtNjY1OS00ODBiLWFiZjct
ZWIwNzM3OTdhYzY2LzEvR0w0M1Z4SF9oLWFXekUzRy0ycEZNdFkxV000LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8zMmEzNTMtNjY1OS00ODBiLWFiZjctZWIwNzM3OTdhYzY2
LzEvUlhEU2o4U2FvSzZBakRnX1dIOC1wTV9yQkowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaXBMA0G
CSqGSIb3DQEBCwUAA4IBAQBm2NyvfMxa/ae/NWq8pOj8TlUhBLLatJPYWCVQZVgi
ncg5O3aQR6mA7lDiI14eXICo06GVydVUn2bV/JVSolDOryKWr7Mq+zr9AQknSmow
4sw8AzEkvtT7foejMB5O+7hExzkSIWnGGAhkpg7SNcuqFROscFlmJm9JvPUcDmq5
3TYvF0GIwBKwdR6liaklVJ3mGRm9Akmu1Iamrczgni7gPo9oaYpbybdv3ba4Yed9
5c4bdXhqhC0IHEAXhS0Vlo/irhBoH0Uo5OJ61O1ypzIAYl2lc6zB3MbDUyeMvh7N
PNvgxtP+9vXTl8iuEnSraYidSliyNER7R8wLncwapmMq
-----END CERTIFICATE-----