Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/0893f1-ffb4-46b3-bf27-a7016980c86f/1/gzT2GPqhGcrLW1MZWP3htMBFEOU.roa
File:                     gzT2GPqhGcrLW1MZWP3htMBFEOU.roa (raw, json)
Hash identifier:          FS9cg6YuYh7BVDO0CPaeAjK2/06qH/cxAb5+Z0mIdzU=
Subject key identifier:   83:34:F6:18:FA:A1:19:CA:CB:5B:53:19:58:FD:E1:B4:C0:45:10:E5
Certificate issuer:       /CN=dc5facca14de08174ef5c96c91f1e7825f42d07b
Certificate serial:       019330027E971C56CF3315CFD7A89B51D137
Authority key identifier: DC:5F:AC:CA:14:DE:08:17:4E:F5:C9:6C:91:F1:E7:82:5F:42:D0:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3F-syhTeCBdO9clskfHngl9C0Hs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/0893f1-ffb4-46b3-bf27-a7016980c86f/1/gzT2GPqhGcrLW1MZWP3htMBFEOU.roa
Signing time:             Fri 15 Nov 2024 13:28:09 +0000
ROA not before:           Fri 15 Nov 2024 13:28:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205330
IP address blocks:        37.130.216.0/21 maxlen: 24
                          185.109.56.0/22 maxlen: 24
                          2a0f:cec0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/0893f1-ffb4-46b3-bf27-a7016980c86f/1/3F-syhTeCBdO9clskfHngl9C0Hs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/0893f1-ffb4-46b3-bf27-a7016980c86f/1/3F-syhTeCBdO9clskfHngl9C0Hs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3F-syhTeCBdO9clskfHngl9C0Hs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:30:02:7e:97:1c:56:cf:33:15:cf:d7:a8:9b:51:d1:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc5facca14de08174ef5c96c91f1e7825f42d07b
        Validity
            Not Before: Nov 15 13:28:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8334f618faa119cacb5b531958fde1b4c04510e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:7b:2b:3a:4d:8d:ca:47:86:83:78:dc:9c:65:
                    a7:a2:35:a1:35:f3:79:00:fc:9b:5c:15:26:f9:97:
                    64:6a:e8:88:c7:79:5e:d4:6d:65:47:a5:5b:9a:38:
                    c2:0b:f5:15:27:0a:01:54:47:5c:bb:a2:32:a9:49:
                    9a:52:03:dc:d6:11:7a:3b:a0:0a:fc:b5:77:2c:17:
                    03:95:e9:1d:22:ef:53:4d:ab:9f:92:32:b0:80:28:
                    04:86:83:a1:19:d2:67:cf:b9:91:72:89:23:33:79:
                    5a:7d:1b:de:ae:ad:63:77:42:90:ba:fb:ab:ce:87:
                    ea:d1:86:83:ed:9c:7f:89:53:12:1d:6f:13:cb:00:
                    0b:58:ae:8e:2d:f0:55:b3:a4:25:c3:b0:64:6d:c6:
                    5e:59:31:59:27:a3:c1:5b:45:e5:0f:25:a0:f5:bc:
                    16:69:cb:23:c9:f9:8f:2d:22:a3:99:d9:f0:db:39:
                    3f:03:d2:47:78:b3:30:58:86:74:83:34:38:03:65:
                    0d:69:4a:14:aa:97:25:f2:4a:9a:29:08:d3:84:bc:
                    70:9e:16:63:04:40:07:94:db:72:ff:75:ba:f4:d4:
                    a2:bf:f1:61:47:95:40:b6:af:83:89:1b:e2:19:81:
                    33:d2:7f:8d:d6:c1:88:4f:30:b7:98:2f:bd:d3:ba:
                    b1:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:34:F6:18:FA:A1:19:CA:CB:5B:53:19:58:FD:E1:B4:C0:45:10:E5
            X509v3 Authority Key Identifier:
