Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/173327-9742-435b-86c0-55e85ea09dde/1/gc_32kMMiG9KpNChPprDJbeWwOo.roa
File:                     gc_32kMMiG9KpNChPprDJbeWwOo.roa (raw, json)
Hash identifier:          q8WhS2+77oM8SIGfa5NHDcCWGydfwtyTmk5pu8Xx0vU=
Subject key identifier:   81:CF:F7:DA:43:0C:88:6F:4A:A4:D0:A1:3E:9A:C3:25:B7:96:C0:EA
Certificate issuer:       /CN=f2693085b5f75c0f10de08e22cbe4b062451b150
Certificate serial:       018CC8DEA68B9BB74EFA4355AFD7C1300A3B
Authority key identifier: F2:69:30:85:B5:F7:5C:0F:10:DE:08:E2:2C:BE:4B:06:24:51:B1:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8mkwhbX3XA8Q3gjiLL5LBiRRsVA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/173327-9742-435b-86c0-55e85ea09dde/1/gc_32kMMiG9KpNChPprDJbeWwOo.roa
Signing time:             Tue 02 Jan 2024 06:31:23 +0000
ROA not before:           Tue 02 Jan 2024 06:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30781
IP address blocks:        193.200.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/173327-9742-435b-86c0-55e85ea09dde/1/8mkwhbX3XA8Q3gjiLL5LBiRRsVA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/173327-9742-435b-86c0-55e85ea09dde/1/8mkwhbX3XA8Q3gjiLL5LBiRRsVA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8mkwhbX3XA8Q3gjiLL5LBiRRsVA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:a6:8b:9b:b7:4e:fa:43:55:af:d7:c1:30:0a:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2693085b5f75c0f10de08e22cbe4b062451b150
        Validity
            Not Before: Jan  2 06:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81cff7da430c886f4aa4d0a13e9ac325b796c0ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:31:e5:68:55:d3:9a:cc:8a:60:60:78:59:0c:
                    38:5e:27:b0:9f:80:7d:4d:01:fd:ef:10:38:dd:44:
                    2f:82:b2:56:25:9a:e2:d1:d7:57:0d:a8:59:f8:18:
                    6a:12:cb:22:97:37:4c:46:e8:5e:4f:5b:61:3c:fe:
                    94:7b:db:81:3d:27:02:12:82:a0:5b:17:34:70:3d:
                    85:ec:62:55:5c:35:c9:0d:a4:97:12:53:01:86:67:
                    2f:1f:cd:3e:88:c0:fb:ee:0b:a3:4e:48:77:5c:e8:
                    b4:66:69:b8:60:9f:b9:99:38:a4:23:46:a5:43:87:
                    d7:11:fe:2e:13:06:b4:22:82:23:68:7d:15:36:2b:
                    0e:22:f6:2d:71:b0:56:a8:e8:ef:2f:07:b9:e1:94:
                    d2:a7:ca:c9:40:ed:48:1c:39:f0:cb:6a:31:da:29:
                    e1:75:ad:06:4e:ff:bb:e9:e2:13:01:52:97:d0:bf:
                    5f:09:98:32:89:be:93:2d:c8:df:45:88:ec:70:bf:
                    0e:7e:e4:9b:5a:7b:bb:c5:ee:8b:0f:e5:17:e3:fe:
                    7f:08:aa:df:95:d3:34:67:4d:c5:65:92:ea:76:4a:
                    3f:a3:61:88:8d:3d:53:5e:bf:e9:eb:8e:bb:40:93:
                    f8:d1:06:8f:6c:52:2d:1a:14:5c:41:f3:45:3b:38:
                    4e:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:CF:F7:DA:43:0C:88:6F:4A:A4:D0:A1:3E:9A:C3:25:B7:96:C0:EA
            X509v3 Authority Key Identifier:
                keyid:F2:69:30:85:B5:F7:5C:0F:10:DE:08:E2:2C:BE:4B:06:24:51:B1:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8mkwhbX3XA8Q3gjiLL5LBiRRsVA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/173327-9742-435b-86c0-55e85ea09dde/1/gc_32kMMiG9KpNChPprDJbeWwOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/173327-9742-435b-86c0-55e85ea09dde/1/8mkwhbX3XA8Q3gjiLL5LBiRRsVA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:b8:35:94:dd:b6:c0:64:02:65:bb:f1:7c:fe:29:36:9f:ce:
         5f:94:77:c8:bb:75:10:83:cd:fd:36:25:7b:05:c5:44:38:5a:
         7b:04:7e:3f:ba:30:08:1f:a0:dc:13:68:93:7e:63:4b:71:a3:
         a7:00:75:b4:b8:c8:5b:a1:f5:c2:35:cb:7a:4e:16:f7:ff:fa:
         fe:b6:10:e3:41:c1:e6:4e:59:1b:d0:81:de:37:9c:06:a7:8e:
         46:7f:52:f6:14:c6:d4:d9:af:0c:8c:3a:3c:d7:45:b1:b5:05:
         a9:ce:44:ae:90:0a:cc:3f:1e:dc:48:b0:8b:0c:76:34:53:20:
         3a:08:d0:e8:81:b9:8d:33:26:66:98:76:1c:e4:36:a1:e7:0b:
         bf:3d:4b:62:6d:0b:e0:dd:ba:f5:68:3a:a8:ae:13:d2:d8:34:
         6f:28:d3:46:19:d3:23:a8:7b:ce:b6:1e:78:42:92:e5:8b:1f:
         80:66:b6:53:f4:29:31:17:3d:bf:d5:d9:d9:9e:5c:b5:c3:b7:
         7b:90:89:f1:bc:61:ce:4d:9b:17:e2:da:bf:eb:4f:38:21:9a:
         4e:0e:64:9d:1a:1f:37:a9:c3:9d:fb:0f:12:d2:38:22:b6:7d:
         4f:8d:66:9f:fa:07:04:c1:38:28:f1:25:f0:bc:3e:ff:55:9f:
         93:11:5a:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3qaLm7dO+kNVr9fBMAo7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyNjkzMDg1YjVmNzVjMGYxMGRlMDhlMjJjYmU0YjA2MjQ1
MWIxNTAwHhcNMjQwMTAyMDYzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWNmZjdkYTQzMGM4ODZmNGFhNGQwYTEzZTlhYzMyNWI3OTZjMGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDHlaFXTmsyKYGB4WQw4Xiewn4B9
TQH97xA43UQvgrJWJZri0ddXDahZ+BhqEssilzdMRuheT1thPP6Ue9uBPScCEoKg
Wxc0cD2F7GJVXDXJDaSXElMBhmcvH80+iMD77gujTkh3XOi0Zmm4YJ+5mTikI0al
Q4fXEf4uEwa0IoIjaH0VNisOIvYtcbBWqOjvLwe54ZTSp8rJQO1IHDnwy2ox2inh
da0GTv+76eITAVKX0L9fCZgyib6TLcjfRYjscL8OfuSbWnu7xe6LD+UX4/5/CKrf
ldM0Z03FZZLqdko/o2GIjT1TXr/p6467QJP40QaPbFItGhRcQfNFOzhOXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIHP99pDDIhvSqTQoT6awyW3lsDqMB8GA1UdIwQY
MBaAFPJpMIW191wPEN4I4iy+SwYkUbFQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOG1rd2hiWDNYQThRM2dqaUxMNUxCaVJSc1ZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8xNzMzMjctOTc0Mi00MzViLTg2YzAt
NTVlODVlYTA5ZGRlLzEvZ2NfMzJrTU1pRzlLcE5DaFBwckRKYmVXd09vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8xNzMzMjctOTc0Mi00MzViLTg2YzAtNTVlODVlYTA5ZGRl
LzEvOG1rd2hiWDNYQThRM2dqaUxMNUxCaVJSc1ZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcg8MA0G
CSqGSIb3DQEBCwUAA4IBAQBtuDWU3bbAZAJlu/F8/ik2n85flHfIu3UQg839NiV7
BcVEOFp7BH4/ujAIH6DcE2iTfmNLcaOnAHW0uMhbofXCNct6Thb3//r+thDjQcHm
Tlkb0IHeN5wGp45Gf1L2FMbU2a8MjDo810WxtQWpzkSukArMPx7cSLCLDHY0UyA6
CNDogbmNMyZmmHYc5Dah5wu/PUtibQvg3br1aDqorhPS2DRvKNNGGdMjqHvOth54
QpLlix+AZrZT9CkxFz2/1dnZnly1w7d7kInxvGHOTZsX4tq/6084IZpODmSdGh83
qcOd+w8S0jgitn1PjWaf+gcEwTgo8SXwvD7/VZ+TEVoi
-----END CERTIFICATE-----