Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/163d77-4fea-4131-becb-0f22d89689a0/1/GllneJsOvkbNWGFoIpSB46bkf40.roa
File:                     GllneJsOvkbNWGFoIpSB46bkf40.roa (raw, json)
Hash identifier:          Ye1KUdV2nIqvT74ScmbpLZeA5G+fCHiqth7X+a5b2SQ=
Subject key identifier:   1A:59:67:78:9B:0E:BE:46:CD:58:61:68:22:94:81:E3:A6:E4:7F:8D
Certificate issuer:       /CN=a42000c4f4ec4a03cd4d3657e01b70034ec23b97
Certificate serial:       018CC6B84E086CF25DB9BB8843861EC7F7F3
Authority key identifier: A4:20:00:C4:F4:EC:4A:03:CD:4D:36:57:E0:1B:70:03:4E:C2:3B:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pCAAxPTsSgPNTTZX4BtwA07CO5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/163d77-4fea-4131-becb-0f22d89689a0/1/GllneJsOvkbNWGFoIpSB46bkf40.roa
Signing time:             Mon 01 Jan 2024 20:30:16 +0000
ROA not before:           Mon 01 Jan 2024 20:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56460
IP address blocks:        178.218.240.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/163d77-4fea-4131-becb-0f22d89689a0/1/pCAAxPTsSgPNTTZX4BtwA07CO5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/163d77-4fea-4131-becb-0f22d89689a0/1/pCAAxPTsSgPNTTZX4BtwA07CO5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pCAAxPTsSgPNTTZX4BtwA07CO5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:4e:08:6c:f2:5d:b9:bb:88:43:86:1e:c7:f7:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a42000c4f4ec4a03cd4d3657e01b70034ec23b97
        Validity
            Not Before: Jan  1 20:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a5967789b0ebe46cd586168229481e3a6e47f8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:7e:75:9e:eb:5a:41:df:e0:f5:a6:75:cd:3a:
                    78:00:4e:6e:95:e6:6e:3b:67:26:9c:24:9d:33:5c:
                    47:8d:99:fa:d3:bd:7a:12:b4:5d:bd:fb:9a:6f:64:
                    89:53:42:1f:7b:78:9c:ce:e5:53:eb:d8:eb:36:9e:
                    24:c1:81:91:d6:36:28:2f:29:c0:10:c1:27:95:f9:
                    61:aa:ca:a1:a3:90:94:26:99:80:af:2f:66:28:59:
                    74:53:ca:76:94:b4:cb:88:c6:bf:86:32:35:c4:b8:
                    33:2a:b5:61:88:cd:e5:8f:ac:12:61:b3:b9:33:38:
                    14:a4:7b:8a:c1:c3:40:f2:a5:6e:e9:f0:80:59:ef:
                    db:fa:03:9a:0f:61:9d:4f:33:5b:8d:6a:30:ee:20:
                    d9:cb:e9:e0:68:3f:ed:59:58:28:7b:e0:48:48:d8:
                    ba:e6:2c:ad:bf:ed:1d:5a:c2:fc:95:1d:e4:5c:f3:
                    ac:f8:55:b3:aa:cb:98:12:6b:b6:dc:ea:23:40:13:
                    e3:90:a0:ad:6f:bc:1a:b0:2c:a1:2b:ae:d3:b4:e4:
                    87:32:8e:20:11:df:48:08:63:4a:4e:0e:91:41:3e:
                    f0:02:36:17:2c:c6:a8:76:00:c9:95:56:b6:ef:99:
                    3f:82:1d:b6:5a:01:f3:43:2a:de:2f:70:12:cd:66:
                    db:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:59:67:78:9B:0E:BE:46:CD:58:61:68:22:94:81:E3:A6:E4:7F:8D
            X509v3 Authority Key Identifier:
