Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/96ab95-c2fe-4b93-9a2e-5689ee06e14c/1/GLvkZmz2Wc-V3lWvMO4GaC1ii6w.roa
File:                     GLvkZmz2Wc-V3lWvMO4GaC1ii6w.roa (raw, json)
Hash identifier:          ZnG0OHpiUGqBY19jAgu/83UuNqL3taNfyWPSTor4bhM=
Subject key identifier:   18:BB:E4:66:6C:F6:59:CF:95:DE:55:AF:30:EE:06:68:2D:62:8B:AC
Certificate issuer:       /CN=258623ecc8dcb913d10228a9460a86e660cb8fb2
Certificate serial:       018CC8DF4E82D5EA15E382F3C9E604EC23D9
Authority key identifier: 25:86:23:EC:C8:DC:B9:13:D1:02:28:A9:46:0A:86:E6:60:CB:8F:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JYYj7MjcuRPRAiipRgqG5mDLj7I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/96ab95-c2fe-4b93-9a2e-5689ee06e14c/1/GLvkZmz2Wc-V3lWvMO4GaC1ii6w.roa
Signing time:             Tue 02 Jan 2024 06:32:06 +0000
ROA not before:           Tue 02 Jan 2024 06:32:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20952
IP address blocks:        185.57.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/96ab95-c2fe-4b93-9a2e-5689ee06e14c/1/JYYj7MjcuRPRAiipRgqG5mDLj7I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/96ab95-c2fe-4b93-9a2e-5689ee06e14c/1/JYYj7MjcuRPRAiipRgqG5mDLj7I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JYYj7MjcuRPRAiipRgqG5mDLj7I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:4e:82:d5:ea:15:e3:82:f3:c9:e6:04:ec:23:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=258623ecc8dcb913d10228a9460a86e660cb8fb2
        Validity
            Not Before: Jan  2 06:32:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18bbe4666cf659cf95de55af30ee06682d628bac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:55:fc:27:84:ca:de:c7:d2:7e:e6:d1:62:c4:
                    76:7f:a0:bb:b9:c0:fa:aa:3f:7b:16:06:d6:3d:93:
                    33:d6:19:a7:61:b1:4f:a9:50:dd:72:3c:8b:9d:32:
                    52:a5:57:2f:fb:cf:d3:3f:d2:0f:1e:d7:1c:66:b0:
                    12:88:6d:f3:f7:42:33:f8:03:7c:61:8c:6e:b3:08:
                    14:f1:90:fc:fc:55:5c:a0:db:48:6a:01:e1:e4:3e:
                    d3:db:9a:4a:fc:76:56:d3:33:82:23:af:16:5b:4b:
                    f8:3e:2c:20:c7:af:98:6c:1c:25:18:06:d2:a4:22:
                    b1:2c:bb:83:6d:50:c2:d4:1a:c1:77:c3:68:f5:f5:
                    50:00:e9:9a:13:f8:6c:03:66:bd:93:48:90:9a:54:
                    16:f2:da:06:4c:19:c1:3d:61:53:8c:d8:86:29:90:
                    c0:f4:ed:53:c6:9e:58:69:f3:da:e1:73:62:c3:44:
                    25:37:29:41:ad:e0:e7:2b:54:7b:e3:1a:90:ad:d1:
                    b8:42:26:f0:4e:8c:eb:f6:56:89:f1:49:69:a0:97:
                    3d:8d:fe:c7:26:88:db:ef:ae:2c:d0:29:27:79:e7:
                    33:37:97:3d:f2:f3:8e:38:d2:8a:54:0b:d3:04:e9:
                    d9:14:cd:a9:c7:17:11:2f:da:fc:2e:0f:4e:74:a8:
                    b7:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:BB:E4:66:6C:F6:59:CF:95:DE:55:AF:30:EE:06:68:2D:62:8B:AC
            X509v3 Authority Key Identifier:
                keyid:25:86:23:EC:C8:DC:B9:13:D1:02:28:A9:46:0A:86:E6:60:CB:8F:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JYYj7MjcuRPRAiipRgqG5mDLj7I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/96ab95-c2fe-4b93-9a2e-5689ee06e14c/1/GLvkZmz2Wc-V3lWvMO4GaC1ii6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/96ab95-c2fe-4b93-9a2e-5689ee06e14c/1/JYYj7MjcuRPRAiipRgqG5mDLj7I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:71:9b:00:6d:15:74:97:0b:6b:0b:b0:12:a9:e6:40:6c:e9:
         30:bc:a9:00:7e:06:f4:cb:cb:5a:9c:b8:02:cb:e5:86:30:04:
         1d:be:a1:38:4b:01:9b:a2:fa:b2:7e:57:b6:0e:c4:d0:9f:d3:
         ea:e7:62:aa:06:15:c1:db:d8:cd:9b:1d:cb:40:74:a0:25:cc:
         a3:c6:75:06:9a:63:93:c6:f7:6b:35:e4:d5:b9:82:bc:2f:58:
         11:a3:37:bb:da:78:5d:75:fa:f9:7a:4a:c6:63:ee:0b:ee:58:
         d3:17:f1:52:24:8d:0e:a9:17:64:69:f0:e1:cb:50:55:37:b8:
         79:bd:ab:0c:61:e6:ed:b4:ab:24:a1:aa:43:53:4c:dd:3c:63:
         93:a0:01:d9:20:0c:23:76:84:30:d7:62:fd:16:94:7c:df:ed:
         0d:12:e8:a9:b5:86:7c:c2:f5:7c:f4:ef:64:97:8b:9f:1c:8f:
         99:a1:f8:e0:d9:91:55:71:99:d9:e5:9d:1f:17:b7:da:b4:00:
         b4:87:85:36:a7:8f:62:49:c9:66:98:b3:50:4c:38:16:84:54:
         96:6c:61:52:d8:50:fa:1e:f5:39:d2:c7:19:98:23:95:ee:ae:
         67:f8:8d:bc:c6:62:3c:df:19:77:c4:c8:ab:12:cf:11:9e:45:
         d5:57:c9:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI306C1eoV44LzyeYE7CPZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ODYyM2VjYzhkY2I5MTNkMTAyMjhhOTQ2MGE4NmU2NjBj
YjhmYjIwHhcNMjQwMTAyMDYzMjA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGJiZTQ2NjZjZjY1OWNmOTVkZTU1YWYzMGVlMDY2ODJkNjI4YmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1X8J4TK3sfSfubRYsR2f6C7ucD6
qj97FgbWPZMz1hmnYbFPqVDdcjyLnTJSpVcv+8/TP9IPHtccZrASiG3z90Iz+AN8
YYxuswgU8ZD8/FVcoNtIagHh5D7T25pK/HZW0zOCI68WW0v4Piwgx6+YbBwlGAbS
pCKxLLuDbVDC1BrBd8No9fVQAOmaE/hsA2a9k0iQmlQW8toGTBnBPWFTjNiGKZDA
9O1Txp5YafPa4XNiw0QlNylBreDnK1R74xqQrdG4QibwTozr9laJ8UlpoJc9jf7H
Jojb764s0CkneeczN5c98vOOONKKVAvTBOnZFM2pxxcRL9r8Lg9OdKi3eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBi75GZs9lnPld5VrzDuBmgtYousMB8GA1UdIwQY
MBaAFCWGI+zI3LkT0QIoqUYKhuZgy4+yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSllZajdNamN1UlBSQWlpcFJncUc1bURMajdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC85NmFiOTUtYzJmZS00YjkzLTlhMmUt
NTY4OWVlMDZlMTRjLzEvR0x2a1ptejJXYy1WM2xXdk1PNEdhQzFpaTZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC85NmFiOTUtYzJmZS00YjkzLTlhMmUtNTY4OWVlMDZlMTRj
LzEvSllZajdNamN1UlBSQWlpcFJncUc1bURMajdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTlMMA0G
CSqGSIb3DQEBCwUAA4IBAQAlcZsAbRV0lwtrC7ASqeZAbOkwvKkAfgb0y8tanLgC
y+WGMAQdvqE4SwGbovqyfle2DsTQn9Pq52KqBhXB29jNmx3LQHSgJcyjxnUGmmOT
xvdrNeTVuYK8L1gRoze72nhddfr5ekrGY+4L7ljTF/FSJI0OqRdkafDhy1BVN7h5
vasMYebttKskoapDU0zdPGOToAHZIAwjdoQw12L9FpR83+0NEuiptYZ8wvV89O9k
l4ufHI+Zofjg2ZFVcZnZ5Z0fF7fatAC0h4U2p49iSclmmLNQTDgWhFSWbGFS2FD6
HvU50scZmCOV7q5n+I28xmI83xl3xMirEs8RnkXVV8mx
-----END CERTIFICATE-----