Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/GXzq9wWHQnvWRMB3rk0aKmZ_VB0.roa
File:                     GXzq9wWHQnvWRMB3rk0aKmZ_VB0.roa (raw, json)
Hash identifier:          wg6lufhJJXrq5oqTjYFOMgJO080D/2MDrTMpzX1tPYY=
Subject key identifier:   19:7C:EA:F7:05:87:42:7B:D6:44:C0:77:AE:4D:1A:2A:66:7F:54:1D
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01968248CB71E7B54751C809CE254545C9BF
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/GXzq9wWHQnvWRMB3rk0aKmZ_VB0.roa
Signing time:             Tue 29 Apr 2025 16:02:10 +0000
ROA not before:           Tue 29 Apr 2025 16:02:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210174
IP address blocks:        5.175.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:82:48:cb:71:e7:b5:47:51:c8:09:ce:25:45:45:c9:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr 29 16:02:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=197ceaf70587427bd644c077ae4d1a2a667f541d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:f9:c5:c9:c2:c7:2c:1c:ab:46:74:64:74:0c:
                    c1:b1:6b:60:cf:b6:9f:aa:64:2a:20:0f:b8:a2:ce:
                    6d:20:e7:16:76:08:5e:9c:c2:01:65:af:14:97:38:
                    76:d4:0d:4d:37:83:c4:7e:c1:6a:2b:2f:0d:60:e3:
                    02:4e:d1:f1:04:d7:ba:99:3a:bd:8e:80:d5:e9:3a:
                    71:c1:ed:27:af:13:02:9f:9b:fc:01:fd:32:c3:91:
                    1d:4d:50:75:bf:0c:d6:25:23:b4:28:86:c5:d3:55:
                    0f:99:21:92:8a:84:21:e3:0d:44:20:7c:54:59:24:
                    d4:ce:81:d3:8a:b7:90:61:3c:78:67:a2:85:0f:fb:
                    15:b5:40:8e:07:5f:98:31:a5:c4:45:13:3e:ff:ab:
                    8b:4b:b3:d5:26:69:62:db:53:83:0b:17:a9:c4:d2:
                    3d:05:58:6e:7b:7b:d7:7d:c9:78:af:46:ae:09:02:
                    46:fb:c9:a4:75:b2:87:e2:57:bd:11:d6:8e:2f:fc:
                    30:9a:7b:d1:9d:99:12:80:be:e2:31:be:57:42:8f:
                    44:e1:fa:68:39:24:72:5b:c4:fe:5a:a0:ad:4a:18:
                    ce:47:9b:05:da:8c:86:65:38:45:7a:f4:96:70:d5:
                    8c:40:a2:2e:19:de:e8:f0:b2:8e:7f:44:aa:b6:c7:
                    5d:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:7C:EA:F7:05:87:42:7B:D6:44:C0:77:AE:4D:1A:2A:66:7F:54:1D
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/GXzq9wWHQnvWRMB3rk0aKmZ_VB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:d7:2a:cc:6b:a5:a8:52:07:d8:c7:d5:69:d8:21:b0:81:61:
         89:84:f2:80:13:36:22:81:4a:16:43:d4:f9:a6:31:52:ad:e1:
         07:c8:59:d2:00:c7:32:4e:71:02:ff:67:6f:f9:b3:73:9e:77:
         70:18:4d:1d:ec:38:db:e4:9c:72:23:58:38:71:45:47:53:a4:
         68:9a:9e:a4:b9:08:c5:65:85:7d:9b:2d:95:3e:78:a7:65:92:
         96:e3:ca:43:77:7d:9b:09:9b:60:d2:39:07:98:e7:34:f5:cf:
         ee:15:3e:b2:48:e1:c2:2c:f4:b9:b6:ca:24:cf:c4:21:25:0c:
         dc:6f:9d:6b:47:fa:c4:13:49:ee:97:f0:4d:a2:76:cc:c8:74:
         28:87:33:92:11:81:85:66:c3:41:27:50:2d:24:05:f0:92:ef:
         2f:88:ad:ec:5e:94:b7:0c:1a:16:c1:32:b9:47:c0:94:20:71:
         6a:91:3b:75:8b:77:dd:23:83:b8:c2:67:22:63:92:31:84:82:
         5c:3f:22:87:b9:32:66:1b:45:54:86:a3:5f:4c:db:f5:da:5b:
         13:b3:9e:12:31:14:c5:59:aa:c5:90:0c:f5:78:a9:0b:16:dc:
         b5:84:57:f6:30:5b:33:1c:e6:c2:3b:66:9a:fc:aa:fe:a2:5c:
         64:2c:b8:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaCSMtx57VHUcgJziVFRcm/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNDI5MTYwMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTdjZWFmNzA1ODc0MjdiZDY0NGMwNzdhZTRkMWEyYTY2N2Y1NDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8vnFycLHLByrRnRkdAzBsWtgz7af
qmQqIA+4os5tIOcWdghenMIBZa8Ulzh21A1NN4PEfsFqKy8NYOMCTtHxBNe6mTq9
joDV6Tpxwe0nrxMCn5v8Af0yw5EdTVB1vwzWJSO0KIbF01UPmSGSioQh4w1EIHxU
WSTUzoHTireQYTx4Z6KFD/sVtUCOB1+YMaXERRM+/6uLS7PVJmli21ODCxepxNI9
BVhue3vXfcl4r0auCQJG+8mkdbKH4le9EdaOL/wwmnvRnZkSgL7iMb5XQo9E4fpo
OSRyW8T+WqCtShjOR5sF2oyGZThFevSWcNWMQKIuGd7o8LKOf0SqtsddpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBl86vcFh0J71kTAd65NGipmf1QdMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvR1h6cTl3V0hRbnZXUk1CM3JrMGFLbVpfVkIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABa/4MA0G
CSqGSIb3DQEBCwUAA4IBAQBE1yrMa6WoUgfYx9Vp2CGwgWGJhPKAEzYigUoWQ9T5
pjFSreEHyFnSAMcyTnEC/2dv+bNznndwGE0d7Djb5JxyI1g4cUVHU6Romp6kuQjF
ZYV9my2VPninZZKW48pDd32bCZtg0jkHmOc09c/uFT6ySOHCLPS5tsokz8QhJQzc
b51rR/rEE0nul/BNonbMyHQohzOSEYGFZsNBJ1AtJAXwku8viK3sXpS3DBoWwTK5
R8CUIHFqkTt1i3fdI4O4wmciY5IxhIJcPyKHuTJmG0VUhqNfTNv12lsTs54SMRTF
WarFkAz1eKkLFty1hFf2MFszHObCO2aa/Kr+olxkLLh0
-----END CERTIFICATE-----