Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/GfHlMDqW8f_RPGupY42wfeJn0K0.roa
File:                     GfHlMDqW8f_RPGupY42wfeJn0K0.roa (raw, json)
Hash identifier:          yZdyaaWtQN06+585o6qcTebcPl9jvWJOnIEn2z7Qx10=
Subject key identifier:   19:F1:E5:30:3A:96:F1:FF:D1:3C:6B:A9:63:8D:B0:7D:E2:67:D0:AD
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       0194FA86249EED20F4468BC16A3DD2638A17
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/GfHlMDqW8f_RPGupY42wfeJn0K0.roa
Signing time:             Wed 12 Feb 2025 14:18:02 +0000
ROA not before:           Wed 12 Feb 2025 14:18:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42831
IP address blocks:        195.216.178.0/24 maxlen: 24
                          195.216.179.0/24 maxlen: 24
                          195.216.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:fa:86:24:9e:ed:20:f4:46:8b:c1:6a:3d:d2:63:8a:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Feb 12 14:18:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19f1e5303a96f1ffd13c6ba9638db07de267d0ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:74:e6:f1:e8:0d:12:c9:c3:21:d8:8c:b9:58:
                    dc:08:32:f0:ec:35:aa:35:52:f8:5f:64:88:39:34:
                    41:bd:9b:7f:ec:de:46:19:22:dc:24:77:8e:92:a7:
                    3c:50:a3:90:3a:a7:da:e4:32:1d:ef:9d:20:31:26:
                    78:81:5e:b9:dd:b7:d0:71:54:4e:ce:dc:18:1b:4d:
                    fc:ce:34:63:a4:a4:a3:ba:cf:1d:89:16:15:48:fe:
                    94:f2:20:13:f7:a4:e8:c7:b1:09:3f:25:24:99:d7:
                    41:ff:36:bb:e8:d7:5a:7d:13:ab:a6:c8:79:45:54:
                    fd:91:4c:56:99:fb:df:b1:95:a4:84:f3:78:dd:37:
                    38:2d:71:37:97:01:51:4e:f4:2d:10:09:c8:07:54:
                    d0:5c:84:1f:40:a9:ca:24:d4:e1:50:03:49:a4:ed:
                    ea:d3:aa:e1:82:67:7c:6b:78:e6:18:ce:dc:ee:da:
                    bb:04:95:c8:af:7d:11:d9:f3:38:27:15:2a:51:5e:
                    39:2f:f5:15:2e:07:94:62:43:60:09:13:6c:17:fa:
                    f6:de:04:b6:e0:91:91:71:24:f2:8d:96:17:ab:18:
                    d8:da:8c:79:98:ef:1f:54:c3:34:6e:70:a8:e7:b9:
                    06:cc:89:38:10:63:6e:0d:5d:3c:2c:ca:1a:20:44:
                    5f:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:F1:E5:30:3A:96:F1:FF:D1:3C:6B:A9:63:8D:B0:7D:E2:67:D0:AD
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/GfHlMDqW8f_RPGupY42wfeJn0K0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.178.0/23
                  195.216.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:41:4a:53:b6:6e:55:5d:1d:b7:de:44:31:f6:6b:43:fe:38:
         ee:3d:6a:c9:18:54:9c:8a:e6:61:ed:c7:b9:b8:90:f7:38:18:
         cd:ef:1f:92:bd:52:5e:94:36:30:99:50:a4:83:e4:c1:af:e4:
         ad:a2:ce:a9:b7:c6:82:de:16:6f:e3:96:4b:96:d8:c2:2f:d1:
         85:9d:ae:a0:1e:fb:26:c0:86:bb:b1:1a:00:b0:a5:e8:d7:3c:
         17:3c:f4:a3:be:b5:1b:f3:43:6b:b2:d6:e6:dd:dd:a9:1b:dd:
         3c:9f:60:7c:a1:ca:61:d9:11:69:b5:7e:cb:a9:f2:9b:d0:26:
         a4:fd:41:9e:96:ef:24:56:eb:ad:f3:2b:ca:e5:d4:56:17:eb:
         d2:a9:31:c6:ee:3b:b6:00:ca:ca:75:40:8e:ac:4f:ef:5d:2b:
         ce:52:47:7e:65:89:e8:77:ac:7f:4a:22:da:27:73:38:c8:9d:
         71:06:bc:81:58:9a:97:a4:ef:1f:dc:f1:88:83:eb:e1:12:62:
         d6:cc:58:ec:db:22:1a:46:ae:e0:81:52:ee:9f:35:5b:36:ad:
         ee:5e:07:dc:f9:2c:ae:f7:e9:e9:5a:5a:94:e3:34:d7:74:5d:
         d1:54:c7:f1:33:49:d1:72:07:d8:8e:e2:4a:9b:7b:c9:5b:5f:
         dd:fd:ba:2d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZT6hiSe7SD0RovBaj3SY4oXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjUwMjEyMTQxODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWYxZTUzMDNhOTZmMWZmZDEzYzZiYTk2MzhkYjA3ZGUyNjdkMGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHTm8egNEsnDIdiMuVjcCDLw7DWq
NVL4X2SIOTRBvZt/7N5GGSLcJHeOkqc8UKOQOqfa5DId750gMSZ4gV653bfQcVRO
ztwYG038zjRjpKSjus8diRYVSP6U8iAT96Tox7EJPyUkmddB/za76NdafROrpsh5
RVT9kUxWmfvfsZWkhPN43Tc4LXE3lwFRTvQtEAnIB1TQXIQfQKnKJNThUANJpO3q
06rhgmd8a3jmGM7c7tq7BJXIr30R2fM4JxUqUV45L/UVLgeUYkNgCRNsF/r23gS2
4JGRcSTyjZYXqxjY2ox5mO8fVMM0bnCo57kGzIk4EGNuDV08LMoaIERfLQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBnx5TA6lvH/0TxrqWONsH3iZ9CtMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvR2ZIbE1EcVc4Zl9SUEd1cFk0MndmZUpuMEswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBw9iyAwQA
w9i3MA0GCSqGSIb3DQEBCwUAA4IBAQBiQUpTtm5VXR233kQx9mtD/jjuPWrJGFSc
iuZh7ce5uJD3OBjN7x+SvVJelDYwmVCkg+TBr+Stos6pt8aC3hZv45ZLltjCL9GF
na6gHvsmwIa7sRoAsKXo1zwXPPSjvrUb80Nrstbm3d2pG908n2B8ocph2RFptX7L
qfKb0Cak/UGelu8kVuut8yvK5dRWF+vSqTHG7ju2AMrKdUCOrE/vXSvOUkd+ZYno
d6x/SiLaJ3M4yJ1xBryBWJqXpO8f3PGIg+vhEmLWzFjs2yIaRq7ggVLunzVbNq3u
Xgfc+Syu9+npWlqU4zTXdF3RVMfxM0nRcgfYjuJKm3vJW1/d/bot
-----END CERTIFICATE-----