Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/GKC-zruGo7Y0lHBj7AqmYPwzc8c.roa
File:                     GKC-zruGo7Y0lHBj7AqmYPwzc8c.roa (raw, json)
Hash identifier:          u2pwVxzKoBKyV0Dimg3sj9jXDAo9fvdhwaO1o32GlnA=
Subject key identifier:   18:A0:BE:CE:BB:86:A3:B6:34:94:70:63:EC:0A:A6:60:FC:33:73:C7
Certificate issuer:       /CN=bdf7a0a048b68eccfa4d49eab4f16dc792c0d318
Certificate serial:       01942445743BD56CFE84631316208FD6B831
Authority key identifier: BD:F7:A0:A0:48:B6:8E:CC:FA:4D:49:EA:B4:F1:6D:C7:92:C0:D3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vfegoEi2jsz6TUnqtPFtx5LA0xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/GKC-zruGo7Y0lHBj7AqmYPwzc8c.roa
Signing time:             Wed 01 Jan 2025 23:48:38 +0000
ROA not before:           Wed 01 Jan 2025 23:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        194.140.230.0/24 maxlen: 24
                          2001:67c:144::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/vfegoEi2jsz6TUnqtPFtx5LA0xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/vfegoEi2jsz6TUnqtPFtx5LA0xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vfegoEi2jsz6TUnqtPFtx5LA0xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:74:3b:d5:6c:fe:84:63:13:16:20:8f:d6:b8:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdf7a0a048b68eccfa4d49eab4f16dc792c0d318
        Validity
            Not Before: Jan  1 23:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18a0becebb86a3b634947063ec0aa660fc3373c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:37:71:4f:3f:45:58:e8:b2:28:a8:8c:b7:24:
                    a3:ad:e8:b4:ea:36:c8:5b:bd:cc:c1:c0:f7:b0:27:
                    cc:dc:0c:cc:fd:f7:f3:e4:80:cd:d3:14:d1:84:1a:
                    a8:86:51:a1:96:0e:0c:45:83:b5:7e:c5:54:49:aa:
                    a1:65:3c:0a:7a:54:14:36:b4:14:67:15:3d:4e:45:
                    f6:48:7c:c4:3f:72:39:ce:30:c3:9e:ed:62:fb:17:
                    6d:14:11:fb:28:33:a8:58:3a:ba:8a:52:c5:29:20:
                    73:47:10:12:8f:04:3b:76:31:cb:4b:b5:ad:e3:64:
                    62:e5:ce:00:0b:e7:36:a4:74:97:c3:19:9b:12:00:
                    32:7f:b2:95:a5:57:69:e6:ad:23:bd:3c:db:61:09:
                    6c:d5:61:4c:e6:1f:5c:01:e6:ac:07:30:1d:90:5c:
                    bb:72:aa:db:25:8d:6e:7b:db:4e:46:40:97:bc:3e:
                    74:75:36:67:0e:e0:e4:65:3f:28:d3:34:d2:f0:99:
                    55:e1:1d:57:19:4e:1e:39:4a:a6:f0:ce:85:37:07:
                    6f:bb:37:cf:d3:c6:40:bb:2f:3e:85:c1:79:9b:5a:
                    b0:aa:bd:08:cf:e9:37:ea:1b:03:71:1c:b9:ab:42:
                    ae:da:a6:9f:2c:7b:04:c9:bb:73:ae:51:0e:da:c7:
                    2b:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:A0:BE:CE:BB:86:A3:B6:34:94:70:63:EC:0A:A6:60:FC:33:73:C7
            X509v3 Authority Key Identifier:
