Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/GmqA8QHCC_5l1aRwm4_AA_zKBr8.roa
File:                     GmqA8QHCC_5l1aRwm4_AA_zKBr8.roa (raw, json)
Hash identifier:          //VrfLrjXO7Yeg38MyrhRoEusnw2871AyCYLfx6ldsE=
Subject key identifier:   1A:6A:80:F1:01:C2:0B:FE:65:D5:A4:70:9B:8F:C0:03:FC:CA:06:BF
Certificate issuer:       /CN=b404cc0e038eb0e697ec6e7ae49d0286146e0c1a
Certificate serial:       019740D43266B7F927544D666AD619CCB7C1
Authority key identifier: B4:04:CC:0E:03:8E:B0:E6:97:EC:6E:7A:E4:9D:02:86:14:6E:0C:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/GmqA8QHCC_5l1aRwm4_AA_zKBr8.roa
Signing time:             Thu 05 Jun 2025 16:02:17 +0000
ROA not before:           Thu 05 Jun 2025 16:02:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53667
IP address blocks:        65.111.0.0/19 maxlen: 19
                          104.167.19.0/24 maxlen: 24
                          104.207.32.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/tATMDgOOsOaX7G565J0ChhRuDBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/tATMDgOOsOaX7G565J0ChhRuDBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 13:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:40:d4:32:66:b7:f9:27:54:4d:66:6a:d6:19:cc:b7:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b404cc0e038eb0e697ec6e7ae49d0286146e0c1a
        Validity
            Not Before: Jun  5 16:02:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a6a80f101c20bfe65d5a4709b8fc003fcca06bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:42:ee:6d:2b:3a:93:99:82:dc:e0:10:89:4a:
                    79:a3:cd:b6:55:a1:fa:fb:8b:d5:36:1a:c2:c9:b5:
                    ad:ea:29:d8:37:b5:98:b3:27:37:4b:01:46:15:27:
                    11:c0:bf:ef:9e:a7:de:93:bd:39:d6:06:77:fd:91:
                    d5:e0:46:c9:98:1c:54:c8:64:36:62:8e:0e:70:33:
                    06:1c:ff:d6:ce:32:dc:e7:13:12:82:22:a4:c9:09:
                    89:e7:49:13:03:c9:76:8b:69:b1:d6:05:96:e8:a9:
                    3a:02:d7:11:e6:48:76:fe:8f:67:cc:db:1b:0b:ec:
                    92:b7:b2:ce:44:37:3b:a6:d4:aa:8d:c6:df:38:73:
                    36:5d:1d:ae:07:91:a1:ab:7b:85:84:03:5a:97:1c:
                    21:0b:f8:01:61:a3:68:43:84:41:c7:a2:18:a0:82:
                    e3:c5:fb:47:30:7f:d6:ce:af:63:db:ba:90:53:cb:
                    02:d1:c0:44:cd:d0:59:5b:eb:73:5a:fd:d9:68:69:
                    77:c5:95:ca:5c:22:c1:6b:c4:c2:ae:3d:0c:83:84:
                    09:cf:74:64:3b:96:c6:3f:c1:53:77:80:29:70:c2:
                    8a:5f:28:53:54:13:ba:cc:08:6b:e5:f9:ef:ab:3d:
                    b9:a1:e0:d8:43:03:dc:a3:47:c5:a6:0f:0d:f2:a9:
                    40:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:6A:80:F1:01:C2:0B:FE:65:D5:A4:70:9B:8F:C0:03:FC:CA:06:BF
            X509v3 Authority Key Identifier:
                keyid:B4:04:CC:0E:03:8E:B0:E6:97:EC:6E:7A:E4:9D:02:86:14:6E:0C:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/GmqA8QHCC_5l1aRwm4_AA_zKBr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/tATMDgOOsOaX7G565J0ChhRuDBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.111.0.0/19
                  104.167.19.0/24
                  104.207.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         3e:97:07:c5:b9:0b:2b:66:65:c2:ab:d5:a8:63:54:b2:56:52:
         54:da:21:14:4e:80:12:02:5e:c7:ab:b9:f3:62:c3:08:f2:cb:
         20:c2:e8:fd:50:6a:f9:ca:cf:06:6e:3b:52:44:d8:59:6f:3e:
         c8:ca:2c:6e:ab:33:fa:d5:6e:eb:62:5b:7f:ec:c4:2e:05:fb:
         d9:24:84:62:52:cc:08:f2:d5:a2:62:0f:f9:07:55:30:98:e7:
         06:0f:74:52:9d:11:16:0a:59:b9:5e:3a:1f:44:39:d7:8d:48:
         e2:a9:ee:96:39:82:32:2e:85:fd:e7:1e:2d:73:7d:3a:1a:38:
         87:31:dc:8d:30:1e:18:d9:3a:e3:79:05:e7:0b:85:b2:fd:0c:
         81:c0:59:b0:36:35:f1:d3:f2:8d:2f:a4:e2:75:85:8d:d0:a1:
         a9:df:c6:f2:c7:d3:34:70:1b:11:bc:cb:f7:7d:3d:26:c8:39:
         b8:6c:31:23:85:09:39:98:6e:15:67:a1:74:70:53:1f:95:ae:
         93:4a:78:b7:57:e9:e9:f2:fc:26:a1:d1:1f:88:25:ff:e5:bc:
         98:71:37:05:5a:17:d7:a7:9a:e4:5d:89:1b:a6:ec:22:cd:a0:
         7e:01:bd:f1:df:77:35:21:ba:9a:0c:ec:f4:13:6f:b7:47:8d:
         bb:93:00:56
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZdA1DJmt/knVE1matYZzLfBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MDRjYzBlMDM4ZWIwZTY5N2VjNmU3YWU0OWQwMjg2MTQ2
ZTBjMWEwHhcNMjUwNjA1MTYwMjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTZhODBmMTAxYzIwYmZlNjVkNWE0NzA5YjhmYzAwM2ZjY2EwNmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00LubSs6k5mC3OAQiUp5o822VaH6
+4vVNhrCybWt6inYN7WYsyc3SwFGFScRwL/vnqfek7051gZ3/ZHV4EbJmBxUyGQ2
Yo4OcDMGHP/WzjLc5xMSgiKkyQmJ50kTA8l2i2mx1gWW6Kk6AtcR5kh2/o9nzNsb
C+ySt7LORDc7ptSqjcbfOHM2XR2uB5Ghq3uFhANalxwhC/gBYaNoQ4RBx6IYoILj
xftHMH/Wzq9j27qQU8sC0cBEzdBZW+tzWv3ZaGl3xZXKXCLBa8TCrj0Mg4QJz3Rk
O5bGP8FTd4ApcMKKXyhTVBO6zAhr5fnvqz25oeDYQwPco0fFpg8N8qlAlwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBpqgPEBwgv+ZdWkcJuPwAP8yga/MB8GA1UdIwQY
MBaAFLQEzA4DjrDml+xueuSdAoYUbgwaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEFUTURnT09zT2FYN0c1NjVKMENoaFJ1REJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9hYmUxNmItOTJjYy00OGUzLWI1Yjkt
ODZhMmYwNjdiNGU4LzEvR21xQThRSENDXzVsMWFSd200X0FBX3pLQnI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9hYmUxNmItOTJjYy00OGUzLWI1YjktODZhMmYwNjdiNGU4
LzEvdEFUTURnT09zT2FYN0c1NjVKMENoaFJ1REJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQFQW8AAwQA
aKcTAwQFaM8gMA0GCSqGSIb3DQEBCwUAA4IBAQA+lwfFuQsrZmXCq9WoY1SyVlJU
2iEUToASAl7Hq7nzYsMI8ssgwuj9UGr5ys8GbjtSRNhZbz7IyixuqzP61W7rYlt/
7MQuBfvZJIRiUswI8tWiYg/5B1UwmOcGD3RSnREWClm5XjofRDnXjUjiqe6WOYIy
LoX95x4tc306GjiHMdyNMB4Y2TrjeQXnC4Wy/QyBwFmwNjXx0/KNL6TidYWN0KGp
38byx9M0cBsRvMv3fT0myDm4bDEjhQk5mG4VZ6F0cFMfla6TSni3V+np8vwmodEf
iCX/5byYcTcFWhfXp5rkXYkbpuwizaB+Ab3x33c1IbqaDOz0E2+3R427kwBW
-----END CERTIFICATE-----