                keyid:DC:5F:AC:CA:14:DE:08:17:4E:F5:C9:6C:91:F1:E7:82:5F:42:D0:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3F-syhTeCBdO9clskfHngl9C0Hs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/0893f1-ffb4-46b3-bf27-a7016980c86f/1/gzT2GPqhGcrLW1MZWP3htMBFEOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/0893f1-ffb4-46b3-bf27-a7016980c86f/1/3F-syhTeCBdO9clskfHngl9C0Hs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.130.216.0/21
                  185.109.56.0/22
                IPv6:
                  2a0f:cec0::/32

    Signature Algorithm: sha256WithRSAEncryption
         1b:cc:9b:f4:a6:5c:48:34:bf:75:07:17:ea:81:5b:07:28:2d:
         e8:8b:64:d5:78:c8:e9:f3:96:fe:69:53:b5:f2:2e:64:d4:38:
         c4:c2:a9:30:49:18:d2:65:8e:f9:8f:80:bd:88:96:aa:34:69:
         6b:a7:bc:1f:b7:be:94:90:66:cf:be:9a:87:7b:91:94:fe:ed:
         2c:cd:61:ac:3c:c4:60:e0:f6:b9:f2:22:da:d8:65:86:e8:26:
         63:57:bb:bb:5d:9c:a9:c7:c0:ae:c9:4c:75:bf:b8:36:05:9b:
         fe:2b:98:df:6e:32:15:a8:6b:5b:30:8d:b5:e1:b7:09:ad:87:
         59:04:b4:09:76:4d:7b:29:d9:0f:5f:de:60:d3:f3:5a:12:15:
         6b:f1:c5:06:50:08:d6:89:53:19:ee:75:a3:5d:76:7a:48:12:
         1c:68:ec:d4:85:d0:42:5c:7d:ea:72:71:da:66:2c:57:38:30:
         4d:72:bb:f5:37:97:a6:b6:92:7b:98:f5:2d:a2:24:8c:4d:bb:
         1d:c8:59:94:30:7d:9e:b8:da:d8:c4:9e:2b:4c:56:bb:ef:f3:
         e7:c2:82:00:3f:12:d3:02:66:44:2b:f6:b4:de:41:0d:1a:43:
         be:2d:bc:c8:84:0a:16:fa:f2:5d:ab:b2:4d:dd:3a:ce:62:0a:
         76:f2:d4:d2
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZMwAn6XHFbPMxXP16ibUdE3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNWZhY2NhMTRkZTA4MTc0ZWY1Yzk2YzkxZjFlNzgyNWY0
MmQwN2IwHhcNMjQxMTE1MTMyODA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzM0ZjYxOGZhYTExOWNhY2I1YjUzMTk1OGZkZTFiNGMwNDUxMGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2XsrOk2NykeGg3jcnGWnojWhNfN5
APybXBUm+ZdkauiIx3le1G1lR6VbmjjCC/UVJwoBVEdcu6IyqUmaUgPc1hF6O6AK
/LV3LBcDlekdIu9TTaufkjKwgCgEhoOhGdJnz7mRcokjM3lafRverq1jd0KQuvur
zofq0YaD7Zx/iVMSHW8TywALWK6OLfBVs6Qlw7BkbcZeWTFZJ6PBW0XlDyWg9bwW
acsjyfmPLSKjmdnw2zk/A9JHeLMwWIZ0gzQ4A2UNaUoUqpcl8kqaKQjThLxwnhZj
BEAHlNty/3W69NSiv/FhR5VAtq+DiRviGYEz0n+N1sGITzC3mC+907qxxQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIM09hj6oRnKy1tTGVj94bTARRDlMB8GA1UdIwQY
MBaAFNxfrMoU3ggXTvXJbJHx54JfQtB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0Ytc3loVGVDQmRPOWNsc2tmSG5nbDlDMEhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS8wODkzZjEtZmZiNC00NmIzLWJmMjct
YTcwMTY5ODBjODZmLzEvZ3pUMkdQcWhHY3JMVzFNWldQM2h0TUJGRU9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS8wODkzZjEtZmZiNC00NmIzLWJmMjctYTcwMTY5ODBjODZm
LzEvM0Ytc3loVGVDQmRPOWNsc2tmSG5nbDlDMEhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDJYLYAwQC
uW04MA0EAgACMAcDBQAqD87AMA0GCSqGSIb3DQEBCwUAA4IBAQAbzJv0plxINL91
BxfqgVsHKC3oi2TVeMjp85b+aVO18i5k1DjEwqkwSRjSZY75j4C9iJaqNGlrp7wf
t76UkGbPvpqHe5GU/u0szWGsPMRg4Pa58iLa2GWG6CZjV7u7XZypx8CuyUx1v7g2
BZv+K5jfbjIVqGtbMI214bcJrYdZBLQJdk17KdkPX95g0/NaEhVr8cUGUAjWiVMZ
7nWjXXZ6SBIcaOzUhdBCXH3qcnHaZixXODBNcrv1N5emtpJ7mPUtoiSMTbsdyFmU
MH2euNrYxJ4rTFa77/PnwoIAPxLTAmZEK/a03kENGkO+LbzIhAoW+vJdq7JN3TrO
Ygp28tTS
-----END CERTIFICATE-----