Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/a214a5-4449-44af-87ff-c967c9db5752/1/GK3Qbi4malnEDv8LTY235zmcNok.roa
File:                     GK3Qbi4malnEDv8LTY235zmcNok.roa (raw, json)
Hash identifier:          Qogbf4I5EuhYy8OORnWNgrOXlfkltB9jj0m4hbKHixY=
Subject key identifier:   18:AD:D0:6E:2E:26:6A:59:C4:0E:FF:0B:4D:8D:B7:E7:39:9C:36:89
Certificate issuer:       /CN=7bf39e6eb3131ecf3cddcd0c9e378c352da41fc2
Certificate serial:       018CC79510767A558475F436E0A6E77B4D74
Authority key identifier: 7B:F3:9E:6E:B3:13:1E:CF:3C:DD:CD:0C:9E:37:8C:35:2D:A4:1F:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e_OebrMTHs883c0MnjeMNS2kH8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/a214a5-4449-44af-87ff-c967c9db5752/1/GK3Qbi4malnEDv8LTY235zmcNok.roa
Signing time:             Tue 02 Jan 2024 00:31:24 +0000
ROA not before:           Tue 02 Jan 2024 00:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206713
IP address blocks:        185.194.166.0/24 maxlen: 24
                          185.194.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/a214a5-4449-44af-87ff-c967c9db5752/1/e_OebrMTHs883c0MnjeMNS2kH8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/a214a5-4449-44af-87ff-c967c9db5752/1/e_OebrMTHs883c0MnjeMNS2kH8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e_OebrMTHs883c0MnjeMNS2kH8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 19:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:10:76:7a:55:84:75:f4:36:e0:a6:e7:7b:4d:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bf39e6eb3131ecf3cddcd0c9e378c352da41fc2
        Validity
            Not Before: Jan  2 00:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18add06e2e266a59c40eff0b4d8db7e7399c3689
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:dc:1b:be:3b:94:66:79:6b:52:d9:b6:98:de:
                    cf:86:24:47:8a:e1:de:8f:47:c0:60:34:ad:3e:06:
                    49:f7:1c:51:75:53:4f:ce:33:a9:ae:d3:5f:63:a3:
                    a9:f9:e7:88:f3:a2:c7:13:a1:4f:c2:8b:ba:fc:f1:
                    91:df:b0:d4:ba:1c:52:38:1e:2a:e3:9f:ec:6b:0d:
                    90:f1:5e:47:7b:e2:f7:f4:f9:8f:d7:ed:ae:7d:7e:
                    ab:b7:fc:ed:0d:36:5d:d2:f5:d4:39:c1:75:ee:25:
                    c1:dd:47:59:f0:45:ab:2d:03:32:3e:ed:2c:5e:39:
                    1e:c3:5d:71:50:1d:f1:f2:82:58:2e:fb:d0:3a:12:
                    17:f5:7a:53:1c:4c:58:42:54:4e:39:a1:d0:82:72:
                    70:58:67:a7:19:5e:cc:8a:87:5a:63:76:46:22:92:
                    6f:f1:cd:a2:eb:a6:2b:ac:7b:24:2e:19:26:0f:56:
                    02:33:bb:f7:b8:5f:bc:3b:54:57:88:29:00:bd:bd:
                    b1:93:73:da:5c:cf:b0:02:a0:dc:70:72:c5:74:64:
                    a0:c8:1c:51:57:a1:d4:ab:79:35:40:69:df:d0:90:
                    e8:56:b8:a2:3b:44:b9:e4:27:d2:8f:89:9c:78:63:
                    5a:43:f4:57:20:bc:0e:42:04:be:93:04:86:dc:65:
                    4f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:AD:D0:6E:2E:26:6A:59:C4:0E:FF:0B:4D:8D:B7:E7:39:9C:36:89
            X509v3 Authority Key Identifier:
