Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/6eb85e-bbb0-4da7-a4e0-d2ea6004d553/1/gJH9Lu0NUUtR30-7uoxNyJwQJqE.roa
File:                     gJH9Lu0NUUtR30-7uoxNyJwQJqE.roa (raw, json)
Hash identifier:          5HVyNMIIaLgvDm/43toxKaZivuouE/88dwpSMU2OhMo=
Subject key identifier:   80:91:FD:2E:ED:0D:51:4B:51:DF:4F:BB:BA:8C:4D:C8:9C:10:26:A1
Certificate issuer:       /CN=0ca71ff956ab8f8f7e7f59d409ac7af7a2b0a864
Certificate serial:       018CCA295DDB75CA790A75CE735D13F57DA8
Authority key identifier: 0C:A7:1F:F9:56:AB:8F:8F:7E:7F:59:D4:09:AC:7A:F7:A2:B0:A8:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DKcf-Varj49-f1nUCax696KwqGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/6eb85e-bbb0-4da7-a4e0-d2ea6004d553/1/gJH9Lu0NUUtR30-7uoxNyJwQJqE.roa
Signing time:             Tue 02 Jan 2024 12:32:37 +0000
ROA not before:           Tue 02 Jan 2024 12:32:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208207
IP address blocks:        193.151.229.0/24 maxlen: 24
                          2001:67c:27f4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/6eb85e-bbb0-4da7-a4e0-d2ea6004d553/1/DKcf-Varj49-f1nUCax696KwqGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/6eb85e-bbb0-4da7-a4e0-d2ea6004d553/1/DKcf-Varj49-f1nUCax696KwqGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DKcf-Varj49-f1nUCax696KwqGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:5d:db:75:ca:79:0a:75:ce:73:5d:13:f5:7d:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ca71ff956ab8f8f7e7f59d409ac7af7a2b0a864
        Validity
            Not Before: Jan  2 12:32:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8091fd2eed0d514b51df4fbbba8c4dc89c1026a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:66:01:d7:1b:9c:90:99:af:4a:b6:b9:27:7a:
                    0a:5d:8f:64:d0:a9:a3:13:01:e9:37:d6:c9:e3:14:
                    c6:0e:e1:c7:c5:7a:93:40:cb:54:b5:79:0e:b2:30:
                    c3:1f:42:ce:1c:32:e2:44:16:58:1f:75:55:e8:00:
                    61:a7:61:d6:a4:76:25:a4:0a:8a:4a:48:31:00:f3:
                    93:98:19:14:bd:78:ae:3c:ba:bf:b3:03:70:ca:3d:
                    89:ff:01:20:f4:60:7b:c9:72:f8:9e:6a:d6:61:c3:
                    e8:41:98:cf:0f:8f:e2:4d:3f:2c:86:41:5f:40:4e:
                    46:75:74:e5:41:a3:2a:56:23:8a:04:f8:35:01:d8:
                    40:9b:e3:c7:4c:12:eb:d1:c7:72:b5:39:4c:41:23:
                    08:e2:fc:f7:82:b3:4f:71:eb:03:ed:f6:59:b5:79:
                    05:e8:fd:fb:02:f5:06:08:8f:15:8c:46:6c:72:47:
                    53:3d:3a:48:63:93:d3:19:33:31:9a:6c:e5:4b:45:
                    bf:c4:72:d3:fb:df:1a:a9:5d:72:29:7f:1e:7c:91:
                    19:3f:f7:f2:51:51:f1:d1:24:a3:fd:5e:59:70:dd:
                    7a:91:7a:16:93:29:95:09:96:64:df:ea:3c:1c:4b:
                    11:ec:c8:2e:f2:3a:0d:1f:f5:41:a7:80:1e:cd:c5:
                    85:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:91:FD:2E:ED:0D:51:4B:51:DF:4F:BB:BA:8C:4D:C8:9C:10:26:A1
            X509v3 Authority Key Identifier:
