Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/56167f-5327-4c88-b4ea-3beccaae336d/1/GbI0C5rlPqvXXay48JANnzW8zZs.roa
File:                     GbI0C5rlPqvXXay48JANnzW8zZs.roa (raw, json)
Hash identifier:          Pzw9Ufyry9DniOEbAxnZGzJzw2TC7cKNpTymgPktbJ8=
Subject key identifier:   19:B2:34:0B:9A:E5:3E:AB:D7:5D:AC:B8:F0:90:0D:9F:35:BC:CD:9B
Certificate issuer:       /CN=49e14bf76f42da4f2ac003a6c69d61c2320e2cd8
Certificate serial:       019176117B2666BDDA858C5F73B2BAB4B81E
Authority key identifier: 49:E1:4B:F7:6F:42:DA:4F:2A:C0:03:A6:C6:9D:61:C2:32:0E:2C:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeFL929C2k8qwAOmxp1hwjIOLNg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/56167f-5327-4c88-b4ea-3beccaae336d/1/GbI0C5rlPqvXXay48JANnzW8zZs.roa
Signing time:             Wed 21 Aug 2024 17:52:22 +0000
ROA not before:           Wed 21 Aug 2024 17:52:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        130.255.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/56167f-5327-4c88-b4ea-3beccaae336d/1/SeFL929C2k8qwAOmxp1hwjIOLNg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/56167f-5327-4c88-b4ea-3beccaae336d/1/SeFL929C2k8qwAOmxp1hwjIOLNg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeFL929C2k8qwAOmxp1hwjIOLNg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:76:11:7b:26:66:bd:da:85:8c:5f:73:b2:ba:b4:b8:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e14bf76f42da4f2ac003a6c69d61c2320e2cd8
        Validity
            Not Before: Aug 21 17:52:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19b2340b9ae53eabd75dacb8f0900d9f35bccd9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:e0:a9:fb:d0:c4:8d:2e:59:23:aa:99:e5:7b:
                    27:43:84:90:f4:8c:47:e3:05:5e:a1:18:9e:8c:55:
                    63:8b:55:43:30:93:f3:e8:a4:d3:31:30:c2:65:c9:
                    54:eb:30:ff:e7:1f:91:1f:e3:a3:06:d9:98:30:6a:
                    6a:8d:45:b9:e7:aa:04:17:48:ca:84:66:9e:24:b1:
                    87:78:ea:23:2b:2c:55:a7:7d:52:d1:60:3c:a8:c6:
                    9d:d8:4e:40:0c:df:73:eb:1e:c1:1e:51:43:63:9d:
                    1e:01:f6:e9:67:12:7d:f7:28:64:8e:6f:d0:3a:fb:
                    93:9f:8f:9d:a3:89:59:c3:1d:0d:cb:d1:2f:63:01:
                    26:11:3a:ef:5c:db:43:c1:40:c8:8d:68:3b:91:1f:
                    a4:1e:4f:98:5b:b5:39:2b:78:9d:0e:88:f6:97:49:
                    b0:93:49:ac:a1:91:bb:75:2e:15:1b:63:79:d7:a5:
                    aa:fd:80:37:05:f0:23:c8:6a:a4:08:25:e9:95:2d:
                    8c:fb:f6:cb:f8:dd:96:d5:5d:e8:aa:1b:6a:64:17:
                    97:fa:fd:e0:12:17:8f:4f:34:45:88:45:74:c3:60:
                    61:12:01:f9:94:62:c9:8f:ca:d9:31:3d:35:f5:95:
                    d2:81:9b:ed:23:97:00:cd:c5:d9:dc:dc:94:3b:56:
                    26:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:B2:34:0B:9A:E5:3E:AB:D7:5D:AC:B8:F0:90:0D:9F:35:BC:CD:9B
            X509v3 Authority Key Identifier:
                keyid:49:E1:4B:F7:6F:42:DA:4F:2A:C0:03:A6:C6:9D:61:C2:32:0E:2C:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeFL929C2k8qwAOmxp1hwjIOLNg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/56167f-5327-4c88-b4ea-3beccaae336d/1/GbI0C5rlPqvXXay48JANnzW8zZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/56167f-5327-4c88-b4ea-3beccaae336d/1/SeFL929C2k8qwAOmxp1hwjIOLNg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.255.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:be:d4:d5:b2:23:5b:5c:8f:42:08:39:f5:b6:26:4f:a0:a7:
         72:53:56:a0:2b:0c:4e:ae:0b:89:bf:be:55:c3:27:75:3d:be:
         1e:86:44:07:4e:ec:49:e2:f3:2f:f3:c7:3e:a9:8d:06:a0:9f:
         bd:1d:f3:7c:3a:8e:c8:81:d2:92:fb:3f:aa:4f:ef:af:3e:e3:
         76:30:c0:c5:de:a9:bc:1e:74:8e:40:15:c4:9d:2d:a5:d3:31:
         fd:81:95:0b:19:15:02:ba:19:1b:6a:a0:a1:8f:09:17:b0:f3:
         78:71:d1:f8:95:fb:4c:1b:38:e1:3a:4a:ee:61:d6:41:20:fc:
         8d:0b:bc:53:ad:f4:c7:87:39:b6:38:0d:c9:87:d6:2b:62:18:
         16:4a:37:23:20:71:df:b5:ea:ed:be:6f:83:03:3f:60:30:2e:
         33:0f:d2:66:9f:b8:db:e9:76:73:c8:ab:e6:3a:fd:6d:3a:67:
         d1:ce:2d:99:d0:f7:09:56:52:29:0b:8f:fc:98:45:98:9c:0a:
         d9:8b:f7:26:bd:69:93:45:1e:0a:fc:dd:95:d8:a7:23:29:47:
         f4:f4:2c:a2:b0:54:5a:64:75:d8:b8:9c:d8:2c:9b:e0:9b:69:
         98:39:90:45:df:2c:69:ad:5c:30:c1:46:ea:ac:c5:36:9d:aa:
         4b:50:1b:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZF2EXsmZr3ahYxfc7K6tLgeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTE0YmY3NmY0MmRhNGYyYWMwMDNhNmM2OWQ2MWMyMzIw
ZTJjZDgwHhcNMjQwODIxMTc1MjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWIyMzQwYjlhZTUzZWFiZDc1ZGFjYjhmMDkwMGQ5ZjM1YmNjZDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0OCp+9DEjS5ZI6qZ5XsnQ4SQ9IxH
4wVeoRiejFVji1VDMJPz6KTTMTDCZclU6zD/5x+RH+OjBtmYMGpqjUW556oEF0jK
hGaeJLGHeOojKyxVp31S0WA8qMad2E5ADN9z6x7BHlFDY50eAfbpZxJ99yhkjm/Q
OvuTn4+do4lZwx0Ny9EvYwEmETrvXNtDwUDIjWg7kR+kHk+YW7U5K3idDoj2l0mw
k0msoZG7dS4VG2N516Wq/YA3BfAjyGqkCCXplS2M+/bL+N2W1V3oqhtqZBeX+v3g
EhePTzRFiEV0w2BhEgH5lGLJj8rZMT019ZXSgZvtI5cAzcXZ3NyUO1YmrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBmyNAua5T6r112suPCQDZ81vM2bMB8GA1UdIwQY
MBaAFEnhS/dvQtpPKsADpsadYcIyDizYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VGTDkyOUMyazhxd0FPbXhwMWh3aklPTE5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC81NjE2N2YtNTMyNy00Yzg4LWI0ZWEt
M2JlY2NhYWUzMzZkLzEvR2JJMEM1cmxQcXZYWGF5NDhKQU5uelc4elpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC81NjE2N2YtNTMyNy00Yzg4LWI0ZWEtM2JlY2NhYWUzMzZk
LzEvU2VGTDkyOUMyazhxd0FPbXhwMWh3aklPTE5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgv+oMA0G
CSqGSIb3DQEBCwUAA4IBAQATvtTVsiNbXI9CCDn1tiZPoKdyU1agKwxOrguJv75V
wyd1Pb4ehkQHTuxJ4vMv88c+qY0GoJ+9HfN8Oo7IgdKS+z+qT++vPuN2MMDF3qm8
HnSOQBXEnS2l0zH9gZULGRUCuhkbaqChjwkXsPN4cdH4lftMGzjhOkruYdZBIPyN
C7xTrfTHhzm2OA3Jh9YrYhgWSjcjIHHftertvm+DAz9gMC4zD9Jmn7jb6XZzyKvm
Ov1tOmfRzi2Z0PcJVlIpC4/8mEWYnArZi/cmvWmTRR4K/N2V2KcjKUf09CyisFRa
ZHXYuJzYLJvgm2mYOZBF3yxprVwwwUbqrMU2napLUBvi
-----END CERTIFICATE-----