Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/afae93-e79f-499f-9203-0fe8bd6556d5/1/GYkQ0g52m6JsPiY3UPo7y06kVXY.roa
File:                     GYkQ0g52m6JsPiY3UPo7y06kVXY.roa (raw, json)
Hash identifier:          rKMcq6i+DXCumia9ceZ6e+PO+78LXCBWhsUmEG86sKI=
Subject key identifier:   19:89:10:D2:0E:76:9B:A2:6C:3E:26:37:50:FA:3B:CB:4E:A4:55:76
Certificate issuer:       /CN=6aeba0f2374120d54fa5bcdc2a9d24514172ea6d
Certificate serial:       018CC80196F755B5589DDF67C0D1F7DFEDCB
Authority key identifier: 6A:EB:A0:F2:37:41:20:D5:4F:A5:BC:DC:2A:9D:24:51:41:72:EA:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/auug8jdBINVPpbzcKp0kUUFy6m0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/afae93-e79f-499f-9203-0fe8bd6556d5/1/GYkQ0g52m6JsPiY3UPo7y06kVXY.roa
Signing time:             Tue 02 Jan 2024 02:29:56 +0000
ROA not before:           Tue 02 Jan 2024 02:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15542
IP address blocks:        193.177.166.0/24 maxlen: 24
                          2001:67c:45c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/afae93-e79f-499f-9203-0fe8bd6556d5/1/auug8jdBINVPpbzcKp0kUUFy6m0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/afae93-e79f-499f-9203-0fe8bd6556d5/1/auug8jdBINVPpbzcKp0kUUFy6m0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/auug8jdBINVPpbzcKp0kUUFy6m0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:96:f7:55:b5:58:9d:df:67:c0:d1:f7:df:ed:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6aeba0f2374120d54fa5bcdc2a9d24514172ea6d
        Validity
            Not Before: Jan  2 02:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=198910d20e769ba26c3e263750fa3bcb4ea45576
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d3:4a:3d:ca:82:13:72:b8:ad:bc:2c:6e:1d:
                    fb:ef:94:81:3e:0b:2f:d5:c9:b4:cd:fe:0a:86:65:
                    2f:97:b3:37:6e:be:ba:04:aa:a6:97:75:51:a9:87:
                    bc:63:70:24:73:b6:3d:bb:a6:d5:23:a3:c7:45:20:
                    19:2d:1c:a0:4e:6e:ba:0a:ed:9a:49:28:12:a1:a9:
                    c2:e8:d8:1e:fe:9b:59:5a:8e:60:d1:38:34:ed:6f:
                    4c:be:05:c7:3f:0d:82:d1:ed:4e:f4:a3:5f:5b:c2:
                    da:82:71:4a:bd:97:b8:53:bc:89:fc:3c:85:c6:64:
                    67:ba:a7:13:6f:02:09:e6:84:0a:91:27:bc:02:21:
                    41:b0:bb:ec:52:e0:b1:6b:1e:00:49:fa:b2:86:33:
                    35:53:cc:52:90:22:54:d5:98:b7:b7:85:58:ea:17:
                    f1:9f:f8:a4:ab:89:91:89:cd:e4:ed:35:f8:19:db:
                    10:ad:a4:56:a1:82:80:78:90:f9:5b:f5:48:e1:1d:
                    f4:d4:c3:ce:fe:9d:4d:38:f6:52:ce:c3:41:15:23:
                    10:c5:0c:3a:91:a9:73:5c:8b:40:7b:ed:11:bc:e1:
                    3b:09:a8:9a:00:9d:e5:32:fe:d1:26:1a:49:b3:11:
                    65:b3:fa:fe:72:5d:f8:ce:e4:1d:cb:40:49:c5:70:
                    d3:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:89:10:D2:0E:76:9B:A2:6C:3E:26:37:50:FA:3B:CB:4E:A4:55:76
            X509v3 Authority Key Identifier:
                keyid:6A:EB:A0:F2:37:41:20:D5:4F:A5:BC:DC:2A:9D:24:51:41:72:EA:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/auug8jdBINVPpbzcKp0kUUFy6m0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/afae93-e79f-499f-9203-0fe8bd6556d5/1/GYkQ0g52m6JsPiY3UPo7y06kVXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/afae93-e79f-499f-9203-0fe8bd6556d5/1/auug8jdBINVPpbzcKp0kUUFy6m0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.177.166.0/24
                IPv6:
                  2001:67c:45c::/48

    Signature Algorithm: sha256WithRSAEncryption
         79:dd:f8:3c:09:aa:3f:cb:c2:d4:31:d1:16:e8:55:41:5d:d4:
         4e:c3:03:fa:f2:70:5f:47:fa:b2:39:27:0e:d6:e3:6f:9e:df:
         93:99:2f:04:e3:a9:ee:ce:f0:d4:66:8f:5c:e8:7e:1c:6b:7b:
         95:4b:fc:0c:2b:49:ff:ad:18:10:2a:2b:98:0a:87:2e:eb:9b:
         49:cb:c1:2c:90:48:da:5d:05:2c:2b:eb:55:df:8f:23:ef:9a:
         b4:8e:1e:00:c1:7f:b8:03:76:81:23:99:ca:85:c4:a4:08:27:
         8c:a9:e8:ec:d9:f9:e3:95:26:99:9f:52:82:40:58:c6:f7:3b:
         78:d3:85:aa:e4:a2:9c:05:d2:42:55:8c:0a:ba:13:9e:d3:ee:
         62:bd:09:94:9f:18:7d:f5:6a:0c:6d:ac:0a:ef:23:cf:db:0e:
         de:3c:39:52:2a:19:0e:db:be:25:2f:6f:9f:31:dd:f0:e7:a9:
         d6:d4:67:8c:74:2c:bb:73:0d:ae:29:2e:50:2f:59:48:38:f0:
         6d:06:0a:b2:88:e6:86:6c:38:f7:a4:f0:ad:6a:b3:85:ef:5c:
         72:f7:ef:fe:ee:38:1f:a9:79:35:5f:28:80:c9:4f:7c:89:ac:
         51:6e:5d:03:7f:a0:8b:5d:01:54:df:c7:6c:b4:25:b4:50:23:
         b3:45:bd:92
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIAZb3VbVYnd9nwNH33+3LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhZWJhMGYyMzc0MTIwZDU0ZmE1YmNkYzJhOWQyNDUxNDE3
MmVhNmQwHhcNMjQwMTAyMDIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTg5MTBkMjBlNzY5YmEyNmMzZTI2Mzc1MGZhM2JjYjRlYTQ1NTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNNKPcqCE3K4rbwsbh3775SBPgsv
1cm0zf4KhmUvl7M3br66BKqml3VRqYe8Y3Akc7Y9u6bVI6PHRSAZLRygTm66Cu2a
SSgSoanC6Nge/ptZWo5g0Tg07W9MvgXHPw2C0e1O9KNfW8LagnFKvZe4U7yJ/DyF
xmRnuqcTbwIJ5oQKkSe8AiFBsLvsUuCxax4ASfqyhjM1U8xSkCJU1Zi3t4VY6hfx
n/ikq4mRic3k7TX4GdsQraRWoYKAeJD5W/VI4R301MPO/p1NOPZSzsNBFSMQxQw6
kalzXItAe+0RvOE7CaiaAJ3lMv7RJhpJsxFls/r+cl34zuQdy0BJxXDT0wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBmJENIOdpuibD4mN1D6O8tOpFV2MB8GA1UdIwQY
MBaAFGrroPI3QSDVT6W83CqdJFFBcuptMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXV1ZzhqZEJJTlZQcGJ6Y0twMGtVVUZ5Nm0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC9hZmFlOTMtZTc5Zi00OTlmLTkyMDMt
MGZlOGJkNjU1NmQ1LzEvR1lrUTBnNTJtNkpzUGlZM1VQbzd5MDZrVlhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC9hZmFlOTMtZTc5Zi00OTlmLTkyMDMtMGZlOGJkNjU1NmQ1
LzEvYXV1ZzhqZEJJTlZQcGJ6Y0twMGtVVUZ5Nm0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwbGmMA8E
AgACMAkDBwAgAQZ8BFwwDQYJKoZIhvcNAQELBQADggEBAHnd+DwJqj/LwtQx0Rbo
VUFd1E7DA/rycF9H+rI5Jw7W42+e35OZLwTjqe7O8NRmj1zofhxre5VL/AwrSf+t
GBAqK5gKhy7rm0nLwSyQSNpdBSwr61XfjyPvmrSOHgDBf7gDdoEjmcqFxKQIJ4yp
6OzZ+eOVJpmfUoJAWMb3O3jTharkopwF0kJVjAq6E57T7mK9CZSfGH31agxtrArv
I8/bDt48OVIqGQ7bviUvb58x3fDnqdbUZ4x0LLtzDa4pLlAvWUg48G0GCrKI5oZs
OPek8K1qs4XvXHL37/7uOB+peTVfKIDJT3yJrFFuXQN/oItdAVTfx2y0JbRQI7NF
vZI=
-----END CERTIFICATE-----