Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/GS2XVRqZpeDdiCx3T0QMEG4okfQ.roa
File:                     GS2XVRqZpeDdiCx3T0QMEG4okfQ.roa (raw, json)
Hash identifier:          c+r+fHHe/APmANIkQRbs62jauEl4PzEDrWx2I+B9cis=
Subject key identifier:   19:2D:97:55:1A:99:A5:E0:DD:88:2C:77:4F:44:0C:10:6E:28:91:F4
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       01942747A3DCFD30B71891296DF564DB8D7B
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/GS2XVRqZpeDdiCx3T0QMEG4okfQ.roa
Signing time:             Thu 02 Jan 2025 13:49:53 +0000
ROA not before:           Thu 02 Jan 2025 13:49:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202735
IP address blocks:        195.146.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:a3:dc:fd:30:b7:18:91:29:6d:f5:64:db:8d:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Jan  2 13:49:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=192d97551a99a5e0dd882c774f440c106e2891f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:1f:44:6d:37:55:57:e8:03:b6:24:1e:90:30:
                    30:26:6f:89:92:65:94:3a:27:fe:25:89:42:64:3b:
                    46:43:eb:6e:1a:4f:23:1f:25:d8:85:df:56:9d:e1:
                    a3:ae:4a:03:0b:24:c3:f2:59:b2:fa:81:e0:04:fa:
                    fa:9a:b8:4c:79:b0:06:0a:35:26:52:a9:75:8d:3d:
                    5a:5d:2b:88:de:5f:f1:cb:da:8d:5e:e0:5a:3a:18:
                    ec:d3:ae:d4:99:c5:f8:18:09:91:dd:f9:87:8d:cf:
                    0c:de:a7:6a:ab:7a:30:52:f9:97:60:a6:b7:42:ca:
                    a6:1e:da:5c:63:90:0d:3a:b7:47:34:25:2b:1a:fb:
                    9a:fa:fc:d3:33:b4:38:5f:08:8d:ca:8e:60:5c:4d:
                    6d:bd:d6:88:8a:d7:7e:06:8d:1f:76:4f:09:90:45:
                    e0:61:58:f0:43:ae:ee:68:00:48:0e:35:35:87:8d:
                    7a:f2:ef:db:16:d5:42:6e:e4:da:1a:5a:5c:3f:a8:
                    ed:13:61:fa:6e:22:e7:24:a9:fe:2b:c9:2b:d8:16:
                    6d:50:e4:55:2e:00:af:1b:e6:33:41:85:bf:7e:17:
                    8c:77:c4:07:40:1c:dd:61:d3:84:75:12:82:7d:47:
                    bc:46:a5:23:bd:26:ed:98:ca:1a:ed:28:ae:13:17:
                    df:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:2D:97:55:1A:99:A5:E0:DD:88:2C:77:4F:44:0C:10:6E:28:91:F4
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/GS2XVRqZpeDdiCx3T0QMEG4okfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.146.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:d4:f8:df:dd:06:75:6d:8f:ae:e6:4b:43:df:0f:39:71:25:
         32:69:b2:31:6c:b7:4b:54:d1:b8:73:79:f0:12:c8:87:13:d8:
         c1:9f:47:c9:0b:7b:e2:17:fe:bc:13:99:b9:46:51:c9:d1:21:
         83:98:9e:87:cd:53:c3:d7:b2:5f:39:04:dc:3b:6a:f2:44:04:
         6b:8d:69:fd:ac:ab:e6:1a:1f:75:35:a0:74:51:35:da:ac:77:
         1d:82:df:44:83:6c:3c:19:c8:eb:33:c6:1d:fd:1e:33:34:bd:
         23:af:7b:37:47:21:d2:b9:ff:88:15:2d:7f:c0:2f:07:fa:35:
         cb:33:e7:23:7e:a7:11:79:04:0b:ae:67:9d:bd:d5:e4:2a:90:
         55:18:40:f5:6e:7a:fc:a7:8e:af:f0:4c:99:5b:ab:df:af:49:
         2a:64:c4:1b:99:f9:d5:2f:af:96:3a:11:47:51:97:9d:da:aa:
         5e:57:ff:6a:64:73:7c:d4:3f:af:76:d1:6c:21:ea:4d:e5:bb:
         39:f6:5f:0c:11:99:8e:fc:c0:fa:6b:db:d7:01:2c:24:3d:bc:
         d9:98:a7:b4:2d:cb:0b:f4:bc:bb:63:eb:d2:6e:76:c4:d0:2b:
         59:18:6a:e4:fc:55:6b:6a:e0:fd:d1:f1:74:d3:90:6c:a6:24:
         3b:cd:06:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR6Pc/TC3GJEpbfVk2417MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjUwMTAyMTM0OTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTJkOTc1NTFhOTlhNWUwZGQ4ODJjNzc0ZjQ0MGMxMDZlMjg5MWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqB9EbTdVV+gDtiQekDAwJm+JkmWU
Oif+JYlCZDtGQ+tuGk8jHyXYhd9WneGjrkoDCyTD8lmy+oHgBPr6mrhMebAGCjUm
Uql1jT1aXSuI3l/xy9qNXuBaOhjs067UmcX4GAmR3fmHjc8M3qdqq3owUvmXYKa3
QsqmHtpcY5ANOrdHNCUrGvua+vzTM7Q4XwiNyo5gXE1tvdaIitd+Bo0fdk8JkEXg
YVjwQ67uaABIDjU1h4168u/bFtVCbuTaGlpcP6jtE2H6biLnJKn+K8kr2BZtUORV
LgCvG+YzQYW/fheMd8QHQBzdYdOEdRKCfUe8RqUjvSbtmMoa7SiuExff3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBktl1UamaXg3Ygsd09EDBBuKJH0MB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvR1MyWFZScVpwZURkaUN4M1QwUU1FRzRva2ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5I8MA0G
CSqGSIb3DQEBCwUAA4IBAQBP1Pjf3QZ1bY+u5ktD3w85cSUyabIxbLdLVNG4c3nw
EsiHE9jBn0fJC3viF/68E5m5RlHJ0SGDmJ6HzVPD17JfOQTcO2ryRARrjWn9rKvm
Gh91NaB0UTXarHcdgt9Eg2w8GcjrM8Yd/R4zNL0jr3s3RyHSuf+IFS1/wC8H+jXL
M+cjfqcReQQLrmedvdXkKpBVGED1bnr8p46v8EyZW6vfr0kqZMQbmfnVL6+WOhFH
UZed2qpeV/9qZHN81D+vdtFsIepN5bs59l8MEZmO/MD6a9vXASwkPbzZmKe0LcsL
9Ly7Y+vSbnbE0CtZGGrk/FVrauD90fF005BspiQ7zQbu
-----END CERTIFICATE-----