Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/GYmaSoPTu3Zn2m9U8ik4PsEiUVQ.roa
File:                     GYmaSoPTu3Zn2m9U8ik4PsEiUVQ.roa (raw, json)
Hash identifier:          3tWzE9X5UVipGSK3z64ov2E8Bk4qUNUHFGetu0e5fXs=
Subject key identifier:   19:89:9A:4A:83:D3:BB:76:67:DA:6F:54:F2:29:38:3E:C1:22:51:54
Certificate issuer:       /CN=387d6df7eb7542e0333aeedd14adff8f51f8cbd8
Certificate serial:       019330062A1A237E74F6183F34C1E67E9E60
Authority key identifier: 38:7D:6D:F7:EB:75:42:E0:33:3A:EE:DD:14:AD:FF:8F:51:F8:CB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/GYmaSoPTu3Zn2m9U8ik4PsEiUVQ.roa
Signing time:             Fri 15 Nov 2024 13:32:10 +0000
ROA not before:           Fri 15 Nov 2024 13:32:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212981
IP address blocks:        193.200.186.0/24 maxlen: 24
                          2a0a:d6c0:186::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:30:06:2a:1a:23:7e:74:f6:18:3f:34:c1:e6:7e:9e:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=387d6df7eb7542e0333aeedd14adff8f51f8cbd8
        Validity
            Not Before: Nov 15 13:32:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19899a4a83d3bb7667da6f54f229383ec1225154
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:e2:bb:f1:2a:3d:b0:2b:2e:d4:14:1c:64:c6:
                    80:99:74:56:eb:50:bf:d3:d5:83:21:e7:6e:2e:0c:
                    13:62:f3:7f:69:94:d9:23:e4:62:e4:30:ac:02:d8:
                    15:3e:e9:93:e8:3b:b9:be:72:35:82:5e:45:1b:d8:
                    84:66:fb:2f:b8:fb:2a:cb:33:3b:c1:01:d7:2d:77:
                    ad:3f:d3:ff:10:f5:75:b9:4c:12:b2:28:b3:44:50:
                    d0:97:12:56:62:8b:a8:07:86:64:bf:23:80:9f:06:
                    63:14:1c:21:fa:3a:9d:14:d6:cd:f2:98:50:40:27:
                    87:ec:97:b8:47:6f:62:7a:b9:79:c6:88:53:4f:95:
                    1e:ff:87:cf:41:c3:57:18:af:48:68:ab:52:c5:0b:
                    0d:1c:df:f1:b8:c0:14:c6:11:a6:0e:3a:d0:5d:4d:
                    0b:0b:79:5d:df:32:50:31:c5:b2:e4:19:65:bb:8b:
                    76:31:f6:3b:99:3b:e3:1a:22:20:3e:1f:5d:aa:53:
                    ce:43:97:ec:0d:06:2a:d0:7d:a7:03:09:ff:36:dc:
                    ca:03:92:8e:f3:11:d9:61:50:c5:a4:1c:31:d8:07:
                    35:88:15:c0:44:b7:c6:c2:fc:96:43:36:7e:60:45:
                    47:1e:8f:de:f4:4b:16:2e:92:ad:d8:65:ac:95:4e:
                    40:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:89:9A:4A:83:D3:BB:76:67:DA:6F:54:F2:29:38:3E:C1:22:51:54
            X509v3 Authority Key Identifier:
                keyid:38:7D:6D:F7:EB:75:42:E0:33:3A:EE:DD:14:AD:FF:8F:51:F8:CB:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/GYmaSoPTu3Zn2m9U8ik4PsEiUVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.186.0/24