                keyid:BD:F7:A0:A0:48:B6:8E:CC:FA:4D:49:EA:B4:F1:6D:C7:92:C0:D3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfegoEi2jsz6TUnqtPFtx5LA0xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/GKC-zruGo7Y0lHBj7AqmYPwzc8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/vfegoEi2jsz6TUnqtPFtx5LA0xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.140.230.0/24
                IPv6:
                  2001:67c:144::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:78:9b:75:68:6f:fd:c3:2f:72:2f:b2:88:1a:81:33:e9:a0:
         09:df:0d:77:d6:7b:da:58:2f:37:a2:3b:b0:72:ef:6f:0a:bb:
         b9:8d:c7:32:7a:bd:21:6d:1c:a8:e9:f5:7c:49:3b:60:ac:c8:
         eb:17:56:92:39:d4:b0:2e:53:51:80:04:9d:d9:2a:ad:96:c3:
         a3:1d:3c:ad:69:36:9a:27:35:08:5f:a7:6d:c9:16:ea:7c:49:
         de:e5:67:f6:97:46:a8:70:79:14:46:ef:9d:15:24:4f:62:de:
         15:8b:a5:06:90:6f:7f:cb:12:7b:42:6b:8d:8a:2c:48:93:a9:
         dc:7d:af:0d:82:eb:07:2b:81:bb:8f:6c:3b:7d:bf:f0:d2:eb:
         ba:f9:bf:37:48:75:bc:c6:2f:80:b1:f2:da:cb:94:f7:23:2b:
         e5:ff:0b:17:b2:13:81:07:eb:ed:5c:bd:db:f1:14:af:5c:63:
         a7:0c:22:79:39:16:ac:a1:39:a6:35:22:58:1b:ba:ef:2b:cf:
         ce:e2:dc:7b:f4:d5:0c:c2:04:3e:15:9c:e0:11:4e:ed:f8:46:
         4b:24:d5:7d:ef:92:e3:0b:27:75:65:ef:85:f1:53:59:93:8d:
         7b:e1:3a:13:b3:34:13:08:b7:10:8d:37:09:e5:bd:c2:a7:d2:
         48:c4:8d:0f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQkRXQ71Wz+hGMTFiCP1rgxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZjdhMGEwNDhiNjhlY2NmYTRkNDllYWI0ZjE2ZGM3OTJj
MGQzMTgwHhcNMjUwMTAxMjM0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGEwYmVjZWJiODZhM2I2MzQ5NDcwNjNlYzBhYTY2MGZjMzM3M2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9TdxTz9FWOiyKKiMtySjrei06jbI
W73MwcD3sCfM3AzM/ffz5IDN0xTRhBqohlGhlg4MRYO1fsVUSaqhZTwKelQUNrQU
ZxU9TkX2SHzEP3I5zjDDnu1i+xdtFBH7KDOoWDq6ilLFKSBzRxASjwQ7djHLS7Wt
42Ri5c4AC+c2pHSXwxmbEgAyf7KVpVdp5q0jvTzbYQls1WFM5h9cAeasBzAdkFy7
cqrbJY1ue9tORkCXvD50dTZnDuDkZT8o0zTS8JlV4R1XGU4eOUqm8M6FNwdvuzfP
08ZAuy8+hcF5m1qwqr0Iz+k36hsDcRy5q0Ku2qafLHsEybtzrlEO2scrowIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBigvs67hqO2NJRwY+wKpmD8M3PHMB8GA1UdIwQY
MBaAFL33oKBIto7M+k1J6rTxbceSwNMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZlZ29FaTJqc3o2VFVucXRQRnR4NUxBMHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9lMTZjYjYtYjQ1NC00OGQ2LWJkYzgt
MzUxNjE5MWE5ZDY4LzEvR0tDLXpydUdvN1kwbEhCajdBcW1ZUHd6YzhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9lMTZjYjYtYjQ1NC00OGQ2LWJkYzgtMzUxNjE5MWE5ZDY4
LzEvdmZlZ29FaTJqc3o2VFVucXRQRnR4NUxBMHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwozmMA8E
AgACMAkDBwAgAQZ8AUQwDQYJKoZIhvcNAQELBQADggEBAG94m3Vob/3DL3Ivsoga
gTPpoAnfDXfWe9pYLzeiO7By728Ku7mNxzJ6vSFtHKjp9XxJO2CsyOsXVpI51LAu
U1GABJ3ZKq2Ww6MdPK1pNponNQhfp23JFup8Sd7lZ/aXRqhweRRG750VJE9i3hWL
pQaQb3/LEntCa42KLEiTqdx9rw2C6wcrgbuPbDt9v/DS67r5vzdIdbzGL4Cx8trL
lPcjK+X/CxeyE4EH6+1cvdvxFK9cY6cMInk5FqyhOaY1Ilgbuu8rz87i3Hv01QzC
BD4VnOARTu34Rksk1X3vkuMLJ3Vl74XxU1mTjXvhOhOzNBMItxCNNwnlvcKn0kjE
jQ8=
-----END CERTIFICATE-----