Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/4ab81e-45b8-41a5-aa5e-5646eedd99bf/1/gCKoaXuCl5mvvbefRGecaunQTOo.roa
File:                     gCKoaXuCl5mvvbefRGecaunQTOo.roa (raw, json)
Hash identifier:          GnVXR8kCdu+ZM4QhheeHAqpIoRbUftLHp8Ij2AHeYSs=
Subject key identifier:   80:22:A8:69:7B:82:97:99:AF:BD:B7:9F:44:67:9C:6A:E9:D0:4C:EA
Certificate issuer:       /CN=994b7d30c1c4f6243182d3ecd3d0539f42faacfd
Certificate serial:       018E60CBAEE9BA5E0CDF35DB6A6D0E27FCF2
Authority key identifier: 99:4B:7D:30:C1:C4:F6:24:31:82:D3:EC:D3:D0:53:9F:42:FA:AC:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mUt9MMHE9iQxgtPs09BTn0L6rP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/4ab81e-45b8-41a5-aa5e-5646eedd99bf/1/gCKoaXuCl5mvvbefRGecaunQTOo.roa
Signing time:             Thu 21 Mar 2024 11:35:45 +0000
ROA not before:           Thu 21 Mar 2024 11:35:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51178
IP address blocks:        91.197.192.0/22 maxlen: 24
                          185.132.196.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/4ab81e-45b8-41a5-aa5e-5646eedd99bf/1/mUt9MMHE9iQxgtPs09BTn0L6rP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/4ab81e-45b8-41a5-aa5e-5646eedd99bf/1/mUt9MMHE9iQxgtPs09BTn0L6rP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mUt9MMHE9iQxgtPs09BTn0L6rP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:60:cb:ae:e9:ba:5e:0c:df:35:db:6a:6d:0e:27:fc:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=994b7d30c1c4f6243182d3ecd3d0539f42faacfd
        Validity
            Not Before: Mar 21 11:35:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8022a8697b829799afbdb79f44679c6ae9d04cea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:db:06:97:de:15:00:11:1e:45:49:d2:ff:05:
                    6c:d4:4a:f7:e4:77:5e:39:55:51:54:4f:bf:c2:69:
                    27:a4:e9:92:9f:62:47:52:83:41:9a:8e:5f:f5:29:
                    dd:c5:34:8a:bf:a0:b8:a0:55:ae:a0:68:c3:2b:6f:
                    4f:fa:c1:cb:ab:6b:7b:06:47:a8:d0:85:d3:8a:ef:
                    f3:ef:47:ef:db:0e:17:4a:12:de:d2:57:5a:4d:0f:
                    0d:ec:f0:de:e7:a6:a4:8a:75:8e:51:fc:96:02:a0:
                    f8:2d:7b:2a:ac:34:28:58:c4:cd:ed:e1:f0:c7:74:
                    b1:04:2a:8c:3b:34:bd:b6:f4:53:19:36:b5:54:d9:
                    fe:ae:58:e0:80:1a:b7:4c:ce:01:58:86:b4:6f:2c:
                    13:cf:f6:59:3e:24:08:f9:43:37:fb:72:b6:85:ac:
                    18:5c:c5:89:6f:7b:4b:ce:af:e6:4c:10:bb:b0:3f:
                    cb:31:c8:ec:ac:6c:48:06:d3:2e:55:c9:81:5f:83:
                    2e:51:36:c3:8b:ba:38:bc:cc:6f:11:cc:95:29:a8:
                    44:0a:f5:62:ac:23:78:fd:5b:c3:1f:a1:ce:d2:95:
                    93:ad:9e:6a:7e:17:99:31:59:82:d2:41:97:13:30:
                    28:11:f7:b9:2c:20:ed:09:f9:b2:66:c6:4d:8e:09:
                    0d:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:22:A8:69:7B:82:97:99:AF:BD:B7:9F:44:67:9C:6A:E9:D0:4C:EA
            X509v3 Authority Key Identifier:
                keyid:99:4B:7D:30:C1:C4:F6:24:31:82:D3:EC:D3:D0:53:9F:42:FA:AC:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mUt9MMHE9iQxgtPs09BTn0L6rP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/4ab81e-45b8-41a5-aa5e-5646eedd99bf/1/gCKoaXuCl5mvvbefRGecaunQTOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/4ab81e-45b8-41a5-aa5e-5646eedd99bf/1/mUt9MMHE9iQxgtPs09BTn0L6rP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.192.0/22
                  185.132.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         37:17:75:b4:e9:d1:1d:3e:36:d5:b6:a8:23:fe:39:f3:9c:a7:
         36:1d:b8:c9:5a:ee:20:e0:cc:f9:21:ce:a9:1f:87:b1:3f:81:
         8c:89:6d:ba:60:0a:2c:a9:d0:8a:32:88:e7:d3:6f:c2:0f:52:
         da:d4:ab:42:42:f4:76:aa:13:dc:f5:d8:a9:40:fb:97:4e:bb:
         62:ad:28:76:e9:27:1a:9f:37:be:e6:1b:28:7a:67:a7:17:f0:
         52:24:6e:c8:e8:c8:11:dc:a3:a4:0a:18:90:31:a5:25:0f:46:
         74:4c:9c:e0:d4:7b:6b:f5:06:5e:3d:aa:a0:e2:52:1d:ac:17:
         23:62:ae:cb:58:0e:1c:99:36:29:6d:30:c8:9f:70:cf:4e:3c:
         8c:9d:f8:28:4c:38:e0:47:2b:87:8b:24:d4:bd:12:51:18:b0:
         5a:98:87:38:ac:c8:2d:46:df:67:0b:54:c4:e7:8d:5d:9a:07:
         e4:a7:c9:03:16:24:59:c1:2d:2c:e3:c0:7c:a7:63:dc:1e:68:
         6e:ee:59:3b:c7:4f:e7:e6:73:e9:0b:90:33:b6:2b:b5:3b:98:
         70:d3:cc:e8:50:cf:e4:e8:ea:03:e5:9f:b2:d9:dc:6c:32:c1:
         bc:60:be:11:c2:2b:e6:99:15:9f:9e:67:1c:dd:72:96:22:8a:
         44:83:73:79
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5gy67pul4M3zXbam0OJ/zyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5NGI3ZDMwYzFjNGY2MjQzMTgyZDNlY2QzZDA1MzlmNDJm
YWFjZmQwHhcNMjQwMzIxMTEzNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDIyYTg2OTdiODI5Nzk5YWZiZGI3OWY0NDY3OWM2YWU5ZDA0Y2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNsGl94VABEeRUnS/wVs1Er35Hde
OVVRVE+/wmknpOmSn2JHUoNBmo5f9SndxTSKv6C4oFWuoGjDK29P+sHLq2t7Bkeo
0IXTiu/z70fv2w4XShLe0ldaTQ8N7PDe56akinWOUfyWAqD4LXsqrDQoWMTN7eHw
x3SxBCqMOzS9tvRTGTa1VNn+rljggBq3TM4BWIa0bywTz/ZZPiQI+UM3+3K2hawY
XMWJb3tLzq/mTBC7sD/LMcjsrGxIBtMuVcmBX4MuUTbDi7o4vMxvEcyVKahECvVi
rCN4/VvDH6HO0pWTrZ5qfheZMVmC0kGXEzAoEfe5LCDtCfmyZsZNjgkNmQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIAiqGl7gpeZr723n0RnnGrp0EzqMB8GA1UdIwQY
MBaAFJlLfTDBxPYkMYLT7NPQU59C+qz9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVV0OU1NSEU5aVF4Z3RQczA5QlRuMEw2clAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy80YWI4MWUtNDViOC00MWE1LWFhNWUt
NTY0NmVlZGQ5OWJmLzEvZ0NLb2FYdUNsNW12dmJlZlJHZWNhdW5RVE9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy80YWI4MWUtNDViOC00MWE1LWFhNWUtNTY0NmVlZGQ5OWJm
LzEvbVV0OU1NSEU5aVF4Z3RQczA5QlRuMEw2clAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW8XAAwQB
uYTEMA0GCSqGSIb3DQEBCwUAA4IBAQA3F3W06dEdPjbVtqgj/jnznKc2HbjJWu4g
4Mz5Ic6pH4exP4GMiW26YAosqdCKMojn02/CD1La1KtCQvR2qhPc9dipQPuXTrti
rSh26Scanze+5hsoemenF/BSJG7I6MgR3KOkChiQMaUlD0Z0TJzg1Htr9QZePaqg
4lIdrBcjYq7LWA4cmTYpbTDIn3DPTjyMnfgoTDjgRyuHiyTUvRJRGLBamIc4rMgt
Rt9nC1TE541dmgfkp8kDFiRZwS0s48B8p2PcHmhu7lk7x0/n5nPpC5Aztiu1O5hw
08zoUM/k6OoD5Z+y2dxsMsG8YL4RwivmmRWfnmcc3XKWIopEg3N5
-----END CERTIFICATE-----