Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/4c4058-8ee3-4e3e-a30c-bac476b97eee/1/GZABCZvLsjJb3yjR731Gq1lWQfQ.roa
File:                     GZABCZvLsjJb3yjR731Gq1lWQfQ.roa (raw, json)
Hash identifier:          ePFD0dcdga6M4ul2IOpi0vQjZOd95PEwj2Lw8M+Op2Q=
Subject key identifier:   19:90:01:09:9B:CB:B2:32:5B:DF:28:D1:EF:7D:46:AB:59:56:41:F4
Certificate issuer:       /CN=ee182424b484197dc304524092dcdd992fcbe4be
Certificate serial:       018CC492A175849D3772DA6343A598E28E01
Authority key identifier: EE:18:24:24:B4:84:19:7D:C3:04:52:40:92:DC:DD:99:2F:CB:E4:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hgkJLSEGX3DBFJAktzdmS_L5L4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/4c4058-8ee3-4e3e-a30c-bac476b97eee/1/GZABCZvLsjJb3yjR731Gq1lWQfQ.roa
Signing time:             Mon 01 Jan 2024 10:29:52 +0000
ROA not before:           Mon 01 Jan 2024 10:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208321
IP address blocks:        185.235.88.0/22 maxlen: 24
                          2a0b:e200::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/4c4058-8ee3-4e3e-a30c-bac476b97eee/1/7hgkJLSEGX3DBFJAktzdmS_L5L4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/4c4058-8ee3-4e3e-a30c-bac476b97eee/1/7hgkJLSEGX3DBFJAktzdmS_L5L4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hgkJLSEGX3DBFJAktzdmS_L5L4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 07:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:a1:75:84:9d:37:72:da:63:43:a5:98:e2:8e:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee182424b484197dc304524092dcdd992fcbe4be
        Validity
            Not Before: Jan  1 10:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=199001099bcbb2325bdf28d1ef7d46ab595641f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:42:3b:b8:0a:4b:d6:ce:eb:ad:e9:ef:ee:fe:
                    bd:d2:aa:2f:5f:24:12:54:18:cd:f5:ba:f3:64:28:
                    4a:22:54:a0:a4:29:45:46:da:bf:c7:8a:bf:46:94:
                    b6:0d:6b:45:87:76:9b:cd:91:3c:e4:10:e9:7b:82:
                    c6:4f:ab:41:3c:2f:d8:64:4e:26:50:fb:68:e2:b4:
                    ff:f1:85:0f:c4:74:26:bb:1c:24:5a:a0:42:6b:41:
                    ba:e2:0d:2a:48:0b:8d:11:f5:06:22:93:f1:8f:4c:
                    2c:c6:b5:35:4d:87:d2:e1:b7:a5:89:ee:19:40:e6:
                    22:d5:76:01:a9:f9:cd:ae:61:7e:58:e5:ee:f5:b8:
                    9b:03:23:53:57:eb:9f:30:55:b0:90:d3:30:d7:79:
                    f3:75:2f:7f:d4:48:91:3d:ec:69:53:53:6a:39:24:
                    ea:a6:da:3b:07:ca:c6:7f:bf:00:f8:57:ac:61:95:
                    8d:63:f5:de:fa:47:fe:37:f3:bd:98:56:15:cc:68:
                    cf:98:40:4b:f1:f9:0b:21:63:fe:cd:af:17:3f:d6:
                    22:96:7d:13:18:ed:72:87:38:f7:c5:04:1a:f1:23:
                    c9:f3:f5:49:e6:bd:ec:9f:10:be:80:cd:f6:6f:a6:
                    88:25:48:c2:43:7e:56:06:9d:68:75:ba:39:97:0e:
                    be:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:90:01:09:9B:CB:B2:32:5B:DF:28:D1:EF:7D:46:AB:59:56:41:F4
            X509v3 Authority Key Identifier:
