Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/182915-feec-4160-88bf-b210447c07ff/1/GMiGJIQPkTJHbljDh9-Qbgs-ofQ.roa
File:                     GMiGJIQPkTJHbljDh9-Qbgs-ofQ.roa (raw, json)
Hash identifier:          gehqPfu1dznuITregHu34HVG8SqD/GP87okupLZENG8=
Subject key identifier:   18:C8:86:24:84:0F:91:32:47:6E:58:C3:87:DF:90:6E:0B:3E:A1:F4
Certificate issuer:       /CN=192fc85b01f21a0d685c03001df47ac460937bf1
Certificate serial:       019420685364DAE1C053B5794EB5925C500F
Authority key identifier: 19:2F:C8:5B:01:F2:1A:0D:68:5C:03:00:1D:F4:7A:C4:60:93:7B:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GS_IWwHyGg1oXAMAHfR6xGCTe_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/182915-feec-4160-88bf-b210447c07ff/1/GMiGJIQPkTJHbljDh9-Qbgs-ofQ.roa
Signing time:             Wed 01 Jan 2025 05:48:15 +0000
ROA not before:           Wed 01 Jan 2025 05:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207431
IP address blocks:        185.190.30.0/24 maxlen: 24
                          185.190.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/182915-feec-4160-88bf-b210447c07ff/1/GS_IWwHyGg1oXAMAHfR6xGCTe_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/182915-feec-4160-88bf-b210447c07ff/1/GS_IWwHyGg1oXAMAHfR6xGCTe_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GS_IWwHyGg1oXAMAHfR6xGCTe_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:53:64:da:e1:c0:53:b5:79:4e:b5:92:5c:50:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=192fc85b01f21a0d685c03001df47ac460937bf1
        Validity
            Not Before: Jan  1 05:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18c88624840f9132476e58c387df906e0b3ea1f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:73:63:9a:bd:9a:b3:19:30:1e:e3:30:b9:6a:
                    29:64:b0:ed:0b:23:c3:c3:b1:31:47:02:09:79:a3:
                    57:e6:ff:13:4f:66:ba:0c:b1:29:64:d3:58:35:0b:
                    c8:12:7d:fd:a3:98:78:6e:c5:95:06:40:11:bc:da:
                    c0:2f:63:1f:6c:8f:f8:35:71:e7:74:ae:0a:bb:b8:
                    3d:27:ab:ba:2a:d2:dc:4b:3f:57:d1:45:89:ee:8c:
                    a6:02:0e:37:a7:41:49:d8:96:6b:f1:53:ce:dc:dc:
                    38:ae:b6:21:83:83:fa:2b:36:ea:5d:8c:33:f9:5a:
                    8d:77:67:58:5e:24:3f:22:c7:20:15:a2:19:d5:b0:
                    10:fe:3e:6e:ee:c2:8d:96:90:6f:7e:8b:59:00:13:
                    bd:64:d4:2b:ef:9c:06:a1:3d:32:d3:36:70:e1:b4:
                    ab:26:63:42:a1:1b:2d:df:62:bb:44:65:5a:4d:cd:
                    e9:c4:40:56:f4:bc:a9:47:25:c1:e2:b4:0f:be:f3:
                    6a:66:34:ea:26:a8:03:9e:ee:70:9f:8b:86:17:cc:
                    5c:e2:68:e5:ec:04:03:a8:4d:b7:bb:cf:b8:f6:9c:
                    48:2e:de:0d:c0:48:ed:72:30:d1:06:ad:3c:c8:b8:
                    57:91:8f:a9:4b:c6:5f:45:8a:ba:8b:bc:91:20:70:
                    69:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:C8:86:24:84:0F:91:32:47:6E:58:C3:87:DF:90:6E:0B:3E:A1:F4
            X509v3 Authority Key Identifier:
                keyid:19:2F:C8:5B:01:F2:1A:0D:68:5C:03:00:1D:F4:7A:C4:60:93:7B:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GS_IWwHyGg1oXAMAHfR6xGCTe_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/182915-feec-4160-88bf-b210447c07ff/1/GMiGJIQPkTJHbljDh9-Qbgs-ofQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/182915-feec-4160-88bf-b210447c07ff/1/GS_IWwHyGg1oXAMAHfR6xGCTe_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:e1:b6:e2:b8:f3:68:f0:01:12:be:87:23:f9:d6:1b:2d:82:
         38:64:fe:34:c2:1b:07:7f:d1:f5:84:8c:38:0c:ba:fa:78:db:
         ee:37:ff:d9:77:45:b6:39:17:7b:0c:55:6a:8b:b6:df:63:8d:
         cc:4c:4e:96:d6:e7:d8:60:09:c4:0f:01:96:9f:15:f7:ee:76:
         9c:d6:c7:63:aa:88:f9:09:d3:01:58:76:8f:66:ca:89:89:13:
         e4:93:42:3b:24:3a:63:46:8e:7a:b2:d7:10:eb:0b:87:a4:c0:
         4a:db:f2:12:fa:4a:6a:74:4d:8a:e0:84:e0:f6:de:c0:84:49:
         5a:f8:3d:58:97:37:da:a2:7b:4f:1d:2b:8a:9e:f2:db:57:3f:
         c5:86:03:35:d1:ff:05:5b:7c:29:49:e8:8e:56:db:0e:7d:78:
         27:6e:60:28:ec:a2:87:46:d3:4f:61:b4:84:fd:c2:2e:77:de:
         f5:bc:f8:23:b7:a1:7e:60:d7:22:e7:ed:bc:c6:8d:15:d5:b6:
         65:71:0b:c9:a5:df:35:ec:4f:2a:aa:4f:a2:d7:cc:41:35:67:
         3c:21:2f:fc:c1:c4:e7:df:73:9b:4f:5c:00:96:84:06:0d:cd:
         b9:69:9a:46:aa:84:b7:15:ea:9e:79:3c:71:ac:7b:ed:5f:c7:
         b5:ca:4b:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaFNk2uHAU7V5TrWSXFAPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5MmZjODViMDFmMjFhMGQ2ODVjMDMwMDFkZjQ3YWM0NjA5
MzdiZjEwHhcNMjUwMTAxMDU0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGM4ODYyNDg0MGY5MTMyNDc2ZTU4YzM4N2RmOTA2ZTBiM2VhMWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXNjmr2asxkwHuMwuWopZLDtCyPD
w7ExRwIJeaNX5v8TT2a6DLEpZNNYNQvIEn39o5h4bsWVBkARvNrAL2MfbI/4NXHn
dK4Ku7g9J6u6KtLcSz9X0UWJ7oymAg43p0FJ2JZr8VPO3Nw4rrYhg4P6KzbqXYwz
+VqNd2dYXiQ/IscgFaIZ1bAQ/j5u7sKNlpBvfotZABO9ZNQr75wGoT0y0zZw4bSr
JmNCoRst32K7RGVaTc3pxEBW9LypRyXB4rQPvvNqZjTqJqgDnu5wn4uGF8xc4mjl
7AQDqE23u8+49pxILt4NwEjtcjDRBq08yLhXkY+pS8ZfRYq6i7yRIHBpGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBjIhiSED5EyR25Yw4ffkG4LPqH0MB8GA1UdIwQY
MBaAFBkvyFsB8hoNaFwDAB30esRgk3vxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1NfSVd3SHlHZzFvWEFNQUhmUjZ4R0NUZV9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi8xODI5MTUtZmVlYy00MTYwLTg4YmYt
YjIxMDQ0N2MwN2ZmLzEvR01pR0pJUVBrVEpIYmxqRGg5LVFiZ3Mtb2ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi8xODI5MTUtZmVlYy00MTYwLTg4YmYtYjIxMDQ0N2MwN2Zm
LzEvR1NfSVd3SHlHZzFvWEFNQUhmUjZ4R0NUZV9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBub4eMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ4bbiuPNo8AESvocj+dYbLYI4ZP40whsHf9H1hIw4
DLr6eNvuN//Zd0W2ORd7DFVqi7bfY43MTE6W1ufYYAnEDwGWnxX37nac1sdjqoj5
CdMBWHaPZsqJiRPkk0I7JDpjRo56stcQ6wuHpMBK2/IS+kpqdE2K4ITg9t7AhEla
+D1YlzfaontPHSuKnvLbVz/FhgM10f8FW3wpSeiOVtsOfXgnbmAo7KKHRtNPYbSE
/cIud971vPgjt6F+YNci5+28xo0V1bZlcQvJpd817E8qqk+i18xBNWc8IS/8wcTn
33ObT1wAloQGDc25aZpGqoS3FeqeeTxxrHvtX8e1ykvJ
-----END CERTIFICATE-----