Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gmSf2XPiCBSHT1fT5ZeL0K87m30.roa
File:                     gmSf2XPiCBSHT1fT5ZeL0K87m30.roa (raw, json)
Hash identifier:          crNHAlvXASLucMIBu3RwtZ6vQfzL3MaGK+3Vru0bE7E=
Subject key identifier:   82:64:9F:D9:73:E2:08:14:87:4F:57:D3:E5:97:8B:D0:AF:3B:9B:7D
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0194DBF9C52D52AE6D00FAA04ED81E08EFD0
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gmSf2XPiCBSHT1fT5ZeL0K87m30.roa
Signing time:             Thu 06 Feb 2025 15:56:06 +0000
ROA not before:           Thu 06 Feb 2025 15:56:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215184
IP address blocks:        82.152.105.0/24 maxlen: 24
                          213.130.140.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 09:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:db:f9:c5:2d:52:ae:6d:00:fa:a0:4e:d8:1e:08:ef:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Feb  6 15:56:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82649fd973e20814874f57d3e5978bd0af3b9b7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:be:55:b6:76:6b:df:dd:a1:e4:7c:37:60:ec:
                    86:84:16:c7:ad:78:a5:04:a1:b1:3a:4e:c4:16:c5:
                    b1:68:cc:0e:34:da:d7:a7:e0:de:6f:f3:41:20:e9:
                    0d:98:36:99:63:05:a3:6a:45:f5:20:f3:90:7a:d4:
                    4a:aa:dc:a4:49:a3:67:c1:52:8a:9e:c5:8b:fe:17:
                    01:31:00:c0:4b:9b:55:6e:ea:a0:30:e8:44:7b:7b:
                    b0:7d:ec:a8:e6:d8:ed:7f:46:5d:ea:0d:27:cf:79:
                    dd:38:3a:c3:3a:ff:55:08:d0:b5:1f:b0:35:8d:e0:
                    05:14:6e:43:fb:5b:c0:00:79:ad:3d:af:8d:26:a0:
                    31:c8:bc:bc:87:f9:a2:f1:18:48:3e:21:0e:58:cb:
                    d0:b5:df:80:eb:44:33:bb:f9:79:63:11:0a:45:a7:
                    e3:5c:0c:70:fa:d5:dc:6c:df:ff:00:fe:01:0f:35:
                    a4:63:34:a6:4d:ac:b2:4a:f2:14:ad:63:22:2f:b5:
                    5d:9c:b6:a5:9e:20:91:2c:9f:9f:32:01:1c:a7:a3:
                    f5:a9:db:5d:2e:52:55:8d:99:70:e2:fd:7d:ba:4f:
                    11:f8:33:39:13:84:25:a8:e3:25:a6:e3:f1:ab:70:
                    93:17:1d:2d:7e:f4:3b:be:12:6f:a1:47:b4:42:c1:
                    4b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:64:9F:D9:73:E2:08:14:87:4F:57:D3:E5:97:8B:D0:AF:3B:9B:7D
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gmSf2XPiCBSHT1fT5ZeL0K87m30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.152.105.0/24
                  213.130.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a1:ca:da:06:c3:6e:49:1c:cb:d9:d5:81:e1:f0:e0:b1:a0:34:
         e4:2a:2c:cb:36:71:45:a9:d8:0f:ac:6b:b1:72:82:06:aa:61:
         e9:58:17:90:18:c9:a4:bc:58:7c:ed:37:39:53:62:a8:53:bc:
         fb:5a:6d:07:7c:9a:5f:41:b2:6b:1b:73:e0:6a:e0:67:dd:64:
         cc:ed:e5:0f:9d:2b:3a:cb:c1:09:22:18:6e:10:83:6a:b7:1b:
         5e:34:c5:e0:ec:5a:2e:3b:1c:1f:2b:e7:de:f4:e6:92:8c:c3:
         58:de:92:48:94:fd:bd:5f:22:21:5d:5c:cc:2d:b5:08:fa:7e:
         af:7d:d2:8d:11:d1:e1:48:d4:29:14:06:0a:42:17:1a:1f:51:
         91:96:27:a7:3b:1f:2a:d6:ba:3d:b2:8a:9b:a5:0b:29:4e:ff:
         98:1f:7e:37:dc:8c:08:6c:68:26:06:c9:8d:92:17:b5:a4:71:
         56:ce:6d:d3:e3:ab:d5:4a:20:5d:36:be:fc:2a:a6:2d:a4:1d:
         b4:99:be:30:da:12:63:d9:29:41:02:34:f0:64:d0:84:a1:65:
         b8:21:21:0d:1e:c1:85:e5:3c:e6:72:90:53:77:57:80:e0:f1:
         2d:12:10:cb:7f:35:f8:19:ab:05:55:46:66:cd:35:51:44:4d:
         c6:0c:b1:52
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZTb+cUtUq5tAPqgTtgeCO/QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMjA2MTU1NjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjY0OWZkOTczZTIwODE0ODc0ZjU3ZDNlNTk3OGJkMGFmM2I5YjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw75VtnZr392h5Hw3YOyGhBbHrXil
BKGxOk7EFsWxaMwONNrXp+Deb/NBIOkNmDaZYwWjakX1IPOQetRKqtykSaNnwVKK
nsWL/hcBMQDAS5tVbuqgMOhEe3uwfeyo5tjtf0Zd6g0nz3ndODrDOv9VCNC1H7A1
jeAFFG5D+1vAAHmtPa+NJqAxyLy8h/mi8RhIPiEOWMvQtd+A60Qzu/l5YxEKRafj
XAxw+tXcbN//AP4BDzWkYzSmTayySvIUrWMiL7VdnLalniCRLJ+fMgEcp6P1qdtd
LlJVjZlw4v19uk8R+DM5E4QlqOMlpuPxq3CTFx0tfvQ7vhJvoUe0QsFL2wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIJkn9lz4ggUh09X0+WXi9CvO5t9MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZ21TZjJYUGlDQlNIVDFmVDVaZUwwSzg3bTMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUphpAwQC
1YKMMA0GCSqGSIb3DQEBCwUAA4IBAQChytoGw25JHMvZ1YHh8OCxoDTkKizLNnFF
qdgPrGuxcoIGqmHpWBeQGMmkvFh87Tc5U2KoU7z7Wm0HfJpfQbJrG3PgauBn3WTM
7eUPnSs6y8EJIhhuEINqtxteNMXg7FouOxwfK+fe9OaSjMNY3pJIlP29XyIhXVzM
LbUI+n6vfdKNEdHhSNQpFAYKQhcaH1GRlienOx8q1ro9soqbpQspTv+YH3433IwI
bGgmBsmNkhe1pHFWzm3T46vVSiBdNr78KqYtpB20mb4w2hJj2SlBAjTwZNCEoWW4
ISENHsGF5TzmcpBTd1eA4PEtEhDLfzX4GasFVUZmzTVRRE3GDLFS
-----END CERTIFICATE-----