                keyid:7B:F3:9E:6E:B3:13:1E:CF:3C:DD:CD:0C:9E:37:8C:35:2D:A4:1F:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e_OebrMTHs883c0MnjeMNS2kH8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/a214a5-4449-44af-87ff-c967c9db5752/1/GK3Qbi4malnEDv8LTY235zmcNok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/a214a5-4449-44af-87ff-c967c9db5752/1/e_OebrMTHs883c0MnjeMNS2kH8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.166.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4a:f6:b6:86:c4:90:7f:b1:c0:20:37:00:d0:3e:5f:9e:fc:81:
         b2:a0:15:2c:f8:77:38:b0:70:4c:88:93:e6:0f:a0:ab:67:de:
         51:df:57:6b:53:fe:b9:62:f8:bc:05:b0:2b:9c:a8:80:8e:2d:
         67:c3:56:62:fd:af:d9:94:2f:ff:d1:5a:bf:6b:bd:3e:0e:6d:
         6e:ee:ad:ec:ab:27:cc:f6:76:ee:23:d5:4a:5b:28:5e:d7:95:
         5a:45:40:14:3c:ca:19:62:c4:4a:7c:b5:05:ba:84:93:e3:01:
         7e:c3:ce:30:ff:8b:fa:df:c3:12:f0:81:d6:01:48:c9:0f:64:
         1c:c4:ae:f4:84:00:1c:0c:d2:bc:fa:a8:39:f1:2f:a0:b0:2b:
         1c:44:bf:f4:68:3b:1b:c1:ae:91:57:61:f7:02:d1:29:fb:af:
         d7:8e:8e:bd:31:9b:49:cc:5d:f3:25:bc:49:fb:50:1a:2b:75:
         7e:ba:0e:49:c8:dd:a8:eb:d5:35:1c:74:50:1f:56:47:88:2f:
         e2:c4:05:f6:3c:46:ed:dc:a5:3d:2f:ae:0b:1c:b6:7e:f8:1a:
         be:ac:3f:b5:af:a6:ac:91:f0:0c:89:15:eb:8d:ca:09:5b:82:
         c4:99:04:78:0c:ba:cc:24:0e:a4:45:3a:53:1a:9a:8a:de:a0:
         9e:1a:fc:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlRB2elWEdfQ24Kbne010MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiZjM5ZTZlYjMxMzFlY2YzY2RkY2QwYzllMzc4YzM1MmRh
NDFmYzIwHhcNMjQwMTAyMDAzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGFkZDA2ZTJlMjY2YTU5YzQwZWZmMGI0ZDhkYjdlNzM5OWMzNjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjNwbvjuUZnlrUtm2mN7PhiRHiuHe
j0fAYDStPgZJ9xxRdVNPzjOprtNfY6Op+eeI86LHE6FPwou6/PGR37DUuhxSOB4q
45/saw2Q8V5He+L39PmP1+2ufX6rt/ztDTZd0vXUOcF17iXB3UdZ8EWrLQMyPu0s
Xjkew11xUB3x8oJYLvvQOhIX9XpTHExYQlROOaHQgnJwWGenGV7MiodaY3ZGIpJv
8c2i66YrrHskLhkmD1YCM7v3uF+8O1RXiCkAvb2xk3PaXM+wAqDccHLFdGSgyBxR
V6HUq3k1QGnf0JDoVriiO0S55CfSj4mceGNaQ/RXILwOQgS+kwSG3GVPawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBit0G4uJmpZxA7/C02Nt+c5nDaJMB8GA1UdIwQY
MBaAFHvznm6zEx7PPN3NDJ43jDUtpB/CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZV9PZWJyTVRIczg4M2MwTW5qZU1OUzJrSDhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9hMjE0YTUtNDQ0OS00NGFmLTg3ZmYt
Yzk2N2M5ZGI1NzUyLzEvR0szUWJpNG1hbG5FRHY4TFRZMjM1em1jTm9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9hMjE0YTUtNDQ0OS00NGFmLTg3ZmYtYzk2N2M5ZGI1NzUy
LzEvZV9PZWJyTVRIczg4M2MwTW5qZU1OUzJrSDhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBucKmMA0G
CSqGSIb3DQEBCwUAA4IBAQBK9raGxJB/scAgNwDQPl+e/IGyoBUs+Hc4sHBMiJPm
D6CrZ95R31drU/65Yvi8BbArnKiAji1nw1Zi/a/ZlC//0Vq/a70+Dm1u7q3sqyfM
9nbuI9VKWyhe15VaRUAUPMoZYsRKfLUFuoST4wF+w84w/4v638MS8IHWAUjJD2Qc
xK70hAAcDNK8+qg58S+gsCscRL/0aDsbwa6RV2H3AtEp+6/Xjo69MZtJzF3zJbxJ
+1AaK3V+ug5JyN2o69U1HHRQH1ZHiC/ixAX2PEbt3KU9L64LHLZ++Bq+rD+1r6as
kfAMiRXrjcoJW4LEmQR4DLrMJA6kRTpTGpqK3qCeGvz2
-----END CERTIFICATE-----