Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/ac11ca-7817-4e75-8eff-f7abef3c8a2b/1/GAaTy9U4y8m4PfzsFEnsk9jvWRs.roa
File:                     GAaTy9U4y8m4PfzsFEnsk9jvWRs.roa (raw, json)
Hash identifier:          nmtSXqheBBpEHIdK/DuZiNsuFLz3gT0vD3Fl7rn1+ns=
Subject key identifier:   18:06:93:CB:D5:38:CB:C9:B8:3D:FC:EC:14:49:EC:93:D8:EF:59:1B
Certificate issuer:       /CN=7c7c7d48887e2f0865d701cdc6e0bb7deed5db34
Certificate serial:       018F14A50030A673BFB4A7875DA1877476AA
Authority key identifier: 7C:7C:7D:48:88:7E:2F:08:65:D7:01:CD:C6:E0:BB:7D:EE:D5:DB:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fHx9SIh-Lwhl1wHNxuC7fe7V2zQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/ac11ca-7817-4e75-8eff-f7abef3c8a2b/1/GAaTy9U4y8m4PfzsFEnsk9jvWRs.roa
Signing time:             Thu 25 Apr 2024 09:45:08 +0000
ROA not before:           Thu 25 Apr 2024 09:45:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        194.150.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/ac11ca-7817-4e75-8eff-f7abef3c8a2b/1/fHx9SIh-Lwhl1wHNxuC7fe7V2zQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/ac11ca-7817-4e75-8eff-f7abef3c8a2b/1/fHx9SIh-Lwhl1wHNxuC7fe7V2zQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fHx9SIh-Lwhl1wHNxuC7fe7V2zQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:14:a5:00:30:a6:73:bf:b4:a7:87:5d:a1:87:74:76:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c7c7d48887e2f0865d701cdc6e0bb7deed5db34
        Validity
            Not Before: Apr 25 09:45:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=180693cbd538cbc9b83dfcec1449ec93d8ef591b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d1:37:83:8f:5d:34:10:59:7c:b0:08:b9:f7:
                    7a:ca:df:16:ea:7a:b3:92:eb:35:4b:0e:99:e6:ab:
                    99:b0:0d:1b:43:23:75:9d:49:3e:4d:81:14:1d:9a:
                    15:37:3c:dc:20:de:78:41:59:b3:36:27:14:ff:4e:
                    ba:42:06:15:fa:25:83:18:5e:29:ac:2c:f8:76:4b:
                    f9:4e:cc:d8:23:d4:ad:c2:e6:e3:50:71:c4:ad:df:
                    29:d2:39:71:ad:3c:dc:96:8b:7c:4c:20:fd:8e:35:
                    92:1b:c6:8e:73:3a:64:43:a4:d1:c9:c4:8b:67:4c:
                    32:27:bc:53:bd:37:55:70:b5:43:89:b9:22:aa:ba:
                    66:76:fb:9a:cd:11:7f:ed:23:68:16:45:6d:5e:30:
                    30:24:6b:3d:40:2e:ee:a7:0a:99:e3:55:f3:24:77:
                    3f:24:f9:d5:61:c6:b7:99:d7:69:52:93:51:a2:7a:
                    fd:3b:74:8c:dd:4f:df:99:f4:a3:8f:85:f4:ea:c9:
                    55:d4:a9:7a:52:37:8c:db:a6:c5:80:82:31:8f:1e:
                    c8:61:a7:c5:3a:a3:51:d0:b4:e6:e6:f3:38:71:57:
                    87:eb:03:55:bc:12:9d:45:82:02:75:ce:50:a5:6e:
                    d1:35:b3:57:15:29:e6:48:9f:59:ad:bf:ba:50:dd:
                    02:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:06:93:CB:D5:38:CB:C9:B8:3D:FC:EC:14:49:EC:93:D8:EF:59:1B
            X509v3 Authority Key Identifier:
                keyid:7C:7C:7D:48:88:7E:2F:08:65:D7:01:CD:C6:E0:BB:7D:EE:D5:DB:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fHx9SIh-Lwhl1wHNxuC7fe7V2zQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/ac11ca-7817-4e75-8eff-f7abef3c8a2b/1/GAaTy9U4y8m4PfzsFEnsk9jvWRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/ac11ca-7817-4e75-8eff-f7abef3c8a2b/1/fHx9SIh-Lwhl1wHNxuC7fe7V2zQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.150.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:0a:ae:9a:d7:22:b3:6d:9f:74:fb:e2:11:5f:8a:d5:de:29:
         94:94:db:99:6b:03:6b:9c:de:c7:0e:a3:ba:76:ac:73:c1:dc:
         dd:f6:a0:91:9a:53:1a:f5:ee:5d:57:c7:17:5f:ea:7e:52:27:
         cc:b7:7a:94:65:74:32:68:0b:65:55:2d:85:5f:8d:1c:c2:52:
         69:f8:53:12:c0:1b:8f:ab:0b:4b:cd:42:87:54:ba:f8:b9:3c:
         c4:77:41:9a:a9:de:08:da:39:b0:4d:54:4b:12:ec:51:73:82:
         0c:a2:d3:1f:c8:52:48:9c:dd:eb:84:00:eb:be:c8:54:90:71:
         85:53:df:16:b2:89:e8:69:44:e3:01:bd:c8:81:a8:5f:5f:7c:
         ed:ab:ed:70:2a:c9:73:9e:1c:60:96:cd:9b:3b:8d:85:bd:5f:
         e1:d5:27:63:dd:91:cf:13:f8:38:1e:ac:42:e9:bd:8a:61:e8:
         b8:b7:7c:2c:be:53:b5:08:93:fa:54:5e:d6:1c:ba:c8:9a:5e:
         0a:e3:fc:f8:f6:d1:ca:52:18:40:f8:e2:45:53:12:17:b0:cd:
         2c:10:54:71:26:cd:a5:ee:9c:cd:3f:34:38:0b:3f:d5:f8:4a:
         b8:ef:45:8e:6f:21:7b:01:f5:5a:58:0b:89:c1:4f:47:0d:6c:
         35:60:ba:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8UpQAwpnO/tKeHXaGHdHaqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjN2M3ZDQ4ODg3ZTJmMDg2NWQ3MDFjZGM2ZTBiYjdkZWVk
NWRiMzQwHhcNMjQwNDI1MDk0NTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODA2OTNjYmQ1MzhjYmM5YjgzZGZjZWMxNDQ5ZWM5M2Q4ZWY1OTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtE3g49dNBBZfLAIufd6yt8W6nqz
kus1Sw6Z5quZsA0bQyN1nUk+TYEUHZoVNzzcIN54QVmzNicU/066QgYV+iWDGF4p
rCz4dkv5TszYI9StwubjUHHErd8p0jlxrTzclot8TCD9jjWSG8aOczpkQ6TRycSL
Z0wyJ7xTvTdVcLVDibkiqrpmdvuazRF/7SNoFkVtXjAwJGs9QC7upwqZ41XzJHc/
JPnVYca3mddpUpNRonr9O3SM3U/fmfSjj4X06slV1Kl6UjeM26bFgIIxjx7IYafF
OqNR0LTm5vM4cVeH6wNVvBKdRYICdc5QpW7RNbNXFSnmSJ9Zrb+6UN0ClwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBgGk8vVOMvJuD387BRJ7JPY71kbMB8GA1UdIwQY
MBaAFHx8fUiIfi8IZdcBzcbgu33u1ds0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkh4OVNJaC1Md2hsMXdITnh1QzdmZTdWMnpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9hYzExY2EtNzgxNy00ZTc1LThlZmYt
ZjdhYmVmM2M4YTJiLzEvR0FhVHk5VTR5OG00UGZ6c0ZFbnNrOWp2V1JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9hYzExY2EtNzgxNy00ZTc1LThlZmYtZjdhYmVmM2M4YTJi
LzEvZkh4OVNJaC1Md2hsMXdITnh1QzdmZTdWMnpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpbBMA0G
CSqGSIb3DQEBCwUAA4IBAQAvCq6a1yKzbZ90++IRX4rV3imUlNuZawNrnN7HDqO6
dqxzwdzd9qCRmlMa9e5dV8cXX+p+UifMt3qUZXQyaAtlVS2FX40cwlJp+FMSwBuP
qwtLzUKHVLr4uTzEd0Gaqd4I2jmwTVRLEuxRc4IMotMfyFJInN3rhADrvshUkHGF
U98WsonoaUTjAb3IgahfX3ztq+1wKslznhxgls2bO42FvV/h1Sdj3ZHPE/g4HqxC
6b2KYei4t3wsvlO1CJP6VF7WHLrIml4K4/z49tHKUhhA+OJFUxIXsM0sEFRxJs2l
7pzNPzQ4Cz/V+Eq470WObyF7AfVaWAuJwU9HDWw1YLoZ
-----END CERTIFICATE-----