Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/GSGxmFMOldMDBn5u7DfvJzXbYCo.roa
File:                     GSGxmFMOldMDBn5u7DfvJzXbYCo.roa (raw, json)
Hash identifier:          un2PEVowSPZIo87TGOOK/KPKdTl+4fijd3wEZf387m4=
Subject key identifier:   19:21:B1:98:53:0E:95:D3:03:06:7E:6E:EC:37:EF:27:35:DB:60:2A
Certificate issuer:       /CN=df8f961c6efbb7f9ce74217b1d5dbb54e981c6f2
Certificate serial:       0194214405A5281F9106B7309F8B800ED95F
Authority key identifier: DF:8F:96:1C:6E:FB:B7:F9:CE:74:21:7B:1D:5D:BB:54:E9:81:C6:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/34-WHG77t_nOdCF7HV27VOmBxvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/GSGxmFMOldMDBn5u7DfvJzXbYCo.roa
Signing time:             Wed 01 Jan 2025 09:48:13 +0000
ROA not before:           Wed 01 Jan 2025 09:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203020
IP address blocks:        46.232.208.0/23 maxlen: 32
                          185.246.172.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/34-WHG77t_nOdCF7HV27VOmBxvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/34-WHG77t_nOdCF7HV27VOmBxvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/34-WHG77t_nOdCF7HV27VOmBxvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:05:a5:28:1f:91:06:b7:30:9f:8b:80:0e:d9:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df8f961c6efbb7f9ce74217b1d5dbb54e981c6f2
        Validity
            Not Before: Jan  1 09:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1921b198530e95d303067e6eec37ef2735db602a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:01:c7:31:3d:60:22:f6:8a:62:96:40:aa:75:
                    4d:51:ff:77:f1:b7:85:71:83:5c:38:b6:ba:05:ac:
                    55:26:e3:7e:ea:f2:f1:b7:f6:a0:54:dc:74:62:09:
                    32:58:66:37:05:dd:d7:f3:42:38:55:8f:b8:45:43:
                    09:99:1b:36:48:43:73:00:46:81:62:68:89:6e:09:
                    06:8c:87:89:4c:08:1b:30:98:b3:81:84:fa:78:eb:
                    da:9d:3c:91:3f:88:8b:dc:86:93:f0:69:0b:78:bd:
                    8f:cf:0f:bc:d6:80:09:49:81:89:5d:8e:f6:e0:f0:
                    07:08:68:7b:c6:93:c2:4c:df:41:e0:f1:10:24:72:
                    b9:aa:83:57:9b:26:9a:60:15:0c:44:bb:fe:cc:64:
                    aa:65:79:c0:38:75:d6:23:01:9c:d7:d5:8e:1c:e8:
                    7e:39:69:6c:ef:62:5d:77:fa:bf:f1:1a:f1:74:ac:
                    1e:eb:17:1f:be:c6:05:60:c4:11:aa:a5:1b:af:04:
                    4c:e6:09:58:ad:17:1a:18:ae:d5:31:5a:a6:5a:2e:
                    63:e5:d6:53:21:14:dd:8c:a7:36:c0:15:d0:2b:86:
                    f2:20:a8:84:63:cb:61:43:e1:ee:6a:0b:0a:be:93:
                    be:8e:0e:ef:df:1f:d5:a8:48:de:3b:98:0b:23:65:
                    79:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:21:B1:98:53:0E:95:D3:03:06:7E:6E:EC:37:EF:27:35:DB:60:2A
            X509v3 Authority Key Identifier:
                keyid:DF:8F:96:1C:6E:FB:B7:F9:CE:74:21:7B:1D:5D:BB:54:E9:81:C6:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/34-WHG77t_nOdCF7HV27VOmBxvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/GSGxmFMOldMDBn5u7DfvJzXbYCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/34-WHG77t_nOdCF7HV27VOmBxvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.232.208.0/23
                  185.246.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:83:26:92:a0:c8:bb:63:24:9f:5b:ea:ce:c5:30:a0:13:69:
         4f:2d:83:af:72:57:02:4f:39:f3:b8:5a:df:73:60:20:ee:3a:
         da:39:31:2f:86:67:77:98:b4:29:4c:a1:05:6b:f2:7f:67:bd:
         60:e3:56:ca:94:c4:f2:87:16:13:62:d2:81:00:c2:1c:c4:b4:
         cf:33:ea:9f:95:49:c9:84:c2:83:d8:fa:bf:fd:8b:ce:90:16:
         2a:1d:f7:4b:4d:eb:8e:a0:2a:78:5f:bb:f4:1d:24:11:22:37:
         ae:ae:f5:9d:df:68:f4:d8:3e:17:69:ea:e0:c9:99:11:fd:77:
         17:66:1c:98:73:8b:36:b2:6f:17:5b:3c:0c:17:21:36:98:32:
         38:26:92:44:9f:f9:11:7c:fa:dc:96:bd:01:08:fe:f2:61:f2:
         2f:b0:57:42:64:a6:ee:30:9a:7a:ef:15:c1:a6:f4:6e:36:15:
         75:24:c8:b0:18:ca:df:ec:ad:e5:a0:17:e6:43:65:9b:53:11:
         e5:3a:9b:33:1f:53:4a:10:f5:11:cf:05:b5:be:2b:50:e5:da:
         47:0f:ee:0d:b8:c8:f9:aa:66:22:cf:9c:f6:f8:7b:71:53:1d:
         cd:36:43:77:0f:9f:e6:d8:5c:4c:e4:2b:8b:2c:38:0b:f0:1c:
         d3:00:ad:65
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhRAWlKB+RBrcwn4uADtlfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmOGY5NjFjNmVmYmI3ZjljZTc0MjE3YjFkNWRiYjU0ZTk4
MWM2ZjIwHhcNMjUwMTAxMDk0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTIxYjE5ODUzMGU5NWQzMDMwNjdlNmVlYzM3ZWYyNzM1ZGI2MDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQHHMT1gIvaKYpZAqnVNUf938beF
cYNcOLa6BaxVJuN+6vLxt/agVNx0YgkyWGY3Bd3X80I4VY+4RUMJmRs2SENzAEaB
YmiJbgkGjIeJTAgbMJizgYT6eOvanTyRP4iL3IaT8GkLeL2Pzw+81oAJSYGJXY72
4PAHCGh7xpPCTN9B4PEQJHK5qoNXmyaaYBUMRLv+zGSqZXnAOHXWIwGc19WOHOh+
OWls72Jdd/q/8RrxdKwe6xcfvsYFYMQRqqUbrwRM5glYrRcaGK7VMVqmWi5j5dZT
IRTdjKc2wBXQK4byIKiEY8thQ+HuagsKvpO+jg7v3x/VqEjeO5gLI2V57QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBkhsZhTDpXTAwZ+buw37yc122AqMB8GA1UdIwQY
MBaAFN+Plhxu+7f5znQhex1du1TpgcbyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzQtV0hHNzd0X25PZENGN0hWMjdWT21CeHZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi85MGU3MGYtODVkYy00NGE5LWJiMjMt
MjdmMmJjMTYyYTA3LzEvR1NHeG1GTU9sZE1EQm41dTdEZnZKelhiWUNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi85MGU3MGYtODVkYy00NGE5LWJiMjMtMjdmMmJjMTYyYTA3
LzEvMzQtV0hHNzd0X25PZENGN0hWMjdWT21CeHZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLujQAwQC
ufasMA0GCSqGSIb3DQEBCwUAA4IBAQCFgyaSoMi7YySfW+rOxTCgE2lPLYOvclcC
TznzuFrfc2Ag7jraOTEvhmd3mLQpTKEFa/J/Z71g41bKlMTyhxYTYtKBAMIcxLTP
M+qflUnJhMKD2Pq//YvOkBYqHfdLTeuOoCp4X7v0HSQRIjeurvWd32j02D4Xaerg
yZkR/XcXZhyYc4s2sm8XWzwMFyE2mDI4JpJEn/kRfPrclr0BCP7yYfIvsFdCZKbu
MJp67xXBpvRuNhV1JMiwGMrf7K3loBfmQ2WbUxHlOpszH1NKEPURzwW1vitQ5dpH
D+4NuMj5qmYiz5z2+HtxUx3NNkN3D5/m2FxM5CuLLDgL8BzTAK1l
-----END CERTIFICATE-----