Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/43d255-284a-468f-8b6e-fb1e9db0c388/1/GkmNRez_B8q96uaVOleqThEPoEs.roa
File:                     GkmNRez_B8q96uaVOleqThEPoEs.roa (raw, json)
Hash identifier:          aNQGHPeLClAe2Gmzc0jqm+MRXJ2xuLHjsljQiK1K4qw=
Subject key identifier:   1A:49:8D:45:EC:FF:07:CA:BD:EA:E6:95:3A:57:AA:4E:11:0F:A0:4B
Certificate issuer:       /CN=94fa6c4299321dc5fc91fc7963aa51487e4af5e6
Certificate serial:       01942747B5445A17F7C5235C228362C13750
Authority key identifier: 94:FA:6C:42:99:32:1D:C5:FC:91:FC:79:63:AA:51:48:7E:4A:F5:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lPpsQpkyHcX8kfx5Y6pRSH5K9eY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/43d255-284a-468f-8b6e-fb1e9db0c388/1/GkmNRez_B8q96uaVOleqThEPoEs.roa
Signing time:             Thu 02 Jan 2025 13:49:58 +0000
ROA not before:           Thu 02 Jan 2025 13:49:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35162
IP address blocks:        194.165.30.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/43d255-284a-468f-8b6e-fb1e9db0c388/1/lPpsQpkyHcX8kfx5Y6pRSH5K9eY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/43d255-284a-468f-8b6e-fb1e9db0c388/1/lPpsQpkyHcX8kfx5Y6pRSH5K9eY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lPpsQpkyHcX8kfx5Y6pRSH5K9eY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 13:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:b5:44:5a:17:f7:c5:23:5c:22:83:62:c1:37:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94fa6c4299321dc5fc91fc7963aa51487e4af5e6
        Validity
            Not Before: Jan  2 13:49:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a498d45ecff07cabdeae6953a57aa4e110fa04b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:13:35:8b:ef:b0:c2:ac:63:4c:74:35:a5:87:
                    75:1d:77:fa:4e:22:1d:f0:35:c2:e8:93:86:f4:8f:
                    20:37:da:12:4c:0c:cb:57:52:0f:b0:93:f4:6e:76:
                    d2:6f:12:e9:0a:71:66:95:63:c9:3e:b4:3f:4c:84:
                    d3:87:65:11:ac:93:f7:bd:ff:fd:45:3d:6b:40:d0:
                    8a:13:6c:7d:84:d4:4d:bc:c3:f8:b4:d3:0c:12:30:
                    d3:6d:5d:78:93:ce:df:d5:9f:ff:95:26:bf:67:d7:
                    77:f7:9c:ae:70:58:a2:13:94:22:d5:e1:02:c2:79:
                    d3:d1:f6:00:ea:c3:30:fa:b5:87:fc:fb:69:38:60:
                    23:12:74:95:df:aa:bb:34:8a:ba:b4:fa:50:c0:0f:
                    b9:22:11:fe:39:91:4d:f7:c4:42:4b:4d:21:08:99:
                    24:d8:db:01:80:de:c5:d0:ce:55:88:b7:9a:f7:23:
                    ad:ae:5a:20:b4:03:9f:e3:46:5a:0e:ec:b6:ae:cd:
                    3f:e4:fd:73:67:d9:fd:b8:5f:63:8f:45:c8:22:a8:
                    8d:a3:66:50:b4:6e:f3:87:4d:19:af:61:0f:c4:2c:
                    77:8d:cc:71:a5:6f:49:4c:9e:52:e6:88:fe:31:aa:
                    39:a8:0b:ae:f7:91:8e:05:de:85:12:25:45:88:b4:
                    5f:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:49:8D:45:EC:FF:07:CA:BD:EA:E6:95:3A:57:AA:4E:11:0F:A0:4B
            X509v3 Authority Key Identifier:
                keyid:94:FA:6C:42:99:32:1D:C5:FC:91:FC:79:63:AA:51:48:7E:4A:F5:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lPpsQpkyHcX8kfx5Y6pRSH5K9eY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/43d255-284a-468f-8b6e-fb1e9db0c388/1/GkmNRez_B8q96uaVOleqThEPoEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/43d255-284a-468f-8b6e-fb1e9db0c388/1/lPpsQpkyHcX8kfx5Y6pRSH5K9eY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.165.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:f2:8f:93:08:f4:39:1c:54:e1:99:40:6a:2c:34:68:13:3e:
         76:7e:de:de:4f:18:c2:72:ce:78:3b:16:4c:a6:20:5a:b6:b6:
         fb:8e:69:d2:22:ad:32:8c:84:f4:e3:0d:2a:de:5e:0f:28:e2:
         70:d6:b9:1f:84:2b:9b:58:bc:f1:b7:a1:f0:cb:61:85:9e:a2:
         12:43:ef:71:78:a5:45:cb:c1:df:4d:45:16:38:37:58:8e:5a:
         3e:c0:77:93:76:cd:b7:11:11:20:35:77:69:e1:a1:af:05:39:
         45:69:63:85:76:3f:7c:cd:20:eb:fb:4c:8c:93:c9:8f:6a:84:
         0b:0d:c1:be:81:23:ac:fb:f5:ab:fc:e6:94:7d:75:77:4a:a4:
         85:cc:74:11:1e:9e:d0:23:83:16:cf:4d:70:74:ee:40:69:82:
         d0:79:5b:9a:fb:93:06:5f:0f:05:bb:13:d6:5a:6d:51:0d:bc:
         82:7f:6c:5c:2f:aa:10:b8:2e:66:bf:ad:03:a5:e4:09:06:9f:
         9d:bf:f4:03:1d:9c:85:58:d8:9e:7d:3e:74:aa:55:96:36:6e:
         83:11:1f:b9:0c:48:31:96:3f:9c:52:ac:d2:34:be:5f:48:eb:
         ad:87:80:dc:d1:46:55:02:8b:53:e8:fc:4f:6c:83:8c:5c:a4:
         ef:29:9f:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR7VEWhf3xSNcIoNiwTdQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZmE2YzQyOTkzMjFkYzVmYzkxZmM3OTYzYWE1MTQ4N2U0
YWY1ZTYwHhcNMjUwMTAyMTM0OTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTQ5OGQ0NWVjZmYwN2NhYmRlYWU2OTUzYTU3YWE0ZTExMGZhMDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhM1i++wwqxjTHQ1pYd1HXf6TiId
8DXC6JOG9I8gN9oSTAzLV1IPsJP0bnbSbxLpCnFmlWPJPrQ/TITTh2URrJP3vf/9
RT1rQNCKE2x9hNRNvMP4tNMMEjDTbV14k87f1Z//lSa/Z9d395yucFiiE5Qi1eEC
wnnT0fYA6sMw+rWH/PtpOGAjEnSV36q7NIq6tPpQwA+5IhH+OZFN98RCS00hCJkk
2NsBgN7F0M5ViLea9yOtrlogtAOf40ZaDuy2rs0/5P1zZ9n9uF9jj0XIIqiNo2ZQ
tG7zh00Zr2EPxCx3jcxxpW9JTJ5S5oj+Mao5qAuu95GOBd6FEiVFiLRfVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBpJjUXs/wfKvermlTpXqk4RD6BLMB8GA1UdIwQY
MBaAFJT6bEKZMh3F/JH8eWOqUUh+SvXmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFBwc1Fwa3lIY1g4a2Z4NVk2cFJTSDVLOWVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC80M2QyNTUtMjg0YS00NjhmLThiNmUt
ZmIxZTlkYjBjMzg4LzEvR2ttTlJlel9COHE5NnVhVk9sZXFUaEVQb0VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC80M2QyNTUtMjg0YS00NjhmLThiNmUtZmIxZTlkYjBjMzg4
LzEvbFBwc1Fwa3lIY1g4a2Z4NVk2cFJTSDVLOWVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwqUeMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ8o+TCPQ5HFThmUBqLDRoEz52ft7eTxjCcs54OxZM
piBatrb7jmnSIq0yjIT04w0q3l4PKOJw1rkfhCubWLzxt6Hwy2GFnqISQ+9xeKVF
y8HfTUUWODdYjlo+wHeTds23EREgNXdp4aGvBTlFaWOFdj98zSDr+0yMk8mPaoQL
DcG+gSOs+/Wr/OaUfXV3SqSFzHQRHp7QI4MWz01wdO5AaYLQeVua+5MGXw8FuxPW
Wm1RDbyCf2xcL6oQuC5mv60DpeQJBp+dv/QDHZyFWNiefT50qlWWNm6DER+5DEgx
lj+cUqzSNL5fSOuth4Dc0UZVAotT6PxPbIOMXKTvKZ+C
-----END CERTIFICATE-----