Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/19f2e6-1bf3-4f7a-8817-8095f3297179/1/gnkHs-huFz_Mv1gh2f--oMoTlbI.roa
File:                     gnkHs-huFz_Mv1gh2f--oMoTlbI.roa (raw, json)
Hash identifier:          cAkEhiie/5ypOg0o3pr7TFLqNT0IK1/cxJALcW2pMbg=
Subject key identifier:   82:79:07:B3:E8:6E:17:3F:CC:BF:58:21:D9:FF:BE:A0:CA:13:95:B2
Certificate issuer:       /CN=afb4e04a0ed344112c1853cab09f52e1cd9abaf2
Certificate serial:       0194266C40B2EDB4E71C48DD0E58922335F8
Authority key identifier: AF:B4:E0:4A:0E:D3:44:11:2C:18:53:CA:B0:9F:52:E1:CD:9A:BA:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r7TgSg7TRBEsGFPKsJ9S4c2auvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/19f2e6-1bf3-4f7a-8817-8095f3297179/1/gnkHs-huFz_Mv1gh2f--oMoTlbI.roa
Signing time:             Thu 02 Jan 2025 09:50:16 +0000
ROA not before:           Thu 02 Jan 2025 09:50:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213039
IP address blocks:        81.163.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/19f2e6-1bf3-4f7a-8817-8095f3297179/1/r7TgSg7TRBEsGFPKsJ9S4c2auvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/19f2e6-1bf3-4f7a-8817-8095f3297179/1/r7TgSg7TRBEsGFPKsJ9S4c2auvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r7TgSg7TRBEsGFPKsJ9S4c2auvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:40:b2:ed:b4:e7:1c:48:dd:0e:58:92:23:35:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=afb4e04a0ed344112c1853cab09f52e1cd9abaf2
        Validity
            Not Before: Jan  2 09:50:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=827907b3e86e173fccbf5821d9ffbea0ca1395b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:29:a6:c0:d0:f7:e1:9e:bb:a6:84:5e:72:f3:
                    07:35:29:19:8e:d2:06:1c:c9:8f:7a:98:29:19:7c:
                    11:15:4c:e1:6f:3f:81:7f:d1:19:05:0d:36:9c:09:
                    d7:47:12:82:35:0f:68:44:b5:a1:72:4e:b3:28:46:
                    f6:3f:0c:4e:55:c4:33:0e:73:4c:5a:5f:f3:62:be:
                    10:46:15:58:2c:f4:dd:8f:d4:02:e9:af:5c:16:58:
                    8b:63:da:5d:9c:29:f8:6d:04:11:2a:4e:d3:f1:a8:
                    3e:07:6b:c3:aa:53:a9:b9:68:58:69:e6:73:bd:ac:
                    2b:76:36:1b:8b:41:7b:77:e4:c7:01:bd:99:d6:70:
                    c6:ce:e9:59:74:9e:54:b9:d1:50:3a:fe:f9:27:ca:
                    d1:1e:03:c1:f8:47:b8:39:0c:c6:a0:6f:d4:c6:3f:
                    3f:46:07:da:6f:eb:61:f6:38:2f:52:c4:22:51:4c:
                    83:6e:9f:a8:a9:98:ee:5c:06:dc:4a:83:74:97:23:
                    b0:25:90:22:02:6e:da:79:eb:6f:70:e5:d8:81:98:
                    ac:fa:12:f3:cc:9e:2e:7f:8f:40:d3:82:38:82:9e:
                    54:91:16:2b:1d:d8:8c:09:5a:bd:79:e6:5c:cc:b4:
                    66:96:16:93:5e:77:31:75:e0:25:8b:7f:80:4c:67:
                    47:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:79:07:B3:E8:6E:17:3F:CC:BF:58:21:D9:FF:BE:A0:CA:13:95:B2
            X509v3 Authority Key Identifier:
                keyid:AF:B4:E0:4A:0E:D3:44:11:2C:18:53:CA:B0:9F:52:E1:CD:9A:BA:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r7TgSg7TRBEsGFPKsJ9S4c2auvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/19f2e6-1bf3-4f7a-8817-8095f3297179/1/gnkHs-huFz_Mv1gh2f--oMoTlbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/19f2e6-1bf3-4f7a-8817-8095f3297179/1/r7TgSg7TRBEsGFPKsJ9S4c2auvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.163.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:34:b6:e0:ab:7e:e9:58:a7:5b:d8:12:ee:34:ee:68:6c:b7:
         70:1a:18:7e:ea:0d:dd:76:a7:36:4b:5c:38:0b:7a:ca:cd:14:
         d7:e2:f8:45:c3:1c:f8:c5:f2:28:7b:a7:7c:2e:71:00:a0:d6:
         33:9c:f5:2e:f5:73:93:c2:01:5f:98:c8:60:e1:c9:84:90:33:
         65:b8:61:94:9c:71:7e:e6:45:0e:9f:fb:cf:3c:59:49:23:d3:
         5d:e2:46:f2:ad:6d:60:8d:e0:9a:31:a2:f7:b1:d3:d4:32:c0:
         17:2d:4e:d9:f2:7e:b1:34:54:c5:2e:c4:63:54:9e:b3:cf:a3:
         18:81:91:b0:02:aa:3e:e1:69:4f:18:28:04:dd:ba:f0:82:e8:
         93:1b:5a:0c:a0:38:3b:58:53:6b:27:a0:e7:9a:fc:55:4a:1d:
         40:31:09:e1:3b:a1:1f:41:22:99:3c:b5:fb:e4:19:bd:9a:a1:
         b4:b2:83:76:fc:5a:d4:d8:3f:0e:f2:96:b5:73:46:3b:21:85:
         79:a5:0e:f6:d9:e0:b9:26:a2:43:1c:42:48:1b:4b:29:0f:63:
         60:03:24:b8:17:91:ba:ff:4e:cc:a5:34:af:d1:58:28:27:e6:
         5b:a7:a2:8e:ba:fd:86:4e:d7:a1:47:67:33:b0:39:6d:f7:63:
         12:6c:f2:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbECy7bTnHEjdDliSIzX4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmYjRlMDRhMGVkMzQ0MTEyYzE4NTNjYWIwOWY1MmUxY2Q5
YWJhZjIwHhcNMjUwMTAyMDk1MDE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mjc5MDdiM2U4NmUxNzNmY2NiZjU4MjFkOWZmYmVhMGNhMTM5NWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSmmwND34Z67poRecvMHNSkZjtIG
HMmPepgpGXwRFUzhbz+Bf9EZBQ02nAnXRxKCNQ9oRLWhck6zKEb2PwxOVcQzDnNM
Wl/zYr4QRhVYLPTdj9QC6a9cFliLY9pdnCn4bQQRKk7T8ag+B2vDqlOpuWhYaeZz
vawrdjYbi0F7d+THAb2Z1nDGzulZdJ5UudFQOv75J8rRHgPB+Ee4OQzGoG/Uxj8/
Rgfab+th9jgvUsQiUUyDbp+oqZjuXAbcSoN0lyOwJZAiAm7aeetvcOXYgZis+hLz
zJ4uf49A04I4gp5UkRYrHdiMCVq9eeZczLRmlhaTXncxdeAli3+ATGdHyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIJ5B7Pobhc/zL9YIdn/vqDKE5WyMB8GA1UdIwQY
MBaAFK+04EoO00QRLBhTyrCfUuHNmrryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjdUZ1NnN1RSQkVzR0ZQS3NKOVM0YzJhdXZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy8xOWYyZTYtMWJmMy00ZjdhLTg4MTct
ODA5NWYzMjk3MTc5LzEvZ25rSHMtaHVGel9NdjFnaDJmLS1vTW9UbGJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy8xOWYyZTYtMWJmMy00ZjdhLTg4MTctODA5NWYzMjk3MTc5
LzEvcjdUZ1NnN1RSQkVzR0ZQS3NKOVM0YzJhdXZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUaPSMA0G
CSqGSIb3DQEBCwUAA4IBAQBQNLbgq37pWKdb2BLuNO5obLdwGhh+6g3ddqc2S1w4
C3rKzRTX4vhFwxz4xfIoe6d8LnEAoNYznPUu9XOTwgFfmMhg4cmEkDNluGGUnHF+
5kUOn/vPPFlJI9Nd4kbyrW1gjeCaMaL3sdPUMsAXLU7Z8n6xNFTFLsRjVJ6zz6MY
gZGwAqo+4WlPGCgE3brwguiTG1oMoDg7WFNrJ6DnmvxVSh1AMQnhO6EfQSKZPLX7
5Bm9mqG0soN2/FrU2D8O8pa1c0Y7IYV5pQ722eC5JqJDHEJIG0spD2NgAyS4F5G6
/07MpTSv0VgoJ+Zbp6KOuv2GTtehR2czsDlt92MSbPLW
-----END CERTIFICATE-----