Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/cce5ba-ff93-4438-a8e3-4a637c6d9938/1/gtQnPoHQAssVploPdQKF3wMqPqg.roa
File:                     gtQnPoHQAssVploPdQKF3wMqPqg.roa (raw, json)
Hash identifier:          oTvtYktXpzo6IvRkclIhI8X73gjSVVDXnm/5bjUENeo=
Subject key identifier:   82:D4:27:3E:81:D0:02:CB:15:A6:5A:0F:75:02:85:DF:03:2A:3E:A8
Certificate issuer:       /CN=4d0d5943c2403730de818e31b9b5ff1d8c1c9c47
Certificate serial:       0194244555C8EBB941591E1E77218F0EB6B1
Authority key identifier: 4D:0D:59:43:C2:40:37:30:DE:81:8E:31:B9:B5:FF:1D:8C:1C:9C:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TQ1ZQ8JANzDegY4xubX_HYwcnEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/cce5ba-ff93-4438-a8e3-4a637c6d9938/1/gtQnPoHQAssVploPdQKF3wMqPqg.roa
Signing time:             Wed 01 Jan 2025 23:48:31 +0000
ROA not before:           Wed 01 Jan 2025 23:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209385
IP address blocks:        185.232.124.0/22 maxlen: 24
                          2a0c:a500::/32 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/cce5ba-ff93-4438-a8e3-4a637c6d9938/1/TQ1ZQ8JANzDegY4xubX_HYwcnEc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/cce5ba-ff93-4438-a8e3-4a637c6d9938/1/TQ1ZQ8JANzDegY4xubX_HYwcnEc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TQ1ZQ8JANzDegY4xubX_HYwcnEc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:55:c8:eb:b9:41:59:1e:1e:77:21:8f:0e:b6:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d0d5943c2403730de818e31b9b5ff1d8c1c9c47
        Validity
            Not Before: Jan  1 23:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82d4273e81d002cb15a65a0f750285df032a3ea8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ab:01:7c:ca:79:27:a0:38:69:b7:ee:2f:62:
                    0c:20:5b:c2:1f:b4:a5:97:36:96:1b:da:b0:38:99:
                    53:2c:8d:43:90:6b:59:5c:90:c2:8b:45:9c:ba:2b:
                    3f:f0:1a:4d:ed:f3:b2:f8:f4:73:52:1d:71:af:11:
                    1e:f0:f7:bc:1a:87:d2:cb:19:0d:ef:47:e7:97:34:
                    4b:95:d9:de:27:95:4a:0a:85:bf:93:6f:cd:27:6c:
                    56:84:e8:c8:5b:11:89:94:f4:ce:15:88:31:26:6d:
                    4a:28:b0:55:46:07:8f:9c:db:00:be:6e:06:05:e1:
                    82:38:cd:1a:21:84:c5:c6:02:71:03:c9:74:f4:52:
                    9f:b1:2a:95:94:60:5b:e6:1c:28:50:0b:2b:80:7f:
                    c8:4f:79:b9:31:d5:d1:eb:6c:bf:0b:2d:af:27:c5:
                    b1:e0:f6:10:cf:5b:c6:71:5c:c3:01:0c:cd:c2:c3:
                    d9:5c:37:b0:07:33:69:0b:92:75:21:3d:b5:2b:af:
                    e6:ae:e8:4c:a5:f1:1d:84:fb:5f:1a:60:f6:74:97:
                    71:3b:98:79:99:49:c1:4d:c3:7c:9e:8c:e7:1e:e9:
                    72:9a:3b:4d:d7:75:e8:98:ed:e6:b8:0b:0e:c4:4f:
                    8b:86:61:15:53:5a:17:b3:0e:b1:94:4a:64:2a:d5:
                    c8:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:D4:27:3E:81:D0:02:CB:15:A6:5A:0F:75:02:85:DF:03:2A:3E:A8
            X509v3 Authority Key Identifier:
                keyid:4D:0D:59:43:C2:40:37:30:DE:81:8E:31:B9:B5:FF:1D:8C:1C:9C:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TQ1ZQ8JANzDegY4xubX_HYwcnEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/cce5ba-ff93-4438-a8e3-4a637c6d9938/1/gtQnPoHQAssVploPdQKF3wMqPqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/cce5ba-ff93-4438-a8e3-4a637c6d9938/1/TQ1ZQ8JANzDegY4xubX_HYwcnEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.124.0/22
                IPv6:
                  2a0c:a500::/32

    Signature Algorithm: sha256WithRSAEncryption
         a0:6f:bc:03:64:c4:a3:83:87:eb:25:99:3a:af:cf:75:77:e5:
         1a:dd:d7:04:c9:ba:a5:d1:34:cc:f0:a0:62:34:9f:11:43:65:
         b6:b8:3c:90:d3:49:01:9e:99:4d:be:26:bb:6c:75:65:25:63:
         1e:ef:19:0c:00:e3:a2:c5:39:7e:b9:e4:b8:f3:2d:b1:d0:9a:
         a4:d1:ab:c9:20:c8:44:58:5e:92:11:d5:bf:91:d3:fe:51:32:
         02:10:3f:cc:7d:79:f0:d2:a3:8d:38:3b:a5:e0:72:f7:63:d7:
         0d:5c:9e:81:07:0e:2a:60:1f:9c:ef:ea:cc:a6:1c:d6:76:12:
         18:af:b6:82:41:32:09:c6:3c:e2:0b:1f:b9:09:67:04:90:15:
         2b:56:79:71:c9:b3:cc:a0:ee:08:f5:f0:ba:c1:db:9d:29:ca:
         16:0d:37:c2:3e:b2:36:9a:6e:69:c7:9b:4c:e3:fc:19:17:4d:
         51:a5:73:18:2f:11:b0:b9:ca:ed:f1:b0:aa:6c:a4:75:55:02:
         be:9f:ef:a4:89:3e:fd:51:e3:0d:5c:ef:61:0a:61:ef:4c:43:
         05:7c:f8:44:c7:07:d9:70:9b:fe:89:7e:cd:a2:b9:11:f0:26:
         98:64:54:f0:94:7d:4e:66:dc:a5:36:0b:3a:58:62:94:d4:51:
         f2:cf:68:7d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQkRVXI67lBWR4edyGPDraxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkMGQ1OTQzYzI0MDM3MzBkZTgxOGUzMWI5YjVmZjFkOGMx
YzljNDcwHhcNMjUwMTAxMjM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmQ0MjczZTgxZDAwMmNiMTVhNjVhMGY3NTAyODVkZjAzMmEzZWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKsBfMp5J6A4abfuL2IMIFvCH7Sl
lzaWG9qwOJlTLI1DkGtZXJDCi0Wcuis/8BpN7fOy+PRzUh1xrxEe8Pe8GofSyxkN
70fnlzRLldneJ5VKCoW/k2/NJ2xWhOjIWxGJlPTOFYgxJm1KKLBVRgePnNsAvm4G
BeGCOM0aIYTFxgJxA8l09FKfsSqVlGBb5hwoUAsrgH/IT3m5MdXR62y/Cy2vJ8Wx
4PYQz1vGcVzDAQzNwsPZXDewBzNpC5J1IT21K6/mruhMpfEdhPtfGmD2dJdxO5h5
mUnBTcN8noznHulymjtN13XomO3muAsOxE+LhmEVU1oXsw6xlEpkKtXIvwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFILUJz6B0ALLFaZaD3UChd8DKj6oMB8GA1UdIwQY
MBaAFE0NWUPCQDcw3oGOMbm1/x2MHJxHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFExWlE4SkFOekRlZ1k0eHViWF9IWXdjbkVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9jY2U1YmEtZmY5My00NDM4LWE4ZTMt
NGE2MzdjNmQ5OTM4LzEvZ3RRblBvSFFBc3NWcGxvUGRRS0Yzd01xUHFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9jY2U1YmEtZmY5My00NDM4LWE4ZTMtNGE2MzdjNmQ5OTM4
LzEvVFExWlE4SkFOekRlZ1k0eHViWF9IWXdjbkVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCueh8MA0E
AgACMAcDBQAqDKUAMA0GCSqGSIb3DQEBCwUAA4IBAQCgb7wDZMSjg4frJZk6r891
d+Ua3dcEybql0TTM8KBiNJ8RQ2W2uDyQ00kBnplNvia7bHVlJWMe7xkMAOOixTl+
ueS48y2x0Jqk0avJIMhEWF6SEdW/kdP+UTICED/MfXnw0qONODul4HL3Y9cNXJ6B
Bw4qYB+c7+rMphzWdhIYr7aCQTIJxjziCx+5CWcEkBUrVnlxybPMoO4I9fC6wdud
KcoWDTfCPrI2mm5px5tM4/wZF01RpXMYLxGwucrt8bCqbKR1VQK+n++kiT79UeMN
XO9hCmHvTEMFfPhExwfZcJv+iX7NorkR8CaYZFTwlH1OZtylNgs6WGKU1FHyz2h9
-----END CERTIFICATE-----