Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/GpFw33oZXSjeCAGt-dCsRjvv-xQ.roa
File:                     GpFw33oZXSjeCAGt-dCsRjvv-xQ.roa (raw, json)
Hash identifier:          ik7aLi8nEdu8Zg/u8lqSkoeceM/t91nRApubHFjaAQg=
Subject key identifier:   1A:91:70:DF:7A:19:5D:28:DE:08:01:AD:F9:D0:AC:46:3B:EF:FB:14
Certificate issuer:       /CN=5dd39e1de18514bac2f5a23910f8c7d4672a0fd8
Certificate serial:       0191D5CC55FEAF5817C29E28ADD1F5427BE5
Authority key identifier: 5D:D3:9E:1D:E1:85:14:BA:C2:F5:A2:39:10:F8:C7:D4:67:2A:0F:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XdOeHeGFFLrC9aI5EPjH1GcqD9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/GpFw33oZXSjeCAGt-dCsRjvv-xQ.roa
Signing time:             Mon 09 Sep 2024 08:00:23 +0000
ROA not before:           Mon 09 Sep 2024 08:00:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214255
IP address blocks:        213.254.186.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/XdOeHeGFFLrC9aI5EPjH1GcqD9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/XdOeHeGFFLrC9aI5EPjH1GcqD9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XdOeHeGFFLrC9aI5EPjH1GcqD9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d5:cc:55:fe:af:58:17:c2:9e:28:ad:d1:f5:42:7b:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd39e1de18514bac2f5a23910f8c7d4672a0fd8
        Validity
            Not Before: Sep  9 08:00:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a9170df7a195d28de0801adf9d0ac463beffb14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:2c:27:14:0d:44:b6:73:19:52:e4:77:f0:49:
                    a8:8b:29:c7:21:87:39:92:94:6c:38:19:18:ee:60:
                    21:00:71:00:95:54:18:84:87:b3:97:cd:c2:dd:54:
                    d8:42:ca:37:3d:cc:e6:0a:f7:df:6a:b4:f9:d0:f9:
                    8f:aa:ee:88:ea:03:fb:47:f9:51:82:93:4d:d8:0a:
                    3f:7a:16:0b:9e:4d:d9:da:ad:8b:27:18:2d:08:27:
                    84:53:c1:4a:e5:70:c7:9e:d0:26:0a:aa:65:e0:07:
                    88:63:5c:06:cb:59:49:e3:fe:d2:d3:f9:68:90:aa:
                    bf:5e:9e:e6:a4:3a:4f:c3:96:57:0a:db:cd:2c:24:
                    5f:c1:8b:93:ec:ef:25:00:0f:31:cc:a8:52:5e:8a:
                    45:3a:95:78:c1:1b:27:92:92:07:ef:64:5d:c8:f9:
                    c7:fe:1e:af:22:b5:bb:ef:6a:cb:d9:14:d8:c3:5a:
                    0b:71:ef:aa:2c:9c:9c:39:eb:91:0c:38:8e:98:5c:
                    6c:aa:43:a0:f6:ba:36:b7:40:23:29:bd:2a:f9:cd:
                    2d:7f:1a:99:84:81:80:85:38:cb:9e:bb:40:bb:d0:
                    00:b5:9d:38:6a:a4:24:be:6b:33:3a:6c:de:9f:bb:
                    44:c8:d5:7f:81:ba:99:a6:0b:55:8c:01:97:7c:0a:
                    fe:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:91:70:DF:7A:19:5D:28:DE:08:01:AD:F9:D0:AC:46:3B:EF:FB:14
            X509v3 Authority Key Identifier:
                keyid:5D:D3:9E:1D:E1:85:14:BA:C2:F5:A2:39:10:F8:C7:D4:67:2A:0F:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XdOeHeGFFLrC9aI5EPjH1GcqD9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/GpFw33oZXSjeCAGt-dCsRjvv-xQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/XdOeHeGFFLrC9aI5EPjH1GcqD9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.254.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9e:fc:90:48:0c:86:14:6c:f6:c1:14:39:01:fa:e0:b3:4f:37:
         76:31:1a:ba:ca:3c:81:c0:79:60:2d:00:b6:76:64:38:84:fa:
         cf:8a:59:c0:df:12:8d:d1:c3:21:9c:a6:c6:42:2f:fc:b1:8d:
         44:6f:be:2f:08:d3:ad:16:83:84:d4:3a:b9:57:1f:ef:54:03:
         d2:75:06:30:25:dc:50:1c:b4:bc:08:a0:29:24:e7:9d:16:61:
         21:ec:d3:c7:b1:f2:9e:16:8e:52:c6:ea:8d:b8:55:43:f0:18:
         f8:b0:57:d6:60:df:37:eb:1a:40:71:97:b3:44:ef:4a:f6:06:
         04:04:37:52:2a:d2:08:bb:c9:9f:ba:26:d2:c7:12:d0:af:fb:
         e2:ec:d0:f4:b5:d2:7b:3e:e7:25:b1:83:60:5a:c3:18:4f:a1:
         5d:ad:53:93:ab:0e:ad:6f:8a:b9:18:51:1a:28:7a:fa:13:2e:
         c4:a5:a1:8b:ed:bb:35:05:29:9a:06:b8:14:9f:65:0d:12:8d:
         e2:6c:37:cc:11:cb:6b:2b:48:c9:a9:af:67:98:c4:03:b4:ba:
         e2:01:54:5f:34:bf:a5:7c:7e:e4:6a:ff:30:17:43:09:c4:a5:
         db:c4:96:30:7d:76:d4:32:0c:3e:43:5d:f6:f3:1f:fd:42:35:
         d8:07:89:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHVzFX+r1gXwp4ordH1QnvlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDM5ZTFkZTE4NTE0YmFjMmY1YTIzOTEwZjhjN2Q0Njcy
YTBmZDgwHhcNMjQwOTA5MDgwMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTkxNzBkZjdhMTk1ZDI4ZGUwODAxYWRmOWQwYWM0NjNiZWZmYjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqSwnFA1EtnMZUuR38EmoiynHIYc5
kpRsOBkY7mAhAHEAlVQYhIezl83C3VTYQso3PczmCvffarT50PmPqu6I6gP7R/lR
gpNN2Ao/ehYLnk3Z2q2LJxgtCCeEU8FK5XDHntAmCqpl4AeIY1wGy1lJ4/7S0/lo
kKq/Xp7mpDpPw5ZXCtvNLCRfwYuT7O8lAA8xzKhSXopFOpV4wRsnkpIH72RdyPnH
/h6vIrW772rL2RTYw1oLce+qLJycOeuRDDiOmFxsqkOg9ro2t0AjKb0q+c0tfxqZ
hIGAhTjLnrtAu9AAtZ04aqQkvmszOmzen7tEyNV/gbqZpgtVjAGXfAr+AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBqRcN96GV0o3ggBrfnQrEY77/sUMB8GA1UdIwQY
MBaAFF3Tnh3hhRS6wvWiORD4x9RnKg/YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRPZUhlR0ZGTHJDOWFJNUVQakgxR2NxRDlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS85Njg2NWUtYzE3Ny00ODQ0LThkYzMt
OWMyNmIwN2I3MThiLzEvR3BGdzMzb1pYU2plQ0FHdC1kQ3NSanZ2LXhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS85Njg2NWUtYzE3Ny00ODQ0LThkYzMtOWMyNmIwN2I3MThi
LzEvWGRPZUhlR0ZGTHJDOWFJNUVQakgxR2NxRDlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1f66MA0G
CSqGSIb3DQEBCwUAA4IBAQCe/JBIDIYUbPbBFDkB+uCzTzd2MRq6yjyBwHlgLQC2
dmQ4hPrPilnA3xKN0cMhnKbGQi/8sY1Eb74vCNOtFoOE1Dq5Vx/vVAPSdQYwJdxQ
HLS8CKApJOedFmEh7NPHsfKeFo5SxuqNuFVD8Bj4sFfWYN836xpAcZezRO9K9gYE
BDdSKtIIu8mfuibSxxLQr/vi7ND0tdJ7PuclsYNgWsMYT6FdrVOTqw6tb4q5GFEa
KHr6Ey7EpaGL7bs1BSmaBrgUn2UNEo3ibDfMEctrK0jJqa9nmMQDtLriAVRfNL+l
fH7kav8wF0MJxKXbxJYwfXbUMgw+Q1328x/9QjXYB4ke
-----END CERTIFICATE-----