                keyid:A4:20:00:C4:F4:EC:4A:03:CD:4D:36:57:E0:1B:70:03:4E:C2:3B:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pCAAxPTsSgPNTTZX4BtwA07CO5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/163d77-4fea-4131-becb-0f22d89689a0/1/GllneJsOvkbNWGFoIpSB46bkf40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/163d77-4fea-4131-becb-0f22d89689a0/1/pCAAxPTsSgPNTTZX4BtwA07CO5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.218.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:e3:e2:9e:17:27:52:22:ff:19:72:0d:27:b8:bb:72:e0:81:
         88:3d:96:d5:7f:e9:0d:c9:6b:f0:fc:25:d6:03:48:e5:4f:cd:
         af:06:50:04:75:d8:94:4e:3c:4c:7e:d0:a0:9d:6a:60:86:b3:
         06:94:f6:63:c9:27:e4:43:9c:7b:57:7e:18:f2:fe:0e:ec:15:
         3d:b1:ea:42:11:fe:54:11:2b:7e:17:90:10:0e:4b:33:4c:41:
         3a:94:a7:1c:fa:26:72:14:cb:f7:d1:0a:1d:b6:cc:a2:08:29:
         d2:3f:43:06:33:f6:ab:c7:24:07:b3:9c:dd:8f:71:1a:07:63:
         77:e7:09:5f:6c:04:0b:aa:81:e3:cd:3c:cd:a9:69:d5:ca:9f:
         4d:18:fe:bb:e9:07:b7:19:b0:23:b6:7a:b6:ff:4a:7c:8f:04:
         50:7a:d4:ce:31:ce:be:5d:0c:67:08:36:6e:75:9a:cd:d9:6e:
         08:29:61:6f:0a:05:60:ec:b7:34:69:11:88:8c:24:3d:ab:bc:
         74:3c:67:80:82:e7:b7:d9:2b:fd:26:62:ed:77:d5:10:07:aa:
         a2:96:72:15:86:21:b5:e2:32:7e:4b:df:f6:96:9d:5b:47:76:
         26:e9:ec:7d:00:32:ef:30:86:19:c4:e6:0c:ba:2c:96:f9:e3:
         e9:38:a7:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuE4IbPJdubuIQ4Yex/fzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MjAwMGM0ZjRlYzRhMDNjZDRkMzY1N2UwMWI3MDAzNGVj
MjNiOTcwHhcNMjQwMTAxMjAzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTU5Njc3ODliMGViZTQ2Y2Q1ODYxNjgyMjk0ODFlM2E2ZTQ3ZjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArH51nutaQd/g9aZ1zTp4AE5uleZu
O2cmnCSdM1xHjZn60716ErRdvfuab2SJU0Ife3iczuVT69jrNp4kwYGR1jYoLynA
EMEnlflhqsqho5CUJpmAry9mKFl0U8p2lLTLiMa/hjI1xLgzKrVhiM3lj6wSYbO5
MzgUpHuKwcNA8qVu6fCAWe/b+gOaD2GdTzNbjWow7iDZy+ngaD/tWVgoe+BISNi6
5iytv+0dWsL8lR3kXPOs+FWzqsuYEmu23OojQBPjkKCtb7wasCyhK67TtOSHMo4g
Ed9ICGNKTg6RQT7wAjYXLMaodgDJlVa275k/gh22WgHzQyreL3ASzWbbswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBpZZ3ibDr5GzVhhaCKUgeOm5H+NMB8GA1UdIwQY
MBaAFKQgAMT07EoDzU02V+AbcANOwjuXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcENBQXhQVHNTZ1BOVFRaWDRCdHdBMDdDTzVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xNjNkNzctNGZlYS00MTMxLWJlY2It
MGYyMmQ4OTY4OWEwLzEvR2xsbmVKc092a2JOV0dGb0lwU0I0NmJrZjQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xNjNkNzctNGZlYS00MTMxLWJlY2ItMGYyMmQ4OTY4OWEw
LzEvcENBQXhQVHNTZ1BOVFRaWDRCdHdBMDdDTzVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCstrwMA0G
CSqGSIb3DQEBCwUAA4IBAQBP4+KeFydSIv8Zcg0nuLty4IGIPZbVf+kNyWvw/CXW
A0jlT82vBlAEddiUTjxMftCgnWpghrMGlPZjySfkQ5x7V34Y8v4O7BU9sepCEf5U
ESt+F5AQDkszTEE6lKcc+iZyFMv30QodtsyiCCnSP0MGM/arxyQHs5zdj3EaB2N3
5wlfbAQLqoHjzTzNqWnVyp9NGP676Qe3GbAjtnq2/0p8jwRQetTOMc6+XQxnCDZu
dZrN2W4IKWFvCgVg7Lc0aRGIjCQ9q7x0PGeAgue32Sv9JmLtd9UQB6qilnIVhiG1
4jJ+S9/2lp1bR3Ym6ex9ADLvMIYZxOYMuiyW+ePpOKca
-----END CERTIFICATE-----