Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/0947f2-22ca-47cb-89ad-3e50a5f01998/1/gabteveofeU_XQ1bf06jRA9fsog.roa
File:                     gabteveofeU_XQ1bf06jRA9fsog.roa (raw, json)
Hash identifier:          EZFkoV6FmK0+tHNXLof/Xn/A4Ny+nefMZB4qXLc9MSA=
Subject key identifier:   81:A6:ED:7A:F7:A8:7D:E5:3F:5D:0D:5B:7F:4E:A3:44:0F:5F:B2:88
Certificate issuer:       /CN=7fd18a6a49910cc331dc91114ae59b7185d5f30d
Certificate serial:       018CC3489EC8E2E8D9195D0E19A89F67CE9D
Authority key identifier: 7F:D1:8A:6A:49:91:0C:C3:31:DC:91:11:4A:E5:9B:71:85:D5:F3:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f9GKakmRDMMx3JERSuWbcYXV8w0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/0947f2-22ca-47cb-89ad-3e50a5f01998/1/gabteveofeU_XQ1bf06jRA9fsog.roa
Signing time:             Mon 01 Jan 2024 04:29:25 +0000
ROA not before:           Mon 01 Jan 2024 04:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58043
IP address blocks:        194.76.244.0/24 maxlen: 25

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/0947f2-22ca-47cb-89ad-3e50a5f01998/1/f9GKakmRDMMx3JERSuWbcYXV8w0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/0947f2-22ca-47cb-89ad-3e50a5f01998/1/f9GKakmRDMMx3JERSuWbcYXV8w0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f9GKakmRDMMx3JERSuWbcYXV8w0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:9e:c8:e2:e8:d9:19:5d:0e:19:a8:9f:67:ce:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7fd18a6a49910cc331dc91114ae59b7185d5f30d
        Validity
            Not Before: Jan  1 04:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81a6ed7af7a87de53f5d0d5b7f4ea3440f5fb288
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:bb:90:fa:5f:76:46:35:98:16:1f:29:2e:95:
                    57:36:2d:8f:93:32:bb:45:1c:88:b8:6c:ff:fd:6a:
                    1b:7b:92:52:f1:ad:23:60:df:2c:02:0e:0b:4e:96:
                    b4:01:5c:87:fd:ba:7a:e7:39:85:46:57:a7:1e:61:
                    c3:4f:a6:0a:30:d7:58:d1:d5:57:af:f5:73:44:70:
                    3e:35:70:04:72:10:4d:56:84:0c:80:90:f3:46:97:
                    34:08:8e:66:79:02:65:f9:80:aa:76:91:85:2f:e3:
                    af:b0:9a:3b:b5:41:79:cf:59:7f:8b:d7:23:98:33:
                    0a:22:c7:28:a6:fe:51:e3:1e:57:d3:f6:12:b4:06:
                    cf:5a:43:3e:c9:09:ad:3c:2c:f9:50:b7:57:21:a3:
                    ad:91:c9:c1:45:42:ff:e6:6c:e2:08:9d:26:19:43:
                    a4:43:32:78:bd:f0:78:1a:4d:c8:bb:1f:4c:f2:e6:
                    e8:46:a1:53:74:96:96:2a:0b:90:55:7d:f8:6c:35:
                    30:a8:7e:9d:bc:5f:0e:60:12:e9:ee:ee:14:93:23:
                    de:43:3d:2c:e0:98:8f:88:8e:56:4a:16:74:2d:1c:
                    04:9e:91:61:ee:50:33:ae:5e:52:88:54:38:8b:1a:
                    79:45:be:fd:06:f1:88:0d:b9:0b:07:a6:f4:42:f9:
                    09:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:A6:ED:7A:F7:A8:7D:E5:3F:5D:0D:5B:7F:4E:A3:44:0F:5F:B2:88
            X509v3 Authority Key Identifier:
