Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Gkl_bQpi1pUZE-_4UANijHtrsmc.roa
File:                     Gkl_bQpi1pUZE-_4UANijHtrsmc.roa (raw, json)
Hash identifier:          +dxFJKz8efXiNIlcsDbmBdIPMwy8dKb2Gz0quV/8P3M=
Subject key identifier:   1A:49:7F:6D:0A:62:D6:95:19:13:EF:F8:50:03:62:8C:7B:6B:B2:67
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019428251071C5C01C41879794591A7F12F9
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Gkl_bQpi1pUZE-_4UANijHtrsmc.roa
Signing time:             Thu 02 Jan 2025 17:51:45 +0000
ROA not before:           Thu 02 Jan 2025 17:51:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214304
IP address blocks:        194.87.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 21:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:10:71:c5:c0:1c:41:87:97:94:59:1a:7f:12:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 17:51:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a497f6d0a62d6951913eff85003628c7b6bb267
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:49:69:fa:b0:15:24:4a:75:0f:b1:bc:f3:4f:
                    c5:08:f9:61:8c:f6:87:eb:01:be:bc:16:44:63:d8:
                    b2:0f:63:7a:8f:bf:45:20:90:36:da:f6:b7:eb:fc:
                    05:2a:69:b2:d5:44:0e:2a:cd:ea:dc:2e:e0:b9:84:
                    99:c6:0a:60:1a:8e:9a:f5:8c:c9:5b:45:dd:d4:fc:
                    0a:26:fb:21:d1:d3:57:35:39:b7:c0:e0:11:bf:82:
                    b1:0e:05:43:78:6f:42:e3:7b:a9:9b:cf:f6:e2:27:
                    f2:38:2c:69:87:d4:56:6c:be:65:c5:69:09:3d:7e:
                    87:5f:db:c6:7c:4f:d5:e4:30:7b:f4:94:40:1b:18:
                    15:6e:5e:94:75:de:bb:32:47:be:79:90:6d:57:da:
                    3f:25:73:e9:80:75:24:2d:1a:55:27:2c:a7:37:3f:
                    12:39:5a:41:2e:ba:c3:fb:a4:53:87:a2:b4:34:26:
                    45:ee:77:91:c0:97:34:1f:d8:bf:dd:82:60:21:38:
                    07:bb:2c:d6:35:7e:b0:b7:e8:22:ff:2b:ed:b8:67:
                    6b:b3:6e:08:4c:d6:06:3e:7d:46:66:ae:30:e6:4e:
                    22:5e:f7:33:92:cc:d6:0a:28:d3:2f:7c:8a:c6:84:
                    6e:3a:de:85:65:4a:99:9f:49:8b:f7:1c:95:5b:d3:
                    7b:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:49:7F:6D:0A:62:D6:95:19:13:EF:F8:50:03:62:8C:7B:6B:B2:67
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Gkl_bQpi1pUZE-_4UANijHtrsmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:a1:6e:be:49:0f:d2:9b:58:3a:86:ad:96:b9:c6:b0:cb:4a:
         9b:c4:96:72:a0:e6:40:ee:e9:5d:e1:76:79:c6:8d:2f:67:ad:
         ed:bb:cc:b7:a5:59:07:0e:90:e6:c0:c5:35:e0:71:64:6b:ca:
         02:48:79:35:e3:bf:90:37:47:ed:1f:29:c0:45:80:d2:cd:dc:
         db:41:b7:ca:ac:b7:01:36:ff:4e:31:ad:80:ba:c3:a9:b3:60:
         74:fa:fe:3e:3c:0a:51:4d:af:c9:33:8b:28:69:8e:05:89:ba:
         ad:cb:cf:84:a5:58:d8:37:1d:f0:78:df:e7:c1:bc:fe:88:62:
         c3:c3:60:d5:ab:5e:1d:54:3d:46:07:51:6d:57:3e:de:39:93:
         1f:10:3c:17:1e:d8:23:de:a7:0a:ad:02:75:af:df:8c:ed:11:
         38:69:d9:f3:a9:de:f1:cd:a5:a6:ce:b1:b2:db:70:4d:d5:f9:
         81:02:9a:fc:49:40:77:15:1c:4c:09:9b:e9:e9:5f:08:95:1a:
         26:c8:f8:e7:68:60:2b:66:5d:fa:ad:34:81:8f:6c:84:ff:5a:
         a8:ca:d8:37:10:b6:71:40:29:25:bc:61:03:41:8d:ba:01:c1:
         3c:35:21:f4:14:e6:a8:d3:cd:51:1b:cf:b0:44:31:64:65:e9:
         0a:e1:70:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJRBxxcAcQYeXlFkafxL5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTQ5N2Y2ZDBhNjJkNjk1MTkxM2VmZjg1MDAzNjI4YzdiNmJiMjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Ulp+rAVJEp1D7G880/FCPlhjPaH
6wG+vBZEY9iyD2N6j79FIJA22va36/wFKmmy1UQOKs3q3C7guYSZxgpgGo6a9YzJ
W0Xd1PwKJvsh0dNXNTm3wOARv4KxDgVDeG9C43upm8/24ifyOCxph9RWbL5lxWkJ
PX6HX9vGfE/V5DB79JRAGxgVbl6Udd67Mke+eZBtV9o/JXPpgHUkLRpVJyynNz8S
OVpBLrrD+6RTh6K0NCZF7neRwJc0H9i/3YJgITgHuyzWNX6wt+gi/yvtuGdrs24I
TNYGPn1GZq4w5k4iXvczkszWCijTL3yKxoRuOt6FZUqZn0mL9xyVW9N72QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBpJf20KYtaVGRPv+FADYox7a7JnMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvR2tsX2JRcGkxcFVaRS1fNFVBTmlqSHRyc21jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlf2MA0G
CSqGSIb3DQEBCwUAA4IBAQAOoW6+SQ/Sm1g6hq2Wucawy0qbxJZyoOZA7uld4XZ5
xo0vZ63tu8y3pVkHDpDmwMU14HFka8oCSHk147+QN0ftHynARYDSzdzbQbfKrLcB
Nv9OMa2AusOps2B0+v4+PApRTa/JM4soaY4Fibqty8+EpVjYNx3weN/nwbz+iGLD
w2DVq14dVD1GB1FtVz7eOZMfEDwXHtgj3qcKrQJ1r9+M7RE4adnzqd7xzaWmzrGy
23BN1fmBApr8SUB3FRxMCZvp6V8IlRomyPjnaGArZl36rTSBj2yE/1qoytg3ELZx
QCklvGEDQY26AcE8NSH0FOao081RG8+wRDFkZekK4XB2
-----END CERTIFICATE-----