Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/GMb1FTJUsyEhvCMLVNqgU0Jabjo.roa
File:                     GMb1FTJUsyEhvCMLVNqgU0Jabjo.roa (raw, json)
Hash identifier:          /r4OdjndLWOXXQEIOfDEz+oGq467Gr3uh+KnWjJKcjw=
Subject key identifier:   18:C6:F5:15:32:54:B3:21:21:BC:23:0B:54:DA:A0:53:42:5A:6E:3A
Certificate issuer:       /CN=d434f1686102876c6216bcea28a5e502ec0d7b6b
Certificate serial:       018CC5DCB2FBE0DF781D2DC7ADB615C35667
Authority key identifier: D4:34:F1:68:61:02:87:6C:62:16:BC:EA:28:A5:E5:02:EC:0D:7B:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/GMb1FTJUsyEhvCMLVNqgU0Jabjo.roa
Signing time:             Mon 01 Jan 2024 16:30:24 +0000
ROA not before:           Mon 01 Jan 2024 16:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197478
IP address blocks:        62.82.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 01:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:b2:fb:e0:df:78:1d:2d:c7:ad:b6:15:c3:56:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d434f1686102876c6216bcea28a5e502ec0d7b6b
        Validity
            Not Before: Jan  1 16:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18c6f5153254b32121bc230b54daa053425a6e3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:3e:d4:0d:ae:e7:cc:66:43:08:02:8a:01:65:
                    07:a6:42:06:4e:37:ae:73:bc:a7:36:a4:12:4d:c5:
                    36:9e:c2:37:e2:23:8d:66:c2:aa:c8:9f:8b:70:8f:
                    ae:48:cc:9d:2f:66:5c:05:0a:cc:b2:08:ba:80:50:
                    e7:bf:14:fe:3c:1c:de:6c:bb:49:2c:ea:3e:4a:84:
                    92:89:6c:fe:da:a2:80:d0:61:0d:8b:21:0f:bb:3c:
                    16:d6:7d:c6:45:9b:1a:e2:de:d5:c0:60:23:46:28:
                    35:a6:22:0b:b5:dd:b6:4d:d7:f1:02:8a:41:45:90:
                    f9:93:a9:53:8c:1f:39:cc:50:29:3f:b7:e2:7d:3e:
                    94:06:43:9b:09:34:e7:72:40:b5:a1:bd:0e:62:8b:
                    aa:04:6f:3c:87:7d:ba:a5:31:52:34:c0:9c:88:af:
                    77:e3:fe:82:92:1f:4a:f9:13:1e:a5:8b:96:6d:4c:
                    f6:4f:80:1f:c6:9a:9c:18:f0:b5:e7:81:38:8a:78:
                    f8:d2:60:92:94:e6:2f:85:be:e7:af:f7:0d:80:b7:
                    3c:ac:89:f2:d8:c6:3c:cc:eb:99:9e:71:3a:02:47:
                    c0:14:c6:3e:b7:e5:5b:8d:7f:bb:e1:ac:fb:d8:22:
                    0c:0e:52:23:a6:d2:5c:b1:10:bd:a7:51:17:8e:f0:
                    40:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:C6:F5:15:32:54:B3:21:21:BC:23:0B:54:DA:A0:53:42:5A:6E:3A
            X509v3 Authority Key Identifier:
                keyid:D4:34:F1:68:61:02:87:6C:62:16:BC:EA:28:A5:E5:02:EC:0D:7B:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/GMb1FTJUsyEhvCMLVNqgU0Jabjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.82.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:cb:b5:71:90:82:c0:96:a8:25:fb:76:6f:10:e0:ef:26:20:
         66:99:9f:c5:c1:2c:3c:f0:86:4d:2e:47:b4:d5:b0:06:e0:9d:
         b6:da:45:07:cb:30:7b:82:ab:83:79:e4:df:9e:3a:7a:b3:9e:
         df:28:88:ec:e4:06:d2:fc:7c:34:c6:a2:f0:55:4e:52:e1:e2:
         68:41:5c:1d:7e:24:5b:a9:f4:3c:87:70:2b:c4:b7:3b:26:51:
         91:d2:93:98:d4:af:ee:65:45:75:e6:2a:7d:b3:5a:04:30:08:
         71:ee:0f:8a:0e:19:9f:ef:c8:68:9f:f1:77:13:7b:a9:98:cc:
         e0:cc:db:8f:18:29:d0:b7:ec:f7:3a:31:2a:35:5c:a5:82:07:
         e0:b7:88:0e:b5:d4:42:a7:2e:e5:4f:0b:ee:83:1e:8f:03:95:
         fb:9a:cd:c7:a6:1e:d5:d7:2d:bd:b6:16:32:18:3d:e1:07:cc:
         48:fc:3d:95:6a:7a:ba:53:46:0f:3e:86:a8:2b:3d:77:19:2e:
         ba:dd:d9:20:58:d9:e4:9f:69:10:90:c1:e1:5e:63:13:cd:ba:
         7d:91:8e:c6:cd:40:d2:80:64:99:42:2d:3a:3e:48:17:77:8b:
         2d:36:d9:21:5b:d8:d4:92:93:f8:7f:d6:f3:35:1b:f9:1a:2f:
         55:8e:f1:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3LL74N94HS3HrbYVw1ZnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MzRmMTY4NjEwMjg3NmM2MjE2YmNlYTI4YTVlNTAyZWMw
ZDdiNmIwHhcNMjQwMTAxMTYzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGM2ZjUxNTMyNTRiMzIxMjFiYzIzMGI1NGRhYTA1MzQyNWE2ZTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnz7UDa7nzGZDCAKKAWUHpkIGTjeu
c7ynNqQSTcU2nsI34iONZsKqyJ+LcI+uSMydL2ZcBQrMsgi6gFDnvxT+PBzebLtJ
LOo+SoSSiWz+2qKA0GENiyEPuzwW1n3GRZsa4t7VwGAjRig1piILtd22TdfxAopB
RZD5k6lTjB85zFApP7fifT6UBkObCTTnckC1ob0OYouqBG88h326pTFSNMCciK93
4/6Ckh9K+RMepYuWbUz2T4AfxpqcGPC154E4inj40mCSlOYvhb7nr/cNgLc8rIny
2MY8zOuZnnE6AkfAFMY+t+VbjX+74az72CIMDlIjptJcsRC9p1EXjvBAEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBjG9RUyVLMhIbwjC1TaoFNCWm46MB8GA1UdIwQY
MBaAFNQ08WhhAodsYha86iil5QLsDXtrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURUeGFHRUNoMnhpRnJ6cUtLWGxBdXdOZTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC83MjZiYjQtNWQ4Ny00MDJkLTkxY2Ut
NTcxMmQ5NWFlNjM4LzEvR01iMUZUSlVzeUVodkNNTFZOcWdVMEphYmpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC83MjZiYjQtNWQ4Ny00MDJkLTkxY2UtNTcxMmQ5NWFlNjM4
LzEvMURUeGFHRUNoMnhpRnJ6cUtLWGxBdXdOZTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPlKMMA0G
CSqGSIb3DQEBCwUAA4IBAQA0y7VxkILAlqgl+3ZvEODvJiBmmZ/FwSw88IZNLke0
1bAG4J222kUHyzB7gquDeeTfnjp6s57fKIjs5AbS/Hw0xqLwVU5S4eJoQVwdfiRb
qfQ8h3ArxLc7JlGR0pOY1K/uZUV15ip9s1oEMAhx7g+KDhmf78hon/F3E3upmMzg
zNuPGCnQt+z3OjEqNVylggfgt4gOtdRCpy7lTwvugx6PA5X7ms3Hph7V1y29thYy
GD3hB8xI/D2Vanq6U0YPPoaoKz13GS663dkgWNnkn2kQkMHhXmMTzbp9kY7GzUDS
gGSZQi06PkgXd4stNtkhW9jUkpP4f9bzNRv5Gi9VjvGG
-----END CERTIFICATE-----