                keyid:7F:D1:8A:6A:49:91:0C:C3:31:DC:91:11:4A:E5:9B:71:85:D5:F3:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9GKakmRDMMx3JERSuWbcYXV8w0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/0947f2-22ca-47cb-89ad-3e50a5f01998/1/gabteveofeU_XQ1bf06jRA9fsog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/0947f2-22ca-47cb-89ad-3e50a5f01998/1/f9GKakmRDMMx3JERSuWbcYXV8w0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:33:de:4d:1a:58:ba:d8:68:42:d3:e5:d5:c9:37:98:65:94:
         41:e1:a0:cb:20:2f:bc:47:91:68:16:2e:b3:59:10:40:69:f0:
         78:19:93:67:93:3d:e2:06:32:e3:f8:47:c8:7f:62:aa:1f:37:
         21:2a:d1:f7:4a:c8:7a:78:0f:0c:9e:c2:d8:cd:5e:72:e2:d9:
         e5:29:b0:b2:ff:f3:40:db:b2:89:dd:2c:74:a9:89:41:69:1c:
         f4:07:03:49:6d:8e:36:b8:56:25:b9:46:81:df:f7:61:e9:29:
         8e:da:c7:72:9b:5a:c5:83:aa:d3:c9:87:3f:b6:b5:4e:7f:51:
         d7:8a:a3:8f:00:51:e0:f6:42:72:b7:19:91:14:0c:0a:06:89:
         2e:77:c9:3d:55:29:90:c4:11:6b:c3:94:5c:e8:b7:35:b7:1c:
         de:4c:2c:d6:4a:d6:d6:46:2f:ed:28:a6:04:bd:c4:a2:4a:10:
         bd:8e:4d:0a:02:ba:f4:c4:4d:19:12:46:2b:fc:5e:08:3f:e7:
         46:fe:90:aa:40:55:7b:e9:7f:02:7a:bb:44:37:72:06:f0:b9:
         3c:8b:a0:7e:15:89:eb:f4:26:9f:e5:6c:a2:cb:e4:1f:58:eb:
         1e:21:a0:52:ba:ff:a8:fe:f8:e1:2f:7e:ad:b8:20:6e:af:2e:
         cf:9a:89:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSJ7I4ujZGV0OGaifZ86dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmZDE4YTZhNDk5MTBjYzMzMWRjOTExMTRhZTU5YjcxODVk
NWYzMGQwHhcNMjQwMTAxMDQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWE2ZWQ3YWY3YTg3ZGU1M2Y1ZDBkNWI3ZjRlYTM0NDBmNWZiMjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjLuQ+l92RjWYFh8pLpVXNi2PkzK7
RRyIuGz//Wobe5JS8a0jYN8sAg4LTpa0AVyH/bp65zmFRlenHmHDT6YKMNdY0dVX
r/VzRHA+NXAEchBNVoQMgJDzRpc0CI5meQJl+YCqdpGFL+OvsJo7tUF5z1l/i9cj
mDMKIscopv5R4x5X0/YStAbPWkM+yQmtPCz5ULdXIaOtkcnBRUL/5mziCJ0mGUOk
QzJ4vfB4Gk3Iux9M8uboRqFTdJaWKguQVX34bDUwqH6dvF8OYBLp7u4UkyPeQz0s
4JiPiI5WShZ0LRwEnpFh7lAzrl5SiFQ4ixp5Rb79BvGIDbkLB6b0QvkJOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIGm7Xr3qH3lP10NW39Oo0QPX7KIMB8GA1UdIwQY
MBaAFH/RimpJkQzDMdyREUrlm3GF1fMNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjlHS2FrbVJETU14M0pFUlN1V2JjWVhWOHcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8wOTQ3ZjItMjJjYS00N2NiLTg5YWQt
M2U1MGE1ZjAxOTk4LzEvZ2FidGV2ZW9mZVVfWFExYmYwNmpSQTlmc29nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8wOTQ3ZjItMjJjYS00N2NiLTg5YWQtM2U1MGE1ZjAxOTk4
LzEvZjlHS2FrbVJETU14M0pFUlN1V2JjWVhWOHcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkz0MA0G
CSqGSIb3DQEBCwUAA4IBAQCmM95NGli62GhC0+XVyTeYZZRB4aDLIC+8R5FoFi6z
WRBAafB4GZNnkz3iBjLj+EfIf2KqHzchKtH3Ssh6eA8MnsLYzV5y4tnlKbCy//NA
27KJ3Sx0qYlBaRz0BwNJbY42uFYluUaB3/dh6SmO2sdym1rFg6rTyYc/trVOf1HX
iqOPAFHg9kJytxmRFAwKBokud8k9VSmQxBFrw5Rc6Lc1txzeTCzWStbWRi/tKKYE
vcSiShC9jk0KArr0xE0ZEkYr/F4IP+dG/pCqQFV76X8CertEN3IG8Lk8i6B+FYnr
9Caf5Wyiy+QfWOseIaBSuv+o/vjhL36tuCBury7Pmon1
-----END CERTIFICATE-----