Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/GCjrEnPeulkYv_6xyfibIHql25w.roa
File:                     GCjrEnPeulkYv_6xyfibIHql25w.roa (raw, json)
Hash identifier:          xLm7sCDvf260XpiTCWrAk8IOrXkLYrl40H7oTZbfJ4w=
Subject key identifier:   18:28:EB:12:73:DE:BA:59:18:BF:FE:B1:C9:F8:9B:20:7A:A5:DB:9C
Certificate issuer:       /CN=763d457e5d3cc0acd8a74f8b10e2686bfbc496cb
Certificate serial:       018EC424D6A2E6E7272EC5F43B7910C81398
Authority key identifier: 76:3D:45:7E:5D:3C:C0:AC:D8:A7:4F:8B:10:E2:68:6B:FB:C4:96:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/GCjrEnPeulkYv_6xyfibIHql25w.roa
Signing time:             Tue 09 Apr 2024 18:35:32 +0000
ROA not before:           Tue 09 Apr 2024 18:35:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43278
IP address blocks:        5.42.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c4:24:d6:a2:e6:e7:27:2e:c5:f4:3b:79:10:c8:13:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=763d457e5d3cc0acd8a74f8b10e2686bfbc496cb
        Validity
            Not Before: Apr  9 18:35:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1828eb1273deba5918bffeb1c9f89b207aa5db9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:8b:76:6a:96:ba:01:01:4a:33:48:47:4a:be:
                    d2:b9:ca:6b:f1:d8:f9:c8:a3:12:c5:cb:28:e5:e1:
                    13:86:80:68:78:1e:1d:c2:cb:e5:8c:58:56:64:5e:
                    d4:07:ed:e1:0f:29:b8:0b:9b:d8:c4:73:fd:f5:fe:
                    71:1d:41:49:0e:70:9f:e3:48:d7:cf:79:aa:06:6b:
                    8f:74:2d:ce:ed:c0:dc:50:c5:dd:ec:cc:11:dc:1b:
                    80:47:1f:cb:0d:a9:d4:f3:40:49:65:b9:65:32:f2:
                    63:51:2e:00:4c:f8:4f:da:11:a6:43:51:75:24:47:
                    77:bb:d0:9f:a3:73:11:02:d1:c6:11:7a:13:b3:d2:
                    da:94:ed:39:ff:d1:1a:c1:b6:43:5c:54:74:61:ad:
                    80:c4:c3:ee:3d:47:ce:49:b3:de:e6:cc:cd:de:48:
                    44:0e:2e:00:fc:d1:be:6e:da:bb:15:89:46:6c:e5:
                    00:cf:2b:7e:7d:6c:e3:15:0a:1f:d1:12:29:eb:d4:
                    0a:19:86:4c:63:d3:64:3c:5c:a3:83:63:35:12:c0:
                    aa:e2:5b:b8:19:58:9f:10:46:01:c4:1f:ed:da:4c:
                    c8:bc:bf:96:84:62:00:27:37:3f:0d:e2:be:ab:eb:
                    75:74:13:6a:16:b5:f4:65:b7:5e:aa:95:2f:91:69:
                    8c:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:28:EB:12:73:DE:BA:59:18:BF:FE:B1:C9:F8:9B:20:7A:A5:DB:9C
            X509v3 Authority Key Identifier:
                keyid:76:3D:45:7E:5D:3C:C0:AC:D8:A7:4F:8B:10:E2:68:6B:FB:C4:96:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/GCjrEnPeulkYv_6xyfibIHql25w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:b1:46:81:0a:d4:fd:a1:d5:c7:fe:97:b8:21:f3:8e:0b:06:
         b0:1b:76:ba:f3:46:b3:47:f1:ae:0d:4d:05:11:47:28:f5:45:
         d8:76:ab:4c:e0:11:c6:85:1d:fd:cb:bf:6e:29:ac:c5:b1:2b:
         a7:37:64:29:3c:ec:e2:24:55:77:cb:0e:e3:ed:e6:f0:04:f7:
         bb:93:82:7b:22:a3:e4:23:cd:86:ff:a9:1d:90:c6:ea:68:1d:
         c3:de:a9:c1:e5:f4:e3:8c:7a:48:48:f9:20:92:1a:70:b2:b4:
         08:dc:9c:d0:6a:1f:64:5f:09:b3:f2:3f:bd:a2:b0:37:e2:30:
         cc:59:0f:22:df:3a:1b:28:e4:3d:60:7b:f7:37:f5:a9:0d:4e:
         ca:8b:e0:e5:41:17:fb:90:9c:22:2d:a1:6b:cc:4a:ae:c1:74:
         09:fa:2f:7b:f5:aa:eb:38:56:ef:28:d1:3f:29:47:44:e9:52:
         ab:2c:2c:fe:dc:8c:51:50:45:33:6d:a9:44:17:67:1d:4f:92:
         3b:61:dc:7c:6b:3b:8c:fe:71:79:f6:6d:78:1a:dd:b4:2c:67:
         07:6f:39:16:21:fd:5f:80:b2:9d:4f:db:19:3a:08:bd:09:a7:
         07:87:9c:fc:0f:c6:af:b8:a3:68:26:be:4f:da:26:89:0a:2e:
         ef:c0:70:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7EJNai5ucnLsX0O3kQyBOYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2M2Q0NTdlNWQzY2MwYWNkOGE3NGY4YjEwZTI2ODZiZmJj
NDk2Y2IwHhcNMjQwNDA5MTgzNTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODI4ZWIxMjczZGViYTU5MThiZmZlYjFjOWY4OWIyMDdhYTVkYjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgYt2apa6AQFKM0hHSr7Sucpr8dj5
yKMSxcso5eEThoBoeB4dwsvljFhWZF7UB+3hDym4C5vYxHP99f5xHUFJDnCf40jX
z3mqBmuPdC3O7cDcUMXd7MwR3BuARx/LDanU80BJZbllMvJjUS4ATPhP2hGmQ1F1
JEd3u9Cfo3MRAtHGEXoTs9LalO05/9EawbZDXFR0Ya2AxMPuPUfOSbPe5szN3khE
Di4A/NG+btq7FYlGbOUAzyt+fWzjFQof0RIp69QKGYZMY9NkPFyjg2M1EsCq4lu4
GVifEEYBxB/t2kzIvL+WhGIAJzc/DeK+q+t1dBNqFrX0ZbdeqpUvkWmM5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBgo6xJz3rpZGL/+scn4myB6pducMB8GA1UdIwQY
MBaAFHY9RX5dPMCs2KdPixDiaGv7xJbLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGoxRmZsMDh3S3pZcDAtTEVPSm9hX3ZFbHNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jY2M5NGItYzI4Ny00ZTVmLTg2MDQt
N2U1OTRmMjQ5NGNjLzEvR0NqckVuUGV1bGtZdl82eHlmaWJJSHFsMjV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jY2M5NGItYzI4Ny00ZTVmLTg2MDQtN2U1OTRmMjQ5NGNj
LzEvZGoxRmZsMDh3S3pZcDAtTEVPSm9hX3ZFbHNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSrTMA0G
CSqGSIb3DQEBCwUAA4IBAQAvsUaBCtT9odXH/pe4IfOOCwawG3a680azR/GuDU0F
EUco9UXYdqtM4BHGhR39y79uKazFsSunN2QpPOziJFV3yw7j7ebwBPe7k4J7IqPk
I82G/6kdkMbqaB3D3qnB5fTjjHpISPkgkhpwsrQI3JzQah9kXwmz8j+9orA34jDM
WQ8i3zobKOQ9YHv3N/WpDU7Ki+DlQRf7kJwiLaFrzEquwXQJ+i979arrOFbvKNE/
KUdE6VKrLCz+3IxRUEUzbalEF2cdT5I7Ydx8azuM/nF59m14Gt20LGcHbzkWIf1f
gLKdT9sZOgi9CacHh5z8D8avuKNoJr5P2iaJCi7vwHBi
-----END CERTIFICATE-----