Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/1972a2-3b6f-4316-ab7e-a0bcc912d735/1/G1iTz--AdrX58wnteKblePSt-Jw.roa
File:                     G1iTz--AdrX58wnteKblePSt-Jw.roa (raw, json)
Hash identifier:          0Fp+SXPuf0GKZAv8TJo76eTj4M6Vb7IJbISKBHsaJUM=
Subject key identifier:   1B:58:93:CF:EF:80:76:B5:F9:F3:09:ED:78:A6:E5:78:F4:AD:F8:9C
Certificate issuer:       /CN=1bea3e99bbb0dda78084219a613492e5e6d9b45a
Certificate serial:       0196F29999C8484939F73B549F2DE64B4B0D
Authority key identifier: 1B:EA:3E:99:BB:B0:DD:A7:80:84:21:9A:61:34:92:E5:E6:D9:B4:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G-o-mbuw3aeAhCGaYTSS5ebZtFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/1972a2-3b6f-4316-ab7e-a0bcc912d735/1/G1iTz--AdrX58wnteKblePSt-Jw.roa
Signing time:             Wed 21 May 2025 11:27:54 +0000
ROA not before:           Wed 21 May 2025 11:27:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.60.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/1972a2-3b6f-4316-ab7e-a0bcc912d735/1/G-o-mbuw3aeAhCGaYTSS5ebZtFo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/1972a2-3b6f-4316-ab7e-a0bcc912d735/1/G-o-mbuw3aeAhCGaYTSS5ebZtFo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G-o-mbuw3aeAhCGaYTSS5ebZtFo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 20:42:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f2:99:99:c8:48:49:39:f7:3b:54:9f:2d:e6:4b:4b:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1bea3e99bbb0dda78084219a613492e5e6d9b45a
        Validity
            Not Before: May 21 11:27:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b5893cfef8076b5f9f309ed78a6e578f4adf89c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:f0:c0:2e:60:5f:6c:68:c7:98:f0:87:d2:85:
                    fd:1d:ce:95:d2:63:77:09:e7:53:11:8b:8b:35:51:
                    25:c3:4c:0e:33:56:80:56:1c:3c:d8:8f:eb:32:66:
                    f5:85:30:80:db:06:0a:9b:12:8e:f4:bd:73:a4:96:
                    0c:74:9f:4a:ed:56:cf:03:7e:38:a4:f0:a9:00:7b:
                    ed:e7:8f:ff:17:84:f8:e4:be:53:5e:84:40:51:31:
                    72:9a:e7:0c:c3:4f:a0:18:8c:1f:30:94:66:04:ef:
                    84:63:ba:ef:82:66:ca:31:83:dc:89:c3:92:49:6d:
                    ea:f1:06:eb:81:ce:4e:46:c4:12:80:2d:63:33:05:
                    92:ce:92:29:b5:36:a8:e5:a4:87:20:38:41:72:1e:
                    53:ab:be:b7:3b:98:92:1e:d5:a0:5f:56:7f:88:1c:
                    81:8e:50:a1:25:de:68:ca:59:d0:e4:a2:62:3f:e8:
                    8b:b7:bf:8b:33:c5:a3:fc:f8:3f:23:ae:a3:35:29:
                    93:05:25:0a:ce:2d:6f:4f:0a:56:af:10:d4:c9:fb:
                    f6:da:16:9f:fd:de:a6:fd:7e:56:26:0a:24:4b:4a:
                    a6:e4:ea:cb:c1:b4:aa:95:aa:3e:13:f7:1a:35:f4:
                    55:83:6b:25:33:9c:25:55:e1:21:60:52:16:3a:97:
                    0d:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:58:93:CF:EF:80:76:B5:F9:F3:09:ED:78:A6:E5:78:F4:AD:F8:9C
            X509v3 Authority Key Identifier:
                keyid:1B:EA:3E:99:BB:B0:DD:A7:80:84:21:9A:61:34:92:E5:E6:D9:B4:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G-o-mbuw3aeAhCGaYTSS5ebZtFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/1972a2-3b6f-4316-ab7e-a0bcc912d735/1/G1iTz--AdrX58wnteKblePSt-Jw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/1972a2-3b6f-4316-ab7e-a0bcc912d735/1/G-o-mbuw3aeAhCGaYTSS5ebZtFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.60.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:72:25:d4:6a:f1:62:b6:3c:ec:b6:5d:d6:4a:a2:64:79:a1:
         21:72:43:42:4d:56:b7:75:67:8d:6f:e0:90:90:fe:4a:8d:20:
         da:a4:6b:e4:7d:72:18:26:47:18:a1:97:02:82:c4:e6:45:eb:
         5d:d6:e3:0e:0b:f9:f6:2b:a4:9d:72:d0:7f:4f:f8:06:7c:e3:
         02:b6:be:6b:74:45:a2:b0:4d:ef:45:56:04:0e:24:ce:0a:a5:
         00:92:fe:86:b3:af:57:47:8e:96:5e:c9:25:c5:e8:2b:ab:82:
         16:cf:96:67:bf:65:9d:6d:c9:64:54:23:61:d4:8c:da:3d:f0:
         eb:b5:5a:dd:b4:e6:a1:01:1e:1a:70:69:9a:34:20:1c:d9:2b:
         23:ef:d5:d8:f7:4f:94:aa:0d:6b:68:ed:09:c9:fa:7f:d1:bc:
         cf:f6:de:df:5c:93:32:c7:a5:26:08:35:04:57:70:b5:da:e4:
         0e:8a:82:34:4e:78:40:6b:da:39:c0:c2:cd:9f:db:aa:44:78:
         ea:4a:64:7e:54:1b:41:6d:38:82:32:e2:a5:1c:c0:f2:4a:5a:
         d9:48:80:d4:f6:b9:5b:57:42:6d:39:42:58:7a:4c:57:bb:76:
         4e:94:4c:4a:e3:07:91:67:46:f0:20:94:01:f8:ea:e3:9a:d5:
         9e:01:54:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbymZnISEk59ztUny3mS0sNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiZWEzZTk5YmJiMGRkYTc4MDg0MjE5YTYxMzQ5MmU1ZTZk
OWI0NWEwHhcNMjUwNTIxMTEyNzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjU4OTNjZmVmODA3NmI1ZjlmMzA5ZWQ3OGE2ZTU3OGY0YWRmODljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/DALmBfbGjHmPCH0oX9Hc6V0mN3
CedTEYuLNVElw0wOM1aAVhw82I/rMmb1hTCA2wYKmxKO9L1zpJYMdJ9K7VbPA344
pPCpAHvt54//F4T45L5TXoRAUTFymucMw0+gGIwfMJRmBO+EY7rvgmbKMYPcicOS
SW3q8Qbrgc5ORsQSgC1jMwWSzpIptTao5aSHIDhBch5Tq763O5iSHtWgX1Z/iByB
jlChJd5oylnQ5KJiP+iLt7+LM8Wj/Pg/I66jNSmTBSUKzi1vTwpWrxDUyfv22haf
/d6m/X5WJgokS0qm5OrLwbSqlao+E/caNfRVg2slM5wlVeEhYFIWOpcNAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBtYk8/vgHa1+fMJ7Xim5Xj0rficMB8GA1UdIwQY
MBaAFBvqPpm7sN2ngIQhmmE0kuXm2bRaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRy1vLW1idXczYWVBaENHYVlUU1M1ZWJadEZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8xOTcyYTItM2I2Zi00MzE2LWFiN2Ut
YTBiY2M5MTJkNzM1LzEvRzFpVHotLUFkclg1OHdudGVLYmxlUFN0LUp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8xOTcyYTItM2I2Zi00MzE2LWFiN2UtYTBiY2M5MTJkNzM1
LzEvRy1vLW1idXczYWVBaENHYVlUU1M1ZWJadEZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTz4MA0G
CSqGSIb3DQEBCwUAA4IBAQCAciXUavFitjzstl3WSqJkeaEhckNCTVa3dWeNb+CQ
kP5KjSDapGvkfXIYJkcYoZcCgsTmRetd1uMOC/n2K6SdctB/T/gGfOMCtr5rdEWi
sE3vRVYEDiTOCqUAkv6Gs69XR46WXsklxegrq4IWz5Znv2WdbclkVCNh1IzaPfDr
tVrdtOahAR4acGmaNCAc2Ssj79XY90+Uqg1raO0Jyfp/0bzP9t7fXJMyx6UmCDUE
V3C12uQOioI0TnhAa9o5wMLNn9uqRHjqSmR+VBtBbTiCMuKlHMDySlrZSIDU9rlb
V0JtOUJYekxXu3ZOlExK4weRZ0bwIJQB+OrjmtWeAVQg
-----END CERTIFICATE-----