Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/940550-daab-4c9d-8440-f8c9e0962354/1/gGwKnYfvhCn5nwp-acIqahsS3nA.roa
File:                     gGwKnYfvhCn5nwp-acIqahsS3nA.roa (raw, json)
Hash identifier:          Rj4EAnxstBQ29bzxEKAGqDAmg0fXQP5ck4gqOBpaqb4=
Subject key identifier:   80:6C:0A:9D:87:EF:84:29:F9:9F:0A:7E:69:C2:2A:6A:1B:12:DE:70
Certificate issuer:       /CN=f6954d0103a7a3e652354a74489f86daf9a1a59d
Certificate serial:       0194244542D71616DF4E71029F24A4247526
Authority key identifier: F6:95:4D:01:03:A7:A3:E6:52:35:4A:74:48:9F:86:DA:F9:A1:A5:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9pVNAQOno-ZSNUp0SJ-G2vmhpZ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/940550-daab-4c9d-8440-f8c9e0962354/1/gGwKnYfvhCn5nwp-acIqahsS3nA.roa
Signing time:             Wed 01 Jan 2025 23:48:26 +0000
ROA not before:           Wed 01 Jan 2025 23:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58265
IP address blocks:        185.200.224.0/22 maxlen: 24
                          193.138.156.0/22 maxlen: 24
                          193.169.184.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/940550-daab-4c9d-8440-f8c9e0962354/1/9pVNAQOno-ZSNUp0SJ-G2vmhpZ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/940550-daab-4c9d-8440-f8c9e0962354/1/9pVNAQOno-ZSNUp0SJ-G2vmhpZ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9pVNAQOno-ZSNUp0SJ-G2vmhpZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:42:d7:16:16:df:4e:71:02:9f:24:a4:24:75:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6954d0103a7a3e652354a74489f86daf9a1a59d
        Validity
            Not Before: Jan  1 23:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=806c0a9d87ef8429f99f0a7e69c22a6a1b12de70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:a9:aa:38:11:cd:6b:80:b1:21:bf:11:bc:61:
                    73:32:bf:6f:2e:cb:67:ad:42:89:7c:8d:c7:06:2f:
                    3a:2b:27:24:3b:8a:0a:38:fa:01:e3:43:c1:97:2c:
                    3e:df:06:26:c7:92:12:0a:a5:76:4f:ba:31:88:52:
                    e3:e3:97:99:90:c6:09:a2:73:d7:b2:ac:28:f0:9b:
                    05:28:f0:a7:ac:15:2a:61:c0:5c:74:13:9c:f7:3f:
                    0b:84:43:4d:0b:98:16:02:0f:36:b5:cd:2a:4e:c8:
                    c6:6a:c2:f9:23:4e:09:15:de:2a:bf:d5:45:4e:eb:
                    d7:f1:77:dc:79:80:4e:ef:e8:5a:e5:fb:96:49:be:
                    f8:e8:bf:96:65:95:9f:cf:c9:2c:96:b5:b3:a4:06:
                    58:74:b6:07:3f:15:0b:b8:90:d4:7b:e3:0c:d8:94:
                    84:bd:33:c1:22:41:13:a9:f7:80:d6:76:b4:5a:4b:
                    2a:b6:17:e2:fc:e1:8f:b3:db:6c:e1:83:a1:74:25:
                    c2:1a:32:d0:2f:11:bf:7f:c2:c1:65:a0:33:24:18:
                    a5:7d:87:76:2f:cc:ba:2a:3c:1f:17:3b:9a:62:f5:
                    69:25:39:85:02:1d:48:2a:0d:90:61:92:09:4d:42:
                    d2:07:b5:23:00:59:90:00:d4:a7:72:aa:cb:ee:bb:
                    95:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:6C:0A:9D:87:EF:84:29:F9:9F:0A:7E:69:C2:2A:6A:1B:12:DE:70
            X509v3 Authority Key Identifier:
                keyid:F6:95:4D:01:03:A7:A3:E6:52:35:4A:74:48:9F:86:DA:F9:A1:A5:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9pVNAQOno-ZSNUp0SJ-G2vmhpZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/940550-daab-4c9d-8440-f8c9e0962354/1/gGwKnYfvhCn5nwp-acIqahsS3nA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/940550-daab-4c9d-8440-f8c9e0962354/1/9pVNAQOno-ZSNUp0SJ-G2vmhpZ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.224.0/22
                  193.138.156.0/22
                  193.169.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:12:03:e7:46:3d:16:ee:6e:f4:5e:2b:64:a3:cf:0f:51:a1:
         c7:e3:01:50:c7:d8:8d:56:03:76:d6:ad:44:aa:e2:47:77:54:
         c6:9d:4b:8a:f9:df:ce:8b:84:b5:39:0a:26:16:59:06:4e:de:
         53:f5:fc:a2:46:e7:f7:35:46:f5:1f:cd:91:11:1a:75:4c:35:
         16:d3:92:8e:ab:73:cc:6e:ec:6c:0e:71:81:2c:52:d0:02:9f:
         02:0b:c3:6b:32:60:44:db:8c:5a:58:ab:3c:e6:0c:7d:27:84:
         2f:95:c9:34:43:b8:50:70:16:b8:5e:54:42:d3:e0:13:20:05:
         28:81:20:af:43:ca:ec:62:5e:e3:7e:b7:2b:be:1f:6c:46:50:
         aa:ce:4e:3b:be:fb:4e:a6:57:72:8e:54:f6:31:d4:12:43:5b:
         ea:dc:89:66:50:e7:03:c6:37:21:ba:b1:02:92:52:0f:dd:8d:
         f9:62:9f:c0:56:5a:a1:e2:54:47:14:0d:e6:f5:53:60:bc:ab:
         68:2d:39:d5:39:30:0f:86:be:5c:2b:ba:17:78:f1:74:1e:72:
         ea:c6:04:0f:01:ff:4e:b7:76:f1:52:fb:fd:e0:65:26:42:0e:
         ba:f8:87:d0:8c:e7:46:3f:25:3e:8a:e5:a7:eb:29:21:37:f3:
         d5:54:bf:af
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQkRULXFhbfTnECnySkJHUmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2OTU0ZDAxMDNhN2EzZTY1MjM1NGE3NDQ4OWY4NmRhZjlh
MWE1OWQwHhcNMjUwMTAxMjM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDZjMGE5ZDg3ZWY4NDI5Zjk5ZjBhN2U2OWMyMmE2YTFiMTJkZTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzqmqOBHNa4CxIb8RvGFzMr9vLstn
rUKJfI3HBi86KyckO4oKOPoB40PBlyw+3wYmx5ISCqV2T7oxiFLj45eZkMYJonPX
sqwo8JsFKPCnrBUqYcBcdBOc9z8LhENNC5gWAg82tc0qTsjGasL5I04JFd4qv9VF
TuvX8XfceYBO7+ha5fuWSb746L+WZZWfz8kslrWzpAZYdLYHPxULuJDUe+MM2JSE
vTPBIkETqfeA1na0Wksqthfi/OGPs9ts4YOhdCXCGjLQLxG/f8LBZaAzJBilfYd2
L8y6KjwfFzuaYvVpJTmFAh1IKg2QYZIJTULSB7UjAFmQANSncqrL7ruVdQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIBsCp2H74Qp+Z8KfmnCKmobEt5wMB8GA1UdIwQY
MBaAFPaVTQEDp6PmUjVKdEifhtr5oaWdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXBWTkFRT25vLVpTTlVwMFNKLUcydm1ocFowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy85NDA1NTAtZGFhYi00YzlkLTg0NDAt
ZjhjOWUwOTYyMzU0LzEvZ0d3S25ZZnZoQ241bndwLWFjSXFhaHNTM25BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy85NDA1NTAtZGFhYi00YzlkLTg0NDAtZjhjOWUwOTYyMzU0
LzEvOXBWTkFRT25vLVpTTlVwMFNKLUcydm1ocFowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCucjgAwQC
wYqcAwQBwam4MA0GCSqGSIb3DQEBCwUAA4IBAQAjEgPnRj0W7m70Xitko88PUaHH
4wFQx9iNVgN21q1EquJHd1TGnUuK+d/Oi4S1OQomFlkGTt5T9fyiRuf3NUb1H82R
ERp1TDUW05KOq3PMbuxsDnGBLFLQAp8CC8NrMmBE24xaWKs85gx9J4Qvlck0Q7hQ
cBa4XlRC0+ATIAUogSCvQ8rsYl7jfrcrvh9sRlCqzk47vvtOpldyjlT2MdQSQ1vq
3IlmUOcDxjchurECklIP3Y35Yp/AVlqh4lRHFA3m9VNgvKtoLTnVOTAPhr5cK7oX
ePF0HnLqxgQPAf9Ot3bxUvv94GUmQg66+IfQjOdGPyU+iuWn6ykhN/PVVL+v
-----END CERTIFICATE-----