Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/525224-78ea-49e4-9749-169431296c59/1/gdPoGNVcOTxve9Q4-VpVufJk2tk.roa
File:                     gdPoGNVcOTxve9Q4-VpVufJk2tk.roa (raw, json)
Hash identifier:          WuZzCuCA9L2ThwhAvWX+I1Ah6JPhfZ6ih/yP6XwGm+0=
Subject key identifier:   81:D3:E8:18:D5:5C:39:3C:6F:7B:D4:38:F9:5A:55:B9:F2:64:DA:D9
Certificate issuer:       /CN=76f311ef1581a00e437cd704b6281ac8621afc56
Certificate serial:       01941F8C785C1AB0161BE6F09550E5C8EA7F
Authority key identifier: 76:F3:11:EF:15:81:A0:0E:43:7C:D7:04:B6:28:1A:C8:62:1A:FC:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dvMR7xWBoA5DfNcEtigayGIa_FY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/525224-78ea-49e4-9749-169431296c59/1/gdPoGNVcOTxve9Q4-VpVufJk2tk.roa
Signing time:             Wed 01 Jan 2025 01:48:06 +0000
ROA not before:           Wed 01 Jan 2025 01:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49544
IP address blocks:        212.104.206.0/23 maxlen: 24
                          2a04:7141::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/525224-78ea-49e4-9749-169431296c59/1/dvMR7xWBoA5DfNcEtigayGIa_FY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/525224-78ea-49e4-9749-169431296c59/1/dvMR7xWBoA5DfNcEtigayGIa_FY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dvMR7xWBoA5DfNcEtigayGIa_FY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:78:5c:1a:b0:16:1b:e6:f0:95:50:e5:c8:ea:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76f311ef1581a00e437cd704b6281ac8621afc56
        Validity
            Not Before: Jan  1 01:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=81d3e818d55c393c6f7bd438f95a55b9f264dad9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:6d:a5:88:cd:ca:53:85:28:02:d5:be:1e:a9:
                    96:b8:e7:b8:c2:eb:69:bd:d8:a0:53:8c:3a:cc:07:
                    4b:19:97:bf:9b:bc:8c:58:e2:81:fe:0f:be:68:f0:
                    95:8b:5e:2f:3b:4f:28:2e:99:77:ee:a6:ac:18:8f:
                    a7:c8:60:eb:ff:8e:66:08:d7:cb:34:04:70:81:0f:
                    09:51:77:4c:74:ec:79:32:af:a3:58:07:2f:f0:17:
                    f3:59:9a:fb:43:aa:bc:3f:54:67:ac:92:8c:2a:8b:
                    7c:37:ef:f6:55:15:47:f1:6d:d8:2d:e0:3b:88:54:
                    bf:36:80:a8:68:0d:98:45:55:7b:45:30:8d:fa:12:
                    f5:8c:6f:06:82:7f:d9:bb:9a:9f:c2:85:b3:ff:23:
                    0c:8f:70:18:43:8e:3f:35:32:f5:76:9c:a5:a9:95:
                    c1:bb:71:d9:93:e0:e1:f0:34:e7:90:6c:eb:5f:8b:
                    f9:25:3c:3e:7c:32:d5:e7:ec:95:16:cb:38:9d:a4:
                    81:50:bd:6c:63:14:12:60:65:94:9a:b8:43:9a:4f:
                    0f:f0:4a:94:1e:a6:1f:29:e5:55:e0:eb:a9:9a:4a:
                    69:31:51:62:f6:b1:6c:3f:59:bc:05:42:8e:50:3b:
                    aa:6e:3f:45:5a:39:88:97:a9:2b:3f:d5:17:23:b2:
                    00:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:D3:E8:18:D5:5C:39:3C:6F:7B:D4:38:F9:5A:55:B9:F2:64:DA:D9
            X509v3 Authority Key Identifier:
                keyid:76:F3:11:EF:15:81:A0:0E:43:7C:D7:04:B6:28:1A:C8:62:1A:FC:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dvMR7xWBoA5DfNcEtigayGIa_FY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/525224-78ea-49e4-9749-169431296c59/1/gdPoGNVcOTxve9Q4-VpVufJk2tk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/525224-78ea-49e4-9749-169431296c59/1/dvMR7xWBoA5DfNcEtigayGIa_FY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.104.206.0/23
                IPv6:
                  2a04:7141::/36

    Signature Algorithm: sha256WithRSAEncryption
         4e:65:ec:21:87:db:c8:ee:d8:8f:73:f3:61:dd:bf:55:38:67:
         d0:63:29:34:3b:fd:f5:d2:a2:db:f3:bd:49:51:c6:94:a3:4e:
         5f:f4:cc:36:c2:44:a8:4a:53:f2:a8:8e:e9:16:4a:1e:1b:2e:
         52:61:95:a4:4f:d4:3e:2b:eb:3c:4d:bc:6a:3f:77:4a:23:6e:
         09:e8:ec:c0:ef:a0:40:fd:37:c1:fc:05:ea:ed:bf:27:b3:96:
         3e:fb:73:f2:fa:16:94:4c:75:e6:41:3b:fe:3b:8e:03:f4:c7:
         05:37:45:99:df:bd:af:a1:8c:59:08:9e:12:b1:05:77:ec:2f:
         a0:ff:f8:8c:7e:64:82:07:f1:ba:c1:bb:1c:c9:52:7b:40:9a:
         64:c2:10:5c:fa:e2:1e:f0:4d:8e:e7:b2:8b:07:97:b8:10:33:
         f6:e4:71:4f:94:d5:01:94:0e:a2:4f:28:27:85:a8:89:9b:85:
         fa:88:1f:b5:a4:7d:27:ce:b4:45:22:17:55:4c:8e:9a:2a:ff:
         eb:4c:60:da:78:78:62:97:64:6d:6c:c0:6e:b5:ff:6d:b1:d0:
         73:ad:5e:13:22:29:5f:05:9b:71:f4:c2:13:61:97:94:6e:9e:
         69:2b:eb:08:93:7c:e3:e2:94:6a:f4:13:b1:a5:54:e6:b9:ca:
         62:1c:2a:c4
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQfjHhcGrAWG+bwlVDlyOp/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2ZjMxMWVmMTU4MWEwMGU0MzdjZDcwNGI2MjgxYWM4NjIx
YWZjNTYwHhcNMjUwMTAxMDE0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWQzZTgxOGQ1NWMzOTNjNmY3YmQ0MzhmOTVhNTViOWYyNjRkYWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwG2liM3KU4UoAtW+HqmWuOe4wutp
vdigU4w6zAdLGZe/m7yMWOKB/g++aPCVi14vO08oLpl37qasGI+nyGDr/45mCNfL
NARwgQ8JUXdMdOx5Mq+jWAcv8BfzWZr7Q6q8P1RnrJKMKot8N+/2VRVH8W3YLeA7
iFS/NoCoaA2YRVV7RTCN+hL1jG8Ggn/Zu5qfwoWz/yMMj3AYQ44/NTL1dpylqZXB
u3HZk+Dh8DTnkGzrX4v5JTw+fDLV5+yVFss4naSBUL1sYxQSYGWUmrhDmk8P8EqU
HqYfKeVV4OupmkppMVFi9rFsP1m8BUKOUDuqbj9FWjmIl6krP9UXI7IAqwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFIHT6BjVXDk8b3vUOPlaVbnyZNrZMB8GA1UdIwQY
MBaAFHbzEe8VgaAOQ3zXBLYoGshiGvxWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHZNUjd4V0JvQTVEZk5jRXRpZ2F5R0lhX0ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS81MjUyMjQtNzhlYS00OWU0LTk3NDkt
MTY5NDMxMjk2YzU5LzEvZ2RQb0dOVmNPVHh2ZTlRNC1WcFZ1ZkprMnRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS81MjUyMjQtNzhlYS00OWU0LTk3NDktMTY5NDMxMjk2YzU5
LzEvZHZNUjd4V0JvQTVEZk5jRXRpZ2F5R0lhX0ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQB1GjOMA4E
AgACMAgDBgQqBHFBADANBgkqhkiG9w0BAQsFAAOCAQEATmXsIYfbyO7Yj3PzYd2/
VThn0GMpNDv99dKi2/O9SVHGlKNOX/TMNsJEqEpT8qiO6RZKHhsuUmGVpE/UPivr
PE28aj93SiNuCejswO+gQP03wfwF6u2/J7OWPvtz8voWlEx15kE7/juOA/THBTdF
md+9r6GMWQieErEFd+wvoP/4jH5kggfxusG7HMlSe0CaZMIQXPriHvBNjueyiweX
uBAz9uRxT5TVAZQOok8oJ4WoiZuF+ogftaR9J860RSIXVUyOmir/60xg2nh4Ypdk
bWzAbrX/bbHQc61eEyIpXwWbcfTCE2GXlG6eaSvrCJN84+KUavQTsaVU5rnKYhwq
xA==
-----END CERTIFICATE-----