Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/01484c-5f28-42f5-b9ea-0787a503ca69/1/gftrqq2xNPQCOHxaCTBevS63_R0.roa
File:                     gftrqq2xNPQCOHxaCTBevS63_R0.roa (raw, json)
Hash identifier:          BBnqHSnGOHFEg3w/aAg1dxePTY9R+tg1C4jtSLBPpAc=
Subject key identifier:   81:FB:6B:AA:AD:B1:34:F4:02:38:7C:5A:09:30:5E:BD:2E:B7:FD:1D
Certificate issuer:       /CN=b02aa961b477d5423d85b7d43f3efa26326d7090
Certificate serial:       0194B89C1DF2DE627A3385AC626FC80DE7D1
Authority key identifier: B0:2A:A9:61:B4:77:D5:42:3D:85:B7:D4:3F:3E:FA:26:32:6D:70:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sCqpYbR31UI9hbfUPz76JjJtcJA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/01484c-5f28-42f5-b9ea-0787a503ca69/1/gftrqq2xNPQCOHxaCTBevS63_R0.roa
Signing time:             Thu 30 Jan 2025 19:07:06 +0000
ROA not before:           Thu 30 Jan 2025 19:07:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209860
IP address blocks:        212.87.242.0/23 maxlen: 23
                          212.87.248.0/23 maxlen: 23
                          212.87.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/01484c-5f28-42f5-b9ea-0787a503ca69/1/sCqpYbR31UI9hbfUPz76JjJtcJA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/01484c-5f28-42f5-b9ea-0787a503ca69/1/sCqpYbR31UI9hbfUPz76JjJtcJA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sCqpYbR31UI9hbfUPz76JjJtcJA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b8:9c:1d:f2:de:62:7a:33:85:ac:62:6f:c8:0d:e7:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b02aa961b477d5423d85b7d43f3efa26326d7090
        Validity
            Not Before: Jan 30 19:07:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=81fb6baaadb134f402387c5a09305ebd2eb7fd1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:43:88:77:6b:80:07:b4:49:c9:ef:b3:b9:1c:
                    0e:e0:46:df:67:69:3c:0c:50:6f:2e:a3:94:ed:97:
                    5d:f2:57:d2:b6:11:40:65:c7:02:be:e1:ed:0d:cf:
                    af:58:1a:53:92:c6:2f:e9:42:b4:fc:32:8e:d7:52:
                    57:a8:62:39:aa:7d:4a:74:e9:1f:16:66:57:b0:72:
                    2f:e5:88:ec:12:ce:74:90:43:70:a2:8c:4e:52:f0:
                    8f:e4:f4:4e:5a:8f:12:46:ff:a2:6b:eb:9f:b0:e8:
                    d0:e7:2d:a5:10:79:7a:97:a5:43:47:74:01:c1:48:
                    bf:35:f0:3d:f0:9b:cf:ad:e5:90:6e:59:9b:b9:a2:
                    ea:27:c5:f9:b1:41:5c:87:24:4f:b4:02:14:84:7d:
                    e3:d2:84:8b:b4:e0:26:f1:cd:de:eb:e2:64:cc:47:
                    05:f7:a6:e5:6a:4a:2c:54:50:57:35:46:fb:83:96:
                    e7:2b:0a:3d:f8:34:99:bb:2a:e5:96:9b:5e:ba:12:
                    e3:9d:f2:0a:b6:8f:d7:5e:31:2e:6d:c2:9d:b2:1f:
                    53:39:9c:63:9e:29:89:82:57:2e:0e:4d:2b:d9:9b:
                    6a:a4:0d:30:d3:02:a0:93:9a:5b:7a:dd:87:0e:59:
                    a2:c9:d2:e8:6c:52:06:41:c0:71:7f:46:6c:b3:ca:
                    ca:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:FB:6B:AA:AD:B1:34:F4:02:38:7C:5A:09:30:5E:BD:2E:B7:FD:1D
            X509v3 Authority Key Identifier:
                keyid:B0:2A:A9:61:B4:77:D5:42:3D:85:B7:D4:3F:3E:FA:26:32:6D:70:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sCqpYbR31UI9hbfUPz76JjJtcJA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/01484c-5f28-42f5-b9ea-0787a503ca69/1/gftrqq2xNPQCOHxaCTBevS63_R0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/01484c-5f28-42f5-b9ea-0787a503ca69/1/sCqpYbR31UI9hbfUPz76JjJtcJA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.87.242.0/23
                  212.87.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4a:84:12:f7:9b:15:48:a3:04:82:66:d0:f9:39:82:7d:ab:74:
         aa:5b:44:72:98:7e:9d:59:8a:fc:02:1f:b0:b5:09:be:b7:68:
         2e:6a:36:ce:92:af:30:e5:60:3c:c6:4a:21:91:8c:71:8b:13:
         93:ed:8a:b4:01:a0:e4:3f:59:63:8c:5f:e2:ff:2e:ad:b9:e3:
         64:93:1d:11:5f:29:11:bd:6f:f4:d6:0a:83:49:22:1f:d8:98:
         7a:f7:5c:dc:f6:03:0a:de:02:c2:2f:a4:cb:70:19:a4:2c:56:
         7e:4b:fe:8d:94:66:39:75:66:8c:85:78:44:2d:c1:54:23:2e:
         7f:9c:6e:b5:7d:02:5e:e0:2d:7a:e0:c0:56:a6:8d:7f:d9:52:
         2a:57:1a:14:12:1d:c2:c2:24:cd:2c:a3:55:39:25:25:e2:78:
         ab:5f:87:fb:57:43:5e:43:3f:cf:a7:15:fd:65:cb:95:a2:11:
         e5:89:00:e2:2e:97:5b:ee:b5:79:f9:91:fe:5d:f0:dd:c7:7b:
         4b:e1:29:7b:8c:0c:e8:71:0e:90:d2:64:7d:da:7b:c7:de:45:
         4d:f6:db:49:dd:8d:fd:97:70:a8:61:be:81:07:2f:61:04:d1:
         74:4a:8f:6d:0b:46:cb:6a:46:fe:6b:b5:1c:0d:58:d9:d2:5b:
         95:eb:a1:b7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZS4nB3y3mJ6M4WsYm/IDefRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwMmFhOTYxYjQ3N2Q1NDIzZDg1YjdkNDNmM2VmYTI2MzI2
ZDcwOTAwHhcNMjUwMTMwMTkwNzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWZiNmJhYWFkYjEzNGY0MDIzODdjNWEwOTMwNWViZDJlYjdmZDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkOId2uAB7RJye+zuRwO4EbfZ2k8
DFBvLqOU7Zdd8lfSthFAZccCvuHtDc+vWBpTksYv6UK0/DKO11JXqGI5qn1KdOkf
FmZXsHIv5YjsEs50kENwooxOUvCP5PROWo8SRv+ia+ufsOjQ5y2lEHl6l6VDR3QB
wUi/NfA98JvPreWQblmbuaLqJ8X5sUFchyRPtAIUhH3j0oSLtOAm8c3e6+JkzEcF
96blakosVFBXNUb7g5bnKwo9+DSZuyrllpteuhLjnfIKto/XXjEubcKdsh9TOZxj
nimJglcuDk0r2ZtqpA0w0wKgk5pbet2HDlmiydLobFIGQcBxf0Zss8rK0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIH7a6qtsTT0Ajh8WgkwXr0ut/0dMB8GA1UdIwQY
MBaAFLAqqWG0d9VCPYW31D8++iYybXCQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0NxcFliUjMxVUk5aGJmVVB6NzZKakp0Y0pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8wMTQ4NGMtNWYyOC00MmY1LWI5ZWEt
MDc4N2E1MDNjYTY5LzEvZ2Z0cnFxMnhOUFFDT0h4YUNUQmV2UzYzX1IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8wMTQ4NGMtNWYyOC00MmY1LWI5ZWEtMDc4N2E1MDNjYTY5
LzEvc0NxcFliUjMxVUk5aGJmVVB6NzZKakp0Y0pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQB1FfyAwQB
1Ff4MA0GCSqGSIb3DQEBCwUAA4IBAQBKhBL3mxVIowSCZtD5OYJ9q3SqW0RymH6d
WYr8Ah+wtQm+t2guajbOkq8w5WA8xkohkYxxixOT7Yq0AaDkP1ljjF/i/y6tueNk
kx0RXykRvW/01gqDSSIf2Jh691zc9gMK3gLCL6TLcBmkLFZ+S/6NlGY5dWaMhXhE
LcFUIy5/nG61fQJe4C164MBWpo1/2VIqVxoUEh3CwiTNLKNVOSUl4nirX4f7V0Ne
Qz/PpxX9ZcuVohHliQDiLpdb7rV5+ZH+XfDdx3tL4Sl7jAzocQ6Q0mR92nvH3kVN
9ttJ3Y39l3CoYb6BBy9hBNF0So9tC0bLakb+a7UcDVjZ0luV66G3
-----END CERTIFICATE-----