Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/cb614c-495e-410e-8730-5a366315c166/1/GS3n997-WSAnBFI5sxW4oYhya68.roa
File:                     GS3n997-WSAnBFI5sxW4oYhya68.roa (raw, json)
Hash identifier:          9uLSgMiqXXeu2TS+gBYSbYKO48DlZM21pWe2MUShNG8=
Subject key identifier:   19:2D:E7:F7:DE:FE:59:20:27:04:52:39:B3:15:B8:A1:88:72:6B:AF
Certificate issuer:       /CN=9a48c1d8008cdc059db0b27aa9514799c06d5443
Certificate serial:       0194228E3F2BBFBE3AEB3D27BDCA1D737BE1
Authority key identifier: 9A:48:C1:D8:00:8C:DC:05:9D:B0:B2:7A:A9:51:47:99:C0:6D:54:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mkjB2ACM3AWdsLJ6qVFHmcBtVEM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/cb614c-495e-410e-8730-5a366315c166/1/GS3n997-WSAnBFI5sxW4oYhya68.roa
Signing time:             Wed 01 Jan 2025 15:48:55 +0000
ROA not before:           Wed 01 Jan 2025 15:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42474
IP address blocks:        185.239.48.0/23 maxlen: 24
                          193.169.228.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/cb614c-495e-410e-8730-5a366315c166/1/mkjB2ACM3AWdsLJ6qVFHmcBtVEM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/cb614c-495e-410e-8730-5a366315c166/1/mkjB2ACM3AWdsLJ6qVFHmcBtVEM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mkjB2ACM3AWdsLJ6qVFHmcBtVEM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 18:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:3f:2b:bf:be:3a:eb:3d:27:bd:ca:1d:73:7b:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a48c1d8008cdc059db0b27aa9514799c06d5443
        Validity
            Not Before: Jan  1 15:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=192de7f7defe592027045239b315b8a188726baf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d9:66:15:9d:eb:22:52:bf:dd:5f:67:e0:bb:
                    c2:60:a2:ae:ae:4c:09:d3:71:82:8a:aa:12:87:00:
                    54:55:61:81:73:f0:2b:0f:b5:3c:b9:02:e1:dc:dc:
                    2f:4b:85:8b:c5:c4:01:00:2e:66:c7:f0:fe:f4:c1:
                    6d:e3:45:da:ba:4d:32:af:ee:9b:3a:f2:17:6e:0d:
                    d0:1f:7f:ed:eb:8e:6c:c0:f7:3c:57:7e:33:c0:31:
                    a1:c8:08:0e:44:7c:59:d3:02:0d:34:70:8b:ab:0a:
                    49:ed:2c:12:10:d8:fd:27:7f:53:93:31:c7:6c:ac:
                    68:1b:6b:fe:4c:a9:e3:4a:8a:f0:30:a4:14:a3:33:
                    c1:28:57:e8:80:07:39:19:d6:36:36:58:3e:fa:e4:
                    06:5e:e3:5a:48:74:cb:aa:40:12:67:78:ea:30:9b:
                    0a:23:d0:e4:1b:c8:56:d1:a8:a0:32:b4:98:99:2f:
                    07:fd:f2:db:c9:90:88:4e:11:7d:9c:41:84:c5:84:
                    6f:6a:4b:df:af:14:b0:5d:de:57:9f:e6:26:86:1c:
                    00:22:40:05:23:1c:cc:d5:ca:cb:38:de:f3:e9:a4:
                    59:26:a7:0f:d9:2a:51:5f:33:28:3c:82:b3:07:b4:
                    4b:da:76:c6:9b:35:7a:d0:48:bc:42:79:f4:45:20:
                    f9:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:2D:E7:F7:DE:FE:59:20:27:04:52:39:B3:15:B8:A1:88:72:6B:AF
            X509v3 Authority Key Identifier:
                keyid:9A:48:C1:D8:00:8C:DC:05:9D:B0:B2:7A:A9:51:47:99:C0:6D:54:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mkjB2ACM3AWdsLJ6qVFHmcBtVEM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/cb614c-495e-410e-8730-5a366315c166/1/GS3n997-WSAnBFI5sxW4oYhya68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/cb614c-495e-410e-8730-5a366315c166/1/mkjB2ACM3AWdsLJ6qVFHmcBtVEM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.48.0/23
                  193.169.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         71:85:5a:24:e1:06:b9:e8:79:e3:b9:8c:a6:51:ad:79:ca:b2:
         70:e8:11:3f:a9:e7:59:b6:cc:6e:02:cd:62:ce:79:ae:44:35:
         c2:78:59:ba:54:f6:f7:46:c8:11:18:f4:a9:05:5d:8d:90:4d:
         8c:53:a4:f6:a6:c8:9e:b6:43:75:16:6a:e2:43:e9:85:bc:36:
         79:c3:82:dc:d0:1a:18:47:95:52:4a:ed:60:5a:57:66:c4:32:
         be:c8:7b:74:83:1a:34:59:3e:fc:f3:56:dc:03:af:09:b2:d2:
         25:fd:82:42:30:f2:cc:8c:09:7c:b8:83:bb:b7:4e:70:a1:e8:
         ec:b8:d6:93:09:16:59:3a:ba:da:26:30:59:ef:52:ad:7d:bc:
         c8:37:8e:0f:97:ea:91:1a:e7:d9:3f:31:09:f0:22:92:12:d5:
         53:fb:81:86:9e:ae:34:55:87:e3:3c:3f:ba:01:0d:96:ef:37:
         b2:03:da:98:dd:0f:c2:c6:bd:e9:53:ab:6f:50:a2:00:67:04:
         3a:4e:37:4d:3a:be:66:d2:a0:ec:a8:cb:87:b3:66:f5:01:02:
         60:ee:6f:54:ed:37:51:59:03:a0:8f:fd:e4:77:95:3c:6b:28:
         c1:82:e5:c5:94:87:07:5c:1d:1b:ef:01:3e:63:41:d7:8f:75:
         a5:a2:99:74
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijj8rv7466z0nvcodc3vhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNDhjMWQ4MDA4Y2RjMDU5ZGIwYjI3YWE5NTE0Nzk5YzA2
ZDU0NDMwHhcNMjUwMTAxMTU0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTJkZTdmN2RlZmU1OTIwMjcwNDUyMzliMzE1YjhhMTg4NzI2YmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNlmFZ3rIlK/3V9n4LvCYKKurkwJ
03GCiqoShwBUVWGBc/ArD7U8uQLh3NwvS4WLxcQBAC5mx/D+9MFt40Xauk0yr+6b
OvIXbg3QH3/t645swPc8V34zwDGhyAgORHxZ0wINNHCLqwpJ7SwSENj9J39TkzHH
bKxoG2v+TKnjSorwMKQUozPBKFfogAc5GdY2Nlg++uQGXuNaSHTLqkASZ3jqMJsK
I9DkG8hW0aigMrSYmS8H/fLbyZCIThF9nEGExYRvakvfrxSwXd5Xn+YmhhwAIkAF
IxzM1crLON7z6aRZJqcP2SpRXzMoPIKzB7RL2nbGmzV60Ei8Qnn0RSD5IQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBkt5/fe/lkgJwRSObMVuKGIcmuvMB8GA1UdIwQY
MBaAFJpIwdgAjNwFnbCyeqlRR5nAbVRDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWtqQjJBQ00zQVdkc0xKNnFWRkhtY0J0VkVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9jYjYxNGMtNDk1ZS00MTBlLTg3MzAt
NWEzNjYzMTVjMTY2LzEvR1Mzbjk5Ny1XU0FuQkZJNXN4VzRvWWh5YTY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9jYjYxNGMtNDk1ZS00MTBlLTg3MzAtNWEzNjYzMTVjMTY2
LzEvbWtqQjJBQ00zQVdkc0xKNnFWRkhtY0J0VkVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBue8wAwQB
wankMA0GCSqGSIb3DQEBCwUAA4IBAQBxhVok4Qa56HnjuYymUa15yrJw6BE/qedZ
tsxuAs1iznmuRDXCeFm6VPb3RsgRGPSpBV2NkE2MU6T2psietkN1FmriQ+mFvDZ5
w4Lc0BoYR5VSSu1gWldmxDK+yHt0gxo0WT7881bcA68JstIl/YJCMPLMjAl8uIO7
t05woejsuNaTCRZZOrraJjBZ71KtfbzIN44Pl+qRGufZPzEJ8CKSEtVT+4GGnq40
VYfjPD+6AQ2W7zeyA9qY3Q/Cxr3pU6tvUKIAZwQ6TjdNOr5m0qDsqMuHs2b1AQJg
7m9U7TdRWQOgj/3kd5U8ayjBguXFlIcHXB0b7wE+Y0HXj3Wlopl0
-----END CERTIFICATE-----