Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/GWi0DMKlY0UqUqX5BhgOirwlgZc.roa
File:                     GWi0DMKlY0UqUqX5BhgOirwlgZc.roa (raw, json)
Hash identifier:          G9qWAjGnwCrr9i01sDW44Jjzl7niD/T9/2uBdwVtoA0=
Subject key identifier:   19:68:B4:0C:C2:A5:63:45:2A:52:A5:F9:06:18:0E:8A:BC:25:81:97
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018D7EC99197D65BEC9D823AF82629A1460B
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/GWi0DMKlY0UqUqX5BhgOirwlgZc.roa
Signing time:             Tue 06 Feb 2024 14:19:15 +0000
ROA not before:           Tue 06 Feb 2024 14:19:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44529
IP address blocks:        194.14.100.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7e:c9:91:97:d6:5b:ec:9d:82:3a:f8:26:29:a1:46:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Feb  6 14:19:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1968b40cc2a563452a52a5f906180e8abc258197
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:80:56:0d:2b:79:94:6c:f9:45:77:28:3e:24:
                    0f:72:f7:5b:c7:69:93:e8:2a:66:71:54:ac:35:92:
                    52:78:fe:8f:de:74:39:2a:c1:00:b2:3d:6f:ea:ff:
                    a5:6a:d8:48:be:6d:0e:fc:b2:7c:7a:6a:66:92:a3:
                    9e:9a:2d:e8:83:78:e8:62:26:f1:d5:cc:39:0e:1f:
                    3a:ec:a0:cc:a1:27:38:e1:50:e7:40:e4:92:15:ea:
                    28:14:f6:7b:f4:55:8d:70:61:6e:70:25:84:e3:33:
                    cf:83:d2:e2:3b:99:c6:78:7a:86:c6:41:ba:01:18:
                    f9:b3:e0:78:87:a2:36:65:34:b4:ec:b0:66:62:f1:
                    e5:1e:9b:38:f9:0b:69:a5:28:14:ef:e2:98:3a:f0:
                    ad:d7:0a:92:62:cb:39:57:32:b4:5d:fd:c8:d0:78:
                    7d:32:aa:16:35:b1:f1:21:f6:19:50:03:5d:e2:d4:
                    ef:97:c7:2b:5e:99:6a:c2:e1:e0:b9:33:9a:e7:1f:
                    82:8d:21:dd:ab:aa:10:c3:2b:3d:ac:78:64:57:d2:
                    61:0e:0d:b0:62:d1:6e:63:20:5c:a7:fd:b5:e4:9a:
                    73:26:b7:78:6f:99:41:5d:9d:f0:88:8c:dd:11:4d:
                    3a:2f:d7:7d:21:22:3b:a4:08:5f:41:61:56:c2:2a:
                    16:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:68:B4:0C:C2:A5:63:45:2A:52:A5:F9:06:18:0E:8A:BC:25:81:97
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/GWi0DMKlY0UqUqX5BhgOirwlgZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.14.100.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a4:1b:ee:4d:02:2d:17:5a:94:f1:86:03:b9:af:a9:2f:09:cf:
         bd:bd:c6:83:fb:57:7b:84:59:64:e7:f1:f2:cb:61:dc:7b:d5:
         5d:2a:51:63:0c:36:23:92:c1:d1:68:41:a9:07:8c:ba:7f:88:
         d5:88:ea:26:fa:7d:50:cc:eb:ab:6e:dc:92:c0:ed:57:d2:07:
         20:cf:53:d0:2b:ca:45:8c:f8:96:38:bf:db:ee:0a:8a:2c:ce:
         8c:02:cb:27:72:1b:40:22:0c:3c:62:95:4a:60:60:85:4a:b8:
         5f:47:82:51:44:64:15:21:81:92:bc:2b:63:92:cd:86:95:dd:
         2d:8d:71:0e:51:f6:75:a8:ad:af:b8:b2:11:85:3f:6b:06:5c:
         10:84:19:cb:1d:05:97:e4:fe:b0:8e:27:29:ce:25:a1:3b:e7:
         e1:52:16:7e:ad:99:05:8a:18:63:cb:36:83:11:84:f0:ed:70:
         70:b0:1d:22:05:5c:54:70:b9:75:c7:d3:38:6f:f0:85:f9:a0:
         de:2a:8d:e6:dc:cc:e1:e8:89:66:11:4d:ac:59:4e:1c:e9:16:
         16:69:1c:ca:9c:1e:37:6c:ae:00:fa:4f:f6:67:55:f1:3a:96:
         47:ef:11:8e:4a:48:ce:be:3d:b9:91:7e:12:f7:ba:5c:66:33:
         67:5a:f2:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1+yZGX1lvsnYI6+CYpoUYLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMjA2MTQxOTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTY4YjQwY2MyYTU2MzQ1MmE1MmE1ZjkwNjE4MGU4YWJjMjU4MTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz4BWDSt5lGz5RXcoPiQPcvdbx2mT
6CpmcVSsNZJSeP6P3nQ5KsEAsj1v6v+lathIvm0O/LJ8empmkqOemi3og3joYibx
1cw5Dh867KDMoSc44VDnQOSSFeooFPZ79FWNcGFucCWE4zPPg9LiO5nGeHqGxkG6
ARj5s+B4h6I2ZTS07LBmYvHlHps4+QtppSgU7+KYOvCt1wqSYss5VzK0Xf3I0Hh9
MqoWNbHxIfYZUANd4tTvl8crXplqwuHguTOa5x+CjSHdq6oQwys9rHhkV9JhDg2w
YtFuYyBcp/215JpzJrd4b5lBXZ3wiIzdEU06L9d9ISI7pAhfQWFWwioWswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBlotAzCpWNFKlKl+QYYDoq8JYGXMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvR1dpMERNS2xZMFVxVXFYNUJoZ09pcndsZ1pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwg5kMA0G
CSqGSIb3DQEBCwUAA4IBAQCkG+5NAi0XWpTxhgO5r6kvCc+9vcaD+1d7hFlk5/Hy
y2Hce9VdKlFjDDYjksHRaEGpB4y6f4jViOom+n1QzOurbtySwO1X0gcgz1PQK8pF
jPiWOL/b7gqKLM6MAssnchtAIgw8YpVKYGCFSrhfR4JRRGQVIYGSvCtjks2Gld0t
jXEOUfZ1qK2vuLIRhT9rBlwQhBnLHQWX5P6wjicpziWhO+fhUhZ+rZkFihhjyzaD
EYTw7XBwsB0iBVxUcLl1x9M4b/CF+aDeKo3m3Mzh6IlmEU2sWU4c6RYWaRzKnB43
bK4A+k/2Z1XxOpZH7xGOSkjOvj25kX4S97pcZjNnWvI5
-----END CERTIFICATE-----