Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/a13a17-6c73-4c78-9752-949dbe9b57fe/1/gkWQrDSBz4IQ4_XEEVy4Y27yU80.roa
File:                     gkWQrDSBz4IQ4_XEEVy4Y27yU80.roa (raw, json)
Hash identifier:          VF6i/0gNwt2tTOONBHG2KH5sytCAkilisQqp9v19k2Y=
Subject key identifier:   82:45:90:AC:34:81:CF:82:10:E3:F5:C4:11:5C:B8:63:6E:F2:53:CD
Certificate issuer:       /CN=3aa32ee01266e018d2365c3bba1772f424179ac2
Certificate serial:       0194228DF501C2DD14534ABD87BEC8F46E02
Authority key identifier: 3A:A3:2E:E0:12:66:E0:18:D2:36:5C:3B:BA:17:72:F4:24:17:9A:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OqMu4BJm4BjSNlw7uhdy9CQXmsI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/a13a17-6c73-4c78-9752-949dbe9b57fe/1/gkWQrDSBz4IQ4_XEEVy4Y27yU80.roa
Signing time:             Wed 01 Jan 2025 15:48:36 +0000
ROA not before:           Wed 01 Jan 2025 15:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31027
IP address blocks:        193.104.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/a13a17-6c73-4c78-9752-949dbe9b57fe/1/OqMu4BJm4BjSNlw7uhdy9CQXmsI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/a13a17-6c73-4c78-9752-949dbe9b57fe/1/OqMu4BJm4BjSNlw7uhdy9CQXmsI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OqMu4BJm4BjSNlw7uhdy9CQXmsI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:f5:01:c2:dd:14:53:4a:bd:87:be:c8:f4:6e:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aa32ee01266e018d2365c3bba1772f424179ac2
        Validity
            Not Before: Jan  1 15:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=824590ac3481cf8210e3f5c4115cb8636ef253cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:d0:c3:fc:45:e5:f9:ff:7e:a7:28:7a:61:b2:
                    fb:44:20:28:73:b2:06:96:b0:41:2d:dd:22:5b:92:
                    82:40:85:28:5d:e0:55:79:18:f6:00:59:61:f7:c6:
                    ee:04:0f:1d:9f:8e:90:e9:de:fd:02:09:c0:a7:63:
                    ab:fa:91:14:c5:16:d5:a2:2f:58:86:3e:81:45:5e:
                    76:2d:d1:30:b6:11:ae:83:23:f1:f8:3b:c5:b6:55:
                    78:03:81:5d:c2:0e:0f:4e:9e:89:f4:c1:e5:0f:3b:
                    76:c6:2d:85:e9:a8:97:67:c5:44:76:87:b4:d6:91:
                    a3:b9:4c:17:ba:3a:85:85:e0:f6:56:e3:ad:cb:77:
                    5c:84:bf:dd:e2:b5:09:c5:1f:92:1b:51:3b:42:ab:
                    93:76:10:fe:92:bd:cf:21:1c:63:28:ce:9e:b9:d0:
                    9e:6e:d4:fc:fe:ff:3d:5f:92:f1:65:0d:ce:2e:83:
                    07:6f:05:01:0c:19:54:cd:da:ab:0c:a0:6e:54:12:
                    d5:9c:b5:ee:6b:76:7d:d7:43:d0:ba:22:b2:03:b4:
                    5c:c0:6e:b9:63:a5:68:c1:33:ed:3a:88:3d:c7:66:
                    b4:36:7b:58:c0:07:b0:1b:29:1d:63:55:f6:d9:6f:
                    26:b9:4f:ab:98:54:ec:62:28:22:71:6c:d4:e2:1c:
                    ad:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:45:90:AC:34:81:CF:82:10:E3:F5:C4:11:5C:B8:63:6E:F2:53:CD
            X509v3 Authority Key Identifier:
