Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/GpSW7VY6BjcLOVsgPwMlLOa11Tk.roa
File:                     GpSW7VY6BjcLOVsgPwMlLOa11Tk.roa (raw, json)
Hash identifier:          lVkbuOeZKHMCVq6dkiijHHN4VuBBaHHpIxdDNbLxBkM=
Subject key identifier:   1A:94:96:ED:56:3A:06:37:0B:39:5B:20:3F:03:25:2C:E6:B5:D5:39
Certificate issuer:       /CN=aebf394e2f1b251c88d988a87161084580786ef5
Certificate serial:       018CC5DD380BFAA2B9F25E9C52FCDFC7F403
Authority key identifier: AE:BF:39:4E:2F:1B:25:1C:88:D9:88:A8:71:61:08:45:80:78:6E:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rr85Ti8bJRyI2YiocWEIRYB4bvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/GpSW7VY6BjcLOVsgPwMlLOa11Tk.roa
Signing time:             Mon 01 Jan 2024 16:30:58 +0000
ROA not before:           Mon 01 Jan 2024 16:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20824
IP address blocks:        178.249.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/rr85Ti8bJRyI2YiocWEIRYB4bvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/rr85Ti8bJRyI2YiocWEIRYB4bvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rr85Ti8bJRyI2YiocWEIRYB4bvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:38:0b:fa:a2:b9:f2:5e:9c:52:fc:df:c7:f4:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aebf394e2f1b251c88d988a87161084580786ef5
        Validity
            Not Before: Jan  1 16:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a9496ed563a06370b395b203f03252ce6b5d539
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:f1:ec:30:2e:3b:31:20:6f:b0:8f:8c:4e:54:
                    0d:89:5f:a6:2e:aa:3c:0b:96:79:e0:19:f2:30:67:
                    d0:9e:0f:e9:0e:9b:37:f2:5d:08:83:6f:25:c3:5d:
                    44:91:b2:a6:ba:db:3d:d5:c0:da:74:67:bb:39:28:
                    43:00:61:2e:fc:d5:8a:a6:2e:44:c5:aa:8b:52:d6:
                    f5:f0:5d:1a:ce:5b:51:f5:43:48:e1:24:86:7a:eb:
                    58:bb:e4:76:86:da:09:9b:09:94:d8:28:b7:4e:aa:
                    6b:a5:85:67:53:06:ed:c1:8b:80:f7:db:3f:aa:b7:
                    d9:62:0c:e1:99:79:3d:4c:9b:d7:58:20:4f:b0:c6:
                    b2:b1:a7:06:31:6c:f3:0f:cc:e0:fd:79:0d:f9:b5:
                    da:17:9e:17:a4:48:3d:3e:f4:f2:f2:0a:e5:a8:83:
                    04:25:d2:49:22:74:a4:fe:45:96:77:91:db:c4:73:
                    b4:8f:03:f6:a3:cf:59:a0:a3:d9:ad:f8:06:6b:17:
                    05:e9:07:d7:8e:8e:4c:0e:af:bd:a0:23:68:3d:29:
                    ab:4a:dd:b5:b6:67:78:92:e3:93:89:7f:04:19:43:
                    31:bf:27:ad:4f:ec:e8:71:c3:8f:07:d8:f6:c0:3e:
                    c8:d2:8f:ad:a2:da:b8:15:ba:5b:f6:d9:c0:28:75:
                    23:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:94:96:ED:56:3A:06:37:0B:39:5B:20:3F:03:25:2C:E6:B5:D5:39
            X509v3 Authority Key Identifier:
                keyid:AE:BF:39:4E:2F:1B:25:1C:88:D9:88:A8:71:61:08:45:80:78:6E:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rr85Ti8bJRyI2YiocWEIRYB4bvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/GpSW7VY6BjcLOVsgPwMlLOa11Tk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/rr85Ti8bJRyI2YiocWEIRYB4bvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.249.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:f7:72:01:f3:9d:3b:2a:0e:77:72:6e:84:f5:cb:93:4a:6d:
         18:4f:01:af:3a:9f:3c:82:3f:3d:95:e3:64:a6:f8:3f:a0:3e:
         f4:1e:03:2b:42:ab:59:6c:9f:38:38:c8:50:5e:61:a1:92:9a:
         c5:fc:88:e3:19:49:84:3f:d3:db:c5:59:8f:37:2d:27:f2:7d:
         dc:8d:31:d8:4b:0f:c6:48:97:14:ba:c3:0c:ec:c6:11:fa:18:
         01:68:3e:91:7a:12:a8:ea:14:3c:3a:2f:a0:9d:03:5e:a2:f9:
         96:47:bb:3a:9b:1f:04:db:a5:1c:cc:27:bd:b5:58:5c:f3:12:
         84:12:92:bd:98:8a:47:dd:55:ec:a0:60:88:0a:32:17:1d:c4:
         2c:9a:2f:13:de:a2:08:ac:5c:1c:26:18:4d:78:9f:54:dd:8d:
         4a:f0:b3:dc:f3:c0:6b:39:da:5a:25:30:28:75:40:ae:cd:c4:
         1b:6e:1c:f2:7a:d3:56:a8:8d:28:37:cc:53:a7:fb:1e:b5:da:
         6f:0b:26:58:e3:7f:61:a5:f3:e0:e4:f5:2e:f7:fa:5f:59:39:
         fd:43:87:6f:ca:8d:e8:d3:18:ce:8c:50:5f:0b:f0:32:e2:bc:
         28:60:1a:f5:2b:87:3e:16:18:2d:d6:1c:83:57:77:49:00:f5:
         bf:fa:6d:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3TgL+qK58l6cUvzfx/QDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYmYzOTRlMmYxYjI1MWM4OGQ5ODhhODcxNjEwODQ1ODA3
ODZlZjUwHhcNMjQwMTAxMTYzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTk0OTZlZDU2M2EwNjM3MGIzOTViMjAzZjAzMjUyY2U2YjVkNTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvHsMC47MSBvsI+MTlQNiV+mLqo8
C5Z54BnyMGfQng/pDps38l0Ig28lw11EkbKmuts91cDadGe7OShDAGEu/NWKpi5E
xaqLUtb18F0azltR9UNI4SSGeutYu+R2htoJmwmU2Ci3TqprpYVnUwbtwYuA99s/
qrfZYgzhmXk9TJvXWCBPsMaysacGMWzzD8zg/XkN+bXaF54XpEg9PvTy8grlqIME
JdJJInSk/kWWd5HbxHO0jwP2o89ZoKPZrfgGaxcF6QfXjo5MDq+9oCNoPSmrSt21
tmd4kuOTiX8EGUMxvyetT+zoccOPB9j2wD7I0o+totq4Fbpb9tnAKHUjtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBqUlu1WOgY3CzlbID8DJSzmtdU5MB8GA1UdIwQY
MBaAFK6/OU4vGyUciNmIqHFhCEWAeG71MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnI4NVRpOGJKUnlJMllpb2NXRUlSWUI0YnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS80MDQ5OGUtZDFjMC00ODRjLWFiY2It
NjFlN2Y0MGQ1ZGQ2LzEvR3BTVzdWWTZCamNMT1ZzZ1B3TWxMT2ExMVRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS80MDQ5OGUtZDFjMC00ODRjLWFiY2ItNjFlN2Y0MGQ1ZGQ2
LzEvcnI4NVRpOGJKUnlJMllpb2NXRUlSWUI0YnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsvmlMA0G
CSqGSIb3DQEBCwUAA4IBAQBM93IB8507Kg53cm6E9cuTSm0YTwGvOp88gj89leNk
pvg/oD70HgMrQqtZbJ84OMhQXmGhkprF/IjjGUmEP9PbxVmPNy0n8n3cjTHYSw/G
SJcUusMM7MYR+hgBaD6RehKo6hQ8Oi+gnQNeovmWR7s6mx8E26UczCe9tVhc8xKE
EpK9mIpH3VXsoGCICjIXHcQsmi8T3qIIrFwcJhhNeJ9U3Y1K8LPc88BrOdpaJTAo
dUCuzcQbbhzyetNWqI0oN8xTp/setdpvCyZY439hpfPg5PUu9/pfWTn9Q4dvyo3o
0xjOjFBfC/Ay4rwoYBr1K4c+Fhgt1hyDV3dJAPW/+m18
-----END CERTIFICATE-----