Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/GEM9-ollqfLjQn7AeKF24lQwKXo.roa
File:                     GEM9-ollqfLjQn7AeKF24lQwKXo.roa (raw, json)
Hash identifier:          eCeVt8e/9jCpwwszNxQjJjsbb8ciOYhEzxCEfvQbAY8=
Subject key identifier:   18:43:3D:FA:89:65:A9:F2:E3:42:7E:C0:78:A1:76:E2:54:30:29:7A
Certificate issuer:       /CN=dc11daefaff81c7e501278d87d9bc2b204d71155
Certificate serial:       01975BF64EB09966A9FE6A4FFE5AE89DB228
Authority key identifier: DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/GEM9-ollqfLjQn7AeKF24lQwKXo.roa
Signing time:             Tue 10 Jun 2025 22:29:18 +0000
ROA not before:           Tue 10 Jun 2025 22:29:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208485
IP address blocks:        94.154.41.0/24 maxlen: 24
                          94.154.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5b:f6:4e:b0:99:66:a9:fe:6a:4f:fe:5a:e8:9d:b2:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc11daefaff81c7e501278d87d9bc2b204d71155
        Validity
            Not Before: Jun 10 22:29:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18433dfa8965a9f2e3427ec078a176e25430297a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:fb:68:c6:10:03:46:d0:5f:47:7c:d1:e0:bb:
                    44:15:b4:31:66:ca:e6:51:64:10:85:e6:ef:6e:b8:
                    32:9d:9c:55:c9:39:a8:71:8d:e5:8a:80:5c:2b:75:
                    74:d6:1d:48:c5:78:a6:2f:7a:6d:42:21:fe:62:78:
                    78:d9:24:7a:15:d7:f8:c1:57:e4:3a:4a:55:38:59:
                    96:01:5f:7c:01:6d:ff:b2:a4:c5:5f:64:39:43:26:
                    dd:11:ef:f8:29:38:de:7b:fc:5f:87:18:11:38:d9:
                    d4:47:e1:81:9e:53:ae:72:d2:00:7c:84:9c:ad:18:
                    68:7e:4d:1f:fa:e2:b1:72:a1:41:5c:82:7c:7e:57:
                    bf:06:3f:19:e9:6d:84:f3:1b:59:bc:ef:14:fa:3e:
                    0d:26:ec:31:f6:63:f5:33:a4:61:92:83:8c:5b:af:
                    12:0d:59:55:2b:6e:03:31:2d:db:07:3d:64:0b:8c:
                    91:8d:33:90:b0:a9:01:e3:97:7d:fe:90:3d:f1:e7:
                    6d:a3:b0:84:a0:42:39:33:74:15:f7:0e:88:07:bc:
                    2e:75:c4:85:ed:ad:5d:1e:39:68:ea:c5:bd:b4:45:
                    7b:06:d5:62:de:cf:a0:cc:62:12:42:bc:52:ca:6f:
                    79:53:5b:a7:4b:b4:6a:ce:82:10:10:a9:e7:20:db:
                    b9:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:43:3D:FA:89:65:A9:F2:E3:42:7E:C0:78:A1:76:E2:54:30:29:7A
            X509v3 Authority Key Identifier:
                keyid:DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/GEM9-ollqfLjQn7AeKF24lQwKXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.41.0/24
                  94.154.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:cc:46:ba:4a:1a:73:d6:ec:41:99:36:de:b1:e0:b4:ed:eb:
         04:6a:36:c5:3f:e0:b7:d1:e1:09:35:f7:94:54:18:55:a9:11:
         2b:25:76:43:d3:50:84:d1:ae:3e:df:e7:da:9b:1a:02:4c:80:
         2e:11:ab:8c:a7:b7:94:8d:07:7b:2d:3f:69:eb:b9:c7:0d:0a:
         47:ea:fc:cd:12:a4:3c:12:36:89:13:0c:22:e0:f8:2a:9c:c3:
         b9:59:c7:11:3e:61:f6:26:50:c6:77:21:78:07:60:6f:82:fd:
         84:14:1d:dd:24:c6:cb:59:30:55:70:09:e5:4d:22:d0:af:aa:
         a1:ed:c4:fa:af:7f:a7:bf:99:81:0d:16:15:af:d0:d9:72:28:
         7c:d1:d5:6d:ab:fb:ab:62:3c:45:23:c5:88:8c:38:e2:36:59:
         d3:28:20:02:7b:1c:be:d2:64:14:5b:cf:e1:2c:f7:bd:20:0b:
         4a:08:35:20:56:ba:24:99:ba:75:6c:7d:7a:08:73:91:ac:53:
         2c:9e:a3:ec:45:a5:20:57:82:de:eb:58:58:13:19:1c:73:ad:
         ce:df:75:92:7a:42:c6:35:58:05:22:8d:f5:46:87:cc:52:f9:
         1e:fe:2a:ab:68:c7:8a:3d:96:5e:f0:8f:ce:53:cb:91:64:78:
         97:62:86:f5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdb9k6wmWap/mpP/lronbIoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMTFkYWVmYWZmODFjN2U1MDEyNzhkODdkOWJjMmIyMDRk
NzExNTUwHhcNMjUwNjEwMjIyOTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODQzM2RmYTg5NjVhOWYyZTM0MjdlYzA3OGExNzZlMjU0MzAyOTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPtoxhADRtBfR3zR4LtEFbQxZsrm
UWQQhebvbrgynZxVyTmocY3lioBcK3V01h1IxXimL3ptQiH+Ynh42SR6Fdf4wVfk
OkpVOFmWAV98AW3/sqTFX2Q5QybdEe/4KTjee/xfhxgRONnUR+GBnlOuctIAfISc
rRhofk0f+uKxcqFBXIJ8fle/Bj8Z6W2E8xtZvO8U+j4NJuwx9mP1M6RhkoOMW68S
DVlVK24DMS3bBz1kC4yRjTOQsKkB45d9/pA98edto7CEoEI5M3QV9w6IB7wudcSF
7a1dHjlo6sW9tEV7BtVi3s+gzGISQrxSym95U1unS7RqzoIQEKnnINu5rQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBhDPfqJZany40J+wHihduJUMCl6MB8GA1UdIwQY
MBaAFNwR2u+v+Bx+UBJ42H2bwrIE1xFVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYt
NjUyNDljYmM1NzNjLzEvR0VNOS1vbGxxZkxqUW43QWVLRjI0bFF3S1hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYtNjUyNDljYmM1NzNj
LzEvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXpopAwQA
XporMA0GCSqGSIb3DQEBCwUAA4IBAQCQzEa6Shpz1uxBmTbeseC07esEajbFP+C3
0eEJNfeUVBhVqRErJXZD01CE0a4+3+famxoCTIAuEauMp7eUjQd7LT9p67nHDQpH
6vzNEqQ8EjaJEwwi4PgqnMO5WccRPmH2JlDGdyF4B2Bvgv2EFB3dJMbLWTBVcAnl
TSLQr6qh7cT6r3+nv5mBDRYVr9DZcih80dVtq/urYjxFI8WIjDjiNlnTKCACexy+
0mQUW8/hLPe9IAtKCDUgVrokmbp1bH16CHORrFMsnqPsRaUgV4Le61hYExkcc63O
33WSekLGNVgFIo31RofMUvke/iqraMeKPZZe8I/OU8uRZHiXYob1
-----END CERTIFICATE-----