Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/6f4230-05e6-4c00-a4ab-06b8dfe498bd/1/GKGUA1ULBuEBg6UZcKqTCkNmhrM.roa
File:                     GKGUA1ULBuEBg6UZcKqTCkNmhrM.roa (raw, json)
Hash identifier:          S+MOcu2hV7fbEQM0gv8ckh0dyXeXiOXULnIXULZ3i+k=
Subject key identifier:   18:A1:94:03:55:0B:06:E1:01:83:A5:19:70:AA:93:0A:43:66:86:B3
Certificate issuer:       /CN=fe29bd8bb49a80996b460f5028ed52a8e057c0b1
Certificate serial:       01942745C751E2AD162879602828C9235727
Authority key identifier: FE:29:BD:8B:B4:9A:80:99:6B:46:0F:50:28:ED:52:A8:E0:57:C0:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_im9i7SagJlrRg9QKO1SqOBXwLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/6f4230-05e6-4c00-a4ab-06b8dfe498bd/1/GKGUA1ULBuEBg6UZcKqTCkNmhrM.roa
Signing time:             Thu 02 Jan 2025 13:47:51 +0000
ROA not before:           Thu 02 Jan 2025 13:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34554
IP address blocks:        80.75.112.0/20 maxlen: 20
                          185.196.128.0/22 maxlen: 22
                          2a01:6a8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/6f4230-05e6-4c00-a4ab-06b8dfe498bd/1/_im9i7SagJlrRg9QKO1SqOBXwLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/6f4230-05e6-4c00-a4ab-06b8dfe498bd/1/_im9i7SagJlrRg9QKO1SqOBXwLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_im9i7SagJlrRg9QKO1SqOBXwLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 13:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:45:c7:51:e2:ad:16:28:79:60:28:28:c9:23:57:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe29bd8bb49a80996b460f5028ed52a8e057c0b1
        Validity
            Not Before: Jan  2 13:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18a19403550b06e10183a51970aa930a436686b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:d0:bc:15:f4:85:bc:ba:bf:0e:49:f8:52:d2:
                    c9:4e:cc:9d:3a:d4:d3:ac:a5:8a:1d:c6:e3:9b:3c:
                    c8:3e:e5:ab:ea:79:f5:f2:38:69:3f:da:b4:bf:f3:
                    62:e8:27:f6:5e:d3:16:38:bb:8e:45:7d:7b:c0:a4:
                    2e:74:b6:3a:9e:f4:21:7f:dc:68:f2:4b:8e:75:e5:
                    a1:2d:1f:3a:80:d5:24:86:d7:9a:b8:cc:5a:f5:5a:
                    9f:ff:2e:cb:0d:e6:98:fe:11:62:1c:1f:76:35:2c:
                    e4:68:f2:f2:bc:27:6f:8f:25:00:a4:3d:58:1e:d4:
                    4a:b7:25:8f:b1:3a:44:c0:df:67:12:33:40:1f:89:
                    e7:cd:23:e9:6d:83:18:9c:ea:cd:8a:1f:bf:11:6d:
                    50:2c:ed:89:82:f8:06:74:b4:f1:51:c4:82:67:7a:
                    e2:1b:59:73:3b:3c:de:03:a7:14:ff:da:76:b6:65:
                    3d:f1:bf:20:f5:30:b8:00:59:e7:d2:ae:d2:fe:44:
                    4e:d5:e3:1f:04:a3:fa:3c:f8:f3:fd:e6:18:de:41:
                    f6:a9:1d:47:93:bf:a9:e1:d9:5a:cb:dc:e8:1c:88:
                    e0:31:ec:1f:6a:76:37:82:44:d5:ea:15:e9:ba:ae:
                    1d:35:14:b6:13:20:0e:41:51:6c:a5:5c:68:95:9f:
                    de:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:A1:94:03:55:0B:06:E1:01:83:A5:19:70:AA:93:0A:43:66:86:B3
            X509v3 Authority Key Identifier:
                keyid:FE:29:BD:8B:B4:9A:80:99:6B:46:0F:50:28:ED:52:A8:E0:57:C0:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_im9i7SagJlrRg9QKO1SqOBXwLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/6f4230-05e6-4c00-a4ab-06b8dfe498bd/1/GKGUA1ULBuEBg6UZcKqTCkNmhrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/6f4230-05e6-4c00-a4ab-06b8dfe498bd/1/_im9i7SagJlrRg9QKO1SqOBXwLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.75.112.0/20
                  185.196.128.0/22
                IPv6:
                  2a01:6a8::/32

    Signature Algorithm: sha256WithRSAEncryption
         ca:5b:f4:f2:71:c4:0a:05:2a:43:1d:6f:ca:1f:5d:9a:e0:6f:
         d6:75:93:7d:e9:d2:5e:15:06:a2:08:19:15:dc:85:de:cb:06:
         e8:d1:8e:d8:8d:3a:0f:1f:7e:16:86:ed:5c:22:fb:16:a9:a1:
         26:8b:d6:2e:af:9e:a8:9e:68:25:29:2a:f1:85:93:ed:5c:a8:
         57:65:8b:8e:3a:23:c7:1e:53:74:67:16:e5:6a:ed:55:5c:0a:
         7c:44:e5:74:68:3f:08:40:d6:fa:79:c6:e4:a2:a5:8a:75:4f:
         14:d7:59:a2:33:d9:34:98:78:fb:cd:15:e7:c6:ff:32:e5:f7:
         2b:ce:1a:1b:d2:17:98:36:1b:6a:8c:8d:4c:73:5e:b6:1f:aa:
         b7:0d:2b:62:e3:20:41:79:45:38:82:73:ac:c3:22:f6:9e:ff:
         e9:46:9a:e2:5b:06:9f:a8:6e:34:23:aa:89:45:56:1a:d1:45:
         db:d8:35:a0:cc:e4:83:94:bf:f2:3c:51:62:e7:1a:ab:d2:6e:
         d0:5b:1e:89:d9:b9:6e:da:dc:90:d6:f5:16:ff:ee:3f:59:79:
         01:6a:57:af:55:3a:13:c7:77:81:0b:76:42:d6:4b:e5:35:6e:
         ce:d1:38:99:2e:a8:02:45:19:3e:bb:d0:f3:8c:4e:3f:a1:52:
         80:06:55:3b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQnRcdR4q0WKHlgKCjJI1cnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlMjliZDhiYjQ5YTgwOTk2YjQ2MGY1MDI4ZWQ1MmE4ZTA1
N2MwYjEwHhcNMjUwMTAyMTM0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGExOTQwMzU1MGIwNmUxMDE4M2E1MTk3MGFhOTMwYTQzNjY4NmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9C8FfSFvLq/Dkn4UtLJTsydOtTT
rKWKHcbjmzzIPuWr6nn18jhpP9q0v/Ni6Cf2XtMWOLuORX17wKQudLY6nvQhf9xo
8kuOdeWhLR86gNUkhteauMxa9Vqf/y7LDeaY/hFiHB92NSzkaPLyvCdvjyUApD1Y
HtRKtyWPsTpEwN9nEjNAH4nnzSPpbYMYnOrNih+/EW1QLO2JgvgGdLTxUcSCZ3ri
G1lzOzzeA6cU/9p2tmU98b8g9TC4AFnn0q7S/kRO1eMfBKP6PPjz/eYY3kH2qR1H
k7+p4dlay9zoHIjgMewfanY3gkTV6hXpuq4dNRS2EyAOQVFspVxolZ/elQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBihlANVCwbhAYOlGXCqkwpDZoazMB8GA1UdIwQY
MBaAFP4pvYu0moCZa0YPUCjtUqjgV8CxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2ltOWk3U2FnSmxyUmc5UUtPMVNxT0JYd0xFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi82ZjQyMzAtMDVlNi00YzAwLWE0YWIt
MDZiOGRmZTQ5OGJkLzEvR0tHVUExVUxCdUVCZzZVWmNLcVRDa05taHJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi82ZjQyMzAtMDVlNi00YzAwLWE0YWItMDZiOGRmZTQ5OGJk
LzEvX2ltOWk3U2FnSmxyUmc5UUtPMVNxT0JYd0xFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEUEtwAwQC
ucSAMA0EAgACMAcDBQAqAQaoMA0GCSqGSIb3DQEBCwUAA4IBAQDKW/TyccQKBSpD
HW/KH12a4G/WdZN96dJeFQaiCBkV3IXeywbo0Y7YjToPH34Whu1cIvsWqaEmi9Yu
r56onmglKSrxhZPtXKhXZYuOOiPHHlN0Zxblau1VXAp8ROV0aD8IQNb6ecbkoqWK
dU8U11miM9k0mHj7zRXnxv8y5fcrzhob0heYNhtqjI1Mc162H6q3DSti4yBBeUU4
gnOswyL2nv/pRpriWwafqG40I6qJRVYa0UXb2DWgzOSDlL/yPFFi5xqr0m7QWx6J
2blu2tyQ1vUW/+4/WXkBalevVToTx3eBC3ZC1kvlNW7O0TiZLqgCRRk+u9DzjE4/
oVKABlU7
-----END CERTIFICATE-----