Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/gkwT-d__QKowAY5Ocf64cDl7M4s.roa
File:                     gkwT-d__QKowAY5Ocf64cDl7M4s.roa (raw, json)
Hash identifier:          S0K8yM8s7Jfw7i+k1P/jE9FZq22d/v6q6SXDGil9ri0=
Subject key identifier:   82:4C:13:F9:DF:FF:40:AA:30:01:8E:4E:71:FE:B8:70:39:7B:33:8B
Certificate issuer:       /CN=7aef069e7e3ed5bf70f682ce40c5810ff3e5e378
Certificate serial:       0194228D29EB5DB38D81FA49E5F3E65EFF31
Authority key identifier: 7A:EF:06:9E:7E:3E:D5:BF:70:F6:82:CE:40:C5:81:0F:F3:E5:E3:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/gkwT-d__QKowAY5Ocf64cDl7M4s.roa
Signing time:             Wed 01 Jan 2025 15:47:44 +0000
ROA not before:           Wed 01 Jan 2025 15:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28721
IP address blocks:        185.88.130.0/24 maxlen: 24
                          194.149.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:29:eb:5d:b3:8d:81:fa:49:e5:f3:e6:5e:ff:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aef069e7e3ed5bf70f682ce40c5810ff3e5e378
        Validity
            Not Before: Jan  1 15:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=824c13f9dfff40aa30018e4e71feb870397b338b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:a2:aa:cc:21:35:a4:2d:02:93:80:17:79:0f:
                    06:c4:50:1f:ee:e6:33:2d:bf:fb:32:ef:e1:5e:5d:
                    f9:4a:3b:ac:df:b2:85:c9:a5:35:4d:2c:e6:ec:28:
                    c9:b7:5e:60:98:ad:56:25:07:ea:76:2c:44:2b:f2:
                    1a:ce:42:5c:5c:09:33:9b:1b:5a:2a:58:ba:f8:16:
                    1f:68:66:db:31:ed:43:5a:66:7a:a4:1b:89:36:5f:
                    85:35:96:8e:14:8d:70:9b:30:0f:a0:5a:3f:37:e9:
                    2b:c4:dc:25:2c:d6:d6:e7:40:09:51:db:12:12:17:
                    51:db:09:13:f8:d6:fc:a6:e9:28:00:d5:87:54:91:
                    bd:f9:18:55:8f:dd:ef:97:df:35:92:88:3b:1a:ac:
                    35:16:8c:ea:91:e1:4c:03:01:8f:b0:97:0a:e0:97:
                    c1:89:f7:4f:e8:8b:82:1b:ba:96:d3:5e:c9:11:7a:
                    65:dd:8a:1f:97:19:db:09:06:2f:5f:0a:e5:4a:b1:
                    db:fe:6c:55:9e:24:59:53:37:a5:c2:a5:4f:66:43:
                    00:75:e8:18:d7:2a:3e:5c:ce:22:86:9c:8d:38:02:
                    8c:cc:e7:f5:c0:23:31:f6:98:88:3d:fb:84:0c:ef:
                    2c:e3:d7:66:92:61:95:1e:c3:93:a3:a3:da:2d:33:
                    d4:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:4C:13:F9:DF:FF:40:AA:30:01:8E:4E:71:FE:B8:70:39:7B:33:8B
            X509v3 Authority Key Identifier:
                keyid:7A:EF:06:9E:7E:3E:D5:BF:70:F6:82:CE:40:C5:81:0F:F3:E5:E3:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/gkwT-d__QKowAY5Ocf64cDl7M4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.130.0/24
