Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/b993ef-aaa7-400c-8db7-96d304c8db02/1/gCO1ND9wcaBDHzN0352WZvu2OM8.roa
File:                     gCO1ND9wcaBDHzN0352WZvu2OM8.roa (raw, json)
Hash identifier:          vHCRaVMpRHFUNXZQ8voh/coatK6+6x9ToQmFjeDovrI=
Subject key identifier:   80:23:B5:34:3F:70:71:A0:43:1F:33:74:DF:9D:96:66:FB:B6:38:CF
Certificate issuer:       /CN=b8207697d0b7c24199e6dd1282b49b56cef0244f
Certificate serial:       01968077B347DAAA4ECA699B57D1B6D40EBB
Authority key identifier: B8:20:76:97:D0:B7:C2:41:99:E6:DD:12:82:B4:9B:56:CE:F0:24:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uCB2l9C3wkGZ5t0SgrSbVs7wJE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/b993ef-aaa7-400c-8db7-96d304c8db02/1/gCO1ND9wcaBDHzN0352WZvu2OM8.roa
Signing time:             Tue 29 Apr 2025 07:34:10 +0000
ROA not before:           Tue 29 Apr 2025 07:34:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199669
IP address blocks:        194.38.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/b993ef-aaa7-400c-8db7-96d304c8db02/1/uCB2l9C3wkGZ5t0SgrSbVs7wJE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/b993ef-aaa7-400c-8db7-96d304c8db02/1/uCB2l9C3wkGZ5t0SgrSbVs7wJE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uCB2l9C3wkGZ5t0SgrSbVs7wJE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:80:77:b3:47:da:aa:4e:ca:69:9b:57:d1:b6:d4:0e:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8207697d0b7c24199e6dd1282b49b56cef0244f
        Validity
            Not Before: Apr 29 07:34:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8023b5343f7071a0431f3374df9d9666fbb638cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:e1:5d:26:71:84:ba:50:ef:f3:a6:32:3a:1a:
                    97:46:33:bf:ff:cb:1f:1b:f1:f5:97:84:f9:79:02:
                    54:dc:e1:a0:4f:4d:43:dd:a6:89:95:53:e8:d3:ec:
                    53:30:82:70:63:c7:fa:13:f0:29:21:03:e6:26:12:
                    3a:f8:45:89:44:8d:c0:36:b4:4c:4e:43:a4:aa:c9:
                    0a:66:d1:44:f8:59:2e:24:13:36:c5:f8:8e:c6:78:
                    a3:a0:e3:55:5d:00:f3:14:b6:38:aa:1b:43:0e:fa:
                    b2:f4:6d:40:b4:74:33:39:64:18:65:db:8f:3b:54:
                    9a:00:08:f2:80:7d:4e:55:61:b8:0e:7c:67:3d:49:
                    0b:88:db:a2:4a:05:3e:02:ee:41:fd:d7:0a:59:6b:
                    bf:53:5d:21:46:6e:f4:b0:a3:48:15:fc:33:de:c1:
                    7d:e8:55:2d:6a:b6:81:be:7f:ca:52:97:77:1f:d8:
                    f2:7d:02:72:6f:1a:ed:f9:64:63:66:5a:e8:48:48:
                    21:a0:6d:f7:1a:73:50:5b:75:35:ae:0b:72:f8:05:
                    29:b6:1a:f8:1e:db:09:49:42:1f:6b:53:c2:18:1c:
                    13:80:9b:6b:af:f6:ff:ce:b1:fc:98:c4:7e:3a:a2:
                    26:ea:8d:f1:4b:5c:a5:75:f4:03:c0:7e:e5:01:f2:
                    46:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:23:B5:34:3F:70:71:A0:43:1F:33:74:DF:9D:96:66:FB:B6:38:CF
            X509v3 Authority Key Identifier:
                keyid:B8:20:76:97:D0:B7:C2:41:99:E6:DD:12:82:B4:9B:56:CE:F0:24:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uCB2l9C3wkGZ5t0SgrSbVs7wJE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/b993ef-aaa7-400c-8db7-96d304c8db02/1/gCO1ND9wcaBDHzN0352WZvu2OM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/b993ef-aaa7-400c-8db7-96d304c8db02/1/uCB2l9C3wkGZ5t0SgrSbVs7wJE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.38.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:ba:9d:a0:3c:c0:e2:59:34:07:8b:e1:62:60:5d:81:e8:3e:
         66:d2:34:1d:b8:c7:d5:2a:74:ab:4b:1f:ed:e5:37:0a:d9:92:
         01:82:b7:b3:02:11:7a:2f:