Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/63b6ae-d4f5-4946-bbf5-b133e6e6fa85/1/gFgwOulWz8EdjBx0WPIuskEa2Xo.roa
File:                     gFgwOulWz8EdjBx0WPIuskEa2Xo.roa (raw, json)
Hash identifier:          kmccz6rQP+OANRlJVswlZw+GA51smpUT7A9JAOVNjXI=
Subject key identifier:   80:58:30:3A:E9:56:CF:C1:1D:8C:1C:74:58:F2:2E:B2:41:1A:D9:7A
Certificate issuer:       /CN=625a9f69fe0797e083b516281cab3f0ba65e2ea8
Certificate serial:       0194228E0EE39F15256974250F9F5AAE6FB1
Authority key identifier: 62:5A:9F:69:FE:07:97:E0:83:B5:16:28:1C:AB:3F:0B:A6:5E:2E:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ylqfaf4Hl-CDtRYoHKs_C6ZeLqg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/63b6ae-d4f5-4946-bbf5-b133e6e6fa85/1/gFgwOulWz8EdjBx0WPIuskEa2Xo.roa
Signing time:             Wed 01 Jan 2025 15:48:42 +0000
ROA not before:           Wed 01 Jan 2025 15:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202516
IP address blocks:        193.58.164.0/22 maxlen: 22
                          2a0c:9540::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/63b6ae-d4f5-4946-bbf5-b133e6e6fa85/1/Ylqfaf4Hl-CDtRYoHKs_C6ZeLqg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/63b6ae-d4f5-4946-bbf5-b133e6e6fa85/1/Ylqfaf4Hl-CDtRYoHKs_C6ZeLqg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ylqfaf4Hl-CDtRYoHKs_C6ZeLqg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:0e:e3:9f:15:25:69:74:25:0f:9f:5a:ae:6f:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=625a9f69fe0797e083b516281cab3f0ba65e2ea8
        Validity
            Not Before: Jan  1 15:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8058303ae956cfc11d8c1c7458f22eb2411ad97a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a4:91:23:39:7f:c3:f9:9d:61:62:ba:14:7c:
                    a5:df:86:f1:2b:3e:3c:ec:22:1a:16:17:4d:a4:53:
                    02:db:b6:2a:56:2b:09:2c:00:ab:8b:aa:38:b0:cf:
                    66:cf:20:3f:e3:40:3a:c2:82:3e:7d:66:4a:14:aa:
                    80:d3:a6:eb:a2:bc:76:d4:2e:ca:f5:82:78:b7:97:
                    97:a5:6f:ba:dc:0e:1f:ac:33:16:53:7f:e7:a8:24:
                    6d:74:79:ec:d9:a8:95:f4:3d:a3:ec:b6:69:5e:1a:
                    aa:88:45:37:fd:7c:01:20:a9:8d:c3:a1:1d:fd:2d:
                    af:0c:31:37:53:8d:63:be:65:2a:10:9d:12:d8:9e:
                    9f:7e:67:c2:59:29:0a:4e:b6:97:ad:04:d6:a2:7f:
                    76:93:76:c3:7c:c5:61:f3:11:25:ef:7a:d8:02:87:
                    3d:7e:ed:70:64:b9:0b:bd:80:e9:47:f0:6e:c2:3e:
                    31:97:3d:cb:79:5c:e9:57:5c:d2:2e:c0:59:72:4b:
                    b9:0f:27:51:53:03:c0:0d:5e:b4:0f:92:38:2a:64:
                    46:cb:e5:31:06:e5:ef:6f:05:cb:d3:13:28:51:89:
                    11:f2:d4:30:42:21:25:5b:2d:40:d0:c6:ff:1b:5e:
                    21:0c:60:27:e7:45:2d:3a:6e:2d:5e:bb:79:87:b0:
                    35:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:58:30:3A:E9:56:CF:C1:1D:8C:1C:74:58:F2:2E:B2:41:1A:D9:7A
            X509v3 Authority Key Identifier:
                keyid:62:5A:9F:69:FE:07:97:E0:83:B5:16:28:1C:AB:3F:0B:A6:5E:2E:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ylqfaf4Hl-CDtRYoHKs_C6ZeLqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/63b6ae-d4f5-4946-bbf5-b133e6e6fa85/1/gFgwOulWz8EdjBx0WPIuskEa2Xo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/63b6ae-d4f5-4946-bbf5-b133e6e6fa85/1/Ylqfaf4Hl-CDtRYoHKs_C6ZeLqg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.164.0/22
                IPv6:
                  2a0c:9540::/32

    Signature Algorithm: sha256WithRSAEncryption
         b7:91:46:d3:6c:1e:2b:b2:d3:90:ad:63:11:00:1a:c4:6a:a4:
         0d:9a:e8:c3:8d:70:6e:58:48:b5:ca:f0:41:39:d2:ad:05:54:
         a3:71:e9:c2:dc:d3:da:70:10:1b:24:99:bd:6e:99:1c:a5:33:
         e8:96:20:46:37:13:a2:22:d4:3e:ff:39:b9:4f:47:4a:28:13:
         2c:0a:16:82:88:bf:e9:3c:73:45:a8:b5:4d:df:14:99:fe:70:
         cb:df:b5:d5:f0:cf:4e:47:5e:bb:2c:94:43:60:77:af:b5:f1:
         2f:74:ca:14:f5:dd:5b:8a:8e:8d:8b:71:74:2d:12:80:b0:ec:
         64:46:cd:f7:c3:f8:98:6e:bf:bf:e4:cd:6c:1d:7e:21:ab:c2:
         4f:98:b4:bd:95:5f:1e:5e:4b:4b:0d:47:27:20:34:4b:04:23:
         1f:c1:11:a3:46:0a:3b:98:db:fe:b7:53:4e:b4:22:ba:6b:b4:
         d1:65:25:9f:85:58:b0:00:d0:e3:2b:27:52:27:2d:03:d1:63:
         c7:30:2f:26:51:76:b2:18:8e:f4:67:89:c5:ba:71:eb:06:08:
         d1:c8:3e:d3:fa:73:2c:31:cb:0a:3d:46:28:70:64:fd:9c:0b:
         a5:3e:1d:a0:5b:aa:70:36:87:24:95:4d:eb:85:b4:6c:95:9a:
         5f:0e:1b:7d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQijg7jnxUlaXQlD59arm+xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNWE5ZjY5ZmUwNzk3ZTA4M2I1MTYyODFjYWIzZjBiYTY1
ZTJlYTgwHhcNMjUwMTAxMTU0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDU4MzAzYWU5NTZjZmMxMWQ4YzFjNzQ1OGYyMmViMjQxMWFkOTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6SRIzl/w/mdYWK6FHyl34bxKz48
7CIaFhdNpFMC27YqVisJLACri6o4sM9mzyA/40A6woI+fWZKFKqA06brorx21C7K
9YJ4t5eXpW+63A4frDMWU3/nqCRtdHns2aiV9D2j7LZpXhqqiEU3/XwBIKmNw6Ed
/S2vDDE3U41jvmUqEJ0S2J6ffmfCWSkKTraXrQTWon92k3bDfMVh8xEl73rYAoc9
fu1wZLkLvYDpR/Buwj4xlz3LeVzpV1zSLsBZcku5DydRUwPADV60D5I4KmRGy+Ux
BuXvbwXL0xMoUYkR8tQwQiElWy1A0Mb/G14hDGAn50UtOm4tXrt5h7A1JwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIBYMDrpVs/BHYwcdFjyLrJBGtl6MB8GA1UdIwQY
MBaAFGJan2n+B5fgg7UWKByrPwumXi6oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWxxZmFmNEhsLUNEdFJZb0hLc19DNlplTHFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC82M2I2YWUtZDRmNS00OTQ2LWJiZjUt
YjEzM2U2ZTZmYTg1LzEvZ0Znd091bFd6OEVkakJ4MFdQSXVza0VhMlhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC82M2I2YWUtZDRmNS00OTQ2LWJiZjUtYjEzM2U2ZTZmYTg1
LzEvWWxxZmFmNEhsLUNEdFJZb0hLc19DNlplTHFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwTqkMA0E
AgACMAcDBQAqDJVAMA0GCSqGSIb3DQEBCwUAA4IBAQC3kUbTbB4rstOQrWMRABrE
aqQNmujDjXBuWEi1yvBBOdKtBVSjcenC3NPacBAbJJm9bpkcpTPoliBGNxOiItQ+
/zm5T0dKKBMsChaCiL/pPHNFqLVN3xSZ/nDL37XV8M9OR167LJRDYHevtfEvdMoU
9d1bio6Ni3F0LRKAsOxkRs33w/iYbr+/5M1sHX4hq8JPmLS9lV8eXktLDUcnIDRL
BCMfwRGjRgo7mNv+t1NOtCK6a7TRZSWfhViwANDjKydSJy0D0WPHMC8mUXayGI70
Z4nFunHrBgjRyD7T+nMsMcsKPUYocGT9nAulPh2gW6pwNocklU3rhbRslZpfDht9
-----END CERTIFICATE-----