Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/GNcbaUuI19-wbs7GLcE1lajDv-k.roa
File:                     GNcbaUuI19-wbs7GLcE1lajDv-k.roa (raw, json)
Hash identifier:          JkYHzX+XVOiUvpRyMV+wrBz6xce9nKA7hPNlot5aQZ4=
Subject key identifier:   18:D7:1B:69:4B:88:D7:DF:B0:6E:CE:C6:2D:C1:35:95:A8:C3:BF:E9
Certificate issuer:       /CN=72ed2fbb7213fbf32ad4c087f8b0b22cecef4fea
Certificate serial:       019426D8A278432E5FFE93F3D8A5F0210105
Authority key identifier: 72:ED:2F:BB:72:13:FB:F3:2A:D4:C0:87:F8:B0:B2:2C:EC:EF:4F:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/GNcbaUuI19-wbs7GLcE1lajDv-k.roa
Signing time:             Thu 02 Jan 2025 11:48:38 +0000
ROA not before:           Thu 02 Jan 2025 11:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204059
IP address blocks:        80.67.181.0/24 maxlen: 24
                          80.67.191.0/24 maxlen: 24
                          2001:913:1000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:a2:78:43:2e:5f:fe:93:f3:d8:a5:f0:21:01:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72ed2fbb7213fbf32ad4c087f8b0b22cecef4fea
        Validity
            Not Before: Jan  2 11:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18d71b694b88d7dfb06ecec62dc13595a8c3bfe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:00:b7:cf:03:83:e6:01:81:58:1d:2e:bc:dd:
                    43:97:df:dd:41:9e:15:3a:12:c5:9e:57:e2:fb:d2:
                    a8:6f:cd:af:f0:65:0e:af:fc:4b:3a:bf:2b:8a:b9:
                    d9:68:8d:6a:95:3f:58:dd:40:75:ba:13:70:29:4e:
                    5e:09:19:9f:98:1e:25:ab:cb:c3:48:85:aa:57:2e:
                    82:84:84:91:f1:66:16:2c:1e:af:7e:be:e0:1e:f1:
                    c3:4e:32:64:f7:1f:d5:0c:23:a3:a4:f1:83:f4:0d:
                    e5:3a:a3:22:af:c6:99:25:1e:fd:eb:03:7e:ec:28:
                    0f:cd:59:de:14:81:43:7d:78:68:18:48:09:20:31:
                    97:3f:66:b8:cd:bb:ea:3f:61:9c:70:18:36:e3:18:
                    b6:84:5a:93:28:95:6a:0c:d0:82:47:97:59:48:d4:
                    4f:54:5d:e9:3d:6b:b1:23:41:6e:97:d4:8d:91:2e:
                    71:6c:a1:bd:7a:48:b6:4f:c6:b8:a4:8f:84:f1:94:
                    bc:ca:d3:7a:3c:d1:cd:0b:85:eb:7f:c4:7c:eb:f0:
                    31:aa:87:5e:09:82:fa:44:63:d2:f6:9c:43:db:bc:
                    12:fe:cf:68:4b:01:f1:98:f5:c9:f4:51:c5:fa:34:
                    92:4c:d9:ca:28:11:14:6b:32:ce:19:1a:88:78:86:
                    6c:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:D7:1B:69:4B:88:D7:DF:B0:6E:CE:C6:2D:C1:35:95:A8:C3:BF:E9
            X509v3 Authority Key Identifier:
                keyid:72:ED:2F:BB:72:13:FB:F3:2A:D4:C0:87:F8:B0:B2:2C:EC:EF:4F:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/GNcbaUuI19-wbs7GLcE1lajDv-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.67.181.0/24
                  80.67.191.0/24
                IPv6:
                  2001:913:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         3f:68:df:d7:29:93:95:d6:6d:33:45:3f:b3:c0:32:cd:35:c6:
         b4:79:d1:52:32:a7:a7:79:33:c2:61:3b:6e:58:c5:a0:e3:8a:
         d1:c4:d9:b5:62:bf:2d:c1:b5:5b:64:98:21:88:92:9a:44:17:
         cd:67:a6:38:20:22:da:e3:71:21:88:5a:fe:ed:db:19:dd:65:
         a6:62:af:74:4a:42:b2:49:bf:64:4e:d3:89:5b:aa:b2:c7:89:
         15:fc:4d:8d:7b:8f:f9:82:c2:08:50:b7:82:16:97:a2:18:0c:
         21:6a:6a:53:65:4c:f8:b5:33:d4:1d:57:ab:c2:32:d4:ae:0b:
         93:ce:53:21:fd:63:c5:0f:e9:8c:78:82:cb:93:c7:3e:c4:fa:
         7d:f2:4f:b7:cd:22:93:da:77:05:c3:22:e4:3a:cc:94:4f:e1:
         62:d7:e9:c2:8a:5c:b5:74:89:18:ba:ff:70:3c:c4:7c:eb:81:
         46:3b:33:b5:ab:cd:de:7e:82:e1:da:86:3c:10:12:df:af:f4:
         04:76:a9:b5:80:41:df:b4:fe:06:46:b1:20:5b:46:03:d9:25:
         99:1a:95:ee:e7:4d:77:77:32:78:94:d0:29:91:44:bd:42:58:
         29:07:b8:bb:c4:27:31:9e:6e:a9:5e:cf:41:7c:a2:45:9a:73:
         26:4f:eb:cc
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZQm2KJ4Qy5f/pPz2KXwIQEFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZWQyZmJiNzIxM2ZiZjMyYWQ0YzA4N2Y4YjBiMjJjZWNl
ZjRmZWEwHhcNMjUwMTAyMTE0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGQ3MWI2OTRiODhkN2RmYjA2ZWNlYzYyZGMxMzU5NWE4YzNiZmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+gC3zwOD5gGBWB0uvN1Dl9/dQZ4V
OhLFnlfi+9Kob82v8GUOr/xLOr8rirnZaI1qlT9Y3UB1uhNwKU5eCRmfmB4lq8vD
SIWqVy6ChISR8WYWLB6vfr7gHvHDTjJk9x/VDCOjpPGD9A3lOqMir8aZJR796wN+
7CgPzVneFIFDfXhoGEgJIDGXP2a4zbvqP2GccBg24xi2hFqTKJVqDNCCR5dZSNRP
VF3pPWuxI0Ful9SNkS5xbKG9eki2T8a4pI+E8ZS8ytN6PNHNC4Xrf8R86/Axqode
CYL6RGPS9pxD27wS/s9oSwHxmPXJ9FHF+jSSTNnKKBEUazLOGRqIeIZsnQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFBjXG2lLiNffsG7Oxi3BNZWow7/pMB8GA1UdIwQY
MBaAFHLtL7tyE/vzKtTAh/iwsizs70/qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3UwdnUzSVQtX01xMU1DSC1MQ3lMT3p2VC1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9lNWE4OTItMjNmNS00OWZhLWI2YTkt
YTY1MjMzYjNlOTc1LzEvR05jYmFVdUkxOS13YnM3R0xjRTFsYWpEdi1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9lNWE4OTItMjNmNS00OWZhLWI2YTktYTY1MjMzYjNlOTc1
LzEvY3UwdnUzSVQtX01xMU1DSC1MQ3lMT3p2VC1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQAUEO1AwQA
UEO/MA4EAgACMAgDBgQgAQkTEDANBgkqhkiG9w0BAQsFAAOCAQEAP2jf1ymTldZt
M0U/s8AyzTXGtHnRUjKnp3kzwmE7bljFoOOK0cTZtWK/LcG1W2SYIYiSmkQXzWem
OCAi2uNxIYha/u3bGd1lpmKvdEpCskm/ZE7TiVuqsseJFfxNjXuP+YLCCFC3ghaX
ohgMIWpqU2VM+LUz1B1Xq8Iy1K4Lk85TIf1jxQ/pjHiCy5PHPsT6ffJPt80ik9p3
BcMi5DrMlE/hYtfpwopctXSJGLr/cDzEfOuBRjsztavN3n6C4dqGPBAS36/0BHap
tYBB37T+BkaxIFtGA9klmRqV7udNd3cyeJTQKZFEvUJYKQe4u8QnMZ5uqV7PQXyi
RZpzJk/rzA==
-----END CERTIFICATE-----