                  194.149.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:19:24:7c:67:94:70:1a:59:ea:56:54:ae:d7:89:db:81:cf:
         8b:ca:ad:50:bb:88:b0:e9:b8:31:57:a8:c8:19:76:81:08:15:
         63:b4:bb:71:31:3c:dd:ea:26:0b:f6:d5:35:d5:a7:a0:2a:78:
         1f:9f:65:62:63:a7:bf:ce:f4:f6:f0:e1:6e:29:aa:d5:04:1c:
         75:bb:01:9a:5b:74:7d:20:a1:5e:eb:21:1e:f5:98:93:29:02:
         ff:87:c3:e5:c7:22:a6:56:02:09:41:7d:af:ea:57:29:44:e0:
         7e:56:62:ac:ea:ae:ac:ad:ab:dc:64:8e:37:7f:da:44:91:40:
         c7:1a:de:7a:69:4c:94:d0:3e:1c:30:4f:9c:96:c1:d1:1c:25:
         cd:c2:f6:7a:97:bf:f4:28:c0:89:8c:a0:eb:27:de:13:7f:12:
         45:60:98:81:32:e1:58:58:06:9b:36:cd:74:7b:8c:a4:3b:49:
         91:f4:b8:50:90:db:9e:67:90:9b:0d:2e:7a:da:96:b5:43:93:
         da:95:e0:2c:93:9c:c8:50:1d:ea:47:4c:02:5b:ee:e4:f7:38:
         68:b9:8c:8e:28:1e:cb:84:36:63:13:ad:b2:a2:a9:75:47:41:
         97:ca:b7:57:9e:f2:1a:02:b6:29:62:f4:7d:c2:02:cd:a5:52:
         d9:ba:19:d2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijSnrXbONgfpJ5fPmXv8xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZWYwNjllN2UzZWQ1YmY3MGY2ODJjZTQwYzU4MTBmZjNl
NWUzNzgwHhcNMjUwMTAxMTU0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjRjMTNmOWRmZmY0MGFhMzAwMThlNGU3MWZlYjg3MDM5N2IzMzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqKqzCE1pC0Ck4AXeQ8GxFAf7uYz
Lb/7Mu/hXl35Sjus37KFyaU1TSzm7CjJt15gmK1WJQfqdixEK/IazkJcXAkzmxta
Kli6+BYfaGbbMe1DWmZ6pBuJNl+FNZaOFI1wmzAPoFo/N+krxNwlLNbW50AJUdsS
EhdR2wkT+Nb8pukoANWHVJG9+RhVj93vl981kog7Gqw1FozqkeFMAwGPsJcK4JfB
ifdP6IuCG7qW017JEXpl3YoflxnbCQYvXwrlSrHb/mxVniRZUzelwqVPZkMAdegY
1yo+XM4ihpyNOAKMzOf1wCMx9piIPfuEDO8s49dmkmGVHsOTo6PaLTPUZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIJME/nf/0CqMAGOTnH+uHA5ezOLMB8GA1UdIwQY
MBaAFHrvBp5+PtW/cPaCzkDFgQ/z5eN4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXU4R25uNC0xYjl3OW9MT1FNV0JEX1BsNDNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9jMGJiNTItNzBkZS00YWYwLWE5ZmIt
OTAwMDM0ZjAwZDllLzEvZ2t3VC1kX19RS293QVk1T2NmNjRjRGw3TTRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9jMGJiNTItNzBkZS00YWYwLWE5ZmItOTAwMDM0ZjAwZDll
LzEvZXU4R25uNC0xYjl3OW9MT1FNV0JEX1BsNDNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuViCAwQA
wpX1MA0GCSqGSIb3DQEBCwUAA4IBAQAIGSR8Z5RwGlnqVlSu14nbgc+Lyq1Qu4iw
6bgxV6jIGXaBCBVjtLtxMTzd6iYL9tU11aegKngfn2ViY6e/zvT28OFuKarVBBx1
uwGaW3R9IKFe6yEe9ZiTKQL/h8PlxyKmVgIJQX2v6lcpROB+VmKs6q6sravcZI43
f9pEkUDHGt56aUyU0D4cME+clsHRHCXNwvZ6l7/0KMCJjKDrJ94TfxJFYJiBMuFY
WAabNs10e4ykO0mR9LhQkNueZ5CbDS562pa1Q5PaleAsk5zIUB3qR0wCW+7k9zho
uYyOKB7LhDZjE62yoql1R0GXyrdXnvIaArYpYvR9wgLNpVLZuhnS
-----END CERTIFICATE-----