Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/3804c2-0e44-4be3-9037-4617ca376083/1/GUbgPZS8b1mJVA-CDXEfke3rKwU.roa
File:                     GUbgPZS8b1mJVA-CDXEfke3rKwU.roa (raw, json)
Hash identifier:          DGiTGvvsu+oEkX+7jMPXSS7hmVWxoFzlEXAOHRpDGto=
Subject key identifier:   19:46:E0:3D:94:BC:6F:59:89:54:0F:82:0D:71:1F:91:ED:EB:2B:05
Certificate issuer:       /CN=c53f0adaeafb40c772459e939354f6be453f158f
Certificate serial:       01944FD511F0D9BA5163DD5A63FF84945067
Authority key identifier: C5:3F:0A:DA:EA:FB:40:C7:72:45:9E:93:93:54:F6:BE:45:3F:15:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xT8K2ur7QMdyRZ6Tk1T2vkU_FY8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/3804c2-0e44-4be3-9037-4617ca376083/1/GUbgPZS8b1mJVA-CDXEfke3rKwU.roa
Signing time:             Fri 10 Jan 2025 10:49:11 +0000
ROA not before:           Fri 10 Jan 2025 10:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213835
IP address blocks:        185.62.252.0/22 maxlen: 24
                          2a14:9200::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/3804c2-0e44-4be3-9037-4617ca376083/1/xT8K2ur7QMdyRZ6Tk1T2vkU_FY8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/3804c2-0e44-4be3-9037-4617ca376083/1/xT8K2ur7QMdyRZ6Tk1T2vkU_FY8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xT8K2ur7QMdyRZ6Tk1T2vkU_FY8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4f:d5:11:f0:d9:ba:51:63:dd:5a:63:ff:84:94:50:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c53f0adaeafb40c772459e939354f6be453f158f
        Validity
            Not Before: Jan 10 10:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1946e03d94bc6f5989540f820d711f91edeb2b05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:81:7d:d8:7d:b5:6f:ea:09:0c:43:d2:30:0e:
                    d9:1b:86:a4:10:e5:da:4e:91:24:22:ac:f0:23:41:
                    44:29:24:21:d3:a2:bd:f3:8b:66:71:18:ba:6c:b3:
                    ce:34:de:b1:a5:4b:a6:c5:cc:5c:7f:5a:21:3e:ee:
                    7e:bc:e8:14:4c:d5:0e:2c:56:08:f7:38:d5:ae:6c:
                    c7:38:96:08:75:b4:1a:6a:8b:2f:38:01:ec:6c:8f:
                    d0:28:dd:26:d0:93:49:74:4e:48:3f:cd:87:de:49:
                    15:6b:02:df:92:b8:0b:0c:a6:da:74:3e:d9:c6:62:
                    8b:0e:33:0d:17:35:1e:ec:f5:ac:01:20:51:76:a4:
                    7c:37:64:71:fc:b1:5f:a8:d4:7c:7f:91:11:03:cf:
                    0f:d2:04:9c:3f:09:e5:fe:a3:a6:c0:74:9e:b2:d7:
                    5c:be:81:c1:43:cc:19:62:c7:48:2e:39:95:2e:a4:
                    af:00:c5:49:83:3c:8f:a5:dc:8d:bc:f9:c0:c2:fc:
                    ba:55:f9:75:e3:2f:bb:41:db:2b:1e:04:38:73:dd:
                    36:29:ca:fd:e0:41:ba:c4:f4:1a:3a:a8:69:3e:4c:
                    24:0f:38:97:e0:a1:b6:ba:7f:81:e4:8d:bf:ac:4e:
                    89:60:69:a4:4b:9a:1b:c1:03:65:14:06:2f:9f:8c:
                    86:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:46:E0:3D:94:BC:6F:59:89:54:0F:82:0D:71:1F:91:ED:EB:2B:05
            X509v3 Authority Key Identifier:
                keyid:C5:3F:0A:DA:EA:FB:40:C7:72:45:9E:93:93:54:F6:BE:45:3F:15:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xT8K2ur7QMdyRZ6Tk1T2vkU_FY8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/3804c2-0e44-4be3-9037-4617ca376083/1/GUbgPZS8b1mJVA-CDXEfke3rKwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/3804c2-0e44-4be3-9037-4617ca376083/1/xT8K2ur7QMdyRZ6Tk1T2vkU_FY8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.62.252.0/22
                IPv6:
                  2a14:9200::/29

    Signature Algorithm: sha256WithRSAEncryption
         2a:ab:81:61:a1:36:66:39:ce:2d:9e:b5:5c:36:93:2b:83:89:
         37:75:3d:d3:73:2a:22:d3:2f:66:22:c2:5a:ae:98:15:9b:df:
         2d:03:7e:96:71:82:e7:32:eb:99:40:f6:1c:b1:74:9a:f7:ca:
         0d:50:22:37:61:da:47:a6:f8:f3:72:00:fb:35:25:9a:a9:26:
         fd:91:8d:f0:b8:d7:62:4f:80:e7:6a:64:db:e0:37:0f:5d:3f:
         85:4c:34:45:34:14:a1:83:de:3d:b5:dc:6e:b0:ff:06:b6:dc:
         d2:cc:88:b8:d5:5e:1e:c0:23:c9:bf:ff:fb:ab:f9:21:84:92:
         cb:58:da:8a:a6:3c:cc:f7:fe:85:23:43:b5:49:a9:cc:ea:3c:
         08:68:54:7d:80:b5:8f:49:ae:39:da:e2:62:64:a3:cf:62:8e:
         d8:35:7e:0d:ea:83:69:c7:ea:f1:4a:53:87:a4:67:83:08:82:
         29:fb:d0:48:5f:b0:e8:57:9d:98:ab:ba:8d:e1:98:55:c0:2a:
         17:f6:8a:1c:8d:b6:52:c5:9b:01:1c:cb:a7:27:66:59:28:47:
         26:69:bb:c3:63:ca:95:69:f3:e8:df:c6:20:69:2b:79:08:64:
         72:cd:94:79:03:e1:16:bb:fd:f0:de:6d:12:4c:ee:cf:65:0f:
         63:94:90:85
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZRP1RHw2bpRY91aY/+ElFBnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1M2YwYWRhZWFmYjQwYzc3MjQ1OWU5MzkzNTRmNmJlNDUz
ZjE1OGYwHhcNMjUwMTEwMTA0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTQ2ZTAzZDk0YmM2ZjU5ODk1NDBmODIwZDcxMWY5MWVkZWIyYjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA34F92H21b+oJDEPSMA7ZG4akEOXa
TpEkIqzwI0FEKSQh06K984tmcRi6bLPONN6xpUumxcxcf1ohPu5+vOgUTNUOLFYI
9zjVrmzHOJYIdbQaaosvOAHsbI/QKN0m0JNJdE5IP82H3kkVawLfkrgLDKbadD7Z
xmKLDjMNFzUe7PWsASBRdqR8N2Rx/LFfqNR8f5ERA88P0gScPwnl/qOmwHSestdc
voHBQ8wZYsdILjmVLqSvAMVJgzyPpdyNvPnAwvy6Vfl14y+7QdsrHgQ4c902Kcr9
4EG6xPQaOqhpPkwkDziX4KG2un+B5I2/rE6JYGmkS5obwQNlFAYvn4yGbwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBlG4D2UvG9ZiVQPgg1xH5Ht6ysFMB8GA1UdIwQY
MBaAFMU/Ctrq+0DHckWek5NU9r5FPxWPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFQ4SzJ1cjdRTWR5Ulo2VGsxVDJ2a1VfRlk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS8zODA0YzItMGU0NC00YmUzLTkwMzct
NDYxN2NhMzc2MDgzLzEvR1ViZ1BaUzhiMW1KVkEtQ0RYRWZrZTNyS3dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS8zODA0YzItMGU0NC00YmUzLTkwMzctNDYxN2NhMzc2MDgz
LzEveFQ4SzJ1cjdRTWR5Ulo2VGsxVDJ2a1VfRlk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuT78MA0E
AgACMAcDBQMqFJIAMA0GCSqGSIb3DQEBCwUAA4IBAQAqq4FhoTZmOc4tnrVcNpMr
g4k3dT3Tcyoi0y9mIsJarpgVm98tA36WcYLnMuuZQPYcsXSa98oNUCI3YdpHpvjz
cgD7NSWaqSb9kY3wuNdiT4DnamTb4DcPXT+FTDRFNBShg949tdxusP8GttzSzIi4
1V4ewCPJv//7q/khhJLLWNqKpjzM9/6FI0O1SanM6jwIaFR9gLWPSa452uJiZKPP
Yo7YNX4N6oNpx+rxSlOHpGeDCIIp+9BIX7DoV52Yq7qN4ZhVwCoX9oocjbZSxZsB
HMunJ2ZZKEcmabvDY8qVafPo38YgaSt5CGRyzZR5A+EWu/3w3m0STO7PZQ9jlJCF
-----END CERTIFICATE-----