Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/510a4e-66ef-4dc1-803b-20dddbc1281d/1/GqTr7W9v9PNtShdPWrUKt3QiEX0.roa
File:                     GqTr7W9v9PNtShdPWrUKt3QiEX0.roa (raw, json)
Hash identifier:          FiNWY8iu2wOZdEPE242vX4vMgXT+c/k+0Awa3MDb9Ds=
Subject key identifier:   1A:A4:EB:ED:6F:6F:F4:F3:6D:4A:17:4F:5A:B5:0A:B7:74:22:11:7D
Certificate issuer:       /CN=a588604d25b87b82fd1259dfe294cd8fb9ff49b4
Certificate serial:       018CC3B675EDF533F0EDB37B40145252BE92
Authority key identifier: A5:88:60:4D:25:B8:7B:82:FD:12:59:DF:E2:94:CD:8F:B9:FF:49:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pYhgTSW4e4L9Elnf4pTNj7n_SbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/510a4e-66ef-4dc1-803b-20dddbc1281d/1/GqTr7W9v9PNtShdPWrUKt3QiEX0.roa
Signing time:             Mon 01 Jan 2024 06:29:24 +0000
ROA not before:           Mon 01 Jan 2024 06:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35337
IP address blocks:        194.56.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/510a4e-66ef-4dc1-803b-20dddbc1281d/1/pYhgTSW4e4L9Elnf4pTNj7n_SbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/510a4e-66ef-4dc1-803b-20dddbc1281d/1/pYhgTSW4e4L9Elnf4pTNj7n_SbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pYhgTSW4e4L9Elnf4pTNj7n_SbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:75:ed:f5:33:f0:ed:b3:7b:40:14:52:52:be:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a588604d25b87b82fd1259dfe294cd8fb9ff49b4
        Validity
            Not Before: Jan  1 06:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1aa4ebed6f6ff4f36d4a174f5ab50ab77422117d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:00:e7:0d:37:d8:f1:cb:c9:12:7f:ff:4e:74:
                    2b:ef:9d:75:da:48:ca:1f:f5:b9:d5:ac:56:50:4c:
                    9a:2b:d1:bc:66:89:88:90:dd:c2:3d:3b:70:5f:68:
                    36:78:98:a6:85:ca:a5:b1:fd:03:8d:f2:56:cd:63:
                    4e:c2:5a:9b:c4:56:57:17:50:bf:cc:cd:27:8b:31:
                    0d:f6:c6:bc:be:80:6e:4d:b1:41:c2:52:f3:64:57:
                    f4:6f:e0:af:51:f7:ce:0d:0f:a9:71:4c:d3:e5:52:
                    4e:6d:77:ef:19:a2:5c:63:12:cd:a2:a8:e4:1e:54:
                    ec:ee:43:c3:ea:cd:62:9e:2f:12:e8:10:c5:29:c4:
                    cd:fe:e1:39:db:25:3d:d4:bd:63:c0:2c:e6:d7:f8:
                    47:10:ce:cc:ea:b6:17:10:9f:3f:73:a5:a6:ba:32:
                    91:22:ff:12:00:db:d1:df:5e:ed:5d:53:25:26:e2:
                    1d:0c:a1:a2:ec:ab:cc:d8:5c:bd:80:a3:49:41:6b:
                    6b:55:0e:ab:88:12:e2:7c:75:0b:8d:82:7a:27:02:
                    e5:6e:8a:86:c7:5f:1d:92:96:d2:b0:35:f9:5b:3b:
                    d2:21:a3:60:ff:11:de:a8:49:9f:dd:a8:78:5d:30:
                    8f:27:db:49:13:14:0c:59:fb:bd:b7:bb:aa:b0:e6:
                    d9:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:A4:EB:ED:6F:6F:F4:F3:6D:4A:17:4F:5A:B5:0A:B7:74:22:11:7D
            X509v3 Authority Key Identifier:
