Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/GnNxFRmXtJmGHcNtIjqbGbs804Y.roa
File:                     GnNxFRmXtJmGHcNtIjqbGbs804Y.roa (raw, json)
Hash identifier:          40Ay+0Ha2sFFWiBWxJOyJOT+4GVRKcOq/jfGYbPxEms=
Subject key identifier:   1A:73:71:15:19:97:B4:99:86:1D:C3:6D:22:3A:9B:19:BB:3C:D3:86
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       01978E19C7B5F504D67D1D7B4AB116A8AE85
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/GnNxFRmXtJmGHcNtIjqbGbs804Y.roa
Signing time:             Fri 20 Jun 2025 16:09:03 +0000
ROA not before:           Fri 20 Jun 2025 16:09:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        5.183.207.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 07:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:8e:19:c7:b5:f5:04:d6:7d:1d:7b:4a:b1:16:a8:ae:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jun 20 16:09:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a7371151997b499861dc36d223a9b19bb3cd386
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:a0:00:2c:22:e5:46:56:7c:5c:12:0d:d5:84:
                    4b:52:7e:c8:bc:b3:5a:31:c6:07:f7:ec:3f:46:a8:
                    65:14:cf:89:30:e8:74:62:90:84:e4:07:5a:30:8e:
                    1e:6c:82:58:37:97:cc:05:50:27:4e:14:e2:5b:94:
                    d7:fd:ae:b8:dc:77:fa:09:9a:b4:e7:be:c2:6c:aa:
                    72:0d:ec:86:5c:26:a9:59:eb:1f:ab:fe:be:d3:eb:
                    b0:3e:5c:f4:0d:69:77:b2:32:4c:a8:00:b9:65:08:
                    41:a2:23:0c:21:36:60:e2:4c:02:5b:0b:65:18:de:
                    5b:96:32:04:ed:c0:47:12:12:4c:03:33:c5:0f:93:
                    ed:4e:d3:e7:6e:a3:06:fa:b7:89:3f:25:85:5d:9d:
                    04:b0:b9:f6:ae:33:76:df:fe:a2:42:13:ac:ef:b4:
                    6d:d6:aa:1e:68:b2:99:dd:25:8c:bb:d7:ee:0e:d9:
                    13:e6:e3:cb:20:89:97:34:20:b4:a9:30:d5:a4:67:
                    8d:45:11:0e:60:59:df:ee:90:6e:be:af:a6:8f:ff:
                    3d:ec:54:c1:92:ea:00:1f:54:46:47:fd:3e:95:25:
                    09:6c:21:a9:98:63:55:09:39:18:ca:de:de:e0:87:
                    3a:af:30:0f:c6:78:1b:3d:a9:be:85:df:2b:a7:ac:
                    73:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:73:71:15:19:97:B4:99:86:1D:C3:6D:22:3A:9B:19:BB:3C:D3:86
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/GnNxFRmXtJmGHcNtIjqbGbs804Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:36:bd:80:a4:6b:9d:fc:01:f1:3d:f6:66:7c:ee:ce:89:cf:
         5c:fc:57:a8:20:db:8e:8a:8d:41:ca:00:d4:04:e6:ef:5a:2c:
         e7:e0:53:31:67:e7:6f:b0:19:29:42:33:17:fe:18:a0:f8:f3:
         ba:9e:4a:b6:04:55:a7:3c:9e:5c:ad:da:2c:6d:26:1a:59:a5:
         f0:fe:fe:bf:4c:01:60:37:af:c1:00:e3:d8:c4:68:16:82:e0:
         b7:00:84:5e:2c:a5:6b:1e:60:3f:60:ca:34:e5:2c:a7:ba:6c:
         ef:7f:7e:af:5d:56:c4:e5:16:ea:c4:e8:d5:cf:34:38:60:8a:
         55:9d:61:ee:84:07:87:46:0f:2e:d9:a2:cc:b4:48:67:43:18:
         28:92:b8:47:4b:c2:d1:89:65:22:c8:a4:c1:c6:1e:2a:fd:33:
         8a:4a:fd:40:b5:56:4d:5a:8a:50:86:e2:3b:c9:90:dd:f9:98:
         da:c2:68:b0:bd:3c:c2:70:7e:05:f9:d4:04:63:1c:34:77:74:
         be:92:3d:7d:82:09:cb:39:b9:41:22:27:ac:77:7b:85:5a:ef:
         31:12:56:c1:5a:9d:d4:6f:04:78:a8:e4:9e:02:e9:15:25:e4:
         21:5f:18:47:80:76:fe:82:1a:1b:59:04:89:ec:a5:4a:2a:e1:
         07:a1:59:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeOGce19QTWfR17SrEWqK6FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjUwNjIwMTYwOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTczNzExNTE5OTdiNDk5ODYxZGMzNmQyMjNhOWIxOWJiM2NkMzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KAALCLlRlZ8XBIN1YRLUn7IvLNa
McYH9+w/RqhlFM+JMOh0YpCE5AdaMI4ebIJYN5fMBVAnThTiW5TX/a643Hf6CZq0
577CbKpyDeyGXCapWesfq/6+0+uwPlz0DWl3sjJMqAC5ZQhBoiMMITZg4kwCWwtl
GN5bljIE7cBHEhJMAzPFD5PtTtPnbqMG+reJPyWFXZ0EsLn2rjN23/6iQhOs77Rt
1qoeaLKZ3SWMu9fuDtkT5uPLIImXNCC0qTDVpGeNRREOYFnf7pBuvq+mj/897FTB
kuoAH1RGR/0+lSUJbCGpmGNVCTkYyt7e4Ic6rzAPxngbPam+hd8rp6xzAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBpzcRUZl7SZhh3DbSI6mxm7PNOGMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvR25OeEZSbVh0Sm1HSGNOdElqcWJHYnM4MDRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbfPMA0G
CSqGSIb3DQEBCwUAA4IBAQC7Nr2ApGud/AHxPfZmfO7Oic9c/FeoINuOio1BygDU
BObvWizn4FMxZ+dvsBkpQjMX/hig+PO6nkq2BFWnPJ5crdosbSYaWaXw/v6/TAFg
N6/BAOPYxGgWguC3AIReLKVrHmA/YMo05Synumzvf36vXVbE5RbqxOjVzzQ4YIpV
nWHuhAeHRg8u2aLMtEhnQxgokrhHS8LRiWUiyKTBxh4q/TOKSv1AtVZNWopQhuI7
yZDd+ZjawmiwvTzCcH4F+dQEYxw0d3S+kj19ggnLOblBIiesd3uFWu8xElbBWp3U
bwR4qOSeAukVJeQhXxhHgHb+ghobWQSJ7KVKKuEHoVne
-----END CERTIFICATE-----