Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/c3c758-a253-4989-ae2d-9c65d188e54e/1/GAO-zTi3etu6ipkvC2n1MQjAfa8.roa
File:                     GAO-zTi3etu6ipkvC2n1MQjAfa8.roa (raw, json)
Hash identifier:          xkkdl+Sobv3rMi6edmSVvQinnG04ZdzSM/7er87DV0E=
Subject key identifier:   18:03:BE:CD:38:B7:7A:DB:BA:8A:99:2F:0B:69:F5:31:08:C0:7D:AF
Certificate issuer:       /CN=3fa2d6850bbc4720557a9174dcbc9760aecc0b1a
Certificate serial:       019423D6C1A3A6BD5DF7BC1805D85E4A55D5
Authority key identifier: 3F:A2:D6:85:0B:BC:47:20:55:7A:91:74:DC:BC:97:60:AE:CC:0B:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P6LWhQu8RyBVepF03LyXYK7MCxo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/c3c758-a253-4989-ae2d-9c65d188e54e/1/GAO-zTi3etu6ipkvC2n1MQjAfa8.roa
Signing time:             Wed 01 Jan 2025 21:47:44 +0000
ROA not before:           Wed 01 Jan 2025 21:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49275
IP address blocks:        91.199.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/c3c758-a253-4989-ae2d-9c65d188e54e/1/P6LWhQu8RyBVepF03LyXYK7MCxo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/c3c758-a253-4989-ae2d-9c65d188e54e/1/P6LWhQu8RyBVepF03LyXYK7MCxo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P6LWhQu8RyBVepF03LyXYK7MCxo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 15:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:c1:a3:a6:bd:5d:f7:bc:18:05:d8:5e:4a:55:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fa2d6850bbc4720557a9174dcbc9760aecc0b1a
        Validity
            Not Before: Jan  1 21:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1803becd38b77adbba8a992f0b69f53108c07daf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:b2:2a:0f:1f:99:5b:d7:50:48:ff:a7:f5:c5:
                    8f:69:42:84:6c:c4:6c:f3:c7:5c:96:a8:e7:bb:72:
                    55:b3:bf:b2:df:ce:22:e2:f8:ed:4f:f5:b5:66:39:
                    84:90:ab:67:83:10:bc:63:01:60:ec:66:76:1b:1e:
                    f8:be:e8:d3:74:f3:a0:c1:a4:d1:ae:5e:12:a0:ab:
                    e4:6d:d0:54:60:13:54:bc:3b:1d:c4:c1:b8:64:2f:
                    e5:ea:5c:f0:72:d0:a2:41:88:65:ca:38:a3:cd:7b:
                    45:ca:82:97:e9:c8:15:b4:78:bb:07:7b:fd:a1:64:
                    2f:bc:65:60:9d:45:b0:15:57:23:89:a7:2c:f1:b0:
                    3d:54:fe:90:a4:d2:d8:43:7c:18:f5:be:6b:57:fa:
                    3d:2d:9b:05:44:8c:e0:bf:7c:fa:93:37:1b:6f:6a:
                    d1:32:05:f7:eb:6e:18:45:09:4c:e4:fa:15:e7:c3:
                    cf:29:75:95:31:2f:47:7b:c7:f6:b1:5c:86:90:f9:
                    c3:73:0f:a7:f8:72:af:44:d4:fe:62:2d:41:42:1e:
                    0a:6f:ad:07:02:8f:18:5b:e9:6a:57:7f:72:fc:cd:
                    81:34:29:59:4c:0c:ac:15:9b:93:d4:57:98:53:f1:
                    cb:24:40:20:52:f4:77:91:e4:d0:ce:7b:a6:6a:dc:
                    1c:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:03:BE:CD:38:B7:7A:DB:BA:8A:99:2F:0B:69:F5:31:08:C0:7D:AF
            X509v3 Authority Key Identifier:
                keyid:3F:A2:D6:85:0B:BC:47:20:55:7A:91:74:DC:BC:97:60:AE:CC:0B:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P6LWhQu8RyBVepF03LyXYK7MCxo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/c3c758-a253-4989-ae2d-9c65d188e54e/1/GAO-zTi3etu6ipkvC2n1MQjAfa8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/c3c758-a253-4989-ae2d-9c65d188e54e/1/P6LWhQu8RyBVepF03LyXYK7MCxo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:dc:90:be:10:81:c1:fe:fd:d1:de:8a:4a:5e:fd:88:36:5a:
         2a:0e:29:70:be:4e:66:0c:a0:aa:3b:e8:2d:cc:2a:72:35:d9:
         04:cc:32:1c:42:00:d0:d9:44:9f:07:23:93:9a:91:fc:64:6f:
         8d:25:e2:3c:e6:fe:f7:e7:c1:3d:5c:a3:50:62:63:08:02:07:
         5b:27:ea:f0:8f:7f:35:94:ec:19:c6:41:59:a0:4b:f1:ae:a8:
         3f:d3:72:6f:1e:65:a3:8c:bd:89:1c:39:2e:c1:be:dc:97:de:
         f3:5b:df:c8:ae:29:03:f8:0c:a0:d0:ab:d5:31:2e:4c:94:21:
         cb:57:f5:f6:ce:b4:12:e2:45:97:dd:48:0c:4d:30:f4:b5:1c:
         02:b8:01:89:df:a1:5f:97:da:53:f6:7b:99:61:7a:b6:a4:77:
         85:60:1c:95:5e:ae:28:cc:f0:54:f2:a2:73:55:35:be:38:c1:
         22:41:1e:5a:d6:2d:89:f9:0c:3a:1d:75:a4:61:a4:c2:45:79:
         e7:49:42:08:16:97:a6:a7:4c:fc:92:7a:53:67:67:ef:a8:2c:
         bd:4a:92:23:1f:34:40:cc:67:f7:59:0d:0b:67:aa:4a:3b:57:
         7d:e9:8b:ee:e5:8d:af:1f:0c:6a:bd:62:4a:08:48:c9:5b:fd:
         a6:d7:86:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1sGjpr1d97wYBdheSlXVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmYTJkNjg1MGJiYzQ3MjA1NTdhOTE3NGRjYmM5NzYwYWVj
YzBiMWEwHhcNMjUwMTAxMjE0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODAzYmVjZDM4Yjc3YWRiYmE4YTk5MmYwYjY5ZjUzMTA4YzA3ZGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3bIqDx+ZW9dQSP+n9cWPaUKEbMRs
88dclqjnu3JVs7+y384i4vjtT/W1ZjmEkKtngxC8YwFg7GZ2Gx74vujTdPOgwaTR
rl4SoKvkbdBUYBNUvDsdxMG4ZC/l6lzwctCiQYhlyjijzXtFyoKX6cgVtHi7B3v9
oWQvvGVgnUWwFVcjiacs8bA9VP6QpNLYQ3wY9b5rV/o9LZsFRIzgv3z6kzcbb2rR
MgX3624YRQlM5PoV58PPKXWVMS9He8f2sVyGkPnDcw+n+HKvRNT+Yi1BQh4Kb60H
Ao8YW+lqV39y/M2BNClZTAysFZuT1FeYU/HLJEAgUvR3keTQznumatwcVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBgDvs04t3rbuoqZLwtp9TEIwH2vMB8GA1UdIwQY
MBaAFD+i1oULvEcgVXqRdNy8l2CuzAsaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDZMV2hRdThSeUJWZXBGMDNMeVhZSzdNQ3hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9jM2M3NTgtYTI1My00OTg5LWFlMmQt
OWM2NWQxODhlNTRlLzEvR0FPLXpUaTNldHU2aXBrdkMybjFNUWpBZmE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9jM2M3NTgtYTI1My00OTg5LWFlMmQtOWM2NWQxODhlNTRl
LzEvUDZMV2hRdThSeUJWZXBGMDNMeVhZSzdNQ3hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8fvMA0G
CSqGSIb3DQEBCwUAA4IBAQAB3JC+EIHB/v3R3opKXv2INloqDilwvk5mDKCqO+gt
zCpyNdkEzDIcQgDQ2USfByOTmpH8ZG+NJeI85v7358E9XKNQYmMIAgdbJ+rwj381
lOwZxkFZoEvxrqg/03JvHmWjjL2JHDkuwb7cl97zW9/IrikD+Ayg0KvVMS5MlCHL
V/X2zrQS4kWX3UgMTTD0tRwCuAGJ36Ffl9pT9nuZYXq2pHeFYByVXq4ozPBU8qJz
VTW+OMEiQR5a1i2J+Qw6HXWkYaTCRXnnSUIIFpemp0z8knpTZ2fvqCy9SpIjHzRA
zGf3WQ0LZ6pKO1d96Yvu5Y2vHwxqvWJKCEjJW/2m14aD
-----END CERTIFICATE-----