                keyid:A5:88:60:4D:25:B8:7B:82:FD:12:59:DF:E2:94:CD:8F:B9:FF:49:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pYhgTSW4e4L9Elnf4pTNj7n_SbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/510a4e-66ef-4dc1-803b-20dddbc1281d/1/GqTr7W9v9PNtShdPWrUKt3QiEX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/510a4e-66ef-4dc1-803b-20dddbc1281d/1/pYhgTSW4e4L9Elnf4pTNj7n_SbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:5d:b3:d9:00:12:f6:47:b5:9d:aa:f1:db:5a:4e:af:04:c1:
         eb:ce:8f:d9:da:94:1d:be:b7:01:36:f0:8e:00:c0:af:ff:5e:
         a2:cf:cc:e5:99:7c:d2:79:3e:19:39:a5:80:ef:42:3d:9b:92:
         34:2c:73:0c:a6:d4:c2:a7:99:08:b1:ce:51:7b:2e:16:5a:46:
         a7:38:86:67:e1:5e:da:dd:57:84:88:65:c0:f7:c5:f5:f7:cd:
         78:73:49:5d:1f:3a:a2:d8:83:f3:60:b0:b0:a5:c1:34:89:c0:
         5a:7d:84:4d:50:56:25:0b:3e:de:92:94:9d:d1:0e:30:69:95:
         53:ec:eb:e6:49:31:9b:7b:01:15:37:79:13:4b:17:97:dc:0a:
         fd:11:5b:da:9e:b3:d4:d8:f7:f6:88:6f:e9:4e:23:38:42:e5:
         e7:93:78:67:0a:77:f2:3c:cc:12:0b:f8:36:91:fd:4b:63:cc:
         19:0f:e1:8b:67:21:8e:97:1c:39:d1:43:28:8d:4f:b3:f2:99:
         18:7e:a1:3c:bd:3c:0d:13:0a:51:be:70:c5:ef:83:84:c5:4a:
         fb:46:17:cb:ef:5c:e4:54:41:98:6e:72:b0:ad:ea:6d:49:18:
         46:ce:33:5b:c1:b8:c3:07:63:fc:e0:59:3a:6a:11:4f:02:82:
         49:2b:36:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtnXt9TPw7bN7QBRSUr6SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1ODg2MDRkMjViODdiODJmZDEyNTlkZmUyOTRjZDhmYjlm
ZjQ5YjQwHhcNMjQwMTAxMDYyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWE0ZWJlZDZmNmZmNGYzNmQ0YTE3NGY1YWI1MGFiNzc0MjIxMTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgDnDTfY8cvJEn//TnQr75112kjK
H/W51axWUEyaK9G8ZomIkN3CPTtwX2g2eJimhcqlsf0DjfJWzWNOwlqbxFZXF1C/
zM0nizEN9sa8voBuTbFBwlLzZFf0b+CvUffODQ+pcUzT5VJObXfvGaJcYxLNoqjk
HlTs7kPD6s1ini8S6BDFKcTN/uE52yU91L1jwCzm1/hHEM7M6rYXEJ8/c6WmujKR
Iv8SANvR317tXVMlJuIdDKGi7KvM2Fy9gKNJQWtrVQ6riBLifHULjYJ6JwLlboqG
x18dkpbSsDX5WzvSIaNg/xHeqEmf3ah4XTCPJ9tJExQMWfu9t7uqsObZxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBqk6+1vb/TzbUoXT1q1Crd0IhF9MB8GA1UdIwQY
MBaAFKWIYE0luHuC/RJZ3+KUzY+5/0m0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFloZ1RTVzRlNEw5RWxuZjRwVE5qN25fU2JRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC81MTBhNGUtNjZlZi00ZGMxLTgwM2It
MjBkZGRiYzEyODFkLzEvR3FUcjdXOXY5UE50U2hkUFdyVUt0M1FpRVgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC81MTBhNGUtNjZlZi00ZGMxLTgwM2ItMjBkZGRiYzEyODFk
LzEvcFloZ1RTVzRlNEw5RWxuZjRwVE5qN25fU2JRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjjTMA0G
CSqGSIb3DQEBCwUAA4IBAQALXbPZABL2R7WdqvHbWk6vBMHrzo/Z2pQdvrcBNvCO
AMCv/16iz8zlmXzSeT4ZOaWA70I9m5I0LHMMptTCp5kIsc5Rey4WWkanOIZn4V7a
3VeEiGXA98X19814c0ldHzqi2IPzYLCwpcE0icBafYRNUFYlCz7ekpSd0Q4waZVT
7OvmSTGbewEVN3kTSxeX3Ar9EVvanrPU2Pf2iG/pTiM4QuXnk3hnCnfyPMwSC/g2
kf1LY8wZD+GLZyGOlxw50UMojU+z8pkYfqE8vTwNEwpRvnDF74OExUr7RhfL71zk
VEGYbnKwreptSRhGzjNbwbjDB2P84Fk6ahFPAoJJKzZ5
-----END CERTIFICATE-----