Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/GDKqvDV3tg8euG7iA-40pDu81dg.roa
File:                     GDKqvDV3tg8euG7iA-40pDu81dg.roa (raw, json)
Hash identifier:          DIPUgYEMtsUW2SsY0gpVq2Amy3DeiC7nGWJEdov3OAc=
Subject key identifier:   18:32:AA:BC:35:77:B6:0F:1E:B8:6E:E2:03:EE:34:A4:3B:BC:D5:D8
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       0194282677A56F8B61496868FC5CF63BCCAD
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/GDKqvDV3tg8euG7iA-40pDu81dg.roa
Signing time:             Thu 02 Jan 2025 17:53:16 +0000
ROA not before:           Thu 02 Jan 2025 17:53:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     264617
IP address blocks:        89.249.196.0/24 maxlen: 24
                          212.42.198.0/24 maxlen: 24
                          212.42.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:77:a5:6f:8b:61:49:68:68:fc:5c:f6:3b:cc:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Jan  2 17:53:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1832aabc3577b60f1eb86ee203ee34a43bbcd5d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:13:d4:9f:72:66:8c:cb:43:0f:67:74:38:2c:
                    6f:8b:cf:c8:17:48:d0:ab:3f:30:1c:81:26:ee:85:
                    56:1c:f7:c9:22:09:47:d6:e0:0b:79:d7:e8:82:cb:
                    62:2c:ac:3e:d8:28:d2:47:48:33:ed:3a:8c:67:63:
                    13:7a:68:dd:75:dc:9e:35:c0:35:c0:01:f8:d2:51:
                    82:e3:ec:d9:20:64:a0:1a:7b:bf:96:b8:18:0f:3e:
                    6b:fb:28:04:61:4f:d1:4b:ae:82:2d:ef:09:d0:94:
                    d8:93:c0:ec:a4:a6:57:e9:f8:c4:78:37:83:44:44:
                    63:3b:e8:5e:51:0f:76:a7:7a:35:ce:a5:3e:52:9f:
                    f4:ef:65:ab:3f:11:68:ea:1c:5f:4b:c9:87:f2:33:
                    1e:a4:6d:b5:c3:f4:51:44:1e:1f:00:ac:cb:51:3f:
                    27:01:eb:ea:49:18:56:e6:c2:9a:ba:63:27:d2:af:
                    b9:0c:96:1e:8c:72:f0:db:d8:7e:da:5b:02:67:7b:
                    70:5e:15:65:1f:c7:38:d3:04:7f:9e:04:26:fe:26:
                    f7:f3:a6:3c:0b:43:3b:21:64:6a:5e:90:53:53:d7:
                    bf:3a:ba:6f:22:00:60:e8:52:6f:cf:8f:1a:58:43:
                    cd:0f:eb:65:91:81:9f:ff:f5:d7:96:67:3c:26:66:
                    b4:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:32:AA:BC:35:77:B6:0F:1E:B8:6E:E2:03:EE:34:A4:3B:BC:D5:D8
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/GDKqvDV3tg8euG7iA-40pDu81dg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.196.0/24
                  212.42.198.0/24
                  212.42.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:91:55:db:26:e7:db:10:93:06:f1:ab:fe:6a:4e:93:b3:4b:
         f9:bc:45:9b:2c:61:52:9e:60:83:7d:61:15:0d:93:d8:99:ac:
         60:dc:4e:85:55:fc:de:6a:1f:84:bd:fc:d6:d1:3b:e6:e2:e7:
         15:2d:45:39:08:7f:7f:a0:c5:d5:ac:d7:1c:3b:81:ed:54:77:
         ca:6f:cd:16:34:9d:7f:c1:d1:8e:25:8c:11:73:3d:4f:56:6d:
         4a:34:db:ae:85:a6:6a:6a:04:ed:2f:6f:a9:70:2c:ef:a0:84:
         f1:ba:a0:72:b2:59:dd:5d:5e:5a:87:26:07:c5:bc:e2:3f:bf:
         f3:ef:ab:90:c3:46:65:99:f4:dc:6a:dd:8f:eb:9c:7f:5f:e8:
         b2:6d:99:cc:1e:50:c6:d5:f1:54:70:92:7f:4e:91:44:fd:9e:
         49:6a:c5:78:57:89:2b:52:bc:88:30:f5:93:cf:d2:fc:0c:ca:
         79:cc:f2:cf:bb:58:60:c8:e6:45:98:0f:28:08:68:05:e4:bd:
         95:1c:f0:2f:eb:f4:fe:94:9e:56:dd:5b:74:13:d4:37:57:82:
         46:a2:62:6b:e2:c3:ae:7e:66:fa:b4:80:5a:e7:e3:39:de:e6:
         d9:e8:8a:47:97:af:65:c6:45:78:87:41:1e:2d:b6:05:19:4a:
         e9:21:a7:72
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQoJnelb4thSWho/Fz2O8ytMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjUwMTAyMTc1MzE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODMyYWFiYzM1NzdiNjBmMWViODZlZTIwM2VlMzRhNDNiYmNkNWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBPUn3JmjMtDD2d0OCxvi8/IF0jQ
qz8wHIEm7oVWHPfJIglH1uALedfogstiLKw+2CjSR0gz7TqMZ2MTemjdddyeNcA1
wAH40lGC4+zZIGSgGnu/lrgYDz5r+ygEYU/RS66CLe8J0JTYk8DspKZX6fjEeDeD
RERjO+heUQ92p3o1zqU+Up/072WrPxFo6hxfS8mH8jMepG21w/RRRB4fAKzLUT8n
AevqSRhW5sKaumMn0q+5DJYejHLw29h+2lsCZ3twXhVlH8c40wR/ngQm/ib386Y8
C0M7IWRqXpBTU9e/OrpvIgBg6FJvz48aWEPND+tlkYGf//XXlmc8Jma0WwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBgyqrw1d7YPHrhu4gPuNKQ7vNXYMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvR0RLcXZEVjN0ZzhldUc3aUEtNDBwRHU4MWRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWfnEAwQA
1CrGAwQA1CrKMA0GCSqGSIb3DQEBCwUAA4IBAQDMkVXbJufbEJMG8av+ak6Ts0v5
vEWbLGFSnmCDfWEVDZPYmaxg3E6FVfzeah+EvfzW0Tvm4ucVLUU5CH9/oMXVrNcc
O4HtVHfKb80WNJ1/wdGOJYwRcz1PVm1KNNuuhaZqagTtL2+pcCzvoITxuqByslnd
XV5ahyYHxbziP7/z76uQw0ZlmfTcat2P65x/X+iybZnMHlDG1fFUcJJ/TpFE/Z5J
asV4V4krUryIMPWTz9L8DMp5zPLPu1hgyOZFmA8oCGgF5L2VHPAv6/T+lJ5W3Vt0
E9Q3V4JGomJr4sOufmb6tIBa5+M53ubZ6IpHl69lxkV4h0EeLbYFGUrpIady
-----END CERTIFICATE-----