Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/GVGPzMuw1Nq0Egl8Rqtdq7uHw9g.roa
File:                     GVGPzMuw1Nq0Egl8Rqtdq7uHw9g.roa (raw, json)
Hash identifier:          umk9RWOA5dzSRn1Jq9Wn/53by/xLWtFNe4c4gFbssOE=
Subject key identifier:   19:51:8F:CC:CB:B0:D4:DA:B4:12:09:7C:46:AB:5D:AB:BB:87:C3:D8
Certificate issuer:       /CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
Certificate serial:       01900D9C0729E03A8FAEF0C7E76222566C97
Authority key identifier: 0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/GVGPzMuw1Nq0Egl8Rqtdq7uHw9g.roa
Signing time:             Wed 12 Jun 2024 18:00:47 +0000
ROA not before:           Wed 12 Jun 2024 18:00:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215269
IP address blocks:        194.124.218.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:0d:9c:07:29:e0:3a:8f:ae:f0:c7:e7:62:22:56:6c:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
        Validity
            Not Before: Jun 12 18:00:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19518fcccbb0d4dab412097c46ab5dabbb87c3d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:38:5e:e4:7e:2c:84:d4:0c:c6:ce:eb:dd:02:
                    af:95:04:22:26:bf:eb:2d:15:94:58:5e:60:80:90:
                    5b:6b:49:94:10:f0:d1:00:13:ff:63:b4:3f:a6:1d:
                    9c:fe:ff:76:a9:00:88:84:3d:b0:af:ab:ee:c4:e4:
                    bd:09:38:7a:52:81:9e:0c:04:36:91:e5:86:7c:3f:
                    ab:7f:7a:40:be:80:c7:a8:21:72:6e:c1:1d:33:c1:
                    3f:1b:f1:33:7b:d6:eb:45:ad:c0:5d:3f:d0:2b:10:
                    0c:e2:f9:8e:cf:61:1c:a0:65:42:cb:93:78:94:43:
                    91:eb:47:42:e0:12:31:67:8e:34:b8:f1:2c:5b:d5:
                    0e:f5:96:02:d2:0b:e3:2e:d5:55:30:31:cb:ca:3d:
                    71:1b:10:bb:4e:22:b6:7e:73:ee:30:67:cd:89:5d:
                    33:1e:02:9a:ca:6e:d1:24:c2:36:f6:b2:5c:73:e8:
                    d9:23:1a:db:ad:33:08:ae:0b:27:9b:0e:06:06:e2:
                    00:32:76:67:14:a9:16:31:c3:19:27:e4:22:7f:4c:
                    3d:7c:6a:63:9c:e9:de:54:d3:1b:c5:a7:12:a9:f9:
                    2b:2d:ec:c3:ae:7b:d8:40:ab:a0:62:d3:22:89:97:
                    04:5b:e6:72:85:d7:b4:e1:fb:cd:c1:2e:5f:bc:fd:
                    e7:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:51:8F:CC:CB:B0:D4:DA:B4:12:09:7C:46:AB:5D:AB:BB:87:C3:D8
            X509v3 Authority Key Identifier:
                keyid:0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/GVGPzMuw1Nq0Egl8Rqtdq7uHw9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.124.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:46:36:64:08:78:7f:1b:5d:19:e2:26:6f:2a:76:be:de:9f:
         9b:02:df:86:07:14:6f:6f:b1:07:7e:9f:09:88:a6:bf:b0:e8:
         a0:c5:04:50:ea:ab:bb:ef:5f:75:86:6d:dd:c8:0e:69:73:1a:
         14:1b:a5:0a:4b:ad:0d:8b:8d:49:08:80:f7:b0:3b:01:23:f7:
         82:e6:0f:3f:23:17:bc:22:30:b1:95:78:53:30:52:3c:30:dc:
         97:a8:85:18:30:1f:5c:1f:76:93:91:83:14:f6:91:0c:6b:52:
         0b:55:45:c2:d1:28:be:21:b6:96:58:e5:f8:1e:c9:ea:18:3e:
         58:3a:5c:a5:95:43:ea:38:ca:07:5f:0d:da:00:31:69:d6:84:
         8a:bc:62:05:8d:8b:34:45:74:ea:f4:94:e8:f0:e6:8b:02:ea:
         e1:85:dc:83:cf:ff:1b:25:42:3c:50:a9:76:31:68:47:c3:52:
         8d:a0:62:7a:20:d5:d9:cb:59:b5:27:8d:69:a4:df:91:51:80:
         a1:90:c5:5a:5b:00:97:ef:00:34:e7:55:1e:ca:35:e0:54:4d:
         04:78:a1:90:4b:61:d8:0d:fb:84:f8:01:4f:42:90:01:d3:11:
         94:32:8a:63:ea:1f:cc:4f:8f:a5:94:1e:ce:a7:3d:ba:05:f7:
         a5:cd:1f:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZANnAcp4DqPrvDH52IiVmyXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYjY3YzVjN2ZhN2ZlMjQ5MmVlYzM3Y2Y0Mjc2NDJiNzFk
NDI1YjAwHhcNMjQwNjEyMTgwMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTUxOGZjY2NiYjBkNGRhYjQxMjA5N2M0NmFiNWRhYmJiODdjM2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszhe5H4shNQMxs7r3QKvlQQiJr/r
LRWUWF5ggJBba0mUEPDRABP/Y7Q/ph2c/v92qQCIhD2wr6vuxOS9CTh6UoGeDAQ2
keWGfD+rf3pAvoDHqCFybsEdM8E/G/Eze9brRa3AXT/QKxAM4vmOz2EcoGVCy5N4
lEOR60dC4BIxZ440uPEsW9UO9ZYC0gvjLtVVMDHLyj1xGxC7TiK2fnPuMGfNiV0z
HgKaym7RJMI29rJcc+jZIxrbrTMIrgsnmw4GBuIAMnZnFKkWMcMZJ+Qif0w9fGpj
nOneVNMbxacSqfkrLezDrnvYQKugYtMiiZcEW+Zyhde04fvNwS5fvP3n2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBlRj8zLsNTatBIJfEarXau7h8PYMB8GA1UdIwQY
MBaAFA22fFx/p/4kku7DfPQnZCtx1CWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjkt
YjAzZGY5OTZlNDgxLzEvR1ZHUHpNdXcxTnEwRWdsOFJxdGRxN3VIdzlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjktYjAzZGY5OTZlNDgx
LzEvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnzaMA0G
CSqGSIb3DQEBCwUAA4IBAQBARjZkCHh/G10Z4iZvKna+3p+bAt+GBxRvb7EHfp8J
iKa/sOigxQRQ6qu77191hm3dyA5pcxoUG6UKS60Ni41JCID3sDsBI/eC5g8/Ixe8
IjCxlXhTMFI8MNyXqIUYMB9cH3aTkYMU9pEMa1ILVUXC0Si+IbaWWOX4HsnqGD5Y
OlyllUPqOMoHXw3aADFp1oSKvGIFjYs0RXTq9JTo8OaLAurhhdyDz/8bJUI8UKl2
MWhHw1KNoGJ6INXZy1m1J41ppN+RUYChkMVaWwCX7wA051UeyjXgVE0EeKGQS2HY
DfuE+AFPQpAB0xGUMopj6h/MT4+llB7Opz26BfelzR/Y
-----END CERTIFICATE-----