Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/b3c215-d866-42d0-a6c3-20677d80e838/1/GuBACEaaLKhTCHhpo7PwnylCeoo.roa
File:                     GuBACEaaLKhTCHhpo7PwnylCeoo.roa (raw, json)
Hash identifier:          3ronfCmYjtmN+/+EkbeU7iN1AnMSSHYPaQV8ZiLOJls=
Subject key identifier:   1A:E0:40:08:46:9A:2C:A8:53:08:78:69:A3:B3:F0:9F:29:42:7A:8A
Certificate issuer:       /CN=cca750fcc76d0dd75d7381e36d1bde4edddc3e51
Certificate serial:       018CCA991669BF763D415528B5E50A46784C
Authority key identifier: CC:A7:50:FC:C7:6D:0D:D7:5D:73:81:E3:6D:1B:DE:4E:DD:DC:3E:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zKdQ_MdtDdddc4HjbRveTt3cPlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/b3c215-d866-42d0-a6c3-20677d80e838/1/GuBACEaaLKhTCHhpo7PwnylCeoo.roa
Signing time:             Tue 02 Jan 2024 14:34:39 +0000
ROA not before:           Tue 02 Jan 2024 14:34:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57793
IP address blocks:        185.75.120.0/22 maxlen: 24
                          2a05:5240::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/b3c215-d866-42d0-a6c3-20677d80e838/1/zKdQ_MdtDdddc4HjbRveTt3cPlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/b3c215-d866-42d0-a6c3-20677d80e838/1/zKdQ_MdtDdddc4HjbRveTt3cPlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zKdQ_MdtDdddc4HjbRveTt3cPlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 21:43:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:16:69:bf:76:3d:41:55:28:b5:e5:0a:46:78:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cca750fcc76d0dd75d7381e36d1bde4edddc3e51
        Validity
            Not Before: Jan  2 14:34:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ae04008469a2ca853087869a3b3f09f29427a8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:10:b4:d5:67:d6:39:96:8d:b2:d0:c3:b2:a9:
                    d0:83:10:d9:7b:d6:fa:a8:58:63:6c:6c:9e:9d:2f:
                    b1:83:4d:3b:5b:66:75:8b:db:9c:4c:41:db:18:18:
                    98:da:9f:78:83:28:3c:9e:22:58:6f:04:12:70:c0:
                    23:2c:74:95:1c:90:3f:1e:3c:77:85:89:1e:61:8f:
                    35:1e:1a:07:4a:ed:7d:6d:fd:ed:73:09:dc:6b:f7:
                    47:73:1f:2e:38:ac:7b:e2:80:a5:5e:f0:0d:13:11:
                    ca:4a:49:49:df:79:4a:55:89:81:fa:02:27:07:97:
                    81:d0:72:9a:6b:be:56:ea:90:1d:7f:19:61:88:7b:
                    c1:81:3b:e7:b6:07:14:fb:bd:ce:05:3b:da:7e:d2:
                    4b:bd:3b:6f:c9:f8:cd:11:bb:b4:60:44:0d:8a:a1:
                    3d:83:b3:34:f5:2e:af:46:25:4f:ba:5f:66:1e:01:
                    81:48:3a:ec:3f:b9:5c:56:b3:8d:6b:51:de:00:63:
                    ab:0b:6a:f4:09:27:0b:4f:e0:e0:06:5f:b0:1a:d6:
                    1b:9f:74:de:46:5f:4d:1c:20:34:8b:ec:cc:c0:15:
                    d1:a7:91:46:fc:c8:d8:01:a5:b2:29:b9:33:0e:fb:
                    16:9c:df:42:41:ad:9e:b7:64:22:34:39:d8:61:82:
                    74:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:E0:40:08:46:9A:2C:A8:53:08:78:69:A3:B3:F0:9F:29:42:7A:8A
            X509v3 Authority Key Identifier:
                keyid:CC:A7:50:FC:C7:6D:0D:D7:5D:73:81:E3:6D:1B:DE:4E:DD:DC:3E:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zKdQ_MdtDdddc4HjbRveTt3cPlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/b3c215-d866-42d0-a6c3-20677d80e838/1/GuBACEaaLKhTCHhpo7PwnylCeoo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/b3c215-d866-42d0-a6c3-20677d80e838/1/zKdQ_MdtDdddc4HjbRveTt3cPlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.120.0/22
                IPv6:
                  2a05:5240::/29

    Signature Algorithm: sha256WithRSAEncryption
         74:d2:3f:d5:c1:df:bc:a8:4f:56:54:24:d4:d7:82:74:5c:07:
         d2:2a:8c:da:16:14:39:c5:b7:78:d2:d3:d4:78:97:23:7b:9a:
         53:ad:8a:b5:ec:70:51:94:7f:3d:23:11:79:2a:d7:c4:12:8b:
         81:f5:ff:70:fc:0d:e6:04:13:e5:f4:18:c6:6f:9f:e9:2d:fa:
         7e:d4:e6:80:45:34:e0:98:89:92:5d:03:94:a0:35:5e:f0:61:
         09:e7:eb:2e:26:d0:1e:0d:0f:9b:b8:d2:bb:fc:f2:bb:67:2f:
         8c:d9:a3:20:aa:70:99:6a:0f:86:e2:1e:13:3e:c0:7a:a3:14:
         d0:ee:2f:aa:75:c5:3b:07:cd:3d:f0:d2:42:1e:40:22:b0:2b:
         d1:b5:40:f3:a6:50:9c:5c:19:20:ad:9a:d3:da:3e:39:e2:9e:
         f1:af:94:b8:2c:81:1e:f4:d6:f5:72:79:8b:6c:51:5c:d3:18:
         ec:cb:e9:d7:4d:c6:96:1f:9e:f7:38:52:32:d0:55:3e:c7:7e:
         32:47:00:38:c8:8d:bb:c9:08:5b:62:71:2d:12:6e:9e:55:18:
         df:92:61:c3:2b:6b:fd:6f:35:0d:b2:1f:ae:89:ff:ea:48:1a:
         da:23:cb:e6:45:7c:a7:ab:18:b2:7d:a4:a5:48:1d:49:9a:22:
         5f:f7:14:1b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKmRZpv3Y9QVUoteUKRnhMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjYTc1MGZjYzc2ZDBkZDc1ZDczODFlMzZkMWJkZTRlZGRk
YzNlNTEwHhcNMjQwMTAyMTQzNDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWUwNDAwODQ2OWEyY2E4NTMwODc4NjlhM2IzZjA5ZjI5NDI3YThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohC01WfWOZaNstDDsqnQgxDZe9b6
qFhjbGyenS+xg007W2Z1i9ucTEHbGBiY2p94gyg8niJYbwQScMAjLHSVHJA/Hjx3
hYkeYY81HhoHSu19bf3tcwnca/dHcx8uOKx74oClXvANExHKSklJ33lKVYmB+gIn
B5eB0HKaa75W6pAdfxlhiHvBgTvntgcU+73OBTvaftJLvTtvyfjNEbu0YEQNiqE9
g7M09S6vRiVPul9mHgGBSDrsP7lcVrONa1HeAGOrC2r0CScLT+DgBl+wGtYbn3Te
Rl9NHCA0i+zMwBXRp5FG/MjYAaWyKbkzDvsWnN9CQa2et2QiNDnYYYJ0+wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBrgQAhGmiyoUwh4aaOz8J8pQnqKMB8GA1UdIwQY
MBaAFMynUPzHbQ3XXXOB420b3k7d3D5RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvektkUV9NZHREZGRkYzRIamJSdmVUdDNjUGxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9iM2MyMTUtZDg2Ni00MmQwLWE2YzMt
MjA2NzdkODBlODM4LzEvR3VCQUNFYWFMS2hUQ0hocG83UHdueWxDZW9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9iM2MyMTUtZDg2Ni00MmQwLWE2YzMtMjA2NzdkODBlODM4
LzEvektkUV9NZHREZGRkYzRIamJSdmVUdDNjUGxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUt4MA0E
AgACMAcDBQMqBVJAMA0GCSqGSIb3DQEBCwUAA4IBAQB00j/Vwd+8qE9WVCTU14J0
XAfSKozaFhQ5xbd40tPUeJcje5pTrYq17HBRlH89IxF5KtfEEouB9f9w/A3mBBPl
9BjGb5/pLfp+1OaARTTgmImSXQOUoDVe8GEJ5+suJtAeDQ+buNK7/PK7Zy+M2aMg
qnCZag+G4h4TPsB6oxTQ7i+qdcU7B8098NJCHkAisCvRtUDzplCcXBkgrZrT2j45
4p7xr5S4LIEe9Nb1cnmLbFFc0xjsy+nXTcaWH573OFIy0FU+x34yRwA4yI27yQhb
YnEtEm6eVRjfkmHDK2v9bzUNsh+uif/qSBraI8vmRXynqxiyfaSlSB1JmiJf9xQb
-----END CERTIFICATE-----