Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gkIKPjegr_5yT7LdnwIuMfI7byo.roa
File:                     gkIKPjegr_5yT7LdnwIuMfI7byo.roa (raw, json)
Hash identifier:          rq8kxy5T/XmbXbu3y8nIZBBTqjSsocsSr6JNhsqVHcY=
Subject key identifier:   82:42:0A:3E:37:A0:AF:FE:72:4F:B2:DD:9F:02:2E:31:F2:3B:6F:2A
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0196A50465FB5121DE83474A47A0872ED494
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gkIKPjegr_5yT7LdnwIuMfI7byo.roa
Signing time:             Tue 06 May 2025 09:54:10 +0000
ROA not before:           Tue 06 May 2025 09:54:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        213.218.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a5:04:65:fb:51:21:de:83:47:4a:47:a0:87:2e:d4:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  6 09:54:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82420a3e37a0affe724fb2dd9f022e31f23b6f2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d4:b5:55:d3:37:0e:04:aa:e5:67:08:e6:95:
                    cb:8b:c4:27:62:ca:4b:af:45:a0:ca:cf:40:63:7c:
                    c3:80:14:3a:f9:a3:33:9a:c2:77:2f:4e:db:b9:9b:
                    5c:b2:54:e9:52:32:aa:ac:d2:ac:03:c8:aa:60:00:
                    6b:be:4c:52:17:a1:bd:e8:65:cd:48:96:6b:47:ed:
                    ce:07:62:5e:46:b4:2e:3f:ff:6d:47:e9:de:27:96:
                    ef:a2:55:6e:84:42:e3:20:4c:0a:1f:f5:08:3e:ef:
                    83:b4:69:8b:d0:68:06:97:ad:93:cf:88:99:e0:e3:
                    18:d6:68:3b:28:46:65:83:e8:12:d2:9b:f2:49:d5:
                    74:d4:f2:e8:f5:ed:cb:90:5e:eb:d4:0d:55:d2:9b:
                    6f:22:9c:01:49:fe:48:fa:50:d4:95:ad:a5:b9:fd:
                    42:6f:09:91:e1:36:8f:ea:60:30:3c:de:5d:d7:e8:
                    fb:69:3b:2e:51:7d:f2:14:4e:01:0a:4e:c9:54:54:
                    01:4d:b9:ca:4a:da:00:6d:6a:e6:9f:da:52:d9:93:
                    c5:2e:d6:c0:04:ae:7f:0e:52:71:cb:6f:08:30:76:
                    af:af:a1:b3:67:05:91:67:01:bf:88:d4:54:46:05:
                    dc:48:f4:3e:5d:0e:71:be:06:e7:b0:b2:19:80:10:
                    f6:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:42:0A:3E:37:A0:AF:FE:72:4F:B2:DD:9F:02:2E:31:F2:3B:6F:2A
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gkIKPjegr_5yT7LdnwIuMfI7byo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.218.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:85:1a:de:d8:a5:d1:22:4c:f7:d1:b4:0b:e2:0f:cf:17:2b:
         2b:ef:c4:a4:de:0b:54:2f:ec:6e:f3:3c:2f:bc:8c:af:13:6e:
         a2:7d:25:14:91:87:bd:15:71:a4:ca:48:04:76:51:f2:10:c9:
         7c:b3:72:92:ff:d5:74:d1:4a:71:a9:14:a4:14:a9:ae:ca:fa:
         8e:bf:8a:67:57:4d:0a:a7:a0:44:6d:f8:25:b0:4c:08:35:96:
         6c:78:f4:3a:4b:96:f0:58:23:c5:06:af:ca:f0:aa:4f:61:4b:
         36:a5:45:d5:da:61:52:8d:47:00:9d:46:d6:a8:fb:40:ee:31:
         61:36:3d:68:50:b3:db:ed:b6:b9:d6:1c:5f:3e:78:4c:f0:88:
         a6:ec:02:53:ae:c6:3b:55:62:3c:8b:6c:e5:d5:ed:df:1f:9f:
         ec:e9:19:b2:90:e4:29:bc:3e:44:0b:8e:71:76:0c:a1:c4:cf:
         eb:7d:ad:a3:c5:43:1b:4f:04:b0:22:a0:41:d8:5e:dc:9b:65:
         99:88:6e:d0:13:a9:58:d8:22:16:b4:05:cc:b4:95:6e:9f:58:
         6d:3d:29:41:55:7c:9c:49:f3:b3:71:dc:61:d8:9e:0e:dc:a6:
         72:d3:9c:d5:ec:12:b2:ee:d3:28:ca:63:af:e1:39:69:c3:b7:
         fd:e4:a6:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZalBGX7USHeg0dKR6CHLtSUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNTA2MDk1NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjQyMGEzZTM3YTBhZmZlNzI0ZmIyZGQ5ZjAyMmUzMWYyM2I2ZjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutS1VdM3DgSq5WcI5pXLi8QnYspL
r0Wgys9AY3zDgBQ6+aMzmsJ3L07buZtcslTpUjKqrNKsA8iqYABrvkxSF6G96GXN
SJZrR+3OB2JeRrQuP/9tR+neJ5bvolVuhELjIEwKH/UIPu+DtGmL0GgGl62Tz4iZ
4OMY1mg7KEZlg+gS0pvySdV01PLo9e3LkF7r1A1V0ptvIpwBSf5I+lDUla2luf1C
bwmR4TaP6mAwPN5d1+j7aTsuUX3yFE4BCk7JVFQBTbnKStoAbWrmn9pS2ZPFLtbA
BK5/DlJxy28IMHavr6GzZwWRZwG/iNRURgXcSPQ+XQ5xvgbnsLIZgBD22QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIJCCj43oK/+ck+y3Z8CLjHyO28qMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZ2tJS1BqZWdyXzV5VDdMZG53SXVNZkk3YnlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1drXMA0G
CSqGSIb3DQEBCwUAA4IBAQBshRre2KXRIkz30bQL4g/PFysr78Sk3gtUL+xu8zwv
vIyvE26ifSUUkYe9FXGkykgEdlHyEMl8s3KS/9V00UpxqRSkFKmuyvqOv4pnV00K
p6BEbfglsEwINZZsePQ6S5bwWCPFBq/K8KpPYUs2pUXV2mFSjUcAnUbWqPtA7jFh
Nj1oULPb7ba51hxfPnhM8Iim7AJTrsY7VWI8i2zl1e3fH5/s6RmykOQpvD5EC45x
dgyhxM/rfa2jxUMbTwSwIqBB2F7cm2WZiG7QE6lY2CIWtAXMtJVun1htPSlBVXyc
SfOzcdxh2J4O3KZy05zV7BKy7tMoymOv4Tlpw7f95Ka6
-----END CERTIFICATE-----