Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/G7qOVLwRQlkEUG0XGeZBugA-InU.roa
File:                     G7qOVLwRQlkEUG0XGeZBugA-InU.roa (raw, json)
Hash identifier:          ra5AqUSh6Ku+Y4KrCiBgkUNOkURj3FGVxxn+YcD+2go=
Subject key identifier:   1B:BA:8E:54:BC:11:42:59:04:50:6D:17:19:E6:41:BA:00:3E:22:75
Certificate issuer:       /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial:       0194244571DE41637A9EF708D9CDA4B96B13
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/G7qOVLwRQlkEUG0XGeZBugA-InU.roa
Signing time:             Wed 01 Jan 2025 23:48:38 +0000
ROA not before:           Wed 01 Jan 2025 23:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201838
IP address blocks:        168.199.64.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:71:de:41:63:7a:9e:f7:08:d9:cd:a4:b9:6b:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
        Validity
            Not Before: Jan  1 23:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1bba8e54bc11425904506d1719e641ba003e2275
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:0b:45:39:0e:3f:86:41:26:bb:fc:07:e7:5e:
                    0d:ed:68:b9:80:f6:62:73:72:dc:c5:28:4d:68:04:
                    7c:91:6b:fb:4b:67:9b:dd:6a:52:db:2b:ea:27:60:
                    62:46:bd:94:46:41:f9:3d:27:c8:7c:ab:12:5a:08:
                    b4:2f:a7:13:78:b9:c4:44:c6:11:78:20:94:b1:76:
                    44:67:86:3f:cd:3a:5c:aa:a6:c7:e2:b4:9a:38:76:
                    64:63:36:44:5d:9d:a5:28:68:d8:8b:2a:c6:a4:a9:
                    ed:55:b0:63:b1:1b:43:fc:ce:65:72:38:d0:f0:47:
                    95:1c:bc:e6:a1:d4:19:57:b4:91:a2:ae:4b:b3:e8:
                    22:82:af:bc:41:a5:aa:97:4f:e3:e1:9a:fe:2a:6c:
                    52:54:42:72:85:a6:b3:ce:88:6d:d2:98:7f:ba:91:
                    d5:cf:2b:04:79:f8:fb:37:5a:ea:e6:d2:82:2e:20:
                    cf:3e:76:7c:34:5f:d7:53:8b:c5:ed:03:2b:83:c1:
                    34:93:ea:c0:5f:de:4e:c2:a2:f6:82:28:d8:72:fa:
                    44:9b:b8:e3:28:c8:70:91:a1:b4:ac:42:9f:4b:11:
                    07:8e:6b:e6:bf:88:72:32:6c:a7:55:74:14:5e:05:
                    47:12:00:ac:38:26:06:dd:a3:af:db:bd:b5:d8:14:
                    bf:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:BA:8E:54:BC:11:42:59:04:50:6D:17:19:E6:41:BA:00:3E:22:75
            X509v3 Authority Key Identifier:
                keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/G7qOVLwRQlkEUG0XGeZBugA-InU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.199.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         00:b1:4e:e6:c6:2b:8e:af:76:66:e2:53:6c:cb:a5:d1:bb:54:
         8d:5a:14:ba:81:68:57:7d:41:ca:ef:2e:fd:fe:e0:da:cf:7f:
         35:16:f0:6d:c1:32:e4:18:68:32:70:a1:a6:e1:0f:26:89:ad:
         f2:c1:12:42:dd:88:fd:33:56:6c:05:14:39:83:25:34:99:13:
         08:2c:cc:59:ab:fa:cf:fb:b4:04:72:d8:49:48:e3:3d:39:14:
         75:32:62:ae:ec:63:61:e1:14:ae:10:69:19:e4:32:c8:d6:66:
         96:a5:9c:95:eb:35:2c:8c:f6:20:ef:41:0f:4b:16:0a:b3:d4:
         0e:ed:e8:bf:bc:cd:00:26:08:00:9b:3e:58:cd:a2:dc:ff:77:
         2d:26:d9:af:2c:6f:fa:6e:49:0a:f8:d2:84:4f:ef:e2:85:b3:
         e8:fe:68:2e:08:a8:eb:c7:71:ba:a3:d4:00:95:ca:4b:28:8b:
         f4:f0:f6:e1:d2:81:18:2c:c5:0b:b3:e1:1d:18:4d:89:78:59:
         36:cb:6f:9c:5a:c4:3d:4e:9c:ea:cd:55:09:35:e0:33:ea:0f:
         a1:a9:ed:a9:9f:0e:fe:53:c8:42:7a:3a:1d:c8:b0:0c:fe:5e:
         87:b7:6b:2c:14:85:e4:55:1b:31:0b:4e:cc:35:0f:c3:78:83:
         fa:3f:d0:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRXHeQWN6nvcI2c2kuWsTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjUwMTAxMjM0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmJhOGU1NGJjMTE0MjU5MDQ1MDZkMTcxOWU2NDFiYTAwM2UyMjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwtFOQ4/hkEmu/wH514N7Wi5gPZi
c3LcxShNaAR8kWv7S2eb3WpS2yvqJ2BiRr2URkH5PSfIfKsSWgi0L6cTeLnERMYR
eCCUsXZEZ4Y/zTpcqqbH4rSaOHZkYzZEXZ2lKGjYiyrGpKntVbBjsRtD/M5lcjjQ
8EeVHLzmodQZV7SRoq5Ls+gigq+8QaWql0/j4Zr+KmxSVEJyhaazzoht0ph/upHV
zysEefj7N1rq5tKCLiDPPnZ8NF/XU4vF7QMrg8E0k+rAX95OwqL2gijYcvpEm7jj
KMhwkaG0rEKfSxEHjmvmv4hyMmynVXQUXgVHEgCsOCYG3aOv27212BS/BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBu6jlS8EUJZBFBtFxnmQboAPiJ1MB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvRzdxT1ZMd1JRbGtFVUcwWEdlWkJ1Z0EtSW5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFqMdAMA0G
CSqGSIb3DQEBCwUAA4IBAQAAsU7mxiuOr3Zm4lNsy6XRu1SNWhS6gWhXfUHK7y79
/uDaz381FvBtwTLkGGgycKGm4Q8mia3ywRJC3Yj9M1ZsBRQ5gyU0mRMILMxZq/rP
+7QEcthJSOM9ORR1MmKu7GNh4RSuEGkZ5DLI1maWpZyV6zUsjPYg70EPSxYKs9QO
7ei/vM0AJggAmz5YzaLc/3ctJtmvLG/6bkkK+NKET+/ihbPo/mguCKjrx3G6o9QA
lcpLKIv08Pbh0oEYLMULs+EdGE2JeFk2y2+cWsQ9TpzqzVUJNeAz6g+hqe2pnw7+
U8hCejodyLAM/l6Ht2ssFIXkVRsxC07MNQ/DeIP6P9BI
-----END CERTIFICATE-----