Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/GkOtGhwBVBhHviFou5bbOd0G-zU.roa
File:                     GkOtGhwBVBhHviFou5bbOd0G-zU.roa (raw, json)
Hash identifier:          Rcuu3bhaDsi/0dLULGyB4JQbX1aPhBsMV9cWnspKKD8=
Subject key identifier:   1A:43:AD:1A:1C:01:54:18:47:BE:21:68:BB:96:DB:39:DD:06:FB:35
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0194222043501577AA568DBFDC898A1DD690
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/GkOtGhwBVBhHviFou5bbOd0G-zU.roa
Signing time:             Wed 01 Jan 2025 13:48:47 +0000
ROA not before:           Wed 01 Jan 2025 13:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207633
IP address blocks:        185.194.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:43:50:15:77:aa:56:8d:bf:dc:89:8a:1d:d6:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a43ad1a1c01541847be2168bb96db39dd06fb35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a8:63:8f:28:f5:2d:51:fb:a1:9f:be:55:50:
                    ef:69:7a:c0:ba:eb:03:10:7e:65:8e:37:b9:8b:13:
                    b3:1b:d9:06:76:b3:6a:db:1d:ac:2a:a9:53:0b:f4:
                    8d:23:c3:bd:9f:2f:d9:37:e2:fa:2c:47:b6:39:17:
                    4c:a3:64:5e:65:ac:dd:d8:42:07:97:3e:1b:69:fa:
                    46:f7:c7:c4:f1:7c:98:e5:da:f8:fb:da:e0:13:c4:
                    3d:16:48:c8:bc:2e:20:63:ef:41:c0:68:50:3c:ef:
                    71:4c:d0:10:fc:ce:97:63:4f:d6:37:f6:f0:26:d4:
                    82:19:6c:cc:e4:8c:fb:23:dd:fe:e9:21:2c:18:96:
                    64:20:cc:00:c0:77:23:da:3f:1b:6e:73:e1:14:1d:
                    75:13:7b:ff:26:77:3a:96:42:59:87:eb:27:ae:17:
                    52:04:df:26:1a:71:e3:1c:0f:db:16:af:47:9c:a8:
                    b3:fd:36:39:4d:6a:2f:e5:d6:e6:37:d9:54:5f:14:
                    a6:41:18:ba:40:bf:f1:f1:2f:35:f4:4c:10:7b:8c:
                    d3:15:15:6c:1a:3d:ad:76:e6:99:da:f9:73:cc:23:
                    dc:e5:1c:aa:5b:7d:48:ed:42:8b:53:bd:d4:74:b2:
                    81:6f:7d:f0:19:ff:42:49:06:d1:37:5e:ab:8b:27:
                    4e:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:43:AD:1A:1C:01:54:18:47:BE:21:68:BB:96:DB:39:DD:06:FB:35
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/GkOtGhwBVBhHviFou5bbOd0G-zU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:48:b5:99:6c:af:cd:f5:a4:3f:1d:b0:02:1b:1b:96:fd:f7:
         85:57:09:ac:4f:73:e7:ca:8d:71:15:fb:37:88:6c:cb:e0:8d:
         ff:29:48:71:92:78:e0:9b:c6:61:a2:36:ae:d5:9c:69:65:59:
         aa:fe:92:44:4f:13:4d:06:fe:e3:45:98:42:e3:80:44:c8:b2:
         09:9e:c9:90:d4:5f:52:b6:72:f9:db:df:79:e3:59:94:89:b7:
         91:5a:07:a0:e8:43:c9:4d:2e:9b:56:42:c4:ea:80:68:75:05:
         45:de:18:70:5f:c5:6e:a9:e4:e1:97:b2:1a:d8:68:30:52:47:
         e6:ea:44:9e:9a:d0:57:4e:98:23:c4:a3:a4:df:9d:9e:1f:3b:
         95:f2:72:68:a0:0a:99:a3:ca:f9:a6:f8:d2:e6:13:34:d6:95:
         1b:8c:e0:4e:73:a7:d8:6d:41:9e:31:07:39:b4:2a:af:d2:01:
         60:a0:89:bf:f6:12:16:18:34:32:05:a0:1b:68:ad:16:f8:29:
         5c:5e:e1:a8:a8:a1:15:d8:c8:14:b5:96:9b:8b:b1:1a:94:5c:
         12:44:54:bb:7d:5c:8e:ba:8d:eb:0a:14:d4:e5:99:7e:21:af:
         76:4c:6f:d7:c2:8a:8b:17:1d:40:43:b5:03:62:17:be:e5:58:
         b0:71:e3:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIENQFXeqVo2/3ImKHdaQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTQzYWQxYTFjMDE1NDE4NDdiZTIxNjhiYjk2ZGIzOWRkMDZmYjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqhjjyj1LVH7oZ++VVDvaXrAuusD
EH5ljje5ixOzG9kGdrNq2x2sKqlTC/SNI8O9ny/ZN+L6LEe2ORdMo2ReZazd2EIH
lz4bafpG98fE8XyY5dr4+9rgE8Q9FkjIvC4gY+9BwGhQPO9xTNAQ/M6XY0/WN/bw
JtSCGWzM5Iz7I93+6SEsGJZkIMwAwHcj2j8bbnPhFB11E3v/Jnc6lkJZh+snrhdS
BN8mGnHjHA/bFq9HnKiz/TY5TWov5dbmN9lUXxSmQRi6QL/x8S819EwQe4zTFRVs
Gj2tduaZ2vlzzCPc5RyqW31I7UKLU73UdLKBb33wGf9CSQbRN16riydOywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBpDrRocAVQYR74haLuW2zndBvs1MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvR2tPdEdod0JWQmhIdmlGb3U1YmJPZDBHLXpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucIeMA0G
CSqGSIb3DQEBCwUAA4IBAQAhSLWZbK/N9aQ/HbACGxuW/feFVwmsT3Pnyo1xFfs3
iGzL4I3/KUhxknjgm8Zhojau1ZxpZVmq/pJETxNNBv7jRZhC44BEyLIJnsmQ1F9S
tnL5299541mUibeRWgeg6EPJTS6bVkLE6oBodQVF3hhwX8VuqeThl7Ia2GgwUkfm
6kSemtBXTpgjxKOk352eHzuV8nJooAqZo8r5pvjS5hM01pUbjOBOc6fYbUGeMQc5
tCqv0gFgoIm/9hIWGDQyBaAbaK0W+ClcXuGoqKEV2MgUtZabi7EalFwSRFS7fVyO
uo3rChTU5Zl+Ia92TG/XwoqLFx1AQ7UDYhe+5ViwceNJ
-----END CERTIFICATE-----