Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/Gr71KmVq4Fpo3C-WiVN0x-J5iIs.roa
File:                     Gr71KmVq4Fpo3C-WiVN0x-J5iIs.roa (raw, json)
Hash identifier:          IZ3fisAoqz1jDgEKtaHhs6iOQRRtsE2MhCoBcG5PSvQ=
Subject key identifier:   1A:BE:F5:2A:65:6A:E0:5A:68:DC:2F:96:89:53:74:C7:E2:79:88:8B
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       019423D70AD84D8B2CCFBC379D84891F36FB
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/Gr71KmVq4Fpo3C-WiVN0x-J5iIs.roa
Signing time:             Wed 01 Jan 2025 21:48:02 +0000
ROA not before:           Wed 01 Jan 2025 21:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198520
IP address blocks:        213.238.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 20:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:0a:d8:4d:8b:2c:cf:bc:37:9d:84:89:1f:36:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Jan  1 21:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1abef52a656ae05a68dc2f96895374c7e279888b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:da:6b:54:1f:3f:6f:25:0d:18:18:d6:76:8c:
                    8a:b0:79:fa:d7:1a:aa:16:3d:a0:01:6b:1a:11:72:
                    2a:dc:43:16:13:e6:22:6d:4f:16:2c:d0:2f:95:33:
                    8e:19:85:e2:60:34:b3:b0:7c:0b:8c:ab:bd:13:ed:
                    34:49:3e:b9:ad:a6:cc:63:a0:65:7f:9f:c8:97:aa:
                    b6:39:3f:6c:27:2f:30:aa:58:de:20:60:97:1e:cc:
                    2b:c7:cd:18:e6:c0:85:e9:9e:b4:f0:3c:c1:3e:d6:
                    7a:85:a8:4c:54:b9:5d:0f:ec:d7:8d:47:56:eb:0a:
                    63:48:d4:16:73:d3:6c:b5:51:18:66:09:97:2b:2d:
                    52:fa:67:50:98:76:51:fa:f5:83:d7:63:40:a6:3a:
                    36:a5:c5:2a:df:be:84:07:cf:c7:37:73:97:80:42:
                    6b:16:32:61:b1:69:f2:f2:cf:2f:83:eb:cb:47:4b:
                    7e:f7:76:65:8a:dc:02:d2:fe:55:96:60:43:46:3b:
                    34:49:c8:94:7f:a3:95:33:c5:79:ee:89:a0:9e:d1:
                    8b:8b:06:11:f3:dc:42:fb:c9:40:f8:e8:21:67:32:
                    c1:63:13:d6:6e:7f:a7:ac:e0:62:88:53:f3:f4:b1:
                    7b:7f:da:20:1f:be:47:9c:86:98:03:64:37:0c:47:
                    5c:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:BE:F5:2A:65:6A:E0:5A:68:DC:2F:96:89:53:74:C7:E2:79:88:8B
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/Gr71KmVq4Fpo3C-WiVN0x-J5iIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:de:04:52:59:17:55:37:e4:0d:ac:50:25:70:97:14:af:e5:
         2e:3e:a3:c5:35:f8:40:b4:c2:3e:33:1b:24:34:df:2c:4d:13:
         60:4f:4e:7b:d8:82:e9:24:f5:57:bf:a4:93:f2:c6:e2:c3:86:
         bc:2c:ec:22:4b:65:76:92:1a:89:6a:ff:d9:67:16:09:82:b2:
         be:60:88:2f:59:23:9b:b3:b8:1a:20:58:7e:d4:52:ba:ed:29:
         67:d8:1b:6b:9b:58:ed:a7:68:ea:82:d8:33:4a:ea:a6:ea:f0:
         cc:1b:88:c2:14:76:87:d7:ef:74:cf:91:ea:e3:57:d4:1d:36:
         fe:2c:58:f0:54:04:07:01:03:a8:30:a3:0d:5e:19:ad:14:94:
         fe:ce:d4:15:cc:2c:47:b4:44:9a:13:07:6f:5a:d9:5f:14:ff:
         ba:b0:52:58:ee:d4:a9:fa:1e:66:b4:62:5c:a7:12:09:4b:0c:
         20:04:2c:3a:2c:d1:89:c9:a1:0d:9d:2e:76:aa:10:e4:98:54:
         e7:d5:12:28:65:cd:66:74:8d:22:52:dc:5b:fb:31:6e:27:ea:
         44:4c:8a:6b:1a:05:f8:84:3b:df:b9:d8:52:b1:1f:94:84:88:
         77:02:7c:2b:89:63:ee:00:c9:bf:85:03:d0:c0:7b:48:1f:7f:
         8b:72:17:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1wrYTYssz7w3nYSJHzb7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjUwMTAxMjE0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWJlZjUyYTY1NmFlMDVhNjhkYzJmOTY4OTUzNzRjN2UyNzk4ODhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntprVB8/byUNGBjWdoyKsHn61xqq
Fj2gAWsaEXIq3EMWE+YibU8WLNAvlTOOGYXiYDSzsHwLjKu9E+00ST65rabMY6Bl
f5/Il6q2OT9sJy8wqljeIGCXHswrx80Y5sCF6Z608DzBPtZ6hahMVLldD+zXjUdW
6wpjSNQWc9NstVEYZgmXKy1S+mdQmHZR+vWD12NApjo2pcUq376EB8/HN3OXgEJr
FjJhsWny8s8vg+vLR0t+93ZlitwC0v5VlmBDRjs0SciUf6OVM8V57omgntGLiwYR
89xC+8lA+OghZzLBYxPWbn+nrOBiiFPz9LF7f9ogH75HnIaYA2Q3DEdc1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBq+9SplauBaaNwvlolTdMfieYiLMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvR3I3MUttVnE0RnBvM0MtV2lWTjB4LUo1aUlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e66MA0G
CSqGSIb3DQEBCwUAA4IBAQCm3gRSWRdVN+QNrFAlcJcUr+UuPqPFNfhAtMI+Mxsk
NN8sTRNgT0572ILpJPVXv6ST8sbiw4a8LOwiS2V2khqJav/ZZxYJgrK+YIgvWSOb
s7gaIFh+1FK67Sln2Btrm1jtp2jqgtgzSuqm6vDMG4jCFHaH1+90z5Hq41fUHTb+
LFjwVAQHAQOoMKMNXhmtFJT+ztQVzCxHtESaEwdvWtlfFP+6sFJY7tSp+h5mtGJc
pxIJSwwgBCw6LNGJyaENnS52qhDkmFTn1RIoZc1mdI0iUtxb+zFuJ+pETIprGgX4
hDvfudhSsR+UhIh3AnwriWPuAMm/hQPQwHtIH3+Lchcv
-----END CERTIFICATE-----