Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/gbFyA5kAyF3D91TwTtuIgfKJGwg.roa
File:                     gbFyA5kAyF3D91TwTtuIgfKJGwg.roa (raw, json)
Hash identifier:          P+ljc7ooXveuyv4fpj4pataLqZnV6kSVgO14/6L0j+k=
Subject key identifier:   81:B1:72:03:99:00:C8:5D:C3:F7:54:F0:4E:DB:88:81:F2:89:1B:08
Certificate issuer:       /CN=d0b849b9bc9042a1557331937e4ad71518af61cf
Certificate serial:       01942520AFACF5A32A1382DB97EB6E5297D7
Authority key identifier: D0:B8:49:B9:BC:90:42:A1:55:73:31:93:7E:4A:D7:15:18:AF:61:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0LhJubyQQqFVczGTfkrXFRivYc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/gbFyA5kAyF3D91TwTtuIgfKJGwg.roa
Signing time:             Thu 02 Jan 2025 03:48:06 +0000
ROA not before:           Thu 02 Jan 2025 03:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50939
IP address blocks:        194.36.140.0/23 maxlen: 23
                          194.36.140.0/24 maxlen: 24
                          194.36.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/0LhJubyQQqFVczGTfkrXFRivYc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/0LhJubyQQqFVczGTfkrXFRivYc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0LhJubyQQqFVczGTfkrXFRivYc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:20:af:ac:f5:a3:2a:13:82:db:97:eb:6e:52:97:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0b849b9bc9042a1557331937e4ad71518af61cf
        Validity
            Not Before: Jan  2 03:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=81b172039900c85dc3f754f04edb8881f2891b08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:49:a7:25:cf:59:a7:80:02:71:8e:0b:fe:49:
                    30:7b:3d:d7:96:58:94:c1:25:26:44:0a:55:b6:1c:
                    40:01:8e:6e:eb:91:10:f1:78:ed:3a:2c:56:12:30:
                    97:85:28:36:39:6a:01:d4:f1:72:74:c0:6c:03:dd:
                    cf:aa:d7:9a:67:c5:0e:25:f1:8e:2d:af:be:9a:33:
                    71:d2:86:39:03:0c:1c:5e:ca:85:c9:cf:4f:89:5f:
                    d0:74:a9:db:2c:45:c3:d9:f1:c3:43:de:c1:62:af:
                    2a:77:8e:ac:6e:33:d4:52:9a:f6:ca:fe:86:8c:b3:
                    83:2d:ee:88:5a:4a:9e:f8:19:94:1e:5b:e3:ef:9d:
                    2c:f4:18:f2:74:e9:fe:16:6c:e4:4d:00:ed:13:d6:
                    73:1e:eb:e4:6d:88:4a:f7:1d:55:5f:7d:cc:b5:7c:
                    ed:17:27:35:40:c3:d1:04:6f:89:97:39:2d:99:33:
                    27:a6:eb:9d:22:c0:f4:a4:2e:d7:53:b6:d5:3d:86:
                    22:f4:96:93:c5:c3:46:fc:38:db:59:b0:47:f5:85:
                    0c:ee:77:11:71:46:b5:8e:7c:81:4a:9f:f9:a3:78:
                    30:b2:d4:88:5b:d3:e1:59:ef:6a:47:ef:62:09:6b:
                    79:ef:84:0c:e9:38:76:55:e2:6d:8c:80:b7:d3:54:
                    23:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:B1:72:03:99:00:C8:5D:C3:F7:54:F0:4E:DB:88:81:F2:89:1B:08
            X509v3 Authority Key Identifier:
                keyid:D0:B8:49:B9:BC:90:42:A1:55:73:31:93:7E:4A:D7:15:18:AF:61:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0LhJubyQQqFVczGTfkrXFRivYc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/gbFyA5kAyF3D91TwTtuIgfKJGwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/0LhJubyQQqFVczGTfkrXFRivYc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:eb:f3:d6:2a:23:02:a2:5a:a7:43:53:7a:51:5d:4d:a3:33:
         6d:68:7f:2b:00:2f:28:e0:ca:65:0b:ae:01:2c:af:24:70:5e:
         85:23:05:7d:a3:8c:65:2f:ae:be:c3:86:09:42:7d:9e:42:bf:
         4e:89:d4:4a:5f:d8:dd:f1:d5:7f:e3:88:bc:9e:c1:6b:d5:ba:
         9f:e3:83:ab:a2:de:5d:98:3d:61:55:66:bc:e3:99:23:cd:cc:
         dd:29:12:ab:e3:fb:98:4c:83:51:95:ef:92:ac:52:c8:79:93:
         13:56:41:1f:a3:03:b2:27:62:99:c3:0e:dd:6e:b9:ab:e5:98:
         50:ea:d9:cd:87:e7:ec:4b:26:d8:85:1f:a9:07:6e:2b:93:c3:
         31:a3:2f:55:91:22:7f:62:36:1d:79:c0:ca:4f:95:0b:d8:33:
         2d:dc:93:2a:9b:48:4d:21:9b:3d:2c:ee:1c:2b:58:52:a1:ff:
         a0:03:12:fd:89:42:1e:29:56:cf:3e:66:a4:13:2d:6c:2a:d5:
         19:59:92:dc:63:b3:3d:98:5b:6d:74:e3:4e:79:a4:5c:2d:ad:
         d7:05:cc:88:ca:4f:9f:1f:2a:57:31:f4:4a:d0:5c:08:e7:92:
         63:c2:4e:2a:08:3e:4c:01:2a:5d:7e:52:39:91:90:f4:02:a9:
         84:0b:f9:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIK+s9aMqE4Lbl+tuUpfXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYjg0OWI5YmM5MDQyYTE1NTczMzE5MzdlNGFkNzE1MThh
ZjYxY2YwHhcNMjUwMTAyMDM0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWIxNzIwMzk5MDBjODVkYzNmNzU0ZjA0ZWRiODg4MWYyODkxYjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEmnJc9Zp4ACcY4L/kkwez3XlliU
wSUmRApVthxAAY5u65EQ8XjtOixWEjCXhSg2OWoB1PFydMBsA93PqteaZ8UOJfGO
La++mjNx0oY5AwwcXsqFyc9PiV/QdKnbLEXD2fHDQ97BYq8qd46sbjPUUpr2yv6G
jLODLe6IWkqe+BmUHlvj750s9BjydOn+FmzkTQDtE9ZzHuvkbYhK9x1VX33MtXzt
Fyc1QMPRBG+JlzktmTMnpuudIsD0pC7XU7bVPYYi9JaTxcNG/DjbWbBH9YUM7ncR
cUa1jnyBSp/5o3gwstSIW9PhWe9qR+9iCWt574QM6Th2VeJtjIC301QjkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIGxcgOZAMhdw/dU8E7biIHyiRsIMB8GA1UdIwQY
MBaAFNC4Sbm8kEKhVXMxk35K1xUYr2HPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMExoSnVieVFRcUZWY3pHVGZrclhGUml2WWM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9hM2ZiNjctZDUxNC00YWVlLWFkYjkt
NzJiYWQ5ZDczYzgwLzEvZ2JGeUE1a0F5RjNEOTFUd1R0dUlnZktKR3dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9hM2ZiNjctZDUxNC00YWVlLWFkYjktNzJiYWQ5ZDczYzgw
LzEvMExoSnVieVFRcUZWY3pHVGZrclhGUml2WWM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwiSMMA0G
CSqGSIb3DQEBCwUAA4IBAQBh6/PWKiMColqnQ1N6UV1NozNtaH8rAC8o4MplC64B
LK8kcF6FIwV9o4xlL66+w4YJQn2eQr9OidRKX9jd8dV/44i8nsFr1bqf44Orot5d
mD1hVWa845kjzczdKRKr4/uYTINRle+SrFLIeZMTVkEfowOyJ2KZww7dbrmr5ZhQ
6tnNh+fsSybYhR+pB24rk8Mxoy9VkSJ/YjYdecDKT5UL2DMt3JMqm0hNIZs9LO4c
K1hSof+gAxL9iUIeKVbPPmakEy1sKtUZWZLcY7M9mFttdONOeaRcLa3XBcyIyk+f
HypXMfRK0FwI55Jjwk4qCD5MASpdflI5kZD0AqmEC/ma
-----END CERTIFICATE-----