Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/GCFxtCAUzvqYZpyUW8Mzrm4wxsc.roa
File:                     GCFxtCAUzvqYZpyUW8Mzrm4wxsc.roa (raw, json)
Hash identifier:          IKXqgRLjEEuJWHSAJe6iyyi0FX1Oz2p26+VidSpPSQE=
Subject key identifier:   18:21:71:B4:20:14:CE:FA:98:66:9C:94:5B:C3:33:AE:6E:30:C6:C7
Certificate issuer:       /CN=9bed36af13da482fdf79fb5403e5074860eecd0d
Certificate serial:       01973030D00162BB2F19121140A50A31B9FE
Authority key identifier: 9B:ED:36:AF:13:DA:48:2F:DF:79:FB:54:03:E5:07:48:60:EE:CD:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/GCFxtCAUzvqYZpyUW8Mzrm4wxsc.roa
Signing time:             Mon 02 Jun 2025 10:29:54 +0000
ROA not before:           Mon 02 Jun 2025 10:29:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197830
IP address blocks:        149.126.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:24:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:30:30:d0:01:62:bb:2f:19:12:11:40:a5:0a:31:b9:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bed36af13da482fdf79fb5403e5074860eecd0d
        Validity
            Not Before: Jun  2 10:29:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=182171b42014cefa98669c945bc333ae6e30c6c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:88:78:66:e4:55:62:0f:98:2b:94:a9:bd:5c:
                    c2:51:3e:84:03:ec:5d:98:2d:e2:fa:e0:09:d6:42:
                    d9:b9:95:93:03:38:74:16:32:c0:1a:56:48:a1:43:
                    0f:f4:1b:f2:0b:26:09:7e:6b:bb:66:7e:2c:45:48:
                    56:4c:d0:0f:1a:e3:57:52:b1:de:55:41:ae:c7:33:
                    c6:8b:7f:f0:41:0c:2c:12:73:6b:92:0b:07:61:e7:
                    e9:93:be:e7:e5:06:55:33:21:f4:ea:46:55:37:79:
                    d3:bd:8b:d4:5e:c0:ac:92:8a:03:78:a4:84:f4:db:
                    a7:dd:6d:45:4d:9c:08:18:d8:bd:aa:7e:c5:df:fc:
                    ad:5a:4f:31:fc:f3:ee:f3:6a:8b:59:0d:5c:39:06:
                    f0:b3:e7:6c:78:5f:68:99:3a:a6:c5:75:ca:b3:3d:
                    c8:f4:a4:0d:9a:7a:75:99:d1:8f:5e:f3:d7:d4:59:
                    61:05:12:e2:9c:1f:fd:a8:c6:6f:25:9a:fc:64:81:
                    be:ab:d8:9e:68:61:c9:78:98:e2:40:60:a0:c6:ff:
                    a6:a5:76:6e:03:1f:d9:fa:a4:48:92:bf:89:38:6d:
                    67:d2:f5:02:5a:b4:1e:25:ae:54:52:ea:1e:45:79:
                    55:70:ba:15:40:72:31:74:43:7d:88:67:42:9c:18:
                    22:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:21:71:B4:20:14:CE:FA:98:66:9C:94:5B:C3:33:AE:6E:30:C6:C7
            X509v3 Authority Key Identifier:
                keyid:9B:ED:36:AF:13:DA:48:2F:DF:79:FB:54:03:E5:07:48:60:EE:CD:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/GCFxtCAUzvqYZpyUW8Mzrm4wxsc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.126.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:39:dd:1e:7e:fc:ef:07:24:d3:a1:4d:14:77:e8:0c:da:9e:
         1d:d6:bb:3d:1c:2c:58:c3:90:9e:6d:92:35:78:36:ea:96:a1:
         88:23:95:e9:0f:ff:92:e2:ae:f0:b2:12:3a:06:db:41:bc:58:
         f5:62:d2:3a:89:31:5e:a5:bf:2e:d3:06:87:d9:e9:28:00:22:
         17:31:e1:c3:88:71:a9:3d:c5:43:6a:6e:3c:f3:47:e8:86:4b:
         02:9a:fd:af:c2:04:6b:de:96:3c:42:d9:37:65:01:69:64:3f:
         1c:00:ac:65:cb:ab:d8:67:f5:c2:fe:15:13:a3:92:c7:b2:97:
         24:d5:6c:75:e4:fa:f7:11:f7:9d:0e:15:d3:e6:61:99:66:6b:
         4f:6d:65:f5:b8:9c:f2:eb:1b:fc:6c:90:29:ce:72:0d:9f:dd:
         5d:03:fd:a7:52:ed:05:3c:47:13:1a:94:c0:4d:c3:f0:2b:8c:
         3d:5a:14:73:73:50:5e:d3:94:4f:86:c3:c4:4d:84:5c:57:cc:
         ae:05:c9:ba:d8:ec:33:f4:3d:e1:a1:78:fc:e2:aa:32:8b:de:
         4a:33:72:78:f1:51:95:1d:46:ac:59:36:d2:05:57:7c:09:d9:
         f3:a7:86:69:dc:63:63:5e:af:ac:b3:7c:7e:1b:f7:49:48:fe:
         b8:b2:46:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcwMNABYrsvGRIRQKUKMbn+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZWQzNmFmMTNkYTQ4MmZkZjc5ZmI1NDAzZTUwNzQ4NjBl
ZWNkMGQwHhcNMjUwNjAyMTAyOTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODIxNzFiNDIwMTRjZWZhOTg2NjljOTQ1YmMzMzNhZTZlMzBjNmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIh4ZuRVYg+YK5SpvVzCUT6EA+xd
mC3i+uAJ1kLZuZWTAzh0FjLAGlZIoUMP9BvyCyYJfmu7Zn4sRUhWTNAPGuNXUrHe
VUGuxzPGi3/wQQwsEnNrkgsHYefpk77n5QZVMyH06kZVN3nTvYvUXsCskooDeKSE
9Nun3W1FTZwIGNi9qn7F3/ytWk8x/PPu82qLWQ1cOQbws+dseF9omTqmxXXKsz3I
9KQNmnp1mdGPXvPX1FlhBRLinB/9qMZvJZr8ZIG+q9ieaGHJeJjiQGCgxv+mpXZu
Ax/Z+qRIkr+JOG1n0vUCWrQeJa5UUuoeRXlVcLoVQHIxdEN9iGdCnBgi2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBghcbQgFM76mGaclFvDM65uMMbHMB8GA1UdIwQY
MBaAFJvtNq8T2kgv33n7VAPlB0hg7s0NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbS0wMnJ4UGFTQ19mZWZ0VUEtVUhTR0R1elEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni80YjAyODMtYTkwYy00ZDY0LTgzMDEt
ZDIyMWViZDA4MThkLzEvR0NGeHRDQVV6dnFZWnB5VVc4TXpybTR3eHNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni80YjAyODMtYTkwYy00ZDY0LTgzMDEtZDIyMWViZDA4MThk
LzEvbS0wMnJ4UGFTQ19mZWZ0VUEtVUhTR0R1elEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlX5xMA0G
CSqGSIb3DQEBCwUAA4IBAQBnOd0efvzvByTToU0Ud+gM2p4d1rs9HCxYw5CebZI1
eDbqlqGII5XpD/+S4q7wshI6BttBvFj1YtI6iTFepb8u0waH2ekoACIXMeHDiHGp
PcVDam4880fohksCmv2vwgRr3pY8Qtk3ZQFpZD8cAKxly6vYZ/XC/hUTo5LHspck
1Wx15Pr3EfedDhXT5mGZZmtPbWX1uJzy6xv8bJApznINn91dA/2nUu0FPEcTGpTA
TcPwK4w9WhRzc1Be05RPhsPETYRcV8yuBcm62Owz9D3hoXj84qoyi95KM3J48VGV
HUasWTbSBVd8Cdnzp4Zp3GNjXq+ss3x+G/dJSP64skbh
-----END CERTIFICATE-----