Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/f1af90-355c-484b-b923-d31d4cb1b129/1/GD7mekuGefVvda4o_6FnPgGHbrc.roa
File:                     GD7mekuGefVvda4o_6FnPgGHbrc.roa (raw, json)
Hash identifier:          RkCdUgqNHEIFaudhuJ2GwsHlY49UtrmqEUjYqLog5q0=
Subject key identifier:   18:3E:E6:7A:4B:86:79:F5:6F:75:AE:28:FF:A1:67:3E:01:87:6E:B7
Certificate issuer:       /CN=30309941a6d84fa4dbddaf0f4ecd99f9f043cfdc
Certificate serial:       018CC9BCE3C7FC718F36F1C0279947142731
Authority key identifier: 30:30:99:41:A6:D8:4F:A4:DB:DD:AF:0F:4E:CD:99:F9:F0:43:CF:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MDCZQabYT6Tb3a8PTs2Z-fBDz9w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/f1af90-355c-484b-b923-d31d4cb1b129/1/GD7mekuGefVvda4o_6FnPgGHbrc.roa
Signing time:             Tue 02 Jan 2024 10:34:08 +0000
ROA not before:           Tue 02 Jan 2024 10:34:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209011
IP address blocks:        94.177.128.0/24 maxlen: 24
                          194.28.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/f1af90-355c-484b-b923-d31d4cb1b129/1/MDCZQabYT6Tb3a8PTs2Z-fBDz9w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/f1af90-355c-484b-b923-d31d4cb1b129/1/MDCZQabYT6Tb3a8PTs2Z-fBDz9w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MDCZQabYT6Tb3a8PTs2Z-fBDz9w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 07:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:e3:c7:fc:71:8f:36:f1:c0:27:99:47:14:27:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30309941a6d84fa4dbddaf0f4ecd99f9f043cfdc
        Validity
            Not Before: Jan  2 10:34:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=183ee67a4b8679f56f75ae28ffa1673e01876eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:71:47:db:4a:1a:4a:77:99:8d:f0:a2:d2:53:
                    b2:19:e1:fa:89:c1:75:31:ad:7b:a8:41:94:a0:cb:
                    56:60:53:08:9f:0e:0b:51:a7:17:63:68:cc:e4:94:
                    67:ce:f5:0d:17:5d:66:f2:99:27:8c:fe:da:c4:65:
                    23:4d:30:51:79:4a:04:1d:6b:f1:04:58:fb:59:29:
                    b8:f8:62:a8:ec:67:96:ae:e7:3e:c5:98:7c:2d:33:
                    88:46:5c:5a:de:57:b4:a1:06:9b:29:c8:37:9f:de:
                    1a:8e:4b:79:f4:2c:77:77:73:b0:13:f9:6d:49:c9:
                    79:c4:b9:8e:36:ea:25:e9:b5:ed:34:e9:4b:25:3c:
                    d6:87:bd:b9:9b:de:07:a0:cc:3e:ec:09:07:c7:3e:
                    c1:a5:23:e8:ce:85:63:c9:a3:2c:60:48:5f:d7:23:
                    6b:de:94:38:30:30:67:96:2d:41:2d:6a:a9:cb:74:
                    7a:58:34:92:a0:0f:1c:c8:30:ae:ca:3c:7d:63:36:
                    49:5c:89:40:65:ab:ac:7f:7f:2f:e3:c0:98:74:1b:
                    12:1b:75:bd:f6:02:de:2a:21:cc:07:05:68:9c:66:
                    f0:42:43:18:e5:1e:b5:bf:f6:4c:3b:69:a8:69:78:
                    70:ca:93:de:ec:41:59:32:37:7f:bb:ac:75:56:68:
                    60:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:3E:E6:7A:4B:86:79:F5:6F:75:AE:28:FF:A1:67:3E:01:87:6E:B7
            X509v3 Authority Key Identifier:
