Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/3fa718-90c5-426c-b85f-1df09e701434/1/gjQZAjjkQcupDLhTVfFv8GZji_8.roa
File:                     gjQZAjjkQcupDLhTVfFv8GZji_8.roa (raw, json)
Hash identifier:          S6LI8locxNS7pJHusatxk4CqHDeNJR2oaMoGw7n3cpU=
Subject key identifier:   82:34:19:02:38:E4:41:CB:A9:0C:B8:53:55:F1:6F:F0:66:63:8B:FF
Certificate issuer:       /CN=b8232d19dd81d45c25923aeb4d9a9685879aefa6
Certificate serial:       019420681D3C11E326FD129677EAE90488AB
Authority key identifier: B8:23:2D:19:DD:81:D4:5C:25:92:3A:EB:4D:9A:96:85:87:9A:EF:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uCMtGd2B1FwlkjrrTZqWhYea76Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/3fa718-90c5-426c-b85f-1df09e701434/1/gjQZAjjkQcupDLhTVfFv8GZji_8.roa
Signing time:             Wed 01 Jan 2025 05:48:01 +0000
ROA not before:           Wed 01 Jan 2025 05:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        193.17.232.0/22 maxlen: 22
                          193.17.236.0/22 maxlen: 22
                          193.17.240.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/3fa718-90c5-426c-b85f-1df09e701434/1/uCMtGd2B1FwlkjrrTZqWhYea76Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/3fa718-90c5-426c-b85f-1df09e701434/1/uCMtGd2B1FwlkjrrTZqWhYea76Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uCMtGd2B1FwlkjrrTZqWhYea76Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:1d:3c:11:e3:26:fd:12:96:77:ea:e9:04:88:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8232d19dd81d45c25923aeb4d9a9685879aefa6
        Validity
            Not Before: Jan  1 05:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8234190238e441cba90cb85355f16ff066638bff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:7e:16:a5:5e:31:73:f6:b5:2b:34:fe:da:05:
                    20:0f:d7:bb:cf:eb:89:4d:e8:ed:2a:ac:53:a3:ed:
                    63:f5:06:69:47:17:39:d4:56:d8:82:0a:50:a0:0d:
                    ac:dd:9f:46:41:73:f6:4d:b2:04:38:c4:ba:78:6e:
                    db:b8:48:c0:bc:73:a4:87:bd:8a:a8:e1:f8:4f:c6:
                    18:40:ca:df:b0:56:63:35:5b:fc:40:4d:07:2f:b2:
                    9b:fa:12:d7:67:c2:3c:7a:b4:87:23:82:86:18:d1:
                    5b:ba:84:86:68:ac:08:f4:73:3b:dd:2d:b4:66:5c:
                    b9:68:95:c7:0a:91:1b:cf:1f:bd:3b:77:93:f7:2f:
                    e1:14:9e:7f:79:a6:03:c7:73:0e:77:cc:67:ee:c6:
                    66:53:a0:3f:94:1c:7e:32:1b:bc:23:c3:cf:4d:25:
                    38:25:a4:1d:7f:c6:59:79:a8:cb:5c:37:ca:ce:b5:
                    81:2c:07:16:83:7c:9e:24:93:05:cc:4d:7a:2c:75:
                    7e:81:95:dd:3a:7e:3f:90:94:ee:1b:48:74:cd:a3:
                    5f:7b:da:bf:c1:41:71:ee:48:3e:5c:8e:71:5e:0f:
                    da:02:e9:c3:e8:45:ef:46:5d:00:98:7e:38:08:89:
                    19:88:2a:fe:8e:82:55:d5:0d:a4:b4:2c:ba:87:55:
                    c8:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:34:19:02:38:E4:41:CB:A9:0C:B8:53:55:F1:6F:F0:66:63:8B:FF
            X509v3 Authority Key Identifier:
                keyid:B8:23:2D:19:DD:81:D4:5C:25:92:3A:EB:4D:9A:96:85:87:9A:EF:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uCMtGd2B1FwlkjrrTZqWhYea76Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/3fa718-90c5-426c-b85f-1df09e701434/1/gjQZAjjkQcupDLhTVfFv8GZji_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/3fa718-90c5-426c-b85f-1df09e701434/1/uCMtGd2B1FwlkjrrTZqWhYea76Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.232.0-193.17.241.255

    Signature Algorithm: sha256WithRSAEncryption
         49:fd:a7:40:1d:35:29:9b:19:5f:8b:30:d1:59:fd:98:6f:56:
         0d:c3:f9:7d:26:13:4d:0f:44:ec:7a:8b:d7:ee:ae:f4:3a:25:
         60:fd:3b:3b:7c:85:a1:c6:31:a9:e5:3e:7f:f5:9e:07:57:c2:
         f1:81:92:55:43:ab:ba:28:9a:5f:6e:a9:ab:c1:cf:36:05:b8:
         16:af:b6:db:4a:f0:3a:d6:2e:d7:22:b2:63:dd:f0:22:19:c7:
         21:c8:89:d4:4f:3d:d1:d5:ad:b6:4f:47:8e:24:c3:81:16:03:
         8d:bf:92:51:a4:ff:b3:87:63:43:3a:3f:b7:bc:1a:d5:c3:5d:
         7c:6a:2e:3c:b0:b7:fe:9e:4c:e7:64:08:53:93:e1:5b:d6:e1:
         86:53:c5:2c:62:7e:ba:12:e7:a4:91:7a:6f:7e:de:c1:fe:96:
         52:d3:3a:da:95:58:e8:0d:dd:0f:c9:e1:db:44:f5:d7:85:af:
         48:c9:09:44:59:48:a7:37:42:95:55:83:a4:2e:4a:34:a8:e5:
         c1:78:65:ec:10:1b:95:0e:00:7f:14:d4:46:ac:00:89:d1:0e:
         9d:f3:91:e8:04:78:7f:33:77:1b:4a:53:ed:3c:4c:db:a4:19:
         47:d5:37:0c:e5:c1:27:6a:93:e0:36:80:59:77:ef:08:54:88:
         17:8a:23:a0
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQgaB08EeMm/RKWd+rpBIirMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MjMyZDE5ZGQ4MWQ0NWMyNTkyM2FlYjRkOWE5Njg1ODc5
YWVmYTYwHhcNMjUwMTAxMDU0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjM0MTkwMjM4ZTQ0MWNiYTkwY2I4NTM1NWYxNmZmMDY2NjM4YmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1H4WpV4xc/a1KzT+2gUgD9e7z+uJ
TejtKqxTo+1j9QZpRxc51FbYggpQoA2s3Z9GQXP2TbIEOMS6eG7buEjAvHOkh72K
qOH4T8YYQMrfsFZjNVv8QE0HL7Kb+hLXZ8I8erSHI4KGGNFbuoSGaKwI9HM73S20
Zly5aJXHCpEbzx+9O3eT9y/hFJ5/eaYDx3MOd8xn7sZmU6A/lBx+Mhu8I8PPTSU4
JaQdf8ZZeajLXDfKzrWBLAcWg3yeJJMFzE16LHV+gZXdOn4/kJTuG0h0zaNfe9q/
wUFx7kg+XI5xXg/aAunD6EXvRl0AmH44CIkZiCr+joJV1Q2ktCy6h1XIWwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFII0GQI45EHLqQy4U1Xxb/BmY4v/MB8GA1UdIwQY
MBaAFLgjLRndgdRcJZI6602aloWHmu+mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUNNdEdkMkIxRndsa2pyclRacVdoWWVhNzZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni8zZmE3MTgtOTBjNS00MjZjLWI4NWYt
MWRmMDllNzAxNDM0LzEvZ2pRWkFqamtRY3VwRExoVFZmRnY4R1pqaV84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni8zZmE3MTgtOTBjNS00MjZjLWI4NWYtMWRmMDllNzAxNDM0
LzEvdUNNdEdkMkIxRndsa2pyclRacVdoWWVhNzZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAPBEegD
BAHBEfAwDQYJKoZIhvcNAQELBQADggEBAEn9p0AdNSmbGV+LMNFZ/ZhvVg3D+X0m
E00PROx6i9furvQ6JWD9Ozt8haHGManlPn/1ngdXwvGBklVDq7ooml9uqavBzzYF
uBavtttK8DrWLtcismPd8CIZxyHIidRPPdHVrbZPR44kw4EWA42/klGk/7OHY0M6
P7e8GtXDXXxqLjywt/6eTOdkCFOT4VvW4YZTxSxifroS56SRem9+3sH+llLTOtqV
WOgN3Q/J4dtE9deFr0jJCURZSKc3QpVVg6QuSjSo5cF4ZewQG5UOAH8U1EasAInR
Dp3zkegEeH8zdxtKU+08TNukGUfVNwzlwSdqk+A2gFl37whUiBeKI6A=
-----END CERTIFICATE-----