Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/618d33-dd92-4d91-b821-e850677cffb3/1/GJuyrZZf_HPzN7N95lUa8s9oTjY.roa
File:                     GJuyrZZf_HPzN7N95lUa8s9oTjY.roa (raw, json)
Hash identifier:          fo3cDaP2aZd3/AhnDJ+r6qdRlYdcjKgCYqfairC2q/M=
Subject key identifier:   18:9B:B2:AD:96:5F:FC:73:F3:37:B3:7D:E6:55:1A:F2:CF:68:4E:36
Certificate issuer:       /CN=6883f347e3891f573df8015ad6cc331cceb04768
Certificate serial:       018D5EC9F9058534AE2254EFA8932FDFBB45
Authority key identifier: 68:83:F3:47:E3:89:1F:57:3D:F8:01:5A:D6:CC:33:1C:CE:B0:47:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aIPzR-OJH1c9-AFa1swzHM6wR2g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/618d33-dd92-4d91-b821-e850677cffb3/1/GJuyrZZf_HPzN7N95lUa8s9oTjY.roa
Signing time:             Wed 31 Jan 2024 09:11:51 +0000
ROA not before:           Wed 31 Jan 2024 09:11:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41236
IP address blocks:        193.176.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/618d33-dd92-4d91-b821-e850677cffb3/1/aIPzR-OJH1c9-AFa1swzHM6wR2g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/618d33-dd92-4d91-b821-e850677cffb3/1/aIPzR-OJH1c9-AFa1swzHM6wR2g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aIPzR-OJH1c9-AFa1swzHM6wR2g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5e:c9:f9:05:85:34:ae:22:54:ef:a8:93:2f:df:bb:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6883f347e3891f573df8015ad6cc331cceb04768
        Validity
            Not Before: Jan 31 09:11:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=189bb2ad965ffc73f337b37de6551af2cf684e36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e1:fe:dd:7f:e7:90:7a:31:5d:5b:90:df:b6:
                    a3:a5:89:96:2e:a0:c0:81:bc:8a:3c:dc:db:1a:ac:
                    b5:c8:a6:29:4d:79:3c:4d:ac:92:ed:7c:17:3a:11:
                    b8:2d:34:a9:58:ee:89:e4:81:1d:a3:d6:96:16:df:
                    b9:c2:63:95:03:d6:f5:75:dc:22:79:5a:ce:23:aa:
                    dd:d7:e2:fc:39:67:5e:61:7a:6b:8a:95:04:e9:7f:
                    78:78:d7:f1:00:cd:e7:8c:d7:96:c3:ad:b5:ba:64:
                    cf:5a:bf:ab:5d:4e:97:84:0d:94:ad:82:eb:c0:f6:
                    9c:4f:d2:4a:a4:93:37:d5:8d:71:66:f1:a8:5f:4e:
                    d6:67:9d:6e:71:aa:33:2d:0d:f4:77:93:79:3a:35:
                    a1:15:05:c2:21:8d:26:bb:78:6f:0f:b0:06:ad:13:
                    60:9d:f0:e5:d4:8d:54:59:d6:1a:55:bd:b2:34:d3:
                    51:44:1b:1a:31:1a:43:e0:83:c0:5d:5b:3a:3f:48:
                    a5:71:e0:5c:79:68:06:cb:67:57:b7:d8:fd:5c:06:
                    9c:9a:26:65:85:90:ce:e9:c3:a6:0e:53:6b:df:21:
                    ab:78:76:78:de:36:bf:72:f4:a2:86:7d:86:a5:df:
                    aa:33:30:32:76:41:5d:2b:d9:08:73:52:9b:98:56:
                    37:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:9B:B2:AD:96:5F:FC:73:F3:37:B3:7D:E6:55:1A:F2:CF:68:4E:36
            X509v3 Authority Key Identifier:
