Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/a905e9-f93b-4d60-8108-810b9f5cc415/1/GkXZBllQ4GO0CiGlTFqYJlhIxcU.roa
File:                     GkXZBllQ4GO0CiGlTFqYJlhIxcU.roa (raw, json)
Hash identifier:          4jKsz0aaQLkIhRXwDr/RrS3nLa4pQgYKzO7xgrFTUTs=
Subject key identifier:   1A:45:D9:06:59:50:E0:63:B4:0A:21:A5:4C:5A:98:26:58:48:C5:C5
Certificate issuer:       /CN=4b5d45a2abb960d2bce758ece733b126dca7e71b
Certificate serial:       018CC9BCD7783CC546CA6C1310DB902CEA53
Authority key identifier: 4B:5D:45:A2:AB:B9:60:D2:BC:E7:58:EC:E7:33:B1:26:DC:A7:E7:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S11Foqu5YNK851js5zOxJtyn5xs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/a905e9-f93b-4d60-8108-810b9f5cc415/1/GkXZBllQ4GO0CiGlTFqYJlhIxcU.roa
Signing time:             Tue 02 Jan 2024 10:34:05 +0000
ROA not before:           Tue 02 Jan 2024 10:34:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50405
IP address blocks:        193.8.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/a905e9-f93b-4d60-8108-810b9f5cc415/1/S11Foqu5YNK851js5zOxJtyn5xs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/a905e9-f93b-4d60-8108-810b9f5cc415/1/S11Foqu5YNK851js5zOxJtyn5xs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S11Foqu5YNK851js5zOxJtyn5xs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 16 Nov 2024 17:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:d7:78:3c:c5:46:ca:6c:13:10:db:90:2c:ea:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b5d45a2abb960d2bce758ece733b126dca7e71b
        Validity
            Not Before: Jan  2 10:34:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a45d9065950e063b40a21a54c5a98265848c5c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:48:16:65:c6:9f:ac:4c:73:63:c9:f8:0c:83:
                    0e:27:ff:32:18:2d:f4:10:5c:b0:7a:62:37:22:f4:
                    af:ba:6d:77:23:7b:a7:e9:ef:04:61:52:75:16:9c:
                    b1:df:ce:71:3a:1f:83:fe:1b:df:32:f7:33:5f:e6:
                    3b:d9:c3:ee:f3:25:2e:94:6d:af:c5:f7:47:f9:c4:
                    f5:40:80:d4:c4:ee:d5:e1:1d:ab:22:ed:2c:eb:e1:
                    37:64:5c:7e:cd:1e:ac:41:d0:ba:3b:bc:96:50:e6:
                    13:21:da:29:6d:fd:23:9c:6f:b8:53:6c:a4:cc:1e:
                    ab:f3:f6:25:54:36:a3:00:11:56:07:0d:42:07:c2:
                    d9:18:0d:59:08:53:06:dd:bc:3b:24:70:50:c5:4e:
                    89:95:3e:62:2e:fc:42:22:3d:bd:ab:a0:90:6e:fa:
                    d1:34:f8:95:5c:2f:7c:1c:7e:be:6c:41:46:28:7c:
                    5b:60:6a:01:0f:1f:6e:42:f4:53:aa:f1:d9:bc:78:
                    b4:2c:c1:de:eb:22:15:ec:73:3c:41:74:82:b7:b2:
                    62:fb:c8:62:cb:f8:fd:1c:e5:ba:5e:b5:f3:9b:18:
                    dc:5b:66:1f:ce:65:00:bb:de:27:ad:13:89:00:1e:
                    22:9e:3d:2e:b3:e6:da:1b:45:0d:a9:62:c1:6c:d9:
                    0d:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:45:D9:06:59:50:E0:63:B4:0A:21:A5:4C:5A:98:26:58:48:C5:C5
            X509v3 Authority Key Identifier:
                keyid:4B:5D:45:A2:AB:B9:60:D2:BC:E7:58:EC:E7:33:B1:26:DC:A7:E7:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S11Foqu5YNK851js5zOxJtyn5xs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/a905e9-f93b-4d60-8108-810b9f5cc415/1/GkXZBllQ4GO0CiGlTFqYJlhIxcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/a905e9-f93b-4d60-8108-810b9f5cc415/1/S11Foqu5YNK851js5zOxJtyn5xs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:6d:7a:94:1e:bf:9f:c2:8b:cc:4a:b9:05:ce:61:1e:65:c4:
         3e:10:b2:7d:20:12:d5:dd:17:91:d7:b1:2e:de:f2:5f:32:b8:
         ee:8b:d7:ca:bf:9b:0b:69:ef:2c:7d:52:d9:17:51:61:31:bb:
         93:6b:ea:60:7d:74:68:d3:b4:0d:21:fc:a7:41:1d:96:80:82:
         24:e3:59:a4:fa:f6:3c:be:60:a9:6b:66:33:ec:d9:76:71:83:
         ad:39:31:f7:c8:b8:ea:1e:e0:ae:f8:d9:7f:48:6d:8c:32:b8:
         7c:94:8e:16:1e:b6:73:f4:67:ff:c3:aa:8e:9d:65:4e:0d:c6:
         1a:6b:b8:6e:8d:f4:0e:1a:b4:35:a7:2d:dd:44:4a:b9:68:54:
         a4:88:f5:cc:89:6e:5d:7c:2e:c6:7e:45:6e:05:17:25:67:8f:
         66:67:17:fb:a1:a5:d8:82:bd:d6:12:3a:87:a0:52:ea:25:48:
         ce:66:9c:82:6a:b5:15:16:d2:16:31:e9:1f:b6:15:54:b8:b6:
         11:7e:63:30:24:c3:e9:b2:f9:98:d3:e1:94:85:36:42:df:aa:
         ab:8d:32:41:6f:98:d3:32:a7:e8:82:87:82:66:10:0f:8b:f9:
         eb:86:4e:59:83:bd:56:f4:5b:98:52:0b:16:a3:c5:11:1c:07:
         7a:98:1c:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvNd4PMVGymwTENuQLOpTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNWQ0NWEyYWJiOTYwZDJiY2U3NThlY2U3MzNiMTI2ZGNh
N2U3MWIwHhcNMjQwMTAyMTAzNDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTQ1ZDkwNjU5NTBlMDYzYjQwYTIxYTU0YzVhOTgyNjU4NDhjNWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgUgWZcafrExzY8n4DIMOJ/8yGC30
EFywemI3IvSvum13I3un6e8EYVJ1Fpyx385xOh+D/hvfMvczX+Y72cPu8yUulG2v
xfdH+cT1QIDUxO7V4R2rIu0s6+E3ZFx+zR6sQdC6O7yWUOYTIdopbf0jnG+4U2yk
zB6r8/YlVDajABFWBw1CB8LZGA1ZCFMG3bw7JHBQxU6JlT5iLvxCIj29q6CQbvrR
NPiVXC98HH6+bEFGKHxbYGoBDx9uQvRTqvHZvHi0LMHe6yIV7HM8QXSCt7Ji+8hi
y/j9HOW6XrXzmxjcW2YfzmUAu94nrROJAB4inj0us+baG0UNqWLBbNkN8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBpF2QZZUOBjtAohpUxamCZYSMXFMB8GA1UdIwQY
MBaAFEtdRaKruWDSvOdY7OczsSbcp+cbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzExRm9xdTVZTks4NTFqczV6T3hKdHluNXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9hOTA1ZTktZjkzYi00ZDYwLTgxMDgt
ODEwYjlmNWNjNDE1LzEvR2tYWkJsbFE0R08wQ2lHbFRGcVlKbGhJeGNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9hOTA1ZTktZjkzYi00ZDYwLTgxMDgtODEwYjlmNWNjNDE1
LzEvUzExRm9xdTVZTks4NTFqczV6T3hKdHluNXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQj8MA0G
CSqGSIb3DQEBCwUAA4IBAQBdbXqUHr+fwovMSrkFzmEeZcQ+ELJ9IBLV3ReR17Eu
3vJfMrjui9fKv5sLae8sfVLZF1FhMbuTa+pgfXRo07QNIfynQR2WgIIk41mk+vY8
vmCpa2Yz7Nl2cYOtOTH3yLjqHuCu+Nl/SG2MMrh8lI4WHrZz9Gf/w6qOnWVODcYa
a7hujfQOGrQ1py3dREq5aFSkiPXMiW5dfC7GfkVuBRclZ49mZxf7oaXYgr3WEjqH
oFLqJUjOZpyCarUVFtIWMekfthVUuLYRfmMwJMPpsvmY0+GUhTZC36qrjTJBb5jT
MqfogoeCZhAPi/nrhk5Zg71W9FuYUgsWo8URHAd6mByx
-----END CERTIFICATE-----