Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/GCjWN1dfacWVs6-dNAwUIB0pPtc.roa
File:                     GCjWN1dfacWVs6-dNAwUIB0pPtc.roa (raw, json)
Hash identifier:          +OOo5n41q6UluB+BR+drcDaI3qsRIhz7e++vaPZKGtk=
Subject key identifier:   18:28:D6:37:57:5F:69:C5:95:B3:AF:9D:34:0C:14:20:1D:29:3E:D7
Certificate issuer:       /CN=143239651db6aab1bcb67325f785b5ee1f4025cb
Certificate serial:       01974C1CAF6D365F05CAA4FF16A66291A246
Authority key identifier: 14:32:39:65:1D:B6:AA:B1:BC:B6:73:25:F7:85:B5:EE:1F:40:25:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FDI5ZR22qrG8tnMl94W17h9AJcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/GCjWN1dfacWVs6-dNAwUIB0pPtc.roa
Signing time:             Sat 07 Jun 2025 20:37:17 +0000
ROA not before:           Sat 07 Jun 2025 20:37:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213640
IP address blocks:        45.155.126.0/24 maxlen: 24
                          91.213.182.0/24 maxlen: 24
                          194.62.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/FDI5ZR22qrG8tnMl94W17h9AJcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/FDI5ZR22qrG8tnMl94W17h9AJcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FDI5ZR22qrG8tnMl94W17h9AJcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:4c:1c:af:6d:36:5f:05:ca:a4:ff:16:a6:62:91:a2:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=143239651db6aab1bcb67325f785b5ee1f4025cb
        Validity
            Not Before: Jun  7 20:37:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1828d637575f69c595b3af9d340c14201d293ed7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:52:66:af:83:37:4e:92:ad:64:46:10:c0:54:
                    7d:32:ae:1b:c6:e2:01:95:97:12:d6:a4:0f:84:33:
                    81:cc:db:56:83:09:f8:3e:88:ac:2c:2d:55:df:fe:
                    4a:13:50:30:35:4c:93:16:0f:a1:c2:90:48:55:c8:
                    3e:51:48:b6:2a:5b:4a:ea:b5:fb:d8:fa:0c:a1:a8:
                    ce:c3:e9:5a:fc:9d:e1:aa:bc:87:00:21:93:14:e4:
                    9a:34:07:6b:97:35:9a:58:59:63:b6:27:77:08:2a:
                    b2:18:fc:44:aa:37:cb:8b:33:2b:a7:49:09:68:ee:
                    3c:b5:6a:7a:05:25:b3:38:a2:a5:5e:7d:75:ae:3e:
                    0b:55:3f:92:34:b3:05:a8:ec:a2:1e:62:15:47:be:
                    84:70:e2:6b:af:25:b9:83:32:41:46:c9:51:97:3c:
                    c2:df:d3:45:63:40:15:d9:8a:17:d1:51:b9:0d:10:
                    f6:65:9f:85:3d:05:5b:51:10:cd:13:92:32:52:da:
                    44:e1:0c:6a:a6:e8:2d:23:8e:24:ae:01:85:60:1f:
                    97:b5:24:c7:9f:34:92:e9:a9:71:99:a9:ea:ab:b7:
                    1c:16:aa:9b:1b:8a:9d:d8:28:cd:67:61:72:78:4d:
                    97:f4:f0:50:a3:71:c7:85:53:73:31:4b:39:fa:6f:
                    5e:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:28:D6:37:57:5F:69:C5:95:B3:AF:9D:34:0C:14:20:1D:29:3E:D7
            X509v3 Authority Key Identifier:
                keyid:14:32:39:65:1D:B6:AA:B1:BC:B6:73:25:F7:85:B5:EE:1F:40:25:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FDI5ZR22qrG8tnMl94W17h9AJcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/GCjWN1dfacWVs6-dNAwUIB0pPtc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/FDI5ZR22qrG8tnMl94W17h9AJcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.126.0/24
                  91.213.182.0/24
                  194.62.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:4c:c7:3e:20:ce:42:cb:5d:98:10:75:f4:a8:7c:7d:bb:79:
         37:08:08:af:85:5e:24:af:13:35:91:7a:55:6e:fd:e1:06:18:
         27:62:a5:f9:0d:c1:e2:49:03:58:79:5d:99:7e:b3:63:5a:43:
         9d:ec:cb:f1:91:e2:3f:3c:d5:92:47:e9:6f:7b:50:8a:90:d5:
         6c:d3:24:eb:e6:48:37:0e:ad:27:f4:43:f0:a4:9a:bc:f2:5f:
         76:8e:9d:7a:b9:6c:b2:72:ba:56:24:75:80:e1:b1:3a:07:72:
         1f:9c:6d:ff:f5:0f:13:1a:9a:dd:22:5b:99:d3:7d:9c:4b:03:
         fb:25:4f:ee:ff:91:50:f6:20:f0:02:bc:d9:df:e3:8c:6d:8d:
         44:bc:1f:2e:c9:3d:10:ed:42:c8:9c:40:0f:a4:38:10:d9:70:
         2a:14:19:47:05:1b:9d:e1:d2:ef:72:0c:f7:c8:7a:7a:00:a0:
         08:40:fd:4d:66:42:4a:c8:1f:51:ab:eb:00:83:7e:20:a4:b4:
         01:32:97:d9:8c:6a:e3:9a:f9:ea:da:ae:c7:fe:bb:26:a5:cc:
         9d:f7:01:bc:ec:c0:5c:f0:f3:fc:d5:05:44:28:cd:79:89:5d:
         35:22:f4:f3:ed:56:10:4a:8d:c3:14:41:ac:42:47:db:4a:23:
         da:9b:71:0a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZdMHK9tNl8FyqT/FqZikaJGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0MzIzOTY1MWRiNmFhYjFiY2I2NzMyNWY3ODViNWVlMWY0
MDI1Y2IwHhcNMjUwNjA3MjAzNzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODI4ZDYzNzU3NWY2OWM1OTViM2FmOWQzNDBjMTQyMDFkMjkzZWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVJmr4M3TpKtZEYQwFR9Mq4bxuIB
lZcS1qQPhDOBzNtWgwn4PoisLC1V3/5KE1AwNUyTFg+hwpBIVcg+UUi2KltK6rX7
2PoMoajOw+la/J3hqryHACGTFOSaNAdrlzWaWFljtid3CCqyGPxEqjfLizMrp0kJ
aO48tWp6BSWzOKKlXn11rj4LVT+SNLMFqOyiHmIVR76EcOJrryW5gzJBRslRlzzC
39NFY0AV2YoX0VG5DRD2ZZ+FPQVbURDNE5IyUtpE4QxqpugtI44krgGFYB+XtSTH
nzSS6alxmanqq7ccFqqbG4qd2CjNZ2FyeE2X9PBQo3HHhVNzMUs5+m9eYQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBgo1jdXX2nFlbOvnTQMFCAdKT7XMB8GA1UdIwQY
MBaAFBQyOWUdtqqxvLZzJfeFte4fQCXLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkRJNVpSMjJxckc4dG5NbDk0VzE3aDlBSmNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC82ZjQ2ZDktM2FmMC00MmFhLWIzMzQt
NmVlYzc3ZDliOTg1LzEvR0NqV04xZGZhY1dWczYtZE5Bd1VJQjBwUHRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC82ZjQ2ZDktM2FmMC00MmFhLWIzMzQtNmVlYzc3ZDliOTg1
LzEvRkRJNVpSMjJxckc4dG5NbDk0VzE3aDlBSmNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALZt+AwQA
W9W2AwQAwj4oMA0GCSqGSIb3DQEBCwUAA4IBAQAhTMc+IM5Cy12YEHX0qHx9u3k3
CAivhV4krxM1kXpVbv3hBhgnYqX5DcHiSQNYeV2ZfrNjWkOd7MvxkeI/PNWSR+lv
e1CKkNVs0yTr5kg3Dq0n9EPwpJq88l92jp16uWyycrpWJHWA4bE6B3IfnG3/9Q8T
GprdIluZ032cSwP7JU/u/5FQ9iDwArzZ3+OMbY1EvB8uyT0Q7ULInEAPpDgQ2XAq
FBlHBRud4dLvcgz3yHp6AKAIQP1NZkJKyB9Rq+sAg34gpLQBMpfZjGrjmvnq2q7H
/rsmpcyd9wG87MBc8PP81QVEKM15iV01IvTz7VYQSo3DFEGsQkfbSiPam3EK
-----END CERTIFICATE-----