                keyid:68:83:F3:47:E3:89:1F:57:3D:F8:01:5A:D6:CC:33:1C:CE:B0:47:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aIPzR-OJH1c9-AFa1swzHM6wR2g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/618d33-dd92-4d91-b821-e850677cffb3/1/GJuyrZZf_HPzN7N95lUa8s9oTjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/618d33-dd92-4d91-b821-e850677cffb3/1/aIPzR-OJH1c9-AFa1swzHM6wR2g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:da:08:9c:97:63:d6:a8:8e:a0:35:e4:3e:3a:7c:11:05:72:
         f7:a9:87:88:9a:e7:db:e5:e2:37:3e:ca:d2:68:43:aa:84:4e:
         3a:14:67:19:1c:19:b2:5b:cf:18:4c:c2:74:6f:04:b0:58:2a:
         38:6e:9b:12:49:44:ff:6e:9b:c4:e4:d2:88:0d:2f:d1:d6:68:
         c3:5b:76:ad:59:5a:f9:59:f5:94:a0:98:55:c2:af:96:91:e4:
         5a:08:82:59:46:60:63:fb:50:44:75:35:52:fd:d4:61:49:ff:
         be:27:e1:26:a6:0a:66:57:2a:96:af:38:0d:c9:7a:e0:9d:7c:
         ec:02:f8:fb:96:86:d1:f0:e9:f3:90:07:dc:28:7a:fa:3f:5d:
         84:eb:4c:af:69:3a:80:10:cd:5f:76:57:b9:7d:af:dc:ff:ae:
         5a:43:b5:68:9a:9b:54:a6:61:ad:b0:92:cf:96:23:bd:13:39:
         3c:ae:ff:3a:24:c1:26:2b:9f:ce:6f:e0:e6:a0:1a:b1:bd:0a:
         f9:26:3d:e3:67:8c:36:1b:2a:7c:3b:61:3d:18:a2:3b:dd:0b:
         aa:86:b0:6c:57:3b:f0:81:ef:4a:1d:45:d9:e2:ad:97:0b:f5:
         a6:d7:27:18:92:63:95:71:5a:9d:9f:f0:e3:52:7c:84:dc:84:
         79:dc:61:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1eyfkFhTSuIlTvqJMv37tFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4ODNmMzQ3ZTM4OTFmNTczZGY4MDE1YWQ2Y2MzMzFjY2Vi
MDQ3NjgwHhcNMjQwMTMxMDkxMTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODliYjJhZDk2NWZmYzczZjMzN2IzN2RlNjU1MWFmMmNmNjg0ZTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiuH+3X/nkHoxXVuQ37ajpYmWLqDA
gbyKPNzbGqy1yKYpTXk8TayS7XwXOhG4LTSpWO6J5IEdo9aWFt+5wmOVA9b1ddwi
eVrOI6rd1+L8OWdeYXpripUE6X94eNfxAM3njNeWw621umTPWr+rXU6XhA2UrYLr
wPacT9JKpJM31Y1xZvGoX07WZ51ucaozLQ30d5N5OjWhFQXCIY0mu3hvD7AGrRNg
nfDl1I1UWdYaVb2yNNNRRBsaMRpD4IPAXVs6P0ilceBceWgGy2dXt9j9XAacmiZl
hZDO6cOmDlNr3yGreHZ43ja/cvSihn2Gpd+qMzAydkFdK9kIc1KbmFY39QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBibsq2WX/xz8zezfeZVGvLPaE42MB8GA1UdIwQY
MBaAFGiD80fjiR9XPfgBWtbMMxzOsEdoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUlQelItT0pIMWM5LUFGYTFzd3pITTZ3UjJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS82MThkMzMtZGQ5Mi00ZDkxLWI4MjEt
ZTg1MDY3N2NmZmIzLzEvR0p1eXJaWmZfSFB6TjdOOTVsVWE4czlvVGpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS82MThkMzMtZGQ5Mi00ZDkxLWI4MjEtZTg1MDY3N2NmZmIz
LzEvYUlQelItT0pIMWM5LUFGYTFzd3pITTZ3UjJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbBjMA0G
CSqGSIb3DQEBCwUAA4IBAQCO2gicl2PWqI6gNeQ+OnwRBXL3qYeImufb5eI3PsrS
aEOqhE46FGcZHBmyW88YTMJ0bwSwWCo4bpsSSUT/bpvE5NKIDS/R1mjDW3atWVr5
WfWUoJhVwq+WkeRaCIJZRmBj+1BEdTVS/dRhSf++J+EmpgpmVyqWrzgNyXrgnXzs
Avj7lobR8OnzkAfcKHr6P12E60yvaTqAEM1fdle5fa/c/65aQ7VomptUpmGtsJLP
liO9Ezk8rv86JMEmK5/Ob+DmoBqxvQr5Jj3jZ4w2Gyp8O2E9GKI73QuqhrBsVzvw
ge9KHUXZ4q2XC/Wm1ycYkmOVcVqdn/DjUnyE3IR53GER
-----END CERTIFICATE-----