Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/GRqTEuVXCwel1rZqapFDMJkWJRE.roa
File:                     GRqTEuVXCwel1rZqapFDMJkWJRE.roa (raw, json)
Hash identifier:          ySr1bn/kNhUNA5ohCmNOD497jE46NSVg/YLf4FGvFI4=
Subject key identifier:   19:1A:93:12:E5:57:0B:07:A5:D6:B6:6A:6A:91:43:30:99:16:25:11
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       01942067CCEC134A048DB2CD96E73587D550
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/GRqTEuVXCwel1rZqapFDMJkWJRE.roa
Signing time:             Wed 01 Jan 2025 05:47:41 +0000
ROA not before:           Wed 01 Jan 2025 05:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48590
IP address blocks:        194.209.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:cc:ec:13:4a:04:8d:b2:cd:96:e7:35:87:d5:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 05:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=191a9312e5570b07a5d6b66a6a91433099162511
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:de:c6:aa:eb:f0:f1:b6:c1:6a:5a:cf:19:cd:
                    b7:cc:c6:3a:af:b0:fe:2e:92:32:ff:6e:15:5e:a3:
                    d4:4e:4f:cd:89:54:0f:9a:e2:d7:6e:49:08:57:16:
                    2a:dd:e8:e2:b0:d0:bc:89:5f:94:14:50:01:08:53:
                    cf:83:6f:23:ad:09:45:72:f1:4f:db:7c:56:8e:0b:
                    9c:c9:dc:04:9c:98:c8:3d:ed:29:a1:ab:50:d2:60:
                    37:18:8f:01:37:19:16:32:0b:1d:1a:5d:eb:19:5d:
                    5f:4c:6f:6b:1c:af:75:5d:05:d2:fc:a7:84:3c:46:
                    56:23:4c:e2:d8:97:48:1c:ca:53:7a:71:d0:e2:09:
                    bf:3b:28:cc:fd:dd:97:60:71:71:13:77:67:3a:70:
                    99:43:e2:4d:44:29:a8:25:2d:ec:f4:00:58:37:fd:
                    c3:19:55:ce:fb:3b:10:32:1f:64:10:d1:3a:f0:07:
                    49:1b:92:e2:b7:a5:fb:da:be:0c:eb:2d:f8:f2:1c:
                    75:d3:1b:a2:d3:20:fc:e4:ee:ed:0c:91:0b:77:64:
                    90:58:46:4d:65:e8:47:e2:b2:54:eb:13:00:d0:8d:
                    88:59:2b:8c:9c:78:60:9a:43:d7:bc:81:84:ec:92:
                    61:50:5b:52:09:5a:bf:46:a1:ca:3e:e9:de:b8:5e:
                    d7:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:1A:93:12:E5:57:0B:07:A5:D6:B6:6A:6A:91:43:30:99:16:25:11
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/GRqTEuVXCwel1rZqapFDMJkWJRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:ab:57:88:de:e0:d7:07:cd:32:7f:cb:55:0a:fb:eb:5d:76:
         91:60:1b:b4:1e:59:9f:29:ea:fa:7e:a8:36:3f:89:35:db:92:
         fe:d6:fa:4b:0e:1f:5b:d2:97:de:b7:41:d9:dd:9c:31:72:d1:
         ec:41:9d:73:58:b1:99:26:13:29:95:aa:81:63:b5:3d:13:f2:
         1e:a6:bb:1f:62:d9:1f:80:18:f5:c7:7a:87:d1:f7:40:c2:49:
         c3:3d:85:c6:90:49:b9:db:40:b6:cc:bd:48:21:10:26:54:c0:
         6d:b9:16:ad:ce:c6:ce:e2:e9:7a:4d:c1:2c:7d:46:be:fe:94:
         8a:a1:ec:d1:06:6b:c0:52:22:68:26:a6:38:cf:45:e0:27:c3:
         ac:4c:de:9d:86:68:55:b9:67:53:d1:e5:3f:30:b1:84:79:d3:
         be:59:3c:b0:6c:51:d3:b8:f2:18:f9:dc:22:ae:4a:c5:eb:0b:
         9d:9c:b6:bc:36:05:52:7d:11:0c:94:3d:4f:ca:bf:db:70:ac:
         b5:1d:1b:90:7b:7a:13:a4:fd:51:d6:e0:ed:c7:ca:12:0b:f7:
         e5:fb:35:52:05:73:c4:2b:f5:82:5a:19:3c:a6:29:59:d9:e4:
         1b:f6:32:ab:71:38:fc:f6:ad:46:15:8c:45:40:d1:f3:e5:20:
         f5:7c:1a:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ8zsE0oEjbLNluc1h9VQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjUwMTAxMDU0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTFhOTMxMmU1NTcwYjA3YTVkNmI2NmE2YTkxNDMzMDk5MTYyNTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqN7Gquvw8bbBalrPGc23zMY6r7D+
LpIy/24VXqPUTk/NiVQPmuLXbkkIVxYq3ejisNC8iV+UFFABCFPPg28jrQlFcvFP
23xWjgucydwEnJjIPe0poatQ0mA3GI8BNxkWMgsdGl3rGV1fTG9rHK91XQXS/KeE
PEZWI0zi2JdIHMpTenHQ4gm/OyjM/d2XYHFxE3dnOnCZQ+JNRCmoJS3s9ABYN/3D
GVXO+zsQMh9kENE68AdJG5Lit6X72r4M6y348hx10xui0yD85O7tDJELd2SQWEZN
ZehH4rJU6xMA0I2IWSuMnHhgmkPXvIGE7JJhUFtSCVq/RqHKPuneuF7X+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBkakxLlVwsHpda2amqRQzCZFiURMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvR1JxVEV1VlhDd2VsMXJacWFwRkRNSmtXSlJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtEMMA0G
CSqGSIb3DQEBCwUAA4IBAQC0q1eI3uDXB80yf8tVCvvrXXaRYBu0HlmfKer6fqg2
P4k125L+1vpLDh9b0pfet0HZ3ZwxctHsQZ1zWLGZJhMplaqBY7U9E/IeprsfYtkf
gBj1x3qH0fdAwknDPYXGkEm520C2zL1IIRAmVMBtuRatzsbO4ul6TcEsfUa+/pSK
oezRBmvAUiJoJqY4z0XgJ8OsTN6dhmhVuWdT0eU/MLGEedO+WTywbFHTuPIY+dwi
rkrF6wudnLa8NgVSfREMlD1Pyr/bcKy1HRuQe3oTpP1R1uDtx8oSC/fl+zVSBXPE
K/WCWhk8pilZ2eQb9jKrcTj89q1GFYxFQNHz5SD1fBos
-----END CERTIFICATE-----