                keyid:EE:18:24:24:B4:84:19:7D:C3:04:52:40:92:DC:DD:99:2F:CB:E4:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hgkJLSEGX3DBFJAktzdmS_L5L4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/4c4058-8ee3-4e3e-a30c-bac476b97eee/1/GZABCZvLsjJb3yjR731Gq1lWQfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/4c4058-8ee3-4e3e-a30c-bac476b97eee/1/7hgkJLSEGX3DBFJAktzdmS_L5L4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.88.0/22
                IPv6:
                  2a0b:e200::/29

    Signature Algorithm: sha256WithRSAEncryption
         31:fc:a7:c1:74:01:92:d2:82:82:09:00:f5:ce:d8:71:72:9d:
         d4:c2:35:62:bd:26:5b:f7:28:16:72:6b:b1:a8:ab:58:1e:54:
         97:ba:f4:76:a8:de:20:ff:f3:b7:82:7b:dd:a6:2e:be:59:98:
         cc:be:24:6a:61:af:3d:11:0d:e3:bd:e2:57:29:f9:10:9a:8b:
         fd:c4:11:26:c4:6e:81:05:9b:f6:63:aa:e3:a5:5e:4f:19:cb:
         86:e2:cc:32:4e:02:7c:ba:87:18:90:07:b5:e4:b4:ea:de:98:
         dd:c2:80:30:8e:a7:43:f5:4f:ba:bd:2f:44:38:d6:dd:1c:36:
         28:b3:86:61:4c:16:f1:b9:49:28:7e:22:a8:b4:89:0b:82:a4:
         d2:3d:a5:8b:31:91:30:26:a2:39:d5:38:e1:88:d3:15:43:14:
         e2:ba:22:f4:c2:f4:f4:56:69:ad:0f:4b:da:d8:b8:f6:93:ae:
         a7:a5:07:58:51:70:e8:18:0c:91:15:ef:8a:da:c5:2a:be:69:
         a4:d1:3b:52:7e:e2:ea:c9:b9:72:99:f5:e4:ed:ee:27:9e:f7:
         fe:3d:e1:88:2c:40:28:7b:55:26:72:c6:15:23:ea:86:43:77:
         96:fb:d0:b3:3c:28:78:c0:8f:2e:a9:da:46:16:a1:1f:ad:37:
         09:d9:8e:8b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEkqF1hJ03ctpjQ6WY4o4BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMTgyNDI0YjQ4NDE5N2RjMzA0NTI0MDkyZGNkZDk5MmZj
YmU0YmUwHhcNMjQwMTAxMTAyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTkwMDEwOTliY2JiMjMyNWJkZjI4ZDFlZjdkNDZhYjU5NTY0MWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0I7uApL1s7rrenv7v690qovXyQS
VBjN9brzZChKIlSgpClFRtq/x4q/RpS2DWtFh3abzZE85BDpe4LGT6tBPC/YZE4m
UPto4rT/8YUPxHQmuxwkWqBCa0G64g0qSAuNEfUGIpPxj0wsxrU1TYfS4belie4Z
QOYi1XYBqfnNrmF+WOXu9bibAyNTV+ufMFWwkNMw13nzdS9/1EiRPexpU1NqOSTq
pto7B8rGf78A+FesYZWNY/Xe+kf+N/O9mFYVzGjPmEBL8fkLIWP+za8XP9Yiln0T
GO1yhzj3xQQa8SPJ8/VJ5r3snxC+gM32b6aIJUjCQ35WBp1odbo5lw6+1wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBmQAQmby7IyW98o0e99RqtZVkH0MB8GA1UdIwQY
MBaAFO4YJCS0hBl9wwRSQJLc3Zkvy+S+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2hna0pMU0VHWDNEQkZKQWt0emRtU19MNUw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi80YzQwNTgtOGVlMy00ZTNlLWEzMGMt
YmFjNDc2Yjk3ZWVlLzEvR1pBQkNadkxzakpiM3lqUjczMUdxMWxXUWZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi80YzQwNTgtOGVlMy00ZTNlLWEzMGMtYmFjNDc2Yjk3ZWVl
LzEvN2hna0pMU0VHWDNEQkZKQWt0emRtU19MNUw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuetYMA0E
AgACMAcDBQMqC+IAMA0GCSqGSIb3DQEBCwUAA4IBAQAx/KfBdAGS0oKCCQD1zthx
cp3UwjVivSZb9ygWcmuxqKtYHlSXuvR2qN4g//O3gnvdpi6+WZjMviRqYa89EQ3j
veJXKfkQmov9xBEmxG6BBZv2Y6rjpV5PGcuG4swyTgJ8uocYkAe15LTq3pjdwoAw
jqdD9U+6vS9EONbdHDYos4ZhTBbxuUkofiKotIkLgqTSPaWLMZEwJqI51TjhiNMV
QxTiuiL0wvT0VmmtD0va2Lj2k66npQdYUXDoGAyRFe+K2sUqvmmk0TtSfuLqybly
mfXk7e4nnvf+PeGILEAoe1UmcsYVI+qGQ3eW+9CzPCh4wI8uqdpGFqEfrTcJ2Y6L
-----END CERTIFICATE-----