Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/8865d7-9fea-47f6-a3fc-98bd156029c0/1/GFs318vhhs43UeJYStMCcJcloVE.roa
File:                     GFs318vhhs43UeJYStMCcJcloVE.roa (raw, json)
Hash identifier:          W8/O6hKTgxLPwLzEgTm/PKRsS6eSZm8+16PIQciHYr8=
Subject key identifier:   18:5B:37:D7:CB:E1:86:CE:37:51:E2:58:4A:D3:02:70:97:25:A1:51
Certificate issuer:       /CN=9b62648e913a3640f031b63a6bd92b0e28e139fb
Certificate serial:       0195A8A08FE8BE451C65074E9322D37DCACD
Authority key identifier: 9B:62:64:8E:91:3A:36:40:F0:31:B6:3A:6B:D9:2B:0E:28:E1:39:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m2JkjpE6NkDwMbY6a9krDijhOfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/8865d7-9fea-47f6-a3fc-98bd156029c0/1/GFs318vhhs43UeJYStMCcJcloVE.roa
Signing time:             Tue 18 Mar 2025 09:40:49 +0000
ROA not before:           Tue 18 Mar 2025 09:40:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210615
IP address blocks:        87.236.145.0/24 maxlen: 24
                          2a14:9a80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/8865d7-9fea-47f6-a3fc-98bd156029c0/1/m2JkjpE6NkDwMbY6a9krDijhOfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/8865d7-9fea-47f6-a3fc-98bd156029c0/1/m2JkjpE6NkDwMbY6a9krDijhOfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m2JkjpE6NkDwMbY6a9krDijhOfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a8:a0:8f:e8:be:45:1c:65:07:4e:93:22:d3:7d:ca:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b62648e913a3640f031b63a6bd92b0e28e139fb
        Validity
            Not Before: Mar 18 09:40:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=185b37d7cbe186ce3751e2584ad302709725a151
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:ca:05:14:45:5e:1d:38:49:c7:82:1a:97:4f:
                    99:14:0f:58:b3:40:88:8e:df:10:a1:96:e4:e7:20:
                    84:ca:b6:ce:34:63:31:9b:ff:83:6b:4c:60:28:12:
                    cf:0f:00:cc:95:0d:dd:d9:14:c5:09:cf:1f:96:c0:
                    53:f1:14:b1:1e:76:7b:be:7d:d9:c7:f2:b3:5c:84:
                    09:39:7a:73:cc:06:fc:48:35:3c:d8:eb:15:a2:e7:
                    54:36:54:c9:17:91:83:5e:d5:a0:48:62:79:2b:ba:
                    99:a8:a7:7f:53:3a:4c:89:78:80:44:40:d6:ca:62:
                    82:f2:34:96:0f:37:ea:48:fb:5f:d0:f8:71:0e:9f:
                    be:a6:fe:74:66:46:d6:5b:bf:f8:a1:bb:14:a3:89:
                    15:6d:58:29:5e:d1:f3:db:ff:aa:31:1a:7a:eb:20:
                    95:44:7b:e3:42:2a:0b:85:a2:b0:9f:de:d1:ab:bd:
                    01:bd:ef:a6:ee:b1:a0:7d:25:1a:a0:b3:31:0a:d2:
                    11:a5:59:a8:9f:20:8e:02:50:9d:7c:b0:b7:ab:90:
                    64:9b:7f:1d:15:b9:7a:00:33:4f:d4:0a:96:68:4f:
                    09:72:bd:d1:a9:43:2b:5d:04:cb:d8:42:da:d7:ca:
                    18:e5:63:86:f8:9b:bf:39:fc:59:b3:7c:21:1d:9a:
                    b4:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:5B:37:D7:CB:E1:86:CE:37:51:E2:58:4A:D3:02:70:97:25:A1:51
            X509v3 Authority Key Identifier:
                keyid:9B:62:64:8E:91:3A:36:40:F0:31:B6:3A:6B:D9:2B:0E:28:E1:39:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m2JkjpE6NkDwMbY6a9krDijhOfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8865d7-9fea-47f6-a3fc-98bd156029c0/1/GFs318vhhs43UeJYStMCcJcloVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8865d7-9fea-47f6-a3fc-98bd156029c0/1/m2JkjpE6NkDwMbY6a9krDijhOfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.236.145.0/24
                IPv6:
                  2a14:9a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         2a:14:4e:f1:66:3d:c4:54:aa:7f:50:d7:99:9e:b0:a2:ac:92:
         c0:f6:3f:c6:aa:0d:cc:d6:59:d2:a8:87:d0:6d:5c:95:94:61:
         d1:fe:f7:94:cb:88:1d:10:91:4e:f7:eb:53:f9:50:9b:a7:10:
         2f:98:b3:9e:fe:66:8f:b2:dd:42:45:47:b3:c6:c1:72:12:1d:
         a6:fb:ca:9f:d0:b0:a5:d1:37:64:53:ae:25:3d:65:e7:c3:bc:
         9e:6d:5b:f6:23:ce:ac:ac:ce:15:e2:d3:11:9d:4b:89:62:2a:
         47:a7:e2:54:04:04:19:e2:07:f4:86:5c:6d:21:1e:95:0e:92:
         64:ab:4f:dc:7a:ae:89:44:4f:8d:50:f3:30:8d:32:0d:ce:fc:
         a7:eb:94:29:f2:52:97:21:3b:cf:95:08:8b:2c:eb:b8:96:7d:
         3d:01:34:bc:c2:ff:e5:c7:85:b9:93:85:5c:00:85:e5:a6:3d:
         e8:67:20:77:a8:45:51:33:16:ce:2c:e9:e6:ed:cd:38:b6:9b:
         d2:0c:a1:3b:a1:85:9f:c8:c5:d6:b7:8a:d4:d9:3c:e6:fc:df:
         74:02:cd:1f:62:7f:9e:1e:a9:ab:bf:f0:07:1c:98:c6:ca:2f:
         8b:bc:fb:2e:fa:02:13:20:77:bd:3a:f8:65:8a:3c:38:fa:ec:
         73:ca:d9:86
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZWooI/ovkUcZQdOkyLTfcrNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliNjI2NDhlOTEzYTM2NDBmMDMxYjYzYTZiZDkyYjBlMjhl
MTM5ZmIwHhcNMjUwMzE4MDk0MDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODViMzdkN2NiZTE4NmNlMzc1MWUyNTg0YWQzMDI3MDk3MjVhMTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0MoFFEVeHThJx4Ial0+ZFA9Ys0CI
jt8QoZbk5yCEyrbONGMxm/+Da0xgKBLPDwDMlQ3d2RTFCc8flsBT8RSxHnZ7vn3Z
x/KzXIQJOXpzzAb8SDU82OsVoudUNlTJF5GDXtWgSGJ5K7qZqKd/UzpMiXiAREDW
ymKC8jSWDzfqSPtf0PhxDp++pv50ZkbWW7/4obsUo4kVbVgpXtHz2/+qMRp66yCV
RHvjQioLhaKwn97Rq70Bve+m7rGgfSUaoLMxCtIRpVmonyCOAlCdfLC3q5Bkm38d
Fbl6ADNP1AqWaE8Jcr3RqUMrXQTL2ELa18oY5WOG+Ju/OfxZs3whHZq0rwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBhbN9fL4YbON1HiWErTAnCXJaFRMB8GA1UdIwQY
MBaAFJtiZI6ROjZA8DG2OmvZKw4o4Tn7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTJKa2pwRTZOa0R3TWJZNmE5a3JEaWpoT2ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84ODY1ZDctOWZlYS00N2Y2LWEzZmMt
OThiZDE1NjAyOWMwLzEvR0ZzMzE4dmhoczQzVWVKWVN0TUNjSmNsb1ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84ODY1ZDctOWZlYS00N2Y2LWEzZmMtOThiZDE1NjAyOWMw
LzEvbTJKa2pwRTZOa0R3TWJZNmE5a3JEaWpoT2ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAV+yRMA0E
AgACMAcDBQMqFJqAMA0GCSqGSIb3DQEBCwUAA4IBAQAqFE7xZj3EVKp/UNeZnrCi
rJLA9j/Gqg3M1lnSqIfQbVyVlGHR/veUy4gdEJFO9+tT+VCbpxAvmLOe/maPst1C
RUezxsFyEh2m+8qf0LCl0TdkU64lPWXnw7yebVv2I86srM4V4tMRnUuJYipHp+JU
BAQZ4gf0hlxtIR6VDpJkq0/ceq6JRE+NUPMwjTINzvyn65Qp8lKXITvPlQiLLOu4
ln09ATS8wv/lx4W5k4VcAIXlpj3oZyB3qEVRMxbOLOnm7c04tpvSDKE7oYWfyMXW
t4rU2Tzm/N90As0fYn+eHqmrv/AHHJjGyi+LvPsu+gITIHe9Ovhlijw4+uxzytmG
-----END CERTIFICATE-----