Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/GXCLjlxnxhvVk6VElDiIEvWKs6w.roa
File:                     GXCLjlxnxhvVk6VElDiIEvWKs6w.roa (raw, json)
Hash identifier:          Qt5QAzF7sy5aJY+/LcQXdS8Akg6uXec/zEQUSWp/3Bg=
Subject key identifier:   19:70:8B:8E:5C:67:C6:1B:D5:93:A5:44:94:38:88:12:F5:8A:B3:AC
Certificate issuer:       /CN=310b05251378994cfa8088d23b6eeed4e9e6ab08
Certificate serial:       018CC4245747FADF0C0172B9C7C91EF93B8F
Authority key identifier: 31:0B:05:25:13:78:99:4C:FA:80:88:D2:3B:6E:EE:D4:E9:E6:AB:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MQsFJRN4mUz6gIjSO27u1Onmqwg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/GXCLjlxnxhvVk6VElDiIEvWKs6w.roa
Signing time:             Mon 01 Jan 2024 08:29:25 +0000
ROA not before:           Mon 01 Jan 2024 08:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59729
IP address blocks:        193.9.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/MQsFJRN4mUz6gIjSO27u1Onmqwg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/MQsFJRN4mUz6gIjSO27u1Onmqwg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MQsFJRN4mUz6gIjSO27u1Onmqwg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:57:47:fa:df:0c:01:72:b9:c7:c9:1e:f9:3b:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=310b05251378994cfa8088d23b6eeed4e9e6ab08
        Validity
            Not Before: Jan  1 08:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19708b8e5c67c61bd593a54494388812f58ab3ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:77:90:9b:47:e8:7a:0f:04:64:2d:3c:0d:9e:
                    39:8c:12:5d:8c:7c:20:1a:ae:a7:bb:7c:ff:13:b7:
                    f1:da:c0:92:19:f8:43:7e:04:00:6c:c6:ab:72:a4:
                    0a:8a:e7:16:4d:6f:32:0a:89:13:b2:a0:20:96:6d:
                    dc:4d:3a:bb:4d:16:d9:e7:60:27:37:03:5b:33:ac:
                    b5:49:7d:02:09:d2:a5:bf:0c:38:43:88:9a:88:96:
                    33:26:aa:e1:b5:2f:78:67:41:da:b2:a9:0f:9c:14:
                    36:2c:ed:45:af:d8:96:fc:f4:70:91:85:f0:eb:f3:
                    29:01:4e:9a:6e:b6:e0:97:08:5b:ac:25:29:70:e9:
                    10:ef:5a:9f:0f:89:3b:6b:64:2a:b5:59:c7:55:28:
                    2e:5b:bf:38:3a:d5:9d:b6:ad:ba:b0:1d:c2:95:06:
                    d2:c8:97:fb:8d:93:7a:55:c9:fc:bd:0b:e9:bc:84:
                    0b:60:d8:5b:84:03:32:23:b8:41:95:62:47:2f:14:
                    b1:5b:5e:78:f1:68:19:3d:a0:af:c5:a8:24:95:64:
                    63:70:b4:46:54:5b:64:76:35:99:ac:16:cc:3f:52:
                    c8:9e:bb:d0:ab:26:1c:43:2b:9a:7a:6d:95:d0:8c:
                    1f:81:96:ee:98:d6:94:ee:8f:5a:c7:8f:3f:0c:d2:
                    42:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:70:8B:8E:5C:67:C6:1B:D5:93:A5:44:94:38:88:12:F5:8A:B3:AC
            X509v3 Authority Key Identifier:
                keyid:31:0B:05:25:13:78:99:4C:FA:80:88:D2:3B:6E:EE:D4:E9:E6:AB:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MQsFJRN4mUz6gIjSO27u1Onmqwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/GXCLjlxnxhvVk6VElDiIEvWKs6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/MQsFJRN4mUz6gIjSO27u1Onmqwg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.9.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:44:b1:10:b3:e7:ee:91:d2:4f:4d:cc:a1:07:c7:d0:60:3b:
         26:61:0e:50:f1:fe:ed:ab:ee:e5:a6:13:c0:92:42:78:34:ce:
         f4:ba:2f:18:2f:4f:9f:3e:08:a1:4d:25:99:83:d5:57:b1:5f:
         a9:fc:5c:d8:71:fc:36:db:32:48:12:2a:86:22:80:75:82:cb:
         57:94:06:68:64:ff:06:7a:6c:31:f6:9e:a6:5c:d1:24:ca:2b:
         33:a4:75:a2:5a:a9:97:f9:4d:40:6d:62:b4:4c:ff:4e:1e:b9:
         2a:10:a2:75:5b:f4:c7:4d:1e:bd:f5:b8:7d:40:81:33:84:06:
         13:77:47:3b:cb:e2:5a:5c:41:bc:f2:b8:41:7f:e9:98:f7:be:
         0d:f7:3e:c8:c3:e3:de:0a:f3:a3:2f:a6:5e:41:91:2a:9b:50:
         78:4d:6c:4c:9a:bc:c2:ec:06:d0:b8:95:bb:bb:18:2e:c0:9f:
         8e:b6:8b:95:1a:63:c8:60:59:b5:3f:94:da:f5:f0:bb:3c:af:
         0f:ff:20:6a:69:8b:b0:97:0f:e9:ac:ba:66:ee:5f:86:af:a7:
         26:24:12:6f:c1:a9:f7:4d:6e:dd:50:55:19:3f:af:10:6e:a8:
         75:b4:bf:32:80:6c:bf:35:f1:c3:18:1f:35:37:4e:66:42:5d:
         0e:b3:2d:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFdH+t8MAXK5x8ke+TuPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMGIwNTI1MTM3ODk5NGNmYTgwODhkMjNiNmVlZWQ0ZTll
NmFiMDgwHhcNMjQwMTAxMDgyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTcwOGI4ZTVjNjdjNjFiZDU5M2E1NDQ5NDM4ODgxMmY1OGFiM2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXeQm0foeg8EZC08DZ45jBJdjHwg
Gq6nu3z/E7fx2sCSGfhDfgQAbMarcqQKiucWTW8yCokTsqAglm3cTTq7TRbZ52An
NwNbM6y1SX0CCdKlvww4Q4iaiJYzJqrhtS94Z0HasqkPnBQ2LO1Fr9iW/PRwkYXw
6/MpAU6abrbglwhbrCUpcOkQ71qfD4k7a2QqtVnHVSguW784OtWdtq26sB3ClQbS
yJf7jZN6Vcn8vQvpvIQLYNhbhAMyI7hBlWJHLxSxW1548WgZPaCvxagklWRjcLRG
VFtkdjWZrBbMP1LInrvQqyYcQyuaem2V0IwfgZbumNaU7o9ax48/DNJCtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBlwi45cZ8Yb1ZOlRJQ4iBL1irOsMB8GA1UdIwQY
MBaAFDELBSUTeJlM+oCI0jtu7tTp5qsIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVFzRkpSTjRtVXo2Z0lqU08yN3UxT25tcXdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC83NzE0ODYtYmVlMy00MjRhLWIzNDEt
N2NmZGYyZGY2NjMyLzEvR1hDTGpseG54aHZWazZWRWxEaUlFdldLczZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC83NzE0ODYtYmVlMy00MjRhLWIzNDEtN2NmZGYyZGY2NjMy
LzEvTVFzRkpSTjRtVXo2Z0lqU08yN3UxT25tcXdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQkUMA0G
CSqGSIb3DQEBCwUAA4IBAQB9RLEQs+fukdJPTcyhB8fQYDsmYQ5Q8f7tq+7lphPA
kkJ4NM70ui8YL0+fPgihTSWZg9VXsV+p/FzYcfw22zJIEiqGIoB1gstXlAZoZP8G
emwx9p6mXNEkyiszpHWiWqmX+U1AbWK0TP9OHrkqEKJ1W/THTR699bh9QIEzhAYT
d0c7y+JaXEG88rhBf+mY974N9z7Iw+PeCvOjL6ZeQZEqm1B4TWxMmrzC7AbQuJW7
uxguwJ+OtouVGmPIYFm1P5Ta9fC7PK8P/yBqaYuwlw/prLpm7l+Gr6cmJBJvwan3
TW7dUFUZP68Qbqh1tL8ygGy/NfHDGB81N05mQl0Osy1K
-----END CERTIFICATE-----