Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/2862ab-37dd-47f2-8df2-22c27b993ae2/1/gqHU5wrARNT7BxKe3BSk4XNORdM.roa
File:                     gqHU5wrARNT7BxKe3BSk4XNORdM.roa (raw, json)
Hash identifier:          uD22dYfbtURUQN6zPqLnmvBkI8fmrnMLZJG7fTTS2Qs=
Subject key identifier:   82:A1:D4:E7:0A:C0:44:D4:FB:07:12:9E:DC:14:A4:E1:73:4E:45:D3
Certificate issuer:       /CN=61c2b45a65c19b68abb0516c9ccaf4547a5cc312
Certificate serial:       0196CF705F71DBE1C68BDA834D848B443C3D
Authority key identifier: 61:C2:B4:5A:65:C1:9B:68:AB:B0:51:6C:9C:CA:F4:54:7A:5C:C3:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YcK0WmXBm2irsFFsnMr0VHpcwxI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/2862ab-37dd-47f2-8df2-22c27b993ae2/1/gqHU5wrARNT7BxKe3BSk4XNORdM.roa
Signing time:             Wed 14 May 2025 15:36:10 +0000
ROA not before:           Wed 14 May 2025 15:36:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     395793
IP address blocks:        194.56.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/2862ab-37dd-47f2-8df2-22c27b993ae2/1/YcK0WmXBm2irsFFsnMr0VHpcwxI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/2862ab-37dd-47f2-8df2-22c27b993ae2/1/YcK0WmXBm2irsFFsnMr0VHpcwxI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YcK0WmXBm2irsFFsnMr0VHpcwxI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:cf:70:5f:71:db:e1:c6:8b:da:83:4d:84:8b:44:3c:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61c2b45a65c19b68abb0516c9ccaf4547a5cc312
        Validity
            Not Before: May 14 15:36:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82a1d4e70ac044d4fb07129edc14a4e1734e45d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:d4:83:88:3c:2e:dd:d9:2c:19:07:66:d2:85:
                    76:b1:87:49:11:2c:34:b6:ee:c4:4a:fb:05:79:2a:
                    74:32:4c:c9:14:f9:e0:34:dd:f0:11:b6:b9:45:b4:
                    5b:04:54:66:bc:25:29:83:2e:d3:11:e2:9e:f1:c5:
                    c3:f3:2f:7a:51:79:4f:36:ef:1f:a2:70:47:f2:26:
                    f9:39:fb:08:66:eb:eb:64:e9:b3:1f:3a:5c:76:ce:
                    88:79:c0:9a:11:f0:15:93:10:4c:33:4e:c8:c4:c8:
                    a4:c8:ca:6e:a6:73:47:d0:85:11:58:30:06:a7:66:
                    43:10:11:3c:95:ea:01:f2:7c:fb:51:47:fa:8b:32:
                    45:d9:ea:fc:2b:d5:11:a6:34:9a:b0:fc:89:3f:1f:
                    0d:49:82:cf:5c:35:2d:92:ec:1e:1a:60:9d:2c:86:
                    0b:9c:35:66:c0:d3:9a:d7:ba:6a:26:90:d0:14:78:
                    48:21:3a:31:c2:89:0b:21:68:57:4c:76:91:35:65:
                    54:0c:83:91:e6:1d:13:d8:a3:f0:f6:ec:20:dd:5e:
                    de:d2:0f:5b:f1:f4:1a:e9:d9:c0:9a:26:e1:a6:54:
                    5a:66:3d:04:21:ff:20:62:27:4b:38:7d:2f:15:fe:
                    36:da:bc:f9:39:a7:4c:43:97:fd:a0:8d:a2:cc:30:
                    c7:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:A1:D4:E7:0A:C0:44:D4:FB:07:12:9E:DC:14:A4:E1:73:4E:45:D3
            X509v3 Authority Key Identifier:
                keyid:61:C2:B4:5A:65:C1:9B:68:AB:B0:51:6C:9C:CA:F4:54:7A:5C:C3:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YcK0WmXBm2irsFFsnMr0VHpcwxI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/2862ab-37dd-47f2-8df2-22c27b993ae2/1/gqHU5wrARNT7BxKe3BSk4XNORdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/2862ab-37dd-47f2-8df2-22c27b993ae2/1/YcK0WmXBm2irsFFsnMr0VHpcwxI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:6a:ff:d8:83:c2:a4:93:4a:a4:bd:c7:05:c7:5e:f9:ee:0c:
         dc:9a:15:db:2c:a2:7b:e6:db:03:f8:a4:48:7d:5f:2f:fe:67:
         fa:07:ed:fe:65:19:e7:d6:f1:b0:c8:9d:56:57:ce:18:ed:80:
         96:69:44:3d:74:ef:b5:d2:e1:11:84:32:11:d9:48:6a:09:fa:
         74:26:80:a9:52:ae:f6:40:ed:1c:51:4a:8e:39:7f:09:cc:76:
         38:78:24:58:59:18:24:65:55:31:f6:d5:c2:64:77:ca:26:e2:
         81:e1:4a:c8:b2:05:f3:f0:fa:71:77:20:8d:28:da:3c:54:5d:
         4b:f2:67:69:84:fc:1f:21:51:12:50:64:15:a4:ed:77:f2:81:
         83:9e:51:8e:bb:51:88:f5:f8:83:20:b5:ed:89:5d:de:9d:a4:
         70:7a:fa:d8:c5:bc:dd:82:e6:e7:51:78:37:d9:27:34:62:ce:
         3a:65:22:0d:c3:d5:8e:cb:f9:90:a5:4f:0e:98:fc:bc:64:8a:
         2b:85:d0:a5:db:78:15:3e:d3:76:93:47:54:db:88:97:1f:30:
         8a:93:9e:b7:aa:e6:d4:9b:9b:5c:a9:19:f8:43:c5:16:e3:7f:
         25:a0:06:29:3b:51:09:eb:c7:1c:4c:ed:a6:69:e4:8e:d2:f3:
         cd:24:63:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbPcF9x2+HGi9qDTYSLRDw9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYzJiNDVhNjVjMTliNjhhYmIwNTE2YzljY2FmNDU0N2E1
Y2MzMTIwHhcNMjUwNTE0MTUzNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmExZDRlNzBhYzA0NGQ0ZmIwNzEyOWVkYzE0YTRlMTczNGU0NWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9SDiDwu3dksGQdm0oV2sYdJESw0
tu7ESvsFeSp0MkzJFPngNN3wEba5RbRbBFRmvCUpgy7TEeKe8cXD8y96UXlPNu8f
onBH8ib5OfsIZuvrZOmzHzpcds6IecCaEfAVkxBMM07IxMikyMpupnNH0IURWDAG
p2ZDEBE8leoB8nz7UUf6izJF2er8K9URpjSasPyJPx8NSYLPXDUtkuweGmCdLIYL
nDVmwNOa17pqJpDQFHhIIToxwokLIWhXTHaRNWVUDIOR5h0T2KPw9uwg3V7e0g9b
8fQa6dnAmibhplRaZj0EIf8gYidLOH0vFf422rz5OadMQ5f9oI2izDDHuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIKh1OcKwETU+wcSntwUpOFzTkXTMB8GA1UdIwQY
MBaAFGHCtFplwZtoq7BRbJzK9FR6XMMSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWNLMFdtWEJtMmlyc0ZGc25NcjBWSHBjd3hJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC8yODYyYWItMzdkZC00N2YyLThkZjIt
MjJjMjdiOTkzYWUyLzEvZ3FIVTV3ckFSTlQ3QnhLZTNCU2s0WE5PUmRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC8yODYyYWItMzdkZC00N2YyLThkZjItMjJjMjdiOTkzYWUy
LzEvWWNLMFdtWEJtMmlyc0ZGc25NcjBWSHBjd3hJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjiWMA0G
CSqGSIb3DQEBCwUAA4IBAQCtav/Yg8Kkk0qkvccFx1757gzcmhXbLKJ75tsD+KRI
fV8v/mf6B+3+ZRnn1vGwyJ1WV84Y7YCWaUQ9dO+10uERhDIR2UhqCfp0JoCpUq72
QO0cUUqOOX8JzHY4eCRYWRgkZVUx9tXCZHfKJuKB4UrIsgXz8PpxdyCNKNo8VF1L
8mdphPwfIVESUGQVpO138oGDnlGOu1GI9fiDILXtiV3enaRwevrYxbzdgubnUXg3
2Sc0Ys46ZSINw9WOy/mQpU8OmPy8ZIorhdCl23gVPtN2k0dU24iXHzCKk563qubU
m5tcqRn4Q8UW438loAYpO1EJ68ccTO2maeSO0vPNJGNj
-----END CERTIFICATE-----