Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/9bb7d6-7f7a-486c-8a0d-c47c26fa68af/1/GBL5wD45fe7V1Tw28hJMfqFLdyc.roa
File:                     GBL5wD45fe7V1Tw28hJMfqFLdyc.roa (raw, json)
Hash identifier:          vAAqLm0aoELlPxyFqdxa2J0k1ryhaKWjFXHVqdx7kek=
Subject key identifier:   18:12:F9:C0:3E:39:7D:EE:D5:D5:3C:36:F2:12:4C:7E:A1:4B:77:27
Certificate issuer:       /CN=546ec217e9b129316c23a6fa9f9a721f10c2d95d
Certificate serial:       018D418EC39AACB0CE296B4EB6568214631B
Authority key identifier: 54:6E:C2:17:E9:B1:29:31:6C:23:A6:FA:9F:9A:72:1F:10:C2:D9:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VG7CF-mxKTFsI6b6n5pyHxDC2V0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/9bb7d6-7f7a-486c-8a0d-c47c26fa68af/1/GBL5wD45fe7V1Tw28hJMfqFLdyc.roa
Signing time:             Thu 25 Jan 2024 16:58:11 +0000
ROA not before:           Thu 25 Jan 2024 16:58:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197835
IP address blocks:        176.111.173.0/24 maxlen: 24
                          2a13:940::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/9bb7d6-7f7a-486c-8a0d-c47c26fa68af/1/VG7CF-mxKTFsI6b6n5pyHxDC2V0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/9bb7d6-7f7a-486c-8a0d-c47c26fa68af/1/VG7CF-mxKTFsI6b6n5pyHxDC2V0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VG7CF-mxKTFsI6b6n5pyHxDC2V0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:41:8e:c3:9a:ac:b0:ce:29:6b:4e:b6:56:82:14:63:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546ec217e9b129316c23a6fa9f9a721f10c2d95d
        Validity
            Not Before: Jan 25 16:58:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1812f9c03e397deed5d53c36f2124c7ea14b7727
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:d4:a6:a5:e3:87:da:a2:f8:f4:b5:07:4a:b3:
                    4d:f7:7a:63:9b:cf:c5:61:cb:d9:8d:86:91:96:c4:
                    ff:13:99:a7:52:d8:91:d1:30:1a:45:09:68:30:97:
                    6d:2e:48:86:66:31:1c:5c:45:e4:f1:fd:12:54:13:
                    57:21:f0:f5:65:9a:89:4e:e9:4c:a8:eb:18:04:06:
                    c5:d7:51:a5:7b:f2:20:89:7b:55:f7:9e:b4:51:99:
                    e8:ee:af:b4:44:b6:b3:d6:dd:8c:66:b9:56:19:15:
                    bf:95:b7:4d:69:98:d1:e8:2f:ee:32:9c:6d:1e:21:
                    54:fc:98:89:78:da:a6:89:93:c6:18:7f:72:7f:8c:
                    6c:6a:4f:ee:e6:56:a8:8c:6f:24:e5:50:5b:f4:e4:
                    13:9f:1e:e0:83:bd:e4:fa:32:b5:95:a9:d0:47:1c:
                    de:01:e3:f3:7b:e8:4f:29:c2:18:c7:3b:37:3e:95:
                    29:5e:02:5f:73:2e:54:2d:ff:a0:41:e3:68:65:2d:
                    ef:68:9a:de:74:6e:25:fa:ba:44:61:9c:11:56:49:
                    7b:a0:ac:d5:6b:06:b0:f6:ce:08:5f:08:02:99:f3:
                    fb:42:28:e4:48:78:e5:00:2f:5f:95:87:55:17:d3:
                    10:e6:2a:4f:0e:fe:96:7a:95:7d:bd:d7:d5:05:f9:
                    20:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:12:F9:C0:3E:39:7D:EE:D5:D5:3C:36:F2:12:4C:7E:A1:4B:77:27
            X509v3 Authority Key Identifier:
                keyid:54:6E:C2:17:E9:B1:29:31:6C:23:A6:FA:9F:9A:72:1F:10:C2:D9:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VG7CF-mxKTFsI6b6n5pyHxDC2V0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/9bb7d6-7f7a-486c-8a0d-c47c26fa68af/1/GBL5wD45fe7V1Tw28hJMfqFLdyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/9bb7d6-7f7a-486c-8a0d-c47c26fa68af/1/VG7CF-mxKTFsI6b6n5pyHxDC2V0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.111.173.0/24
                IPv6:
                  2a13:940::/29

    Signature Algorithm: sha256WithRSAEncryption
         0b:71:c4:da:f7:01:48:9f:1c:6d:40:07:26:6b:23:e7:39:d6:
         bf:7d:7f:f5:5c:e9:cc:fd:9a:61:73:9b:5c:54:a7:8e:08:ea:
         8a:8a:02:a9:d8:e7:26:30:ac:a9:2c:be:18:3d:20:8b:82:57:
         33:1b:a0:d3:7a:0a:57:56:9f:79:7c:15:48:39:52:d1:dd:26:
         04:53:86:74:31:6b:85:f4:f8:2d:58:37:c4:ab:ab:1b:1c:43:
         93:3e:29:90:b2:ac:04:e5:2e:a9:aa:14:70:05:de:1b:6f:0d:
         21:f9:7c:a3:b0:6f:56:10:e5:ed:ea:ee:ae:2d:6c:98:5d:d4:
         e7:72:fa:3c:2f:78:50:08:e3:0e:99:50:d7:2e:2d:6e:d9:e3:
         b4:c2:a5:ce:74:1d:c0:7a:16:a6:a6:47:53:81:3e:41:38:28:
         d8:df:50:9a:c6:b8:45:f4:b1:dc:38:72:d6:41:ff:8f:44:dd:
         bc:70:e0:cc:a0:cf:83:92:06:2d:6e:41:f5:bf:a0:3a:d9:52:
         5c:fa:8c:6a:0b:ca:49:ff:09:bd:3a:45:be:e2:74:90:a9:ad:
         df:3f:38:bf:10:17:71:b3:27:b6:a8:5c:3e:23:91:fb:2c:e6:
         36:45:f2:c0:f8:e5:d8:b5:a7:a3:ad:ef:fe:7b:67:e2:5e:47:
         74:50:de:02
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY1BjsOarLDOKWtOtlaCFGMbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NmVjMjE3ZTliMTI5MzE2YzIzYTZmYTlmOWE3MjFmMTBj
MmQ5NWQwHhcNMjQwMTI1MTY1ODExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODEyZjljMDNlMzk3ZGVlZDVkNTNjMzZmMjEyNGM3ZWExNGI3NzI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntSmpeOH2qL49LUHSrNN93pjm8/F
YcvZjYaRlsT/E5mnUtiR0TAaRQloMJdtLkiGZjEcXEXk8f0SVBNXIfD1ZZqJTulM
qOsYBAbF11Gle/IgiXtV9560UZno7q+0RLaz1t2MZrlWGRW/lbdNaZjR6C/uMpxt
HiFU/JiJeNqmiZPGGH9yf4xsak/u5laojG8k5VBb9OQTnx7gg73k+jK1lanQRxze
AePze+hPKcIYxzs3PpUpXgJfcy5ULf+gQeNoZS3vaJredG4l+rpEYZwRVkl7oKzV
awaw9s4IXwgCmfP7QijkSHjlAC9flYdVF9MQ5ipPDv6WepV9vdfVBfkgWwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBgS+cA+OX3u1dU8NvISTH6hS3cnMB8GA1UdIwQY
MBaAFFRuwhfpsSkxbCOm+p+ach8QwtldMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkc3Q0YtbXhLVEZzSTZiNm41cHlIeERDMlYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85YmI3ZDYtN2Y3YS00ODZjLThhMGQt
YzQ3YzI2ZmE2OGFmLzEvR0JMNXdENDVmZTdWMVR3MjhoSk1mcUZMZHljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85YmI3ZDYtN2Y3YS00ODZjLThhMGQtYzQ3YzI2ZmE2OGFm
LzEvVkc3Q0YtbXhLVEZzSTZiNm41cHlIeERDMlYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAsG+tMA0E
AgACMAcDBQMqEwlAMA0GCSqGSIb3DQEBCwUAA4IBAQALccTa9wFInxxtQAcmayPn
Oda/fX/1XOnM/Zphc5tcVKeOCOqKigKp2OcmMKypLL4YPSCLglczG6DTegpXVp95
fBVIOVLR3SYEU4Z0MWuF9PgtWDfEq6sbHEOTPimQsqwE5S6pqhRwBd4bbw0h+Xyj
sG9WEOXt6u6uLWyYXdTncvo8L3hQCOMOmVDXLi1u2eO0wqXOdB3AehampkdTgT5B
OCjY31CaxrhF9LHcOHLWQf+PRN28cODMoM+DkgYtbkH1v6A62VJc+oxqC8pJ/wm9
OkW+4nSQqa3fPzi/EBdxsye2qFw+I5H7LOY2RfLA+OXYtaejre/+e2fiXkd0UN4C
-----END CERTIFICATE-----