Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/GAzhdim6512V0zswZETYqqmmHg0.roa
File:                     GAzhdim6512V0zswZETYqqmmHg0.roa (raw, json)
Hash identifier:          5h8fiEKI+BQo9TDBCtqA/jTTKFfeuQ2jIV8gw+Fc9qU=
Subject key identifier:   18:0C:E1:76:29:BA:E7:5D:95:D3:3B:30:64:44:D8:AA:A9:A6:1E:0D
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       0194F12682EAF917E3D32289E18D2A48B4EF
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/GAzhdim6512V0zswZETYqqmmHg0.roa
Signing time:             Mon 10 Feb 2025 18:37:00 +0000
ROA not before:           Mon 10 Feb 2025 18:37:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198949
IP address blocks:        141.136.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:f1:26:82:ea:f9:17:e3:d3:22:89:e1:8d:2a:48:b4:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Feb 10 18:37:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=180ce17629bae75d95d33b306444d8aaa9a61e0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e0:78:33:8c:1f:88:f6:f8:a5:fb:e1:3c:3f:
                    d8:36:97:b9:7c:a2:c7:10:ce:2f:90:28:61:20:d4:
                    15:55:86:58:2a:f6:1f:54:b2:98:47:f6:ed:b4:03:
                    d1:ff:54:8f:bd:e8:6c:9d:b3:0c:94:c4:34:97:d7:
                    93:63:67:78:53:78:de:be:46:84:ed:0d:ea:28:22:
                    c2:bb:6d:81:d2:6a:8a:59:d4:01:cb:f6:96:a6:81:
                    d5:59:97:c5:ec:17:31:c9:0d:f7:a5:da:a1:ea:f0:
                    39:1b:81:8c:09:48:e5:ed:cc:27:19:c0:cc:cb:f5:
                    e2:a3:73:ce:58:28:93:76:78:cd:40:24:a7:19:a6:
                    c1:96:de:93:06:87:fb:a1:2e:84:4d:55:7a:19:ce:
                    b5:b5:36:85:94:18:95:3c:e4:68:53:d6:b7:d9:8d:
                    af:f5:96:76:05:76:d9:dc:98:d2:6d:35:f3:c1:76:
                    d8:c0:e5:f7:9e:c7:14:28:20:57:e7:92:4e:d6:c0:
                    a8:e7:6e:61:72:39:8e:85:a7:b7:7d:56:74:74:a7:
                    64:cd:bc:24:8b:1d:59:08:0f:78:36:5c:35:19:e4:
                    d3:a4:76:28:00:a3:d6:3b:42:89:3e:92:bd:7a:59:
                    3b:d6:dd:ac:3e:a7:80:f2:48:17:71:95:45:b8:c9:
                    0e:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:0C:E1:76:29:BA:E7:5D:95:D3:3B:30:64:44:D8:AA:A9:A6:1E:0D
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/GAzhdim6512V0zswZETYqqmmHg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.136.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:83:63:0d:65:85:5d:2b:77:5d:42:b9:11:48:58:31:98:12:
         cf:ac:67:58:3f:24:a7:93:a4:2d:e3:96:8b:fa:b9:81:b3:1e:
         1e:ec:75:ce:09:1b:4c:5e:b6:77:5d:52:8f:b4:ca:bb:c7:33:
         be:12:ab:d6:95:fd:2f:15:dc:0e:40:b0:a1:4e:cd:cd:6d:d5:
         bc:f6:65:66:d8:80:b6:2d:38:9e:86:63:b7:dd:f7:cc:d3:71:
         bd:70:af:13:82:71:ee:b2:03:e6:93:cc:38:f3:65:bb:ef:9b:
         72:c8:e7:37:a1:ce:c1:b6:24:79:e0:8f:eb:a0:0d:5d:2f:9c:
         ed:88:ba:c8:78:e0:21:02:ce:15:d6:77:ca:a3:5a:6d:2a:7c:
         12:67:12:e4:57:e9:9b:3c:23:eb:22:9e:aa:00:00:be:20:d4:
         98:13:3a:f8:32:26:3c:e7:83:b5:d2:80:6c:fc:a1:0e:26:7a:
         3e:e0:53:42:f3:cf:34:6d:3f:96:b0:90:2d:68:83:ec:8a:84:
         ee:26:ad:32:bd:90:4c:0f:c5:46:7f:28:b8:04:6d:f5:d3:63:
         c5:ee:f9:36:77:e6:f7:04:89:29:7c:05:0a:ac:00:b5:13:f5:
         78:9d:91:4d:54:e9:80:5f:7f:dc:56:6f:87:70:65:7d:b6:e5:
         cf:d6:73:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTxJoLq+Rfj0yKJ4Y0qSLTvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwMjEwMTgzNzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODBjZTE3NjI5YmFlNzVkOTVkMzNiMzA2NDQ0ZDhhYWE5YTYxZTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvuB4M4wfiPb4pfvhPD/YNpe5fKLH
EM4vkChhINQVVYZYKvYfVLKYR/bttAPR/1SPvehsnbMMlMQ0l9eTY2d4U3jevkaE
7Q3qKCLCu22B0mqKWdQBy/aWpoHVWZfF7BcxyQ33pdqh6vA5G4GMCUjl7cwnGcDM
y/Xio3POWCiTdnjNQCSnGabBlt6TBof7oS6ETVV6Gc61tTaFlBiVPORoU9a32Y2v
9ZZ2BXbZ3JjSbTXzwXbYwOX3nscUKCBX55JO1sCo525hcjmOhae3fVZ0dKdkzbwk
ix1ZCA94Nlw1GeTTpHYoAKPWO0KJPpK9elk71t2sPqeA8kgXcZVFuMkOxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBgM4XYpuuddldM7MGRE2Kqpph4NMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvR0F6aGRpbTY1MTJWMHpzd1pFVFlxcW1tSGcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjYg6MA0G
CSqGSIb3DQEBCwUAA4IBAQCGg2MNZYVdK3ddQrkRSFgxmBLPrGdYPySnk6Qt45aL
+rmBsx4e7HXOCRtMXrZ3XVKPtMq7xzO+EqvWlf0vFdwOQLChTs3NbdW89mVm2IC2
LTiehmO33ffM03G9cK8TgnHusgPmk8w482W775tyyOc3oc7BtiR54I/roA1dL5zt
iLrIeOAhAs4V1nfKo1ptKnwSZxLkV+mbPCPrIp6qAAC+INSYEzr4MiY854O10oBs
/KEOJno+4FNC8880bT+WsJAtaIPsioTuJq0yvZBMD8VGfyi4BG3102PF7vk2d+b3
BIkpfAUKrAC1E/V4nZFNVOmAX3/cVm+HcGV9tuXP1nM8
-----END CERTIFICATE-----