                IPv6:
                  2a0a:d6c0:186::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:79:2b:06:1d:95:08:49:e2:a8:e2:8e:b0:ee:1d:ff:4a:8f:
         ed:2b:f4:58:54:b1:6b:12:62:c5:7a:fe:42:eb:44:cd:e6:cd:
         0b:80:86:2b:74:03:a4:f8:28:68:94:1c:f4:86:04:ba:85:1a:
         e9:03:87:be:13:18:70:f0:b4:5e:c2:53:e7:ae:86:77:ef:d0:
         ea:3e:72:c5:b8:f3:86:bf:60:ee:fa:d2:35:97:0e:ca:22:fc:
         b2:4f:9f:c4:99:28:8e:a7:f5:8d:10:c7:48:e9:64:8c:31:2d:
         59:2c:7d:7b:4d:08:e0:df:89:b2:29:fa:1b:a0:13:c2:0f:ae:
         e0:22:55:9c:58:ca:28:e5:f3:db:aa:4b:a2:81:b5:37:37:66:
         5c:79:be:47:a6:4d:e9:3c:77:12:a4:2f:f7:65:28:33:a3:f6:
         89:8e:3f:0b:61:7b:c1:8f:11:35:d0:c6:78:02:3f:38:60:88:
         56:2d:08:6b:d1:0d:a3:18:9b:4e:85:ec:a6:ef:95:c3:34:9a:
         19:c3:d8:8d:72:c8:75:4f:d6:e7:30:b2:09:d2:aa:80:ae:34:
         b0:69:97:5e:e0:79:ec:ef:d8:50:d6:5f:c3:05:d8:3e:ca:b8:
         df:61:67:ed:f2:ae:a9:2f:a9:40:2f:c2:6d:0e:67:f1:94:d3:
         e6:39:35:af
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZMwBioaI3509hg/NMHmfp5gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4N2Q2ZGY3ZWI3NTQyZTAzMzNhZWVkZDE0YWRmZjhmNTFm
OGNiZDgwHhcNMjQxMTE1MTMzMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTg5OWE0YTgzZDNiYjc2NjdkYTZmNTRmMjI5MzgzZWMxMjI1MTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0eK78So9sCsu1BQcZMaAmXRW61C/
09WDIeduLgwTYvN/aZTZI+Ri5DCsAtgVPumT6Du5vnI1gl5FG9iEZvsvuPsqyzM7
wQHXLXetP9P/EPV1uUwSsiizRFDQlxJWYouoB4ZkvyOAnwZjFBwh+jqdFNbN8phQ
QCeH7Je4R29ierl5xohTT5Ue/4fPQcNXGK9IaKtSxQsNHN/xuMAUxhGmDjrQXU0L
C3ld3zJQMcWy5Bllu4t2MfY7mTvjGiIgPh9dqlPOQ5fsDQYq0H2nAwn/NtzKA5KO
8xHZYVDFpBwx2Ac1iBXARLfGwvyWQzZ+YEVHHo/e9EsWLpKt2GWslU5A9wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBmJmkqD07t2Z9pvVPIpOD7BIlFUMB8GA1UdIwQY
MBaAFDh9bffrdULgMzru3RSt/49R+MvYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0gxdDktdDFRdUF6T3U3ZEZLM19qMUg0eTlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9kNGE4OWMtNTRiMi00NDViLWJiN2Mt
NjA5YTQ4YjJiMTRkLzEvR1ltYVNvUFR1M1puMm05VThpazRQc0VpVVZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9kNGE4OWMtNTRiMi00NDViLWJiN2MtNjA5YTQ4YjJiMTRk
LzEvT0gxdDktdDFRdUF6T3U3ZEZLM19qMUg0eTlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwci6MA8E
AgACMAkDBwAqCtbAAYYwDQYJKoZIhvcNAQELBQADggEBAHJ5KwYdlQhJ4qjijrDu
Hf9Kj+0r9FhUsWsSYsV6/kLrRM3mzQuAhit0A6T4KGiUHPSGBLqFGukDh74TGHDw
tF7CU+euhnfv0Oo+csW484a/YO760jWXDsoi/LJPn8SZKI6n9Y0Qx0jpZIwxLVks
fXtNCODfibIp+hugE8IPruAiVZxYyijl89uqS6KBtTc3Zlx5vkemTek8dxKkL/dl
KDOj9omOPwthe8GPETXQxngCPzhgiFYtCGvRDaMYm06F7KbvlcM0mhnD2I1yyHVP
1ucwsgnSqoCuNLBpl17geezv2FDWX8MF2D7KuN9hZ+3yrqkvqUAvwm0OZ/GU0+Y5
Na8=
-----END CERTIFICATE-----