Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/b96cee-9009-458b-aa60-b33a4097bcb0/1/GV_0uBo9U-qXTNCsZ-0ommJTyoU.roa
File:                     GV_0uBo9U-qXTNCsZ-0ommJTyoU.roa (raw, json)
Hash identifier:          opWXn12DJLh2jYPAXbqu6bXDVmWJk2qaChEIKh6x3kw=
Subject key identifier:   19:5F:F4:B8:1A:3D:53:EA:97:4C:D0:AC:67:ED:28:9A:62:53:CA:85
Certificate issuer:       /CN=728627f95026514b42654058f49eeb9b7c48f020
Certificate serial:       019424B2DAE2EE1723F4910DD4E8A3A94E85
Authority key identifier: 72:86:27:F9:50:26:51:4B:42:65:40:58:F4:9E:EB:9B:7C:48:F0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/coYn-VAmUUtCZUBY9J7rm3xI8CA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/b96cee-9009-458b-aa60-b33a4097bcb0/1/GV_0uBo9U-qXTNCsZ-0ommJTyoU.roa
Signing time:             Thu 02 Jan 2025 01:48:08 +0000
ROA not before:           Thu 02 Jan 2025 01:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42525
IP address blocks:        91.240.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/b96cee-9009-458b-aa60-b33a4097bcb0/1/coYn-VAmUUtCZUBY9J7rm3xI8CA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/b96cee-9009-458b-aa60-b33a4097bcb0/1/coYn-VAmUUtCZUBY9J7rm3xI8CA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/coYn-VAmUUtCZUBY9J7rm3xI8CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:da:e2:ee:17:23:f4:91:0d:d4:e8:a3:a9:4e:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=728627f95026514b42654058f49eeb9b7c48f020
        Validity
            Not Before: Jan  2 01:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=195ff4b81a3d53ea974cd0ac67ed289a6253ca85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:13:1e:bc:16:b7:51:eb:d0:e2:d0:fb:60:fd:
                    ce:a3:8f:de:3f:42:98:ff:98:57:84:c0:32:15:d0:
                    58:dd:78:98:61:c7:6d:8a:b0:4a:5e:06:27:8b:77:
                    54:66:c2:5c:a9:8d:38:44:00:50:3e:d3:87:1c:4d:
                    80:18:cf:a4:d9:9e:e4:c5:f4:71:47:88:d1:7f:94:
                    f9:8a:69:d2:b7:5f:af:01:18:50:4d:b1:bd:cf:ae:
                    08:8b:d3:00:70:58:6e:3f:47:3d:c4:f2:50:c5:27:
                    68:43:df:33:12:5e:f2:91:89:69:82:be:f7:2c:c1:
                    e6:11:8e:94:9f:f7:e7:a2:19:97:00:3b:c2:c8:6b:
                    2d:f0:99:f6:02:fa:92:49:5f:fa:ec:ac:1f:0e:97:
                    80:8f:bc:23:90:dd:0a:a1:6b:b9:bc:56:ec:e4:9b:
                    0f:e9:a8:06:88:f5:86:87:91:9d:33:a7:3d:b8:a7:
                    3c:4c:1c:0a:56:36:6b:14:9c:ab:d9:51:62:5d:dd:
                    96:9b:db:11:dc:ea:d1:93:3b:df:35:1f:bb:da:bf:
                    8a:ad:62:7d:a5:31:dc:c6:85:e5:56:a0:57:63:de:
                    ab:ff:01:21:c1:bd:d2:2e:b5:2a:48:d3:0d:c8:28:
                    8c:81:f4:69:ef:4e:94:28:2f:89:50:fc:2e:4a:05:
                    fd:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:5F:F4:B8:1A:3D:53:EA:97:4C:D0:AC:67:ED:28:9A:62:53:CA:85
            X509v3 Authority Key Identifier:
                keyid:72:86:27:F9:50:26:51:4B:42:65:40:58:F4:9E:EB:9B:7C:48:F0:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/coYn-VAmUUtCZUBY9J7rm3xI8CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/b96cee-9009-458b-aa60-b33a4097bcb0/1/GV_0uBo9U-qXTNCsZ-0ommJTyoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/b96cee-9009-458b-aa60-b33a4097bcb0/1/coYn-VAmUUtCZUBY9J7rm3xI8CA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:ba:d3:e2:89:4d:7d:d2:27:fa:ec:d3:33:14:03:d4:f0:09:
         b9:1f:4c:fe:0d:e1:ef:37:ab:bf:7f:d2:c7:ad:d0:2a:41:61:
         12:97:57:bf:e2:81:03:3d:ed:23:47:7c:75:e0:fa:73:6c:e4:
         bf:0e:8a:00:c4:41:32:c5:30:77:67:db:7d:10:e0:ae:4b:35:
         6c:4c:2b:31:ae:64:3d:d8:4c:0a:8d:b9:49:db:4a:cd:8c:ed:
         48:4d:27:c1:cd:17:ec:ca:ae:67:2e:89:df:32:23:77:10:5b:
         bc:d9:3c:d9:fd:e5:08:ce:33:41:ee:e8:09:51:7e:74:17:a3:
         fd:fa:72:f0:a8:fe:91:01:bf:5f:c5:c4:e1:5c:53:34:b5:d2:
         0c:73:f4:cf:3d:65:33:79:75:d7:93:2f:8b:fa:2c:93:bc:dd:
         c4:d8:75:26:50:97:16:fa:91:99:ce:1d:73:4f:12:f0:f1:2e:
         11:d7:05:e5:d6:e3:be:f4:3c:73:10:d4:40:a2:35:2d:ab:95:
         57:fd:89:25:aa:c8:b5:ee:95:dc:f9:8d:77:3e:8d:90:f3:2b:
         26:e7:f6:f3:f8:cc:d7:d6:00:d5:7d:c7:4a:ce:8b:3a:23:92:
         f9:95:05:ae:14:43:fc:30:1b:3b:aa:61:b6:95:f5:3c:76:42:
         7d:b6:0b:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkstri7hcj9JEN1OijqU6FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyODYyN2Y5NTAyNjUxNGI0MjY1NDA1OGY0OWVlYjliN2M0
OGYwMjAwHhcNMjUwMTAyMDE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTVmZjRiODFhM2Q1M2VhOTc0Y2QwYWM2N2VkMjg5YTYyNTNjYTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshMevBa3UevQ4tD7YP3Oo4/eP0KY
/5hXhMAyFdBY3XiYYcdtirBKXgYni3dUZsJcqY04RABQPtOHHE2AGM+k2Z7kxfRx
R4jRf5T5imnSt1+vARhQTbG9z64Ii9MAcFhuP0c9xPJQxSdoQ98zEl7ykYlpgr73
LMHmEY6Un/fnohmXADvCyGst8Jn2AvqSSV/67KwfDpeAj7wjkN0KoWu5vFbs5JsP
6agGiPWGh5GdM6c9uKc8TBwKVjZrFJyr2VFiXd2Wm9sR3OrRkzvfNR+72r+KrWJ9
pTHcxoXlVqBXY96r/wEhwb3SLrUqSNMNyCiMgfRp706UKC+JUPwuSgX9mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBlf9LgaPVPql0zQrGftKJpiU8qFMB8GA1UdIwQY
MBaAFHKGJ/lQJlFLQmVAWPSe65t8SPAgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY29Zbi1WQW1VVXRDWlVCWTlKN3JtM3hJOENBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9iOTZjZWUtOTAwOS00NThiLWFhNjAt
YjMzYTQwOTdiY2IwLzEvR1ZfMHVCbzlVLXFYVE5Dc1otMG9tbUpUeW9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9iOTZjZWUtOTAwOS00NThiLWFhNjAtYjMzYTQwOTdiY2Iw
LzEvY29Zbi1WQW1VVXRDWlVCWTlKN3JtM3hJOENBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/C9MA0G
CSqGSIb3DQEBCwUAA4IBAQACutPiiU190if67NMzFAPU8Am5H0z+DeHvN6u/f9LH
rdAqQWESl1e/4oEDPe0jR3x14PpzbOS/DooAxEEyxTB3Z9t9EOCuSzVsTCsxrmQ9
2EwKjblJ20rNjO1ITSfBzRfsyq5nLonfMiN3EFu82TzZ/eUIzjNB7ugJUX50F6P9
+nLwqP6RAb9fxcThXFM0tdIMc/TPPWUzeXXXky+L+iyTvN3E2HUmUJcW+pGZzh1z
TxLw8S4R1wXl1uO+9DxzENRAojUtq5VX/Yklqsi17pXc+Y13Po2Q8ysm5/bz+MzX
1gDVfcdKzos6I5L5lQWuFEP8MBs7qmG2lfU8dkJ9tguc
-----END CERTIFICATE-----