Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9f5223-a56c-465b-ac65-fd152a6a0587/1/GkuupBH0S6UfIOVBxWCowAfIXUM.roa
File:                     GkuupBH0S6UfIOVBxWCowAfIXUM.roa (raw, json)
Hash identifier:          0Pa8It6a3TFSH6XKo+NzCtHNBkz88WRMk9KlV3Y4AVM=
Subject key identifier:   1A:4B:AE:A4:11:F4:4B:A5:1F:20:E5:41:C5:60:A8:C0:07:C8:5D:43
Certificate issuer:       /CN=e5aaf76d27ba812e0d5ce2305f17c53188c2580c
Certificate serial:       01971C3E011BA49EBB6939C5A3BBE4327467
Authority key identifier: E5:AA:F7:6D:27:BA:81:2E:0D:5C:E2:30:5F:17:C5:31:88:C2:58:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5ar3bSe6gS4NXOIwXxfFMYjCWAw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9f5223-a56c-465b-ac65-fd152a6a0587/1/GkuupBH0S6UfIOVBxWCowAfIXUM.roa
Signing time:             Thu 29 May 2025 13:31:54 +0000
ROA not before:           Thu 29 May 2025 13:31:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35773
IP address blocks:        46.245.237.0/24 maxlen: 24
                          2a13:d880::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9f5223-a56c-465b-ac65-fd152a6a0587/1/5ar3bSe6gS4NXOIwXxfFMYjCWAw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9f5223-a56c-465b-ac65-fd152a6a0587/1/5ar3bSe6gS4NXOIwXxfFMYjCWAw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5ar3bSe6gS4NXOIwXxfFMYjCWAw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:1c:3e:01:1b:a4:9e:bb:69:39:c5:a3:bb:e4:32:74:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5aaf76d27ba812e0d5ce2305f17c53188c2580c
        Validity
            Not Before: May 29 13:31:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a4baea411f44ba51f20e541c560a8c007c85d43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:64:f1:8c:0c:b5:20:47:16:15:a3:0a:0e:5a:
                    b2:fe:72:75:63:3e:da:6b:38:07:e1:72:77:10:04:
                    c5:89:68:25:7c:67:08:f1:98:8c:b2:09:c6:89:ba:
                    45:42:47:32:c7:ca:4b:af:94:37:98:91:84:ae:dd:
                    08:92:7b:71:07:a2:94:07:e0:0b:9f:af:c0:29:ad:
                    72:8c:bd:c4:f1:b7:1f:cc:bb:e8:c4:e7:1a:f6:cb:
                    36:37:97:e0:19:ef:60:ff:7a:aa:fb:c3:a3:06:d3:
                    22:28:c1:86:bb:63:31:e0:8f:a1:8a:b6:a5:a0:fb:
                    d6:b7:4b:21:89:4e:09:90:7a:f2:9d:9c:66:1e:9d:
                    55:19:b5:b8:2a:2b:68:98:b0:0a:8d:f2:6a:c4:c0:
                    86:e3:45:79:e6:ec:87:dc:66:22:04:4d:7c:33:06:
                    64:1a:f1:2a:e1:1a:44:4c:d3:c9:60:48:75:5b:ff:
                    84:34:cd:75:5c:cc:70:70:de:38:ca:4f:1b:d6:ce:
                    5a:5c:7b:ff:15:66:4b:7a:6a:c9:e9:b5:3b:95:77:
                    48:fd:79:c4:52:88:a0:21:4b:71:a0:0e:8d:bb:a9:
                    73:91:f9:5e:24:bd:94:9b:85:74:82:44:41:99:b2:
                    16:f1:cb:39:e9:a4:ac:ce:14:15:fd:65:dd:08:a4:
                    90:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:4B:AE:A4:11:F4:4B:A5:1F:20:E5:41:C5:60:A8:C0:07:C8:5D:43
            X509v3 Authority Key Identifier:
                keyid:E5:AA:F7:6D:27:BA:81:2E:0D:5C:E2:30:5F:17:C5:31:88:C2:58:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5ar3bSe6gS4NXOIwXxfFMYjCWAw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9f5223-a56c-465b-ac65-fd152a6a0587/1/GkuupBH0S6UfIOVBxWCowAfIXUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9f5223-a56c-465b-ac65-fd152a6a0587/1/5ar3bSe6gS4NXOIwXxfFMYjCWAw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.245.237.0/24
                IPv6:
                  2a13:d880::/29

    Signature Algorithm: sha256WithRSAEncryption
         28:8d:0a:69:73:93:fa:67:87:84:5f:aa:4d:3f:52:fc:f8:60:
         df:69:c3:c2:19:ee:4b:19:61:a0:63:06:37:df:d7:be:10:82:
         37:5e:c5:ff:03:a0:f4:a0:c8:1b:14:cd:3a:2c:65:e2:c0:b4:
         ef:75:fd:03:18:c9:00:c5:10:fe:97:cf:bd:ad:2f:e5:c7:1b:
         d8:64:29:88:0f:09:c8:c4:c9:25:7c:e5:04:56:67:31:09:34:
         91:ca:bd:e6:59:7f:d5:cf:79:79:9d:f6:84:5f:38:03:85:ee:
         13:10:0d:05:e6:31:4a:83:ca:45:96:e7:51:ff:cb:81:00:3e:
         08:3d:08:a1:e4:95:72:c6:57:cf:d5:a9:eb:e5:e6:8c:8d:77:
         83:39:e7:ad:09:c0:56:bf:d4:12:19:1e:37:8b:52:64:22:6c:
         18:40:5d:b0:68:7f:88:c2:94:da:fe:82:6a:0c:ad:6e:39:e5:
         ba:33:6b:8a:c4:f0:29:07:0a:eb:9d:39:d8:f2:cf:46:f8:a6:
         f1:c1:6d:2f:8f:37:19:01:d0:f8:a8:bf:eb:9d:0b:c9:6d:5f:
         e1:72:ff:3a:e7:15:03:02:d8:50:a2:41:9f:b1:12:ad:93:d7:
         85:8b:9b:fb:80:06:4e:df:83:41:34:bc:95:99:63:4f:17:5c:
         58:6b:31:b6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZccPgEbpJ67aTnFo7vkMnRnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YWFmNzZkMjdiYTgxMmUwZDVjZTIzMDVmMTdjNTMxODhj
MjU4MGMwHhcNMjUwNTI5MTMzMTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTRiYWVhNDExZjQ0YmE1MWYyMGU1NDFjNTYwYThjMDA3Yzg1ZDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2TxjAy1IEcWFaMKDlqy/nJ1Yz7a
azgH4XJ3EATFiWglfGcI8ZiMsgnGibpFQkcyx8pLr5Q3mJGErt0IkntxB6KUB+AL
n6/AKa1yjL3E8bcfzLvoxOca9ss2N5fgGe9g/3qq+8OjBtMiKMGGu2Mx4I+hiral
oPvWt0shiU4JkHrynZxmHp1VGbW4KitomLAKjfJqxMCG40V55uyH3GYiBE18MwZk
GvEq4RpETNPJYEh1W/+ENM11XMxwcN44yk8b1s5aXHv/FWZLemrJ6bU7lXdI/XnE
UoigIUtxoA6Nu6lzkfleJL2Um4V0gkRBmbIW8cs56aSszhQV/WXdCKSQswIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBpLrqQR9EulHyDlQcVgqMAHyF1DMB8GA1UdIwQY
MBaAFOWq920nuoEuDVziMF8XxTGIwlgMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWFyM2JTZTZnUzROWE9Jd1h4ZkZNWWpDV0F3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85ZjUyMjMtYTU2Yy00NjViLWFjNjUt
ZmQxNTJhNmEwNTg3LzEvR2t1dXBCSDBTNlVmSU9WQnhXQ293QWZJWFVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85ZjUyMjMtYTU2Yy00NjViLWFjNjUtZmQxNTJhNmEwNTg3
LzEvNWFyM2JTZTZnUzROWE9Jd1h4ZkZNWWpDV0F3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALvXtMA0E
AgACMAcDBQMqE9iAMA0GCSqGSIb3DQEBCwUAA4IBAQAojQppc5P6Z4eEX6pNP1L8
+GDfacPCGe5LGWGgYwY339e+EII3XsX/A6D0oMgbFM06LGXiwLTvdf0DGMkAxRD+
l8+9rS/lxxvYZCmIDwnIxMklfOUEVmcxCTSRyr3mWX/Vz3l5nfaEXzgDhe4TEA0F
5jFKg8pFludR/8uBAD4IPQih5JVyxlfP1anr5eaMjXeDOeetCcBWv9QSGR43i1Jk
ImwYQF2waH+IwpTa/oJqDK1uOeW6M2uKxPApBwrrnTnY8s9G+KbxwW0vjzcZAdD4
qL/rnQvJbV/hcv865xUDAthQokGfsRKtk9eFi5v7gAZO34NBNLyVmWNPF1xYazG2
-----END CERTIFICATE-----