                keyid:0C:A7:1F:F9:56:AB:8F:8F:7E:7F:59:D4:09:AC:7A:F7:A2:B0:A8:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DKcf-Varj49-f1nUCax696KwqGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/6eb85e-bbb0-4da7-a4e0-d2ea6004d553/1/gJH9Lu0NUUtR30-7uoxNyJwQJqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/6eb85e-bbb0-4da7-a4e0-d2ea6004d553/1/DKcf-Varj49-f1nUCax696KwqGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.229.0/24
                IPv6:
                  2001:67c:27f4::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:3c:77:11:c4:ed:51:25:7c:ec:76:11:00:44:04:7c:cc:f0:
         ad:be:0f:65:73:d4:ca:a2:43:7a:9d:44:31:06:e5:0e:b3:fb:
         e2:3c:7d:92:0c:94:50:0d:78:de:d6:2b:a4:3a:fd:51:a9:8d:
         9a:19:21:d3:fd:cc:c4:3d:fa:77:0e:c7:74:44:01:a2:3c:9d:
         05:85:55:f5:6d:31:f5:a2:11:e5:f5:75:7d:1f:a7:68:76:61:
         27:92:61:6f:5c:76:5c:a1:d3:e9:c7:a2:d1:46:b3:f3:09:cd:
         25:94:41:0b:c3:d2:b9:63:a4:66:6a:23:90:16:33:91:18:b2:
         9e:eb:0e:b0:c7:0a:f0:2e:d3:1b:5f:cc:86:8a:0e:90:5a:60:
         7e:af:a5:78:12:ed:06:f3:cd:0a:84:6f:31:f1:44:f5:b1:6a:
         48:d7:bc:10:64:34:c6:ab:b8:94:b3:2e:74:49:da:da:50:3b:
         f0:56:43:bb:71:0f:8c:bb:61:55:5c:6a:92:57:54:81:4f:f7:
         ea:aa:b6:55:7b:9c:9f:16:5e:71:b2:03:be:06:39:eb:7d:64:
         f5:d9:66:5b:85:15:51:15:77:1b:ee:27:9b:4f:08:04:f7:ca:
         fe:97:ae:5a:19:16:73:0a:96:14:60:63:68:1a:c7:3c:64:5e:
         63:a3:64:3b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKKV3bdcp5CnXOc10T9X2oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjYTcxZmY5NTZhYjhmOGY3ZTdmNTlkNDA5YWM3YWY3YTJi
MGE4NjQwHhcNMjQwMTAyMTIzMjM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDkxZmQyZWVkMGQ1MTRiNTFkZjRmYmJiYThjNGRjODljMTAyNmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmYB1xuckJmvSra5J3oKXY9k0Kmj
EwHpN9bJ4xTGDuHHxXqTQMtUtXkOsjDDH0LOHDLiRBZYH3VV6ABhp2HWpHYlpAqK
SkgxAPOTmBkUvXiuPLq/swNwyj2J/wEg9GB7yXL4nmrWYcPoQZjPD4/iTT8shkFf
QE5GdXTlQaMqViOKBPg1AdhAm+PHTBLr0cdytTlMQSMI4vz3grNPcesD7fZZtXkF
6P37AvUGCI8VjEZsckdTPTpIY5PTGTMxmmzlS0W/xHLT+98aqV1yKX8efJEZP/fy
UVHx0SSj/V5ZcN16kXoWkymVCZZk3+o8HEsR7Mgu8joNH/VBp4AezcWFWQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFICR/S7tDVFLUd9Pu7qMTcicECahMB8GA1UdIwQY
MBaAFAynH/lWq4+Pfn9Z1AmseveisKhkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREtjZi1WYXJqNDktZjFuVUNheDY5Nkt3cUdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC82ZWI4NWUtYmJiMC00ZGE3LWE0ZTAt
ZDJlYTYwMDRkNTUzLzEvZ0pIOUx1ME5VVXRSMzAtN3VveE55SndRSnFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC82ZWI4NWUtYmJiMC00ZGE3LWE0ZTAtZDJlYTYwMDRkNTUz
LzEvREtjZi1WYXJqNDktZjFuVUNheDY5Nkt3cUdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwZflMA8E
AgACMAkDBwAgAQZ8J/QwDQYJKoZIhvcNAQELBQADggEBAJE8dxHE7VElfOx2EQBE
BHzM8K2+D2Vz1MqiQ3qdRDEG5Q6z++I8fZIMlFANeN7WK6Q6/VGpjZoZIdP9zMQ9
+ncOx3REAaI8nQWFVfVtMfWiEeX1dX0fp2h2YSeSYW9cdlyh0+nHotFGs/MJzSWU
QQvD0rljpGZqI5AWM5EYsp7rDrDHCvAu0xtfzIaKDpBaYH6vpXgS7QbzzQqEbzHx
RPWxakjXvBBkNMaruJSzLnRJ2tpQO/BWQ7txD4y7YVVcapJXVIFP9+qqtlV7nJ8W
XnGyA74GOet9ZPXZZluFFVEVdxvuJ5tPCAT3yv6XrloZFnMKlhRgY2gaxzxkXmOj
ZDs=
-----END CERTIFICATE-----