                keyid:30:30:99:41:A6:D8:4F:A4:DB:DD:AF:0F:4E:CD:99:F9:F0:43:CF:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MDCZQabYT6Tb3a8PTs2Z-fBDz9w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/f1af90-355c-484b-b923-d31d4cb1b129/1/GD7mekuGefVvda4o_6FnPgGHbrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/f1af90-355c-484b-b923-d31d4cb1b129/1/MDCZQabYT6Tb3a8PTs2Z-fBDz9w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.177.128.0/24
                  194.28.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:32:87:21:c4:f3:37:b5:1a:4d:1c:3e:e4:99:a2:1c:e8:00:
         d5:5b:20:c3:f7:2a:d6:54:0b:48:f7:6c:dc:0c:3d:d5:6b:6a:
         0e:d2:c9:db:0a:c3:d6:9d:23:c0:91:e1:8f:bd:5d:0d:8a:50:
         55:f5:67:43:37:19:c6:cc:4e:20:98:89:f2:e3:e1:e1:11:d8:
         69:59:3c:70:f8:96:57:26:85:d8:d1:c3:e1:e4:f3:86:f7:c9:
         12:a1:e9:c2:83:3c:e2:ac:8f:47:6e:3f:76:be:75:4f:d8:f0:
         ee:05:ca:cf:b9:70:b5:7f:f5:90:3b:90:4f:42:cd:5f:38:16:
         6d:6e:f1:40:4f:24:3d:b8:4f:9e:d2:bd:da:65:b6:39:9b:e1:
         1c:b2:e9:78:6b:3a:b2:b7:85:e3:19:0d:0e:52:ad:8e:39:6e:
         73:7f:d6:81:39:84:bd:8a:9a:9f:b3:12:80:82:54:35:11:ae:
         a4:c3:ad:7b:61:55:cc:e0:14:88:52:63:7e:96:c0:57:25:7c:
         4a:8e:a9:6e:e0:6e:df:2d:f6:96:f0:fc:b7:5a:73:b2:ba:51:
         d5:7b:ec:ef:6b:c2:40:be:bc:70:14:63:c3:67:3b:10:76:48:
         03:92:28:02:57:04:f0:30:31:85:78:0c:93:b8:8b:45:99:5f:
         3d:54:c9:03
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvOPH/HGPNvHAJ5lHFCcxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMzA5OTQxYTZkODRmYTRkYmRkYWYwZjRlY2Q5OWY5ZjA0
M2NmZGMwHhcNMjQwMTAyMTAzNDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODNlZTY3YTRiODY3OWY1NmY3NWFlMjhmZmExNjczZTAxODc2ZWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonFH20oaSneZjfCi0lOyGeH6icF1
Ma17qEGUoMtWYFMInw4LUacXY2jM5JRnzvUNF11m8pknjP7axGUjTTBReUoEHWvx
BFj7WSm4+GKo7GeWruc+xZh8LTOIRlxa3le0oQabKcg3n94ajkt59Cx3d3OwE/lt
Scl5xLmONuol6bXtNOlLJTzWh725m94HoMw+7AkHxz7BpSPozoVjyaMsYEhf1yNr
3pQ4MDBnli1BLWqpy3R6WDSSoA8cyDCuyjx9YzZJXIlAZausf38v48CYdBsSG3W9
9gLeKiHMBwVonGbwQkMY5R61v/ZMO2moaXhwypPe7EFZMjd/u6x1VmhgvwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBg+5npLhnn1b3WuKP+hZz4Bh263MB8GA1UdIwQY
MBaAFDAwmUGm2E+k292vD07NmfnwQ8/cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTURDWlFhYllUNlRiM2E4UFRzMlotZkJEejl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9mMWFmOTAtMzU1Yy00ODRiLWI5MjMt
ZDMxZDRjYjFiMTI5LzEvR0Q3bWVrdUdlZlZ2ZGE0b182Rm5QZ0dIYnJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9mMWFmOTAtMzU1Yy00ODRiLWI5MjMtZDMxZDRjYjFiMTI5
LzEvTURDWlFhYllUNlRiM2E4UFRzMlotZkJEejl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXrGAAwQA
whwsMA0GCSqGSIb3DQEBCwUAA4IBAQBeMochxPM3tRpNHD7kmaIc6ADVWyDD9yrW
VAtI92zcDD3Va2oO0snbCsPWnSPAkeGPvV0NilBV9WdDNxnGzE4gmIny4+HhEdhp
WTxw+JZXJoXY0cPh5POG98kSoenCgzzirI9Hbj92vnVP2PDuBcrPuXC1f/WQO5BP
Qs1fOBZtbvFATyQ9uE+e0r3aZbY5m+Ecsul4azqyt4XjGQ0OUq2OOW5zf9aBOYS9
ipqfsxKAglQ1Ea6kw617YVXM4BSIUmN+lsBXJXxKjqlu4G7fLfaW8Py3WnOyulHV
e+zva8JAvrxwFGPDZzsQdkgDkigCVwTwMDGFeAyTuItFmV89VMkD
-----END CERTIFICATE-----