Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/gGa9g3xm-WUrWGnZqfKZudqy63U.roa
File:                     gGa9g3xm-WUrWGnZqfKZudqy63U.roa (raw, json)
Hash identifier:          gMhH5wVZGQUaR4GjDTcIjxc58KL7jUF42zUcWUMJNmY=
Subject key identifier:   80:66:BD:83:7C:66:F9:65:2B:58:69:D9:A9:F2:99:B9:DA:B2:EB:75
Certificate issuer:       /CN=a608db43964b6986ec740f0b5e33f627589ac560
Certificate serial:       019464690613B3CB9C7E2FC444F11C6CF87D
Authority key identifier: A6:08:DB:43:96:4B:69:86:EC:74:0F:0B:5E:33:F6:27:58:9A:C5:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/gGa9g3xm-WUrWGnZqfKZudqy63U.roa
Signing time:             Tue 14 Jan 2025 10:43:11 +0000
ROA not before:           Tue 14 Jan 2025 10:43:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56340
IP address blocks:        176.96.230.0/24 maxlen: 24
                          176.96.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 11:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:64:69:06:13:b3:cb:9c:7e:2f:c4:44:f1:1c:6c:f8:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a608db43964b6986ec740f0b5e33f627589ac560
        Validity
            Not Before: Jan 14 10:43:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8066bd837c66f9652b5869d9a9f299b9dab2eb75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:4b:0c:9e:09:12:22:50:cb:42:0b:da:1e:81:
                    a7:61:2a:66:f8:39:24:86:f6:dc:08:2e:45:d5:8f:
                    59:5a:82:c7:61:c8:6b:98:a6:82:71:d0:9c:27:9a:
                    4d:e3:c6:d0:24:d7:e9:f8:d8:1a:3c:fc:88:a1:26:
                    52:e4:82:28:3b:6f:14:2a:ce:14:49:5e:fb:de:51:
                    15:88:44:39:f9:63:de:ad:f8:d5:35:af:fa:9b:a3:
                    75:f0:1c:d8:e6:95:d0:99:f4:9d:4c:65:fc:bf:04:
                    85:e8:e2:80:8f:d5:25:ce:f9:47:1d:c9:20:88:b5:
                    66:58:ee:3f:cd:26:46:2e:56:15:a9:fc:36:aa:67:
                    ea:64:5a:6c:f0:31:8d:98:bd:7b:d8:c8:41:77:12:
                    5e:02:0f:ce:62:43:83:b2:ce:f5:69:74:84:95:4e:
                    39:cc:60:9d:b9:87:41:71:51:1b:3b:50:55:0d:b0:
                    c2:83:59:12:1b:82:73:a5:30:03:1f:d6:6d:77:aa:
                    54:07:67:5e:15:64:8f:c4:53:a7:7d:6f:59:b2:87:
                    51:58:fa:bc:8f:50:94:e7:30:59:5a:99:ef:d0:62:
                    80:dd:5b:d7:fa:02:7d:15:c6:7b:7b:e2:84:46:46:
                    d6:1d:d6:9b:54:61:55:1c:ae:30:21:9b:d4:5d:9a:
                    68:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:66:BD:83:7C:66:F9:65:2B:58:69:D9:A9:F2:99:B9:DA:B2:EB:75
            X509v3 Authority Key Identifier:
                keyid:A6:08:DB:43:96:4B:69:86:EC:74:0F:0B:5E:33:F6:27:58:9A:C5:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/gGa9g3xm-WUrWGnZqfKZudqy63U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.96.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:d4:be:f1:4f:38:91:92:f8:63:8e:9d:1f:b8:2a:f9:ca:32:
         36:9d:ef:af:3c:4f:49:23:f1:5f:ba:61:4d:54:7f:ec:70:a2:
         f9:5c:f9:37:c3:f8:5a:98:23:16:cc:30:56:22:7a:cc:b4:6c:
         89:51:6b:89:f0:f3:ca:55:33:57:99:1a:ad:87:a9:f3:96:23:
         a7:0a:13:7e:b4:54:e0:a4:b1:2d:72:53:70:ba:24:a5:9c:df:
         23:7a:ce:77:90:61:16:f9:f1:87:31:37:3c:ea:ce:e3:e7:f4:
         43:cf:3e:15:fa:58:27:1a:c7:b5:ba:be:6f:07:2e:d8:a2:8b:
         b4:9e:f4:53:ce:a4:cd:83:fe:b5:4e:d6:65:9e:20:ec:f0:c3:
         9e:15:26:7a:81:55:4a:db:fd:8c:e6:b7:82:7b:b4:36:b5:af:
         80:60:82:2d:17:b6:38:ac:5f:69:58:37:8c:18:59:87:8a:74:
         28:c3:6a:95:5b:2e:4f:0b:91:cf:88:a2:a3:b6:b5:a8:20:0e:
         a9:e4:93:36:27:15:0a:3a:bb:b0:09:41:a4:6f:de:76:3f:08:
         ac:fe:92:7e:84:cd:be:50:78:27:d8:cf:12:e8:d5:07:bc:54:
         56:bb:4f:a9:2c:78:ff:2b:9d:fa:8f:a2:52:27:af:a6:ff:58:
         e5:a4:82:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRkaQYTs8ucfi/ERPEcbPh9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MDhkYjQzOTY0YjY5ODZlYzc0MGYwYjVlMzNmNjI3NTg5
YWM1NjAwHhcNMjUwMTE0MTA0MzExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDY2YmQ4MzdjNjZmOTY1MmI1ODY5ZDlhOWYyOTliOWRhYjJlYjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0sMngkSIlDLQgvaHoGnYSpm+Dkk
hvbcCC5F1Y9ZWoLHYchrmKaCcdCcJ5pN48bQJNfp+NgaPPyIoSZS5IIoO28UKs4U
SV773lEViEQ5+WPerfjVNa/6m6N18BzY5pXQmfSdTGX8vwSF6OKAj9UlzvlHHckg
iLVmWO4/zSZGLlYVqfw2qmfqZFps8DGNmL172MhBdxJeAg/OYkODss71aXSElU45
zGCduYdBcVEbO1BVDbDCg1kSG4JzpTADH9Ztd6pUB2deFWSPxFOnfW9ZsodRWPq8
j1CU5zBZWpnv0GKA3VvX+gJ9FcZ7e+KERkbWHdabVGFVHK4wIZvUXZpowQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIBmvYN8ZvllK1hp2anymbnasut1MB8GA1UdIwQY
MBaAFKYI20OWS2mG7HQPC14z9idYmsVgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGdqYlE1WkxhWWJzZEE4TFhqUDJKMWlheFdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi81MDAxNTAtMTU1MS00N2RlLWI1MDQt
ZDY0NjgzY2VlMTZmLzEvZ0dhOWczeG0tV1VyV0duWnFmS1p1ZHF5NjNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi81MDAxNTAtMTU1MS00N2RlLWI1MDQtZDY0NjgzY2VlMTZm
LzEvcGdqYlE1WkxhWWJzZEE4TFhqUDJKMWlheFdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsGDmMA0G
CSqGSIb3DQEBCwUAA4IBAQCD1L7xTziRkvhjjp0fuCr5yjI2ne+vPE9JI/FfumFN
VH/scKL5XPk3w/hamCMWzDBWInrMtGyJUWuJ8PPKVTNXmRqth6nzliOnChN+tFTg
pLEtclNwuiSlnN8jes53kGEW+fGHMTc86s7j5/RDzz4V+lgnGse1ur5vBy7Yoou0
nvRTzqTNg/61TtZlniDs8MOeFSZ6gVVK2/2M5reCe7Q2ta+AYIItF7Y4rF9pWDeM
GFmHinQow2qVWy5PC5HPiKKjtrWoIA6p5JM2JxUKOruwCUGkb952Pwis/pJ+hM2+
UHgn2M8S6NUHvFRWu0+pLHj/K536j6JSJ6+m/1jlpIJ+
-----END CERTIFICATE-----