                keyid:3A:A3:2E:E0:12:66:E0:18:D2:36:5C:3B:BA:17:72:F4:24:17:9A:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OqMu4BJm4BjSNlw7uhdy9CQXmsI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/a13a17-6c73-4c78-9752-949dbe9b57fe/1/gkWQrDSBz4IQ4_XEEVy4Y27yU80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/a13a17-6c73-4c78-9752-949dbe9b57fe/1/OqMu4BJm4BjSNlw7uhdy9CQXmsI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:14:3f:69:08:9a:b4:42:51:7e:46:07:b4:ce:34:83:cf:fa:
         33:e2:10:d4:24:77:88:c7:50:29:cd:30:0c:62:36:80:80:56:
         eb:d5:66:25:11:40:dd:86:30:ae:1a:6f:11:2d:44:57:3e:fc:
         d8:aa:8c:9a:a9:26:69:c7:0e:f8:2d:d4:20:78:16:82:7d:0b:
         ee:3b:42:51:fa:9e:a4:e7:c8:1a:87:e2:21:34:2b:22:cf:61:
         36:5f:e4:88:75:0d:ad:58:d8:d8:dd:0b:fb:d6:d4:2c:3e:35:
         ae:2f:85:26:11:07:3a:69:b1:f2:14:66:6c:63:1f:66:8c:57:
         52:0b:38:73:81:bf:0b:be:eb:1b:f9:8d:f9:23:e1:25:18:45:
         87:fd:97:62:c9:27:71:44:98:d9:8c:85:5a:49:6c:9a:86:44:
         76:0c:ef:ee:0f:54:66:72:48:6e:ef:94:d0:38:f9:f7:40:22:
         f2:bc:41:3b:7d:47:f0:8f:cc:0c:19:6a:b3:7b:97:f0:1c:3b:
         08:74:9f:82:ef:3f:9a:69:3e:33:87:6d:88:c8:36:b1:04:67:
         89:18:cb:f3:a3:6f:87:d2:23:4e:7c:47:41:33:f1:2e:07:9c:
         8c:d8:62:1f:08:64:7e:f0:e5:d6:34:00:b9:45:a8:2a:c1:43:
         48:39:88:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijfUBwt0UU0q9h77I9G4CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYTMyZWUwMTI2NmUwMThkMjM2NWMzYmJhMTc3MmY0MjQx
NzlhYzIwHhcNMjUwMTAxMTU0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjQ1OTBhYzM0ODFjZjgyMTBlM2Y1YzQxMTVjYjg2MzZlZjI1M2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkNDD/EXl+f9+pyh6YbL7RCAoc7IG
lrBBLd0iW5KCQIUoXeBVeRj2AFlh98buBA8dn46Q6d79AgnAp2Or+pEUxRbVoi9Y
hj6BRV52LdEwthGugyPx+DvFtlV4A4Fdwg4PTp6J9MHlDzt2xi2F6aiXZ8VEdoe0
1pGjuUwXujqFheD2VuOty3dchL/d4rUJxR+SG1E7QquTdhD+kr3PIRxjKM6eudCe
btT8/v89X5LxZQ3OLoMHbwUBDBlUzdqrDKBuVBLVnLXua3Z910PQuiKyA7RcwG65
Y6VowTPtOog9x2a0NntYwAewGykdY1X22W8muU+rmFTsYigicWzU4hytuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIJFkKw0gc+CEOP1xBFcuGNu8lPNMB8GA1UdIwQY
MBaAFDqjLuASZuAY0jZcO7oXcvQkF5rCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3FNdTRCSm00QmpTTmx3N3VoZHk5Q1FYbXNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9hMTNhMTctNmM3My00Yzc4LTk3NTIt
OTQ5ZGJlOWI1N2ZlLzEvZ2tXUXJEU0J6NElRNF9YRUVWeTRZMjd5VTgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9hMTNhMTctNmM3My00Yzc4LTk3NTItOTQ5ZGJlOWI1N2Zl
LzEvT3FNdTRCSm00QmpTTmx3N3VoZHk5Q1FYbXNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWj2MA0G
CSqGSIb3DQEBCwUAA4IBAQANFD9pCJq0QlF+Rge0zjSDz/oz4hDUJHeIx1ApzTAM
YjaAgFbr1WYlEUDdhjCuGm8RLURXPvzYqoyaqSZpxw74LdQgeBaCfQvuO0JR+p6k
58gah+IhNCsiz2E2X+SIdQ2tWNjY3Qv71tQsPjWuL4UmEQc6abHyFGZsYx9mjFdS
Czhzgb8Lvusb+Y35I+ElGEWH/ZdiySdxRJjZjIVaSWyahkR2DO/uD1Rmckhu75TQ
OPn3QCLyvEE7fUfwj8wMGWqze5fwHDsIdJ+C7z+aaT4zh22IyDaxBGeJGMvzo2+H
0iNOfEdBM/EuB5yM2GIfCGR+8OXWNAC5RagqwUNIOYiR
-----END CERTIFICATE-----