Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/GWA057Fl3Vj4Hp3Q2eKWxZU4BX0.roa
File:                     GWA057Fl3Vj4Hp3Q2eKWxZU4BX0.roa (raw, json)
Hash identifier:          aE++GuM81pphIcnHf5xlZMaeRAP44i0xkXAL+G4tR1E=
Subject key identifier:   19:60:34:E7:B1:65:DD:58:F8:1E:9D:D0:D9:E2:96:C5:95:38:05:7D
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       01963E97B02228F52D36EEC3C153773A115B
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/GWA057Fl3Vj4Hp3Q2eKWxZU4BX0.roa
Signing time:             Wed 16 Apr 2025 12:34:10 +0000
ROA not before:           Wed 16 Apr 2025 12:34:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212164
IP address blocks:        92.118.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3e:97:b0:22:28:f5:2d:36:ee:c3:c1:53:77:3a:11:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Apr 16 12:34:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=196034e7b165dd58f81e9dd0d9e296c59538057d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:f9:48:16:13:8d:74:ce:cd:e8:26:d5:52:0f:
                    0c:71:49:b9:ee:ae:92:49:13:00:c6:3e:28:47:83:
                    c1:db:40:5c:bc:60:75:67:cc:42:ac:19:12:66:cc:
                    7d:5c:92:08:fd:f3:fc:00:b9:be:d8:80:69:89:b0:
                    71:12:70:42:17:f8:ad:b7:f8:ab:9d:88:73:0d:7c:
                    87:00:74:a4:30:59:e8:91:e3:0b:86:af:04:04:09:
                    33:df:49:5f:30:ce:24:ee:58:ef:83:f8:93:8d:43:
                    92:97:bd:cb:a9:b6:02:ee:38:2d:f0:ef:e8:12:9a:
                    c5:34:be:cd:25:df:35:ce:9a:36:e1:6e:86:b5:66:
                    89:05:1d:a1:68:e6:9b:b9:ce:28:f7:f4:66:50:88:
                    dd:cc:d1:79:64:0c:8e:95:ba:4e:89:a8:31:39:91:
                    26:93:c7:3b:29:53:4a:ef:e9:a9:7a:9c:8a:a1:29:
                    f2:3f:72:ea:d0:f8:9f:d6:5d:6c:9f:8a:82:34:85:
                    d1:90:07:7d:00:eb:80:4c:0c:9b:41:2c:d9:4c:49:
                    a6:2b:03:aa:71:1c:db:fd:c1:29:32:63:4e:4e:be:
                    71:d0:91:19:a0:d6:07:4e:ef:8d:ba:4b:3f:91:5a:
                    fb:12:70:a0:75:01:00:08:c0:8e:26:ca:d3:a1:0f:
                    68:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:60:34:E7:B1:65:DD:58:F8:1E:9D:D0:D9:E2:96:C5:95:38:05:7D
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/GWA057Fl3Vj4Hp3Q2eKWxZU4BX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.118.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:f7:b7:d5:7c:bf:b7:cd:89:33:32:2e:a8:bf:d4:03:f3:e8:
         6e:1d:31:17:77:7d:2d:d9:cf:47:1a:af:d3:f9:cb:8c:51:b8:
         db:d7:dc:bb:06:2d:37:d5:19:d4:de:c5:ff:b3:7f:c9:3f:54:
         57:55:4a:70:e3:51:f9:e4:b0:11:a7:3e:87:39:92:98:f6:bc:
         13:86:35:c7:c1:58:e1:7b:70:94:dd:d1:09:52:5a:a8:42:ec:
         48:e3:c3:50:9a:eb:4c:95:5d:c8:da:d2:56:f3:93:82:cc:ff:
         56:7f:0a:e2:ea:61:fc:a7:c5:68:fb:1e:da:12:44:a7:13:18:
         ab:bc:d0:d5:7e:60:b2:39:43:d3:4e:56:6f:91:f2:fe:5f:99:
         19:0c:e9:75:e2:11:dd:a2:f8:71:d6:ba:f5:44:b0:c3:71:83:
         43:e1:d8:22:aa:1c:ab:01:19:38:60:9e:49:0d:0f:df:35:6b:
         35:bc:8d:cf:e6:bf:1c:88:34:ab:18:98:14:47:bb:d3:66:2a:
         bc:c6:5d:49:d2:75:98:57:43:8e:2b:1a:d2:72:7f:97:10:16:
         eb:da:77:12:20:a7:3b:8c:99:2c:7e:7a:3b:60:45:e6:c8:a5:
         fd:38:95:c8:1f:f0:a4:8b:5d:7b:f0:e3:73:85:58:5f:9f:f7:
         bc:9d:f5:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY+l7AiKPUtNu7DwVN3OhFbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjUwNDE2MTIzNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTYwMzRlN2IxNjVkZDU4ZjgxZTlkZDBkOWUyOTZjNTk1MzgwNTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPlIFhONdM7N6CbVUg8McUm57q6S
SRMAxj4oR4PB20BcvGB1Z8xCrBkSZsx9XJII/fP8ALm+2IBpibBxEnBCF/itt/ir
nYhzDXyHAHSkMFnokeMLhq8EBAkz30lfMM4k7ljvg/iTjUOSl73LqbYC7jgt8O/o
EprFNL7NJd81zpo24W6GtWaJBR2haOabuc4o9/RmUIjdzNF5ZAyOlbpOiagxOZEm
k8c7KVNK7+mpepyKoSnyP3Lq0Pif1l1sn4qCNIXRkAd9AOuATAybQSzZTEmmKwOq
cRzb/cEpMmNOTr5x0JEZoNYHTu+Nuks/kVr7EnCgdQEACMCOJsrToQ9o0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBlgNOexZd1Y+B6d0NnilsWVOAV9MB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvR1dBMDU3RmwzVmo0SHAzUTJlS1d4WlU0QlgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHa9MA0G
CSqGSIb3DQEBCwUAA4IBAQBf97fVfL+3zYkzMi6ov9QD8+huHTEXd30t2c9HGq/T
+cuMUbjb19y7Bi031RnU3sX/s3/JP1RXVUpw41H55LARpz6HOZKY9rwThjXHwVjh
e3CU3dEJUlqoQuxI48NQmutMlV3I2tJW85OCzP9Wfwri6mH8p8Vo+x7aEkSnExir
vNDVfmCyOUPTTlZvkfL+X5kZDOl14hHdovhx1rr1RLDDcYND4dgiqhyrARk4YJ5J
DQ/fNWs1vI3P5r8ciDSrGJgUR7vTZiq8xl1J0nWYV0OOKxrScn+XEBbr2ncSIKc7
jJksfno7YEXmyKX9OJXIH/Cki1178ONzhVhfn/e8nfVU
-----END CERTIFICATE-----