Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/52b481-f303-4a96-97dd-7370fd80df6c/1/gw7B96UShjsyHnq6pn1ZB8lO3nw.roa
File:                     gw7B96UShjsyHnq6pn1ZB8lO3nw.roa (raw, json)
Hash identifier:          weKIf0S7rCXr80VHrw+niMSn5bWUOaoN4oVmKk0/npM=
Subject key identifier:   83:0E:C1:F7:A5:12:86:3B:32:1E:7A:BA:A6:7D:59:07:C9:4E:DE:7C
Certificate issuer:       /CN=586b0182105bb27b0c8bcf2842bd3c1a85164bd1
Certificate serial:       0194252199C1C962F317C9ADE686686A6E84
Authority key identifier: 58:6B:01:82:10:5B:B2:7B:0C:8B:CF:28:42:BD:3C:1A:85:16:4B:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WGsBghBbsnsMi88oQr08GoUWS9E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/52b481-f303-4a96-97dd-7370fd80df6c/1/gw7B96UShjsyHnq6pn1ZB8lO3nw.roa
Signing time:             Thu 02 Jan 2025 03:49:06 +0000
ROA not before:           Thu 02 Jan 2025 03:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        194.179.160.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/52b481-f303-4a96-97dd-7370fd80df6c/1/WGsBghBbsnsMi88oQr08GoUWS9E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/52b481-f303-4a96-97dd-7370fd80df6c/1/WGsBghBbsnsMi88oQr08GoUWS9E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WGsBghBbsnsMi88oQr08GoUWS9E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 08:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:99:c1:c9:62:f3:17:c9:ad:e6:86:68:6a:6e:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=586b0182105bb27b0c8bcf2842bd3c1a85164bd1
        Validity
            Not Before: Jan  2 03:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=830ec1f7a512863b321e7abaa67d5907c94ede7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:8c:79:62:c7:e0:b4:95:dd:ff:25:2e:96:60:
                    0e:fe:ac:04:38:11:94:bd:11:7c:c0:36:20:5c:ba:
                    e1:a9:a1:ea:05:c9:4b:68:a9:3c:1b:fe:9f:75:4e:
                    b0:23:09:bb:fd:10:ed:4c:cd:53:55:72:80:64:0b:
                    ce:f9:68:97:76:b0:1a:d5:4a:50:8c:de:fc:e4:d6:
                    12:ca:0f:f7:23:b8:66:a5:bc:de:77:0e:b1:22:7a:
                    a4:d2:d4:38:8a:b6:2b:ef:cf:2f:ad:3d:0b:98:81:
                    af:af:c4:1e:23:eb:50:43:f1:b8:9b:e1:dd:97:8c:
                    bd:e3:0a:85:ed:97:4e:3c:41:a8:3c:11:74:d2:a0:
                    0f:81:e2:62:08:3b:2e:4b:38:be:1d:77:13:a1:47:
                    1f:d4:a4:4d:ee:2d:88:03:a2:3c:02:4e:ff:7a:3d:
                    ed:67:cf:89:28:b4:42:4d:e1:0c:8c:40:29:d6:7c:
                    91:a8:74:8e:29:d9:d9:3e:bc:2a:22:32:65:39:77:
                    f1:7c:41:99:56:eb:98:30:e9:ce:b1:89:ea:c0:88:
                    3c:aa:1f:46:4f:8e:15:ff:a0:54:bd:d0:d6:3c:bc:
                    86:1a:9c:ca:d4:28:f0:d6:cc:99:07:d7:d7:74:4c:
                    bc:ab:7a:b0:3b:77:f9:97:81:ab:6b:dd:bb:f1:e2:
                    1f:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:0E:C1:F7:A5:12:86:3B:32:1E:7A:BA:A6:7D:59:07:C9:4E:DE:7C
            X509v3 Authority Key Identifier:
                keyid:58:6B:01:82:10:5B:B2:7B:0C:8B:CF:28:42:BD:3C:1A:85:16:4B:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WGsBghBbsnsMi88oQr08GoUWS9E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/52b481-f303-4a96-97dd-7370fd80df6c/1/gw7B96UShjsyHnq6pn1ZB8lO3nw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/52b481-f303-4a96-97dd-7370fd80df6c/1/WGsBghBbsnsMi88oQr08GoUWS9E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.179.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         2b:30:ae:58:d2:cc:1b:13:c6:df:1f:16:fc:80:a9:79:17:a8:
         62:0d:96:9e:d5:af:a0:db:8b:01:25:41:cc:94:f9:2c:a7:c6:
         e1:27:77:98:2d:2f:b6:cc:8f:17:93:71:8e:ed:f7:dc:91:49:
         3d:08:d1:dc:74:c9:e2:27:aa:92:af:f9:1e:59:2e:25:73:e2:
         e1:46:35:e9:20:ac:8b:2f:df:fc:f7:1b:ee:79:46:04:63:d5:
         b4:42:45:1f:d4:f4:5c:92:f7:ca:fd:de:84:e1:eb:78:bc:0a:
         bb:d0:5a:ba:b0:c1:8a:5b:1f:c7:3e:9d:7b:a4:46:32:dc:d4:
         4a:88:af:c9:9a:49:db:59:82:c6:1d:b6:43:5a:67:94:70:3e:
         d0:83:3b:4b:31:f2:24:ba:03:aa:e8:8f:a7:3b:89:5d:32:f7:
         9a:9b:b4:0f:93:ec:17:6d:b8:b8:14:e1:b5:9d:67:df:07:1a:
         9a:2e:86:f7:af:e0:ee:8b:36:79:c7:a3:56:96:6d:06:ca:c8:
         95:f6:ce:fe:43:85:cc:19:36:58:da:07:1d:16:8d:b2:e4:92:
         f7:a1:22:c3:f8:93:49:9d:b8:94:c1:f8:90:f8:49:b2:fe:1a:
         73:7a:a5:8b:03:a4:49:af:e9:01:91:b2:84:53:27:85:f1:1b:
         1b:03:00:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIZnByWLzF8mt5oZoam6EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4NmIwMTgyMTA1YmIyN2IwYzhiY2YyODQyYmQzYzFhODUx
NjRiZDEwHhcNMjUwMTAyMDM0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzBlYzFmN2E1MTI4NjNiMzIxZTdhYmFhNjdkNTkwN2M5NGVkZTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj4x5YsfgtJXd/yUulmAO/qwEOBGU
vRF8wDYgXLrhqaHqBclLaKk8G/6fdU6wIwm7/RDtTM1TVXKAZAvO+WiXdrAa1UpQ
jN785NYSyg/3I7hmpbzedw6xInqk0tQ4irYr788vrT0LmIGvr8QeI+tQQ/G4m+Hd
l4y94wqF7ZdOPEGoPBF00qAPgeJiCDsuSzi+HXcToUcf1KRN7i2IA6I8Ak7/ej3t
Z8+JKLRCTeEMjEAp1nyRqHSOKdnZPrwqIjJlOXfxfEGZVuuYMOnOsYnqwIg8qh9G
T44V/6BUvdDWPLyGGpzK1Cjw1syZB9fXdEy8q3qwO3f5l4Gra9278eIf4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIMOwfelEoY7Mh56uqZ9WQfJTt58MB8GA1UdIwQY
MBaAFFhrAYIQW7J7DIvPKEK9PBqFFkvRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0dzQmdoQmJzbnNNaTg4b1FyMDhHb1VXUzlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS81MmI0ODEtZjMwMy00YTk2LTk3ZGQt
NzM3MGZkODBkZjZjLzEvZ3c3Qjk2VVNoanN5SG5xNnBuMVpCOGxPM253LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS81MmI0ODEtZjMwMy00YTk2LTk3ZGQtNzM3MGZkODBkZjZj
LzEvV0dzQmdoQmJzbnNNaTg4b1FyMDhHb1VXUzlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFwrOgMA0G
CSqGSIb3DQEBCwUAA4IBAQArMK5Y0swbE8bfHxb8gKl5F6hiDZae1a+g24sBJUHM
lPksp8bhJ3eYLS+2zI8Xk3GO7ffckUk9CNHcdMniJ6qSr/keWS4lc+LhRjXpIKyL
L9/89xvueUYEY9W0QkUf1PRckvfK/d6E4et4vAq70Fq6sMGKWx/HPp17pEYy3NRK
iK/JmknbWYLGHbZDWmeUcD7QgztLMfIkugOq6I+nO4ldMveam7QPk+wXbbi4FOG1
nWffBxqaLob3r+DuizZ5x6NWlm0GysiV9s7+Q4XMGTZY2gcdFo2y5JL3oSLD+JNJ
nbiUwfiQ+Emy/hpzeqWLA6RJr+kBkbKEUyeF8RsbAwAT
-----END CERTIFICATE-----