Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/c77825-68a3-4b3e-bc90-523fd86a07c7/1/Gb_tS4tDYUhq7ZFBBu6bXOHKxSQ.roa
File:                     Gb_tS4tDYUhq7ZFBBu6bXOHKxSQ.roa (raw, json)
Hash identifier:          j+ql1A+cPykDsn/U+bRsvn2rorjyFgGlp+mF0Qt3tRQ=
Subject key identifier:   19:BF:ED:4B:8B:43:61:48:6A:ED:91:41:06:EE:9B:5C:E1:CA:C5:24
Certificate issuer:       /CN=53787cd7946e10d88646ac79de57cc6ec59e4132
Certificate serial:       019422FB5EE668C99F83A850CF0F638BE2FA
Authority key identifier: 53:78:7C:D7:94:6E:10:D8:86:46:AC:79:DE:57:CC:6E:C5:9E:41:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U3h815RuENiGRqx53lfMbsWeQTI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/c77825-68a3-4b3e-bc90-523fd86a07c7/1/Gb_tS4tDYUhq7ZFBBu6bXOHKxSQ.roa
Signing time:             Wed 01 Jan 2025 17:48:06 +0000
ROA not before:           Wed 01 Jan 2025 17:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.54.124.0/24 maxlen: 24
                          185.54.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/c77825-68a3-4b3e-bc90-523fd86a07c7/1/U3h815RuENiGRqx53lfMbsWeQTI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/c77825-68a3-4b3e-bc90-523fd86a07c7/1/U3h815RuENiGRqx53lfMbsWeQTI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U3h815RuENiGRqx53lfMbsWeQTI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:5e:e6:68:c9:9f:83:a8:50:cf:0f:63:8b:e2:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53787cd7946e10d88646ac79de57cc6ec59e4132
        Validity
            Not Before: Jan  1 17:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19bfed4b8b4361486aed914106ee9b5ce1cac524
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:7d:2d:6a:b2:50:d8:74:e3:21:8c:c7:b6:17:
                    ff:b2:90:66:e3:36:5d:b1:62:11:4a:a3:7d:ed:e3:
                    ca:5e:4d:42:d0:77:14:68:ca:ee:01:19:b7:6d:e7:
                    84:a8:2a:75:e9:cb:df:ca:ee:df:54:e6:08:aa:fe:
                    3e:bc:e8:42:f3:57:dc:bd:e7:46:ff:6d:3b:d9:62:
                    79:86:b1:ab:3b:a5:a8:c0:21:35:48:d9:4e:67:cc:
                    23:9e:55:bc:82:f2:a2:e2:de:6d:b3:2d:df:43:83:
                    e0:cc:20:36:a4:e7:fe:6d:f2:10:10:20:14:b3:01:
                    91:3c:95:59:74:8b:3f:16:bc:a5:61:5b:2e:d8:69:
                    cb:4f:77:51:04:41:62:eb:24:50:7b:58:30:b2:c9:
                    ed:ec:13:1d:d2:53:17:fd:cd:dc:38:a4:2f:6c:cb:
                    2d:5d:6f:a9:a1:16:f3:13:33:1f:25:0b:9e:08:1c:
                    c9:93:ae:cf:c5:4f:c0:63:3f:93:d9:f2:40:b4:79:
                    23:c9:68:d8:df:a8:85:2d:17:e0:93:d8:65:66:11:
                    bf:83:e9:46:de:83:ea:c5:e6:e6:c8:fd:fa:75:12:
                    5c:93:d3:8f:c7:85:0c:e1:75:0f:1f:8a:4d:69:70:
                    03:fd:3f:1d:00:bb:8e:aa:b1:d4:fe:88:3c:f8:77:
                    a7:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:BF:ED:4B:8B:43:61:48:6A:ED:91:41:06:EE:9B:5C:E1:CA:C5:24
            X509v3 Authority Key Identifier:
                keyid:53:78:7C:D7:94:6E:10:D8:86:46:AC:79:DE:57:CC:6E:C5:9E:41:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U3h815RuENiGRqx53lfMbsWeQTI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/c77825-68a3-4b3e-bc90-523fd86a07c7/1/Gb_tS4tDYUhq7ZFBBu6bXOHKxSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/c77825-68a3-4b3e-bc90-523fd86a07c7/1/U3h815RuENiGRqx53lfMbsWeQTI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.124.0/24
                  185.54.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:9e:a2:fa:b0:7a:14:1b:a3:e9:75:30:45:10:a6:ff:4e:64:
         d1:db:7b:f3:e2:0a:b9:a5:2b:d3:76:93:5f:e6:c6:db:d9:59:
         65:a6:89:8f:24:b8:77:ca:04:f8:b3:33:13:64:77:5c:95:49:
         7e:c0:73:91:f1:71:50:c4:77:2a:eb:2f:10:83:ce:e4:c7:8e:
         8b:bc:13:b9:16:60:38:78:c3:cb:10:a7:f4:e5:88:ba:df:2b:
         32:c2:d9:3b:42:1e:3e:e8:4c:59:a5:3b:e6:7b:97:46:a3:24:
         33:fb:6a:5c:5e:94:fa:6f:95:fa:08:9c:26:7f:48:e4:9c:c6:
         ff:38:f1:14:66:85:5b:29:05:3e:36:a0:34:2b:6b:b7:85:c1:
         07:dd:a4:d3:c7:74:22:eb:fb:3c:42:55:77:8f:04:25:43:3d:
         c9:7e:4f:1d:e7:b3:34:3b:e1:da:04:09:be:8e:c4:54:fe:dd:
         6f:7c:44:b2:95:f1:97:7b:3a:5b:5d:a3:66:a8:2d:f0:68:fa:
         e6:78:e7:67:01:68:88:37:4c:63:8a:c1:27:ef:8f:c4:2b:a9:
         ac:3e:eb:63:36:40:da:8d:c3:cb:61:72:7a:d6:21:4b:9b:cf:
         14:87:f2:6b:7f:16:67:af:36:24:88:17:62:7f:db:68:e1:2b:
         46:23:08:1e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+17maMmfg6hQzw9ji+L6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNzg3Y2Q3OTQ2ZTEwZDg4NjQ2YWM3OWRlNTdjYzZlYzU5
ZTQxMzIwHhcNMjUwMTAxMTc0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWJmZWQ0YjhiNDM2MTQ4NmFlZDkxNDEwNmVlOWI1Y2UxY2FjNTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuH0tarJQ2HTjIYzHthf/spBm4zZd
sWIRSqN97ePKXk1C0HcUaMruARm3beeEqCp16cvfyu7fVOYIqv4+vOhC81fcvedG
/2072WJ5hrGrO6WowCE1SNlOZ8wjnlW8gvKi4t5tsy3fQ4PgzCA2pOf+bfIQECAU
swGRPJVZdIs/FrylYVsu2GnLT3dRBEFi6yRQe1gwssnt7BMd0lMX/c3cOKQvbMst
XW+poRbzEzMfJQueCBzJk67PxU/AYz+T2fJAtHkjyWjY36iFLRfgk9hlZhG/g+lG
3oPqxebmyP36dRJck9OPx4UM4XUPH4pNaXAD/T8dALuOqrHU/og8+HensQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBm/7UuLQ2FIau2RQQbum1zhysUkMB8GA1UdIwQY
MBaAFFN4fNeUbhDYhkased5XzG7FnkEyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTNoODE1UnVFTmlHUnF4NTNsZk1ic1dlUVRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9jNzc4MjUtNjhhMy00YjNlLWJjOTAt
NTIzZmQ4NmEwN2M3LzEvR2JfdFM0dERZVWhxN1pGQkJ1NmJYT0hLeFNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9jNzc4MjUtNjhhMy00YjNlLWJjOTAtNTIzZmQ4NmEwN2M3
LzEvVTNoODE1UnVFTmlHUnF4NTNsZk1ic1dlUVRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuTZ8AwQA
uTZ+MA0GCSqGSIb3DQEBCwUAA4IBAQC7nqL6sHoUG6PpdTBFEKb/TmTR23vz4gq5
pSvTdpNf5sbb2VllpomPJLh3ygT4szMTZHdclUl+wHOR8XFQxHcq6y8Qg87kx46L
vBO5FmA4eMPLEKf05Yi63ysywtk7Qh4+6ExZpTvme5dGoyQz+2pcXpT6b5X6CJwm
f0jknMb/OPEUZoVbKQU+NqA0K2u3hcEH3aTTx3Qi6/s8QlV3jwQlQz3Jfk8d57M0
O+HaBAm+jsRU/t1vfESylfGXezpbXaNmqC3waPrmeOdnAWiIN0xjisEn74/EK6ms
PutjNkDajcPLYXJ61iFLm88Uh/JrfxZnrzYkiBdif9to4StGIwge
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:32:38 2025 by rpki-client