Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/GIeGJZmaZ0myTCir9-TEL6zTBlI.roa
File:                     GIeGJZmaZ0myTCir9-TEL6zTBlI.roa (raw, json)
Hash identifier:          zh57VgEvDDVp1MqAKJ5bFeNaHzPUepNawr1Wusk6ZoI=
Subject key identifier:   18:87:86:25:99:9A:67:49:B2:4C:28:AB:F7:E4:C4:2F:AC:D3:06:52
Certificate issuer:       /CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
Certificate serial:       018CC86F8D8DA8E93FD3162B4BF18600B572
Authority key identifier: E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/GIeGJZmaZ0myTCir9-TEL6zTBlI.roa
Signing time:             Tue 02 Jan 2024 04:30:03 +0000
ROA not before:           Tue 02 Jan 2024 04:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25107
IP address blocks:        80.233.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:8d:8d:a8:e9:3f:d3:16:2b:4b:f1:86:00:b5:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
        Validity
            Not Before: Jan  2 04:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18878625999a6749b24c28abf7e4c42facd30652
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:3e:23:7b:29:10:4b:32:ba:23:30:b8:1d:6f:
                    fb:0e:59:71:db:82:05:aa:b9:ee:27:51:f9:ea:3d:
                    9a:18:dc:f2:41:31:73:b1:4f:2a:51:10:cb:db:f4:
                    29:06:45:4d:7e:2e:69:6c:da:01:21:3e:44:0b:06:
                    d2:58:40:a8:97:7b:52:6f:25:6b:1f:79:0c:5a:6d:
                    2c:bd:20:81:c3:36:8e:7a:99:36:2f:06:d9:b1:e3:
                    15:9f:76:00:e3:6b:f4:9d:20:03:5b:ea:a3:63:1b:
                    cf:64:e7:22:9e:67:ea:7f:ed:f6:e9:45:10:58:53:
                    34:8d:62:6c:28:41:92:e0:a0:20:a8:33:d3:7e:d8:
                    89:70:15:4b:5e:db:f8:69:48:47:cb:c3:7e:f7:4e:
                    66:e1:44:85:01:39:a9:dc:19:5a:4f:a1:cd:b7:92:
                    46:c5:9e:30:7a:77:76:2c:35:c3:87:fc:8f:ea:51:
                    4e:f6:60:f0:34:b6:87:58:b8:01:51:b6:a4:2d:98:
                    5b:df:ff:5d:cc:a7:0c:4d:78:fe:2f:52:49:c6:76:
                    3a:98:73:1c:03:3b:a3:f9:09:8a:5d:1f:1e:54:2b:
                    93:b4:fc:ed:55:65:57:35:b5:c9:2b:0a:a5:f4:99:
                    2e:f7:f4:8b:91:f1:8e:88:a3:02:3c:16:20:70:5b:
                    07:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:87:86:25:99:9A:67:49:B2:4C:28:AB:F7:E4:C4:2F:AC:D3:06:52
            X509v3 Authority Key Identifier:
                keyid:E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/GIeGJZmaZ0myTCir9-TEL6zTBlI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.233.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:47:94:06:b9:83:22:2c:23:0d:3c:13:d1:09:96:b0:6b:35:
         a1:08:76:b1:e8:3c:6d:c6:01:ed:a8:80:90:05:37:29:a2:0b:
         59:d9:e3:79:60:e3:76:d2:8d:c9:34:dd:37:da:b2:f6:58:6d:
         6a:1f:68:8a:b6:6c:91:45:f5:fe:7e:3c:f7:1d:5d:c0:5b:dd:
         20:f6:ce:f0:4b:61:73:30:23:9f:a8:26:e1:db:98:04:90:57:
         0e:dc:1b:f7:e6:9d:b2:f4:30:27:f5:41:6f:9b:bb:24:1d:32:
         9c:ad:00:f2:4a:33:55:c7:8c:bc:71:8b:16:37:e3:ef:e2:fc:
         c5:48:d4:1e:df:eb:77:e4:4b:2a:67:58:a4:9d:72:3f:23:d2:
         d3:fe:90:ac:c4:7f:9d:92:e1:49:c6:2d:b8:9d:bb:26:2b:1a:
         46:a2:cc:40:ab:27:ed:a1:0f:2a:dd:d8:0a:b7:41:9f:4f:74:
         0f:f0:82:e5:75:89:b5:68:3b:5d:7f:d3:15:cd:a8:3c:f6:0d:
         b7:a3:6e:17:f8:85:ad:cf:22:15:32:74:c6:90:b6:e3:02:46:
         89:55:e0:c8:bb:06:a3:c1:0c:fa:27:a6:78:d0:10:bc:56:95:
         31:d7:75:db:5c:a4:c4:bf:6d:59:0b:af:0b:e2:13:1b:15:b3:
         a9:60:2d:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb42NqOk/0xYrS/GGALVyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzYmUwN2NiMWZkNGYxZTNjOTIyMzAzYjY3MGE4ODFiODJl
NjE0OTEwHhcNMjQwMTAyMDQzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODg3ODYyNTk5OWE2NzQ5YjI0YzI4YWJmN2U0YzQyZmFjZDMwNjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnT4jeykQSzK6IzC4HW/7Dllx24IF
qrnuJ1H56j2aGNzyQTFzsU8qURDL2/QpBkVNfi5pbNoBIT5ECwbSWECol3tSbyVr
H3kMWm0svSCBwzaOepk2LwbZseMVn3YA42v0nSADW+qjYxvPZOcinmfqf+326UUQ
WFM0jWJsKEGS4KAgqDPTftiJcBVLXtv4aUhHy8N+905m4USFATmp3BlaT6HNt5JG
xZ4wend2LDXDh/yP6lFO9mDwNLaHWLgBUbakLZhb3/9dzKcMTXj+L1JJxnY6mHMc
Azuj+QmKXR8eVCuTtPztVWVXNbXJKwql9Jku9/SLkfGOiKMCPBYgcFsH9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBiHhiWZmmdJskwoq/fkxC+s0wZSMB8GA1UdIwQY
MBaAFOO+B8sf1PHjySIwO2cKiBuC5hSRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMt
ZDRlZTFkMzg5ZTBkLzEvR0llR0pabWFaMG15VENpcjktVEVMNnpUQmxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMtZDRlZTFkMzg5ZTBk
LzEvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUOmKMA0G
CSqGSIb3DQEBCwUAA4IBAQCNR5QGuYMiLCMNPBPRCZawazWhCHax6DxtxgHtqICQ
BTcpogtZ2eN5YON20o3JNN032rL2WG1qH2iKtmyRRfX+fjz3HV3AW90g9s7wS2Fz
MCOfqCbh25gEkFcO3Bv35p2y9DAn9UFvm7skHTKcrQDySjNVx4y8cYsWN+Pv4vzF
SNQe3+t35EsqZ1iknXI/I9LT/pCsxH+dkuFJxi24nbsmKxpGosxAqyftoQ8q3dgK
t0GfT3QP8ILldYm1aDtdf9MVzag89g23o24X+IWtzyIVMnTGkLbjAkaJVeDIuwaj
wQz6J6Z40BC8VpUx13XbXKTEv21ZC68L4hMbFbOpYC1p
-----END CERTIFICATE-----