Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/c49d34-1b14-4026-b77f-e4def9c697a7/1/gtdq_sLhQoGMGGMYEyop1bQ5cPE.roa
File:                     gtdq_sLhQoGMGGMYEyop1bQ5cPE.roa (raw, json)
Hash identifier:          XjE8Dp+LazzvnU6b2vLGVAOQMA5EN82n00iDijqoQfc=
Subject key identifier:   82:D7:6A:FE:C2:E1:42:81:8C:18:63:18:13:2A:29:D5:B4:39:70:F1
Certificate issuer:       /CN=c72e716353ec733ab4b5085308b386d89a74f147
Certificate serial:       018CC80216A9113DD99DC4B28F807479D4C0
Authority key identifier: C7:2E:71:63:53:EC:73:3A:B4:B5:08:53:08:B3:86:D8:9A:74:F1:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xy5xY1Psczq0tQhTCLOG2Jp08Uc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/c49d34-1b14-4026-b77f-e4def9c697a7/1/gtdq_sLhQoGMGGMYEyop1bQ5cPE.roa
Signing time:             Tue 02 Jan 2024 02:30:29 +0000
ROA not before:           Tue 02 Jan 2024 02:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209907
IP address blocks:        91.228.217.0/24 maxlen: 24
                          176.121.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/c49d34-1b14-4026-b77f-e4def9c697a7/1/xy5xY1Psczq0tQhTCLOG2Jp08Uc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/c49d34-1b14-4026-b77f-e4def9c697a7/1/xy5xY1Psczq0tQhTCLOG2Jp08Uc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xy5xY1Psczq0tQhTCLOG2Jp08Uc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:02:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:16:a9:11:3d:d9:9d:c4:b2:8f:80:74:79:d4:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c72e716353ec733ab4b5085308b386d89a74f147
        Validity
            Not Before: Jan  2 02:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82d76afec2e142818c186318132a29d5b43970f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:24:83:26:e3:c4:03:52:f9:d3:f0:70:d1:3d:
                    b5:1e:ea:f8:aa:ff:bf:96:e4:99:00:98:03:89:39:
                    41:b5:3d:dc:10:fb:7c:bb:1a:ea:41:44:47:03:40:
                    60:17:88:28:b2:57:b2:9b:f6:96:84:a4:2a:e4:fa:
                    4f:97:08:5b:cf:63:1e:16:0f:25:e3:49:ef:0e:35:
                    6c:d7:44:dc:82:d4:87:c9:4e:2e:3f:df:af:2d:46:
                    29:c7:43:ab:fb:2a:0f:e6:94:00:dd:3f:c9:63:ce:
                    ea:60:3a:0a:93:99:3a:75:e6:f7:b2:e3:61:81:52:
                    fa:9d:e1:11:07:73:44:1d:ef:f8:ee:60:ed:0d:9d:
                    27:2e:7a:97:49:39:6c:ec:55:94:20:5d:56:f7:56:
                    04:b2:d5:c3:16:df:74:c7:ab:b6:ab:d4:47:f3:27:
                    01:34:52:b1:b0:8b:36:bb:a7:2c:e2:e7:f8:f8:90:
                    d7:13:d8:c3:56:87:30:9a:ad:20:44:79:34:71:b2:
                    fd:c9:b7:fb:00:56:a8:71:fa:ed:28:19:8d:77:b3:
                    0c:30:cc:65:14:d8:5c:6f:23:d5:1a:60:8e:c8:2d:
                    8c:fe:52:9a:c5:1d:9e:66:41:b8:45:4c:c9:a1:c9:
                    23:6e:bb:50:6b:81:b4:c3:b5:f6:21:9e:f3:d7:57:
                    7e:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:D7:6A:FE:C2:E1:42:81:8C:18:63:18:13:2A:29:D5:B4:39:70:F1
            X509v3 Authority Key Identifier:
                keyid:C7:2E:71:63:53:EC:73:3A:B4:B5:08:53:08:B3:86:D8:9A:74:F1:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xy5xY1Psczq0tQhTCLOG2Jp08Uc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/c49d34-1b14-4026-b77f-e4def9c697a7/1/gtdq_sLhQoGMGGMYEyop1bQ5cPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/c49d34-1b14-4026-b77f-e4def9c697a7/1/xy5xY1Psczq0tQhTCLOG2Jp08Uc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.217.0/24
                  176.121.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:54:9d:c9:44:65:92:34:67:14:35:e6:12:3e:16:78:8f:c6:
         51:72:9f:00:41:b2:cb:79:9f:dc:b8:c5:f2:f3:87:9f:f2:27:
         c9:25:97:66:c4:21:a4:f7:b6:5e:5d:59:e8:35:fa:73:fd:14:
         6c:d2:1c:a7:c9:b4:28:2e:08:f8:d4:ee:86:a8:32:4f:0b:e1:
         3c:1f:42:e9:94:f8:94:82:9d:36:17:d0:e3:e0:b1:f9:7b:3b:
         8a:f5:8f:91:47:96:9b:2d:f9:1a:c3:8d:1f:da:52:05:b3:50:
         86:38:0e:57:86:3b:04:b7:8c:23:5a:3b:6c:a3:1a:c0:13:31:
         28:34:36:5c:70:02:8f:45:68:5e:5b:72:39:84:fb:ba:30:33:
         f1:34:f1:06:ac:5a:2f:c0:fd:10:fe:c0:53:c1:03:30:05:6f:
         a9:a4:9a:f1:56:72:a9:ad:db:61:04:8a:5d:08:40:63:05:b0:
         1b:18:62:b6:90:3f:d3:b7:97:23:11:a8:c6:dd:9d:d2:da:fc:
         64:b8:88:2f:e0:0e:bf:72:53:3b:2e:d1:cf:9a:20:73:87:27:
         aa:70:d9:da:02:d2:79:0a:c4:39:65:fc:4a:95:57:75:16:01:
         13:13:78:fe:31:e3:c7:88:65:3c:e2:eb:74:ac:e0:09:d2:26:
         d9:e6:61:08
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAhapET3ZncSyj4B0edTAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3MmU3MTYzNTNlYzczM2FiNGI1MDg1MzA4YjM4NmQ4OWE3
NGYxNDcwHhcNMjQwMTAyMDIzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmQ3NmFmZWMyZTE0MjgxOGMxODYzMTgxMzJhMjlkNWI0Mzk3MGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhiSDJuPEA1L50/Bw0T21Hur4qv+/
luSZAJgDiTlBtT3cEPt8uxrqQURHA0BgF4gosleym/aWhKQq5PpPlwhbz2MeFg8l
40nvDjVs10TcgtSHyU4uP9+vLUYpx0Or+yoP5pQA3T/JY87qYDoKk5k6deb3suNh
gVL6neERB3NEHe/47mDtDZ0nLnqXSTls7FWUIF1W91YEstXDFt90x6u2q9RH8ycB
NFKxsIs2u6cs4uf4+JDXE9jDVocwmq0gRHk0cbL9ybf7AFaocfrtKBmNd7MMMMxl
FNhcbyPVGmCOyC2M/lKaxR2eZkG4RUzJockjbrtQa4G0w7X2IZ7z11d+fwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFILXav7C4UKBjBhjGBMqKdW0OXDxMB8GA1UdIwQY
MBaAFMcucWNT7HM6tLUIUwizhtiadPFHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHk1eFkxUHNjenEwdFFoVENMT0cySnAwOFVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9jNDlkMzQtMWIxNC00MDI2LWI3N2Yt
ZTRkZWY5YzY5N2E3LzEvZ3RkcV9zTGhRb0dNR0dNWUV5b3AxYlE1Y1BFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9jNDlkMzQtMWIxNC00MDI2LWI3N2YtZTRkZWY5YzY5N2E3
LzEveHk1eFkxUHNjenEwdFFoVENMT0cySnAwOFVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+TZAwQA
sHkBMA0GCSqGSIb3DQEBCwUAA4IBAQCTVJ3JRGWSNGcUNeYSPhZ4j8ZRcp8AQbLL
eZ/cuMXy84ef8ifJJZdmxCGk97ZeXVnoNfpz/RRs0hynybQoLgj41O6GqDJPC+E8
H0LplPiUgp02F9Dj4LH5ezuK9Y+RR5abLfkaw40f2lIFs1CGOA5XhjsEt4wjWjts
oxrAEzEoNDZccAKPRWheW3I5hPu6MDPxNPEGrFovwP0Q/sBTwQMwBW+ppJrxVnKp
rdthBIpdCEBjBbAbGGK2kD/Tt5cjEajG3Z3S2vxkuIgv4A6/clM7LtHPmiBzhyeq
cNnaAtJ5CsQ5ZfxKlVd1FgETE3j+MePHiGU84ut0rOAJ0ibZ5mEI
-----END CERTIFICATE-----