Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/44e8f5-3584-490e-9979-cdc31d5fb8a4/1/GGvj9NChg8eWX1toJcMcvoB6snw.roa
File:                     GGvj9NChg8eWX1toJcMcvoB6snw.roa (raw, json)
Hash identifier:          G6byTPu5CqswnTX3x2G6lOagD0K04nQHqQ2npvg0QJA=
Subject key identifier:   18:6B:E3:F4:D0:A1:83:C7:96:5F:5B:68:25:C3:1C:BE:80:7A:B2:7C
Certificate issuer:       /CN=6d39ce4c29ab3f802f9de933f4495026c4d0ee4a
Certificate serial:       019424B3920470DA5861B1E784C38AFE1616
Authority key identifier: 6D:39:CE:4C:29:AB:3F:80:2F:9D:E9:33:F4:49:50:26:C4:D0:EE:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bTnOTCmrP4Avnekz9ElQJsTQ7ko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/44e8f5-3584-490e-9979-cdc31d5fb8a4/1/GGvj9NChg8eWX1toJcMcvoB6snw.roa
Signing time:             Thu 02 Jan 2025 01:48:55 +0000
ROA not before:           Thu 02 Jan 2025 01:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206932
IP address blocks:        194.242.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/44e8f5-3584-490e-9979-cdc31d5fb8a4/1/bTnOTCmrP4Avnekz9ElQJsTQ7ko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/44e8f5-3584-490e-9979-cdc31d5fb8a4/1/bTnOTCmrP4Avnekz9ElQJsTQ7ko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bTnOTCmrP4Avnekz9ElQJsTQ7ko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 09:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:92:04:70:da:58:61:b1:e7:84:c3:8a:fe:16:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d39ce4c29ab3f802f9de933f4495026c4d0ee4a
        Validity
            Not Before: Jan  2 01:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=186be3f4d0a183c7965f5b6825c31cbe807ab27c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:78:29:c8:81:27:09:53:c8:df:90:d4:e0:a6:
                    d4:6b:2c:af:11:65:c4:1b:98:9e:75:39:dc:f0:5a:
                    c2:41:fb:77:9f:6d:22:41:29:97:ad:0c:22:85:0a:
                    31:57:4e:9c:d4:29:6b:5b:3d:fa:e9:fd:df:8c:23:
                    09:5a:ef:d3:62:09:e9:e6:d5:38:a9:32:06:b1:e4:
                    3e:f6:26:47:ac:8b:49:8d:9a:20:3c:95:91:bf:c6:
                    e1:cf:ed:ac:d6:d9:6d:2f:37:52:29:6d:c9:5a:fc:
                    7a:6e:47:a0:15:58:14:0f:0a:a3:1e:05:e1:19:c1:
                    8c:cc:94:5a:7b:33:f5:2f:1d:63:c4:25:61:ed:f3:
                    06:36:cd:40:a1:47:92:cb:e0:ea:36:c2:dd:5e:51:
                    ae:fb:cd:34:d2:8b:70:f8:b2:91:05:4c:ca:c6:f7:
                    8d:ec:cc:e5:0d:40:a5:50:e4:09:6c:30:51:63:e5:
                    d4:d0:ed:b8:50:d5:0f:b6:b5:5a:a6:90:77:df:51:
                    a5:20:b2:b6:66:89:a9:5f:2d:8d:f3:3d:3a:6d:43:
                    7c:59:cc:54:25:3a:cf:53:ba:3b:c4:46:a1:e3:0a:
                    af:76:52:95:23:de:f2:78:88:81:53:0a:5b:cd:d2:
                    c7:87:a1:65:45:d9:24:6a:fa:fa:69:46:a9:6f:46:
                    ea:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:6B:E3:F4:D0:A1:83:C7:96:5F:5B:68:25:C3:1C:BE:80:7A:B2:7C
            X509v3 Authority Key Identifier:
                keyid:6D:39:CE:4C:29:AB:3F:80:2F:9D:E9:33:F4:49:50:26:C4:D0:EE:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bTnOTCmrP4Avnekz9ElQJsTQ7ko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/44e8f5-3584-490e-9979-cdc31d5fb8a4/1/GGvj9NChg8eWX1toJcMcvoB6snw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/44e8f5-3584-490e-9979-cdc31d5fb8a4/1/bTnOTCmrP4Avnekz9ElQJsTQ7ko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.242.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:56:be:f3:ba:57:3e:aa:f4:df:5c:21:f8:e9:fa:71:95:0b:
         ae:e4:25:8e:39:f1:e9:b0:88:66:f4:44:6f:e1:fa:01:a9:98:
         d6:29:d1:f6:44:b2:ce:a6:af:c1:dc:13:0e:65:2f:21:78:15:
         4c:6a:44:47:5f:ba:2a:83:41:b9:ef:65:97:08:96:89:7d:dc:
         9c:a5:35:10:86:13:63:ad:2d:fc:96:47:d8:43:1f:ec:6f:32:
         13:04:62:ac:59:97:52:b2:02:7a:01:93:cd:e7:51:88:bb:01:
         28:2e:ac:f9:04:a9:00:78:e4:df:22:b3:c1:f3:f8:8e:dc:2c:
         01:85:ff:5d:21:17:a4:92:02:c6:db:a6:df:19:c1:d8:91:78:
         e6:07:4b:58:48:6e:2b:d9:a0:e7:d9:c9:f1:8a:6e:4b:be:a0:
         d0:8b:58:c6:28:5e:37:42:fa:26:35:b0:31:68:f4:12:0f:14:
         48:4a:3f:7c:5c:7d:1e:1d:09:26:e5:a3:78:bb:76:e2:eb:33:
         12:e6:fe:7b:c6:68:9a:fa:5a:75:9c:70:33:0f:fc:6b:4e:83:
         8e:05:c9:d9:77:6c:94:bd:ee:51:6d:80:35:6a:f7:0e:01:04:
         68:18:91:e2:ec:01:fc:21:fb:94:e8:6e:e0:fe:62:18:8b:61:
         05:16:c3:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks5IEcNpYYbHnhMOK/hYWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMzljZTRjMjlhYjNmODAyZjlkZTkzM2Y0NDk1MDI2YzRk
MGVlNGEwHhcNMjUwMTAyMDE0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODZiZTNmNGQwYTE4M2M3OTY1ZjViNjgyNWMzMWNiZTgwN2FiMjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw3gpyIEnCVPI35DU4KbUayyvEWXE
G5iedTnc8FrCQft3n20iQSmXrQwihQoxV06c1ClrWz366f3fjCMJWu/TYgnp5tU4
qTIGseQ+9iZHrItJjZogPJWRv8bhz+2s1tltLzdSKW3JWvx6bkegFVgUDwqjHgXh
GcGMzJRaezP1Lx1jxCVh7fMGNs1AoUeSy+DqNsLdXlGu+8000otw+LKRBUzKxveN
7MzlDUClUOQJbDBRY+XU0O24UNUPtrVappB331GlILK2ZompXy2N8z06bUN8WcxU
JTrPU7o7xEah4wqvdlKVI97yeIiBUwpbzdLHh6FlRdkkavr6aUapb0bqQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBhr4/TQoYPHll9baCXDHL6AerJ8MB8GA1UdIwQY
MBaAFG05zkwpqz+AL53pM/RJUCbE0O5KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlRuT1RDbXJQNEF2bmVrejlFbFFKc1RRN2tvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS80NGU4ZjUtMzU4NC00OTBlLTk5Nzkt
Y2RjMzFkNWZiOGE0LzEvR0d2ajlOQ2hnOGVXWDF0b0pjTWN2b0I2c253LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS80NGU4ZjUtMzU4NC00OTBlLTk5NzktY2RjMzFkNWZiOGE0
LzEvYlRuT1RDbXJQNEF2bmVrejlFbFFKc1RRN2tvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwvItMA0G
CSqGSIb3DQEBCwUAA4IBAQA9Vr7zulc+qvTfXCH46fpxlQuu5CWOOfHpsIhm9ERv
4foBqZjWKdH2RLLOpq/B3BMOZS8heBVMakRHX7oqg0G572WXCJaJfdycpTUQhhNj
rS38lkfYQx/sbzITBGKsWZdSsgJ6AZPN51GIuwEoLqz5BKkAeOTfIrPB8/iO3CwB
hf9dIRekkgLG26bfGcHYkXjmB0tYSG4r2aDn2cnxim5LvqDQi1jGKF43QvomNbAx
aPQSDxRISj98XH0eHQkm5aN4u3bi6zMS5v57xmia+lp1nHAzD/xrToOOBcnZd2yU
ve5RbYA1avcOAQRoGJHi7AH8IfuU6G7g/mIYi2EFFsPU
-----END CERTIFICATE-----