Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/b27ead-96bf-4537-9a99-5be4674b467c/1/GQLqY5Iu9HZ0Q9ldTu9B_gSrDiA.roa
File:                     GQLqY5Iu9HZ0Q9ldTu9B_gSrDiA.roa (raw, json)
Hash identifier:          J09CzjnfRYYbH/wDJCUrAOp3objc+wYobkg9Cyl4oN0=
Subject key identifier:   19:02:EA:63:92:2E:F4:76:74:43:D9:5D:4E:EF:41:FE:04:AB:0E:20
Certificate issuer:       /CN=2146e560a3f5cac7c64fe0f13be663d94c871453
Certificate serial:       019336802D112902C70725A2F13A7CBE0C88
Authority key identifier: 21:46:E5:60:A3:F5:CA:C7:C6:4F:E0:F1:3B:E6:63:D9:4C:87:14:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IUblYKP1ysfGT-DxO-Zj2UyHFFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/b27ead-96bf-4537-9a99-5be4674b467c/1/GQLqY5Iu9HZ0Q9ldTu9B_gSrDiA.roa
Signing time:             Sat 16 Nov 2024 19:43:09 +0000
ROA not before:           Sat 16 Nov 2024 19:43:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49824
IP address blocks:        185.167.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/b27ead-96bf-4537-9a99-5be4674b467c/1/IUblYKP1ysfGT-DxO-Zj2UyHFFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/b27ead-96bf-4537-9a99-5be4674b467c/1/IUblYKP1ysfGT-DxO-Zj2UyHFFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IUblYKP1ysfGT-DxO-Zj2UyHFFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:36:80:2d:11:29:02:c7:07:25:a2:f1:3a:7c:be:0c:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2146e560a3f5cac7c64fe0f13be663d94c871453
        Validity
            Not Before: Nov 16 19:43:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1902ea63922ef4767443d95d4eef41fe04ab0e20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c6:d0:0b:3f:8c:95:1c:4e:53:f3:7b:49:d7:
                    65:24:9e:c5:3d:fa:4b:b9:7b:d9:f9:5d:2a:ff:07:
                    a4:29:8c:d7:ea:95:d3:26:96:c0:24:0c:3a:65:0d:
                    c2:75:50:6b:e5:0d:1d:9c:da:84:e4:e0:a6:89:29:
                    6c:61:32:63:a7:28:58:96:a8:5d:ab:82:34:fe:a0:
                    35:f6:eb:8d:51:2a:98:53:9e:fc:80:bc:da:43:89:
                    23:95:68:e1:c8:e6:29:26:8b:bc:6b:0b:61:f9:de:
                    6a:48:24:4e:c5:98:34:a6:3e:33:d2:16:4b:6e:af:
                    ed:f1:84:6a:bf:79:0a:ab:44:42:5e:8e:43:bc:25:
                    4b:71:e3:df:3f:7a:df:2b:ab:ad:d1:ca:80:d9:82:
                    95:1e:a8:97:5c:e6:71:92:91:ea:37:e2:e4:73:b3:
                    7f:a2:9d:64:9e:94:0c:9a:42:27:72:59:51:d5:ba:
                    bf:c7:78:bc:ca:c2:26:d6:f8:dc:65:65:06:6b:a9:
                    fc:13:65:1e:40:e0:95:04:6c:73:11:c1:92:f0:a6:
                    aa:02:48:9d:6e:96:aa:f8:fd:d9:38:81:4b:f1:76:
                    b6:7e:b6:2a:d2:59:3f:b5:f1:49:49:2d:8c:2a:bd:
                    cc:5a:74:3b:07:e4:a8:2a:b6:bc:17:98:66:f8:dc:
                    68:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:02:EA:63:92:2E:F4:76:74:43:D9:5D:4E:EF:41:FE:04:AB:0E:20
            X509v3 Authority Key Identifier:
                keyid:21:46:E5:60:A3:F5:CA:C7:C6:4F:E0:F1:3B:E6:63:D9:4C:87:14:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IUblYKP1ysfGT-DxO-Zj2UyHFFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/b27ead-96bf-4537-9a99-5be4674b467c/1/GQLqY5Iu9HZ0Q9ldTu9B_gSrDiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/b27ead-96bf-4537-9a99-5be4674b467c/1/IUblYKP1ysfGT-DxO-Zj2UyHFFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:49:6d:59:a1:4b:75:1a:d3:be:f2:5c:7e:7e:96:ea:d9:eb:
         cd:d6:7d:fc:c4:9c:90:71:58:18:1a:95:8d:aa:dc:3b:71:53:
         1d:62:e0:9d:cb:d3:37:2c:ae:79:2b:a1:e5:6f:58:82:b1:eb:
         da:05:09:ef:9e:db:7b:25:47:1d:5c:4a:4e:db:43:ad:1f:0f:
         fe:8b:ed:98:66:48:43:37:71:7d:0c:7b:93:d7:98:bb:8a:48:
         22:26:12:a5:29:da:3d:2c:66:fb:9c:12:2a:4a:fb:0c:66:b9:
         7e:58:46:5e:98:61:89:a0:df:eb:6a:d6:00:dd:ab:f8:ff:d3:
         6e:08:8e:33:85:4b:96:02:2b:38:ff:6d:2b:29:e4:19:3a:41:
         15:b7:7c:71:a3:6a:3f:d6:3f:76:8c:22:a8:ae:98:40:cf:48:
         da:ec:fc:29:bb:62:f6:35:1e:51:3b:2e:8d:4a:35:b1:5d:26:
         22:ab:21:54:a2:d1:44:89:ee:f5:8f:aa:f3:86:6c:96:c9:77:
         d9:24:d1:c1:ff:d0:fd:1a:e8:7e:a9:1d:48:64:b3:83:61:23:
         19:1c:6f:58:04:d2:11:41:aa:66:a1:29:a5:38:a7:8b:26:00:
         d7:f8:38:a1:ee:69:10:67:74:d7:44:96:86:b2:77:6e:1a:bf:
         9f:11:dd:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZM2gC0RKQLHByWi8Tp8vgyIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNDZlNTYwYTNmNWNhYzdjNjRmZTBmMTNiZTY2M2Q5NGM4
NzE0NTMwHhcNMjQxMTE2MTk0MzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTAyZWE2MzkyMmVmNDc2NzQ0M2Q5NWQ0ZWVmNDFmZTA0YWIwZTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8bQCz+MlRxOU/N7SddlJJ7FPfpL
uXvZ+V0q/wekKYzX6pXTJpbAJAw6ZQ3CdVBr5Q0dnNqE5OCmiSlsYTJjpyhYlqhd
q4I0/qA19uuNUSqYU578gLzaQ4kjlWjhyOYpJou8awth+d5qSCROxZg0pj4z0hZL
bq/t8YRqv3kKq0RCXo5DvCVLcePfP3rfK6ut0cqA2YKVHqiXXOZxkpHqN+Lkc7N/
op1knpQMmkIncllR1bq/x3i8ysIm1vjcZWUGa6n8E2UeQOCVBGxzEcGS8KaqAkid
bpaq+P3ZOIFL8Xa2frYq0lk/tfFJSS2MKr3MWnQ7B+SoKra8F5hm+NxoLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBkC6mOSLvR2dEPZXU7vQf4Eqw4gMB8GA1UdIwQY
MBaAFCFG5WCj9crHxk/g8TvmY9lMhxRTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVVibFlLUDF5c2ZHVC1EeE8tWmoyVXlIRkZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9iMjdlYWQtOTZiZi00NTM3LTlhOTkt
NWJlNDY3NGI0NjdjLzEvR1FMcVk1SXU5SFowUTlsZFR1OUJfZ1NyRGlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9iMjdlYWQtOTZiZi00NTM3LTlhOTktNWJlNDY3NGI0Njdj
LzEvSVVibFlLUDF5c2ZHVC1EeE8tWmoyVXlIRkZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuadOMA0G
CSqGSIb3DQEBCwUAA4IBAQAhSW1ZoUt1GtO+8lx+fpbq2evN1n38xJyQcVgYGpWN
qtw7cVMdYuCdy9M3LK55K6Hlb1iCsevaBQnvntt7JUcdXEpO20OtHw/+i+2YZkhD
N3F9DHuT15i7ikgiJhKlKdo9LGb7nBIqSvsMZrl+WEZemGGJoN/ratYA3av4/9Nu
CI4zhUuWAis4/20rKeQZOkEVt3xxo2o/1j92jCKorphAz0ja7Pwpu2L2NR5ROy6N
SjWxXSYiqyFUotFEie71j6rzhmyWyXfZJNHB/9D9Guh+qR1IZLODYSMZHG9YBNIR
QapmoSmlOKeLJgDX+Dih7mkQZ3TXRJaGsnduGr+fEd25
-----END CERTIFICATE-----