Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/GkxGrjdz0A7AWmifnWDimQZWI38.roa
File:                     GkxGrjdz0A7AWmifnWDimQZWI38.roa (raw, json)
Hash identifier:          tHXJR2KGAG4wHE8bdFOYoF9Jdtd+4jQD2aXhMHJzWK8=
Subject key identifier:   1A:4C:46:AE:37:73:D0:0E:C0:5A:68:9F:9D:60:E2:99:06:56:23:7F
Certificate issuer:       /CN=d0aa4a1a7a3ad23faae2aeae9fa6194f02128129
Certificate serial:       01944AC8783CA9665072E3EA84A7C0F077BB
Authority key identifier: D0:AA:4A:1A:7A:3A:D2:3F:AA:E2:AE:AE:9F:A6:19:4F:02:12:81:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0KpKGno60j-q4q6un6YZTwISgSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/GkxGrjdz0A7AWmifnWDimQZWI38.roa
Signing time:             Thu 09 Jan 2025 11:17:19 +0000
ROA not before:           Thu 09 Jan 2025 11:17:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6660
IP address blocks:        62.25.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0KpKGno60j-q4q6un6YZTwISgSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0KpKGno60j-q4q6un6YZTwISgSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0KpKGno60j-q4q6un6YZTwISgSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4a:c8:78:3c:a9:66:50:72:e3:ea:84:a7:c0:f0:77:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0aa4a1a7a3ad23faae2aeae9fa6194f02128129
        Validity
            Not Before: Jan  9 11:17:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a4c46ae3773d00ec05a689f9d60e2990656237f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:77:77:23:9c:f7:89:d6:d0:a4:a7:22:d4:e2:
                    c1:a0:2a:e1:b1:f7:e9:22:a6:85:97:c7:5d:96:c9:
                    85:42:31:7c:e8:4d:72:35:17:cc:7b:7b:db:6a:d2:
                    f2:a9:d4:bc:45:96:0c:34:9a:57:ca:51:61:a5:83:
                    1a:f8:6b:88:4e:d9:80:32:0b:89:fe:18:c8:8b:e1:
                    f6:3e:08:c5:10:6d:d1:08:50:dc:ab:24:e1:2c:0f:
                    81:1c:f9:d4:37:81:e8:4f:c8:49:0b:e3:ea:b8:b3:
                    ea:d1:c6:d8:83:6e:21:fe:0a:6e:ed:3b:18:a2:4b:
                    1a:30:a4:46:e2:7d:e9:22:56:be:b2:62:9b:31:0f:
                    cc:83:c4:dc:b6:a0:bd:d8:a4:b8:05:28:a9:e8:a3:
                    be:c5:9a:11:2b:fc:bf:91:99:79:24:ad:6b:06:56:
                    c4:15:1d:94:aa:62:0a:7e:ec:7c:e2:a6:1e:a8:47:
                    ec:ee:b8:89:e3:69:17:89:8d:ff:3a:4f:5d:3a:4f:
                    22:fe:fc:27:44:bb:6a:42:3d:d1:5b:67:68:28:15:
                    39:98:b1:e2:94:7b:74:7c:c0:b8:e1:08:16:ff:4d:
                    28:16:d6:dd:55:e8:2e:4a:1c:c1:23:f5:de:70:4a:
                    eb:8a:d9:31:36:02:81:8d:6f:37:a3:45:80:3e:3d:
                    59:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:4C:46:AE:37:73:D0:0E:C0:5A:68:9F:9D:60:E2:99:06:56:23:7F
            X509v3 Authority Key Identifier:
                keyid:D0:AA:4A:1A:7A:3A:D2:3F:AA:E2:AE:AE:9F:A6:19:4F:02:12:81:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0KpKGno60j-q4q6un6YZTwISgSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/GkxGrjdz0A7AWmifnWDimQZWI38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0KpKGno60j-q4q6un6YZTwISgSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.25.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         26:d3:e3:4f:d9:96:0b:66:5c:5c:94:d0:5a:04:8e:e7:ac:84:
         c3:01:ac:72:59:3f:6b:bd:60:de:7b:94:a4:98:13:bd:88:33:
         5c:2e:74:7f:63:16:34:57:b9:37:e0:43:29:5f:5a:1b:d9:a2:
         d4:e4:74:81:f4:06:bc:cf:5a:cb:a1:d1:78:6a:13:7c:99:07:
         7a:dc:66:d1:56:27:e7:0b:7d:90:dc:0c:3a:78:1c:4b:71:4f:
         32:f6:36:5a:a2:fa:ee:4f:39:b8:d6:40:33:d5:6f:5f:02:20:
         8d:e4:12:e6:12:7e:49:12:b1:81:19:94:9d:21:aa:d5:d6:b3:
         5e:7f:ec:ad:44:eb:87:1c:b3:c2:dd:4a:87:b1:90:d6:3a:68:
         52:65:eb:47:8f:7c:48:a4:de:3f:c1:9b:73:ea:43:fd:51:de:
         dc:ba:b8:45:39:0e:34:e8:44:d9:ac:36:86:f5:fa:d6:b1:2e:
         bc:ac:2e:6d:7b:64:21:0d:29:ee:20:2b:e0:39:6f:99:cb:8b:
         c6:b7:50:4e:0b:8f:73:85:66:c3:db:45:8b:0b:af:42:2c:57:
         ef:20:ce:68:e1:63:48:da:cc:19:2c:85:b6:51:7b:83:a8:06:
         27:11:9c:42:2f:79:5a:5f:96:e8:50:11:72:e5:09:28:09:ba:
         d5:dc:b1:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRKyHg8qWZQcuPqhKfA8He7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYWE0YTFhN2EzYWQyM2ZhYWUyYWVhZTlmYTYxOTRmMDIx
MjgxMjkwHhcNMjUwMTA5MTExNzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTRjNDZhZTM3NzNkMDBlYzA1YTY4OWY5ZDYwZTI5OTA2NTYyMzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHd3I5z3idbQpKci1OLBoCrhsffp
IqaFl8ddlsmFQjF86E1yNRfMe3vbatLyqdS8RZYMNJpXylFhpYMa+GuITtmAMguJ
/hjIi+H2PgjFEG3RCFDcqyThLA+BHPnUN4HoT8hJC+PquLPq0cbYg24h/gpu7TsY
oksaMKRG4n3pIla+smKbMQ/Mg8TctqC92KS4BSip6KO+xZoRK/y/kZl5JK1rBlbE
FR2UqmIKfux84qYeqEfs7riJ42kXiY3/Ok9dOk8i/vwnRLtqQj3RW2doKBU5mLHi
lHt0fMC44QgW/00oFtbdVeguShzBI/XecErritkxNgKBjW83o0WAPj1ZpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBpMRq43c9AOwFpon51g4pkGViN/MB8GA1UdIwQY
MBaAFNCqShp6OtI/quKurp+mGU8CEoEpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEtwS0dubzYwai1xNHE2dW42WVpUd0lTZ1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS83NjU1NmUtYTFkOC00ZTBhLTg0Njgt
MjIxNGYxOGViMzI5LzEvR2t4R3JqZHowQTdBV21pZm5XRGltUVpXSTM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS83NjU1NmUtYTFkOC00ZTBhLTg0NjgtMjIxNGYxOGViMzI5
LzEvMEtwS0dubzYwai1xNHE2dW42WVpUd0lTZ1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHPhmAMA0G
CSqGSIb3DQEBCwUAA4IBAQAm0+NP2ZYLZlxclNBaBI7nrITDAaxyWT9rvWDee5Sk
mBO9iDNcLnR/YxY0V7k34EMpX1ob2aLU5HSB9Aa8z1rLodF4ahN8mQd63GbRVifn
C32Q3Aw6eBxLcU8y9jZaovruTzm41kAz1W9fAiCN5BLmEn5JErGBGZSdIarV1rNe
f+ytROuHHLPC3UqHsZDWOmhSZetHj3xIpN4/wZtz6kP9Ud7curhFOQ406ETZrDaG
9frWsS68rC5te2QhDSnuICvgOW+Zy4vGt1BOC49zhWbD20WLC69CLFfvIM5o4WNI
2swZLIW2UXuDqAYnEZxCL3laX5boUBFy5QkoCbrV3LG5
-----END CERTIFICATE-----