Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/gtMvcfDkHijfp_Tx9Ks_mr9_UnQ.roa
File:                     gtMvcfDkHijfp_Tx9Ks_mr9_UnQ.roa (raw, json)
Hash identifier:          L+j6sEJevrFnAeZaV1mSpFXmcDvb2LCpk+dEJtcgmTQ=
Subject key identifier:   82:D3:2F:71:F0:E4:1E:28:DF:A7:F4:F1:F4:AB:3F:9A:BF:7F:52:74
Certificate issuer:       /CN=a608db43964b6986ec740f0b5e33f627589ac560
Certificate serial:       018CC2DB1043546C92980021D1ACA86BB257
Authority key identifier: A6:08:DB:43:96:4B:69:86:EC:74:0F:0B:5E:33:F6:27:58:9A:C5:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/gtMvcfDkHijfp_Tx9Ks_mr9_UnQ.roa
Signing time:             Mon 01 Jan 2024 02:29:45 +0000
ROA not before:           Mon 01 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209517
IP address blocks:        176.96.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:10:43:54:6c:92:98:00:21:d1:ac:a8:6b:b2:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a608db43964b6986ec740f0b5e33f627589ac560
        Validity
            Not Before: Jan  1 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82d32f71f0e41e28dfa7f4f1f4ab3f9abf7f5274
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:82:3f:7d:cc:96:7c:30:3a:df:0a:90:a3:f6:
                    fa:a8:e4:38:db:ef:e0:bf:08:61:d2:40:ad:cc:1b:
                    47:fa:6e:9c:3f:46:b4:f8:9b:a7:ad:43:b9:81:ca:
                    03:22:fa:27:b7:b0:c6:07:3c:a8:7e:4e:a8:af:d5:
                    a5:37:7d:e2:da:4d:ed:23:6d:28:f0:b1:f1:f6:b6:
                    81:d3:49:17:33:f1:d9:42:1f:20:ee:36:6b:08:c9:
                    da:f9:cb:a9:53:4a:20:a8:f3:17:ba:04:f4:7b:ef:
                    7f:7d:41:09:93:62:34:bd:5d:3f:f9:1e:0b:f6:61:
                    94:8c:29:50:f7:3f:b7:25:f8:73:71:94:b7:71:c4:
                    0f:8c:ef:d2:ef:3e:48:f6:cb:d9:49:b7:f2:77:74:
                    a5:41:ba:77:52:2a:cf:8e:ae:5c:dd:43:b0:aa:3d:
                    aa:88:45:de:e4:71:2d:d2:b0:9b:f6:5e:f4:02:23:
                    2a:87:6d:96:fd:1c:26:c1:0d:c2:85:ed:51:c6:f8:
                    ef:99:0f:43:90:98:f2:fd:c1:40:3c:f0:73:4e:b3:
                    3b:a4:ba:82:60:77:e8:05:4c:70:9e:34:d6:e3:72:
                    51:79:e7:bc:fb:a6:67:56:7a:6f:54:92:0c:8f:6b:
                    b5:75:ea:88:e9:2e:52:40:a2:d8:e9:d1:6c:51:b1:
                    2a:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:D3:2F:71:F0:E4:1E:28:DF:A7:F4:F1:F4:AB:3F:9A:BF:7F:52:74
            X509v3 Authority Key Identifier:
                keyid:A6:08:DB:43:96:4B:69:86:EC:74:0F:0B:5E:33:F6:27:58:9A:C5:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/gtMvcfDkHijfp_Tx9Ks_mr9_UnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.96.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:13:12:2b:2c:c5:f5:1f:38:d6:6b:9b:48:b2:34:6c:03:1c:
         c6:24:17:95:2c:35:84:29:9d:91:64:c5:82:02:19:18:71:45:
         6e:49:48:bd:c2:05:a8:d8:a3:b0:9e:1b:6c:20:ba:71:4b:fa:
         5b:f1:27:dc:94:42:93:b0:ff:70:2d:8e:96:61:6e:41:05:b3:
         f6:d1:07:8b:d3:69:a7:9a:fd:a3:0c:43:27:80:80:6e:55:b1:
         26:3b:81:8f:21:ef:f0:51:cb:e6:f5:8b:d6:fc:34:dc:7c:e7:
         c8:5b:fd:a9:5a:5b:e4:ca:0f:ea:61:4f:20:ea:f2:25:44:cd:
         2a:4b:58:07:d5:82:97:c0:70:b7:9f:fb:cd:71:77:e2:a7:03:
         9e:73:34:7b:40:f8:58:d4:3e:af:51:02:29:4d:f5:12:3a:73:
         ad:27:d8:98:e0:66:15:6e:b9:a0:fd:ea:89:d4:09:32:8d:43:
         94:17:ff:e8:0e:92:92:87:a7:14:b8:50:08:44:c5:59:e8:2d:
         73:83:57:cb:22:fc:33:61:23:88:c8:90:9f:50:d5:99:d6:9a:
         9c:5b:00:c0:ca:8b:a8:c7:67:0b:10:ee:f8:4f:72:b6:76:8a:
         62:a2:45:75:fd:61:d2:a8:08:15:81:71:bb:fa:30:33:4e:3e:
         9e:3f:85:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2xBDVGySmAAh0ayoa7JXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MDhkYjQzOTY0YjY5ODZlYzc0MGYwYjVlMzNmNjI3NTg5
YWM1NjAwHhcNMjQwMTAxMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmQzMmY3MWYwZTQxZTI4ZGZhN2Y0ZjFmNGFiM2Y5YWJmN2Y1Mjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYI/fcyWfDA63wqQo/b6qOQ42+/g
vwhh0kCtzBtH+m6cP0a0+JunrUO5gcoDIvont7DGBzyofk6or9WlN33i2k3tI20o
8LHx9raB00kXM/HZQh8g7jZrCMna+cupU0ogqPMXugT0e+9/fUEJk2I0vV0/+R4L
9mGUjClQ9z+3JfhzcZS3ccQPjO/S7z5I9svZSbfyd3SlQbp3UirPjq5c3UOwqj2q
iEXe5HEt0rCb9l70AiMqh22W/RwmwQ3Che1RxvjvmQ9DkJjy/cFAPPBzTrM7pLqC
YHfoBUxwnjTW43JReee8+6ZnVnpvVJIMj2u1deqI6S5SQKLY6dFsUbEqeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFILTL3Hw5B4o36f08fSrP5q/f1J0MB8GA1UdIwQY
MBaAFKYI20OWS2mG7HQPC14z9idYmsVgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGdqYlE1WkxhWWJzZEE4TFhqUDJKMWlheFdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi81MDAxNTAtMTU1MS00N2RlLWI1MDQt
ZDY0NjgzY2VlMTZmLzEvZ3RNdmNmRGtIaWpmcF9UeDlLc19tcjlfVW5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi81MDAxNTAtMTU1MS00N2RlLWI1MDQtZDY0NjgzY2VlMTZm
LzEvcGdqYlE1WkxhWWJzZEE4TFhqUDJKMWlheFdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGDgMA0G
CSqGSIb3DQEBCwUAA4IBAQB8ExIrLMX1HzjWa5tIsjRsAxzGJBeVLDWEKZ2RZMWC
AhkYcUVuSUi9wgWo2KOwnhtsILpxS/pb8SfclEKTsP9wLY6WYW5BBbP20QeL02mn
mv2jDEMngIBuVbEmO4GPIe/wUcvm9YvW/DTcfOfIW/2pWlvkyg/qYU8g6vIlRM0q
S1gH1YKXwHC3n/vNcXfipwOeczR7QPhY1D6vUQIpTfUSOnOtJ9iY4GYVbrmg/eqJ
1AkyjUOUF//oDpKSh6cUuFAIRMVZ6C1zg1fLIvwzYSOIyJCfUNWZ1pqcWwDAyouo
x2cLEO74T3K2dopiokV1/WHSqAgVgXG7+jAzTj6eP4XS
-----END CERTIFICATE-----