Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/G_xknW3R6j_BAMsYnC0TJpAxwbE.roa
File:                     G_xknW3R6j_BAMsYnC0TJpAxwbE.roa (raw, json)
Hash identifier:          m6mIvsd0lX/mklK4k4hJHXPAeQyAsXunRHs9gj7a5aU=
Subject key identifier:   1B:FC:64:9D:6D:D1:EA:3F:C1:00:CB:18:9C:2D:13:26:90:31:C1:B1
Certificate issuer:       /CN=674a61a8a9c97c03cdebe05f82558e51dbf90821
Certificate serial:       018CC2DAB9BC720F2882BF1AA7F36DA3B8CA
Authority key identifier: 67:4A:61:A8:A9:C9:7C:03:CD:EB:E0:5F:82:55:8E:51:DB:F9:08:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0phqKnJfAPN6-BfglWOUdv5CCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/G_xknW3R6j_BAMsYnC0TJpAxwbE.roa
Signing time:             Mon 01 Jan 2024 02:29:23 +0000
ROA not before:           Mon 01 Jan 2024 02:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43545
IP address blocks:        85.202.196.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/Z0phqKnJfAPN6-BfglWOUdv5CCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/Z0phqKnJfAPN6-BfglWOUdv5CCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0phqKnJfAPN6-BfglWOUdv5CCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b9:bc:72:0f:28:82:bf:1a:a7:f3:6d:a3:b8:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=674a61a8a9c97c03cdebe05f82558e51dbf90821
        Validity
            Not Before: Jan  1 02:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1bfc649d6dd1ea3fc100cb189c2d13269031c1b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:58:c2:5c:7e:52:3d:7e:b5:b1:ea:33:02:53:
                    58:1d:a3:45:bb:b0:45:9c:57:bb:bb:33:5b:2a:61:
                    6e:62:a3:03:9d:33:85:f7:b9:71:05:48:3b:10:22:
                    34:8c:29:b9:ff:8f:b8:0a:73:a3:3a:cf:73:e1:65:
                    c6:57:63:5e:31:90:6b:32:be:0a:ed:29:92:9f:63:
                    20:f1:32:01:7a:32:66:a9:40:44:5d:62:90:98:84:
                    79:7f:1c:ae:59:93:a8:c8:fc:ca:e1:25:bc:e0:96:
                    f7:98:f1:c8:01:00:6f:9e:22:8b:2d:b5:f1:96:a7:
                    93:17:89:cd:89:8a:f2:bc:1a:c1:3e:99:9c:9a:c8:
                    6a:95:f4:ff:45:cd:94:0b:c7:f7:a9:ae:1e:37:a1:
                    56:eb:b1:fe:6c:ae:a8:90:d8:ff:01:b9:0b:ad:87:
                    1f:52:bb:d6:8b:bd:48:ed:36:57:3c:3b:87:0c:45:
                    c1:7d:36:86:06:60:d4:30:eb:07:1c:c6:f6:e5:f4:
                    67:59:d6:2b:aa:7a:8f:67:23:e1:e0:69:fa:23:d8:
                    ed:bb:2b:f3:97:2c:a1:70:17:3d:15:a6:17:ef:5c:
                    07:5c:ac:e9:31:e2:98:9b:33:80:d2:a8:a7:a6:65:
                    53:fa:ed:68:32:7c:95:27:c5:25:74:ed:e6:8b:cc:
                    66:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:FC:64:9D:6D:D1:EA:3F:C1:00:CB:18:9C:2D:13:26:90:31:C1:B1
            X509v3 Authority Key Identifier:
                keyid:67:4A:61:A8:A9:C9:7C:03:CD:EB:E0:5F:82:55:8E:51:DB:F9:08:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0phqKnJfAPN6-BfglWOUdv5CCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/G_xknW3R6j_BAMsYnC0TJpAxwbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/72488a-035d-4931-8dfb-4c86cbe03610/1/Z0phqKnJfAPN6-BfglWOUdv5CCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         68:88:0c:aa:46:52:44:b5:13:2c:5a:ac:88:01:7b:16:c9:99:
         7a:f8:a1:8d:d0:0e:eb:e1:9d:13:a9:18:f0:80:0d:e5:47:07:
         bf:34:e7:e7:e1:f2:11:94:25:57:50:2f:03:f2:20:34:ff:c4:
         be:73:65:45:65:cb:3c:5f:21:5f:d0:3e:e7:bb:b7:07:05:a0:
         d1:02:2a:e1:70:e2:32:b8:6f:8b:70:7a:fd:fd:99:ca:0a:a4:
         df:44:6f:13:30:92:ff:42:d5:ff:5f:44:bf:10:d5:86:53:23:
         9e:b3:fe:50:f1:1b:95:41:d7:d2:65:df:a7:a1:c9:a0:e9:4a:
         63:11:99:c1:88:06:98:1a:0c:cf:af:44:62:72:de:8f:d2:7b:
         2e:43:c1:d9:4d:20:81:dc:5e:0c:8d:09:dc:e2:c0:a9:76:c9:
         04:c5:9c:d1:de:08:e5:ef:fd:7c:40:b5:ac:0e:12:81:1d:f5:
         8a:a7:fa:a1:1e:73:ef:ff:52:38:d5:69:e6:af:42:d2:9d:f5:
         da:fe:9b:f3:15:33:14:7c:62:9d:22:ce:29:ad:9c:52:d5:e8:
         9d:70:db:37:32:be:b7:6e:9e:05:53:10:d3:89:5e:34:fc:bd:
         f6:b2:2d:1e:ee:39:eb:80:a1:87:42:b6:8d:58:c5:25:1c:e1:
         9b:49:ab:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2rm8cg8ogr8ap/Nto7jKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NGE2MWE4YTljOTdjMDNjZGViZTA1ZjgyNTU4ZTUxZGJm
OTA4MjEwHhcNMjQwMTAxMDIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmZjNjQ5ZDZkZDFlYTNmYzEwMGNiMTg5YzJkMTMyNjkwMzFjMWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1jCXH5SPX61seozAlNYHaNFu7BF
nFe7uzNbKmFuYqMDnTOF97lxBUg7ECI0jCm5/4+4CnOjOs9z4WXGV2NeMZBrMr4K
7SmSn2Mg8TIBejJmqUBEXWKQmIR5fxyuWZOoyPzK4SW84Jb3mPHIAQBvniKLLbXx
lqeTF4nNiYryvBrBPpmcmshqlfT/Rc2UC8f3qa4eN6FW67H+bK6okNj/AbkLrYcf
UrvWi71I7TZXPDuHDEXBfTaGBmDUMOsHHMb25fRnWdYrqnqPZyPh4Gn6I9jtuyvz
lyyhcBc9FaYX71wHXKzpMeKYmzOA0qinpmVT+u1oMnyVJ8UldO3mi8xm7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBv8ZJ1t0eo/wQDLGJwtEyaQMcGxMB8GA1UdIwQY
MBaAFGdKYaipyXwDzevgX4JVjlHb+QghMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBwaHFLbkpmQVBONi1CZmdsV09VZHY1Q0NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi83MjQ4OGEtMDM1ZC00OTMxLThkZmIt
NGM4NmNiZTAzNjEwLzEvR194a25XM1I2al9CQU1zWW5DMFRKcEF4d2JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi83MjQ4OGEtMDM1ZC00OTMxLThkZmItNGM4NmNiZTAzNjEw
LzEvWjBwaHFLbkpmQVBONi1CZmdsV09VZHY1Q0NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVcrEMA0G
CSqGSIb3DQEBCwUAA4IBAQBoiAyqRlJEtRMsWqyIAXsWyZl6+KGN0A7r4Z0TqRjw
gA3lRwe/NOfn4fIRlCVXUC8D8iA0/8S+c2VFZcs8XyFf0D7nu7cHBaDRAirhcOIy
uG+LcHr9/ZnKCqTfRG8TMJL/QtX/X0S/ENWGUyOes/5Q8RuVQdfSZd+nocmg6Upj
EZnBiAaYGgzPr0Rict6P0nsuQ8HZTSCB3F4MjQnc4sCpdskExZzR3gjl7/18QLWs
DhKBHfWKp/qhHnPv/1I41Wnmr0LSnfXa/pvzFTMUfGKdIs4prZxS1eidcNs3Mr63
bp4FUxDTiV40/L32si0e7jnrgKGHQraNWMUlHOGbSauT
-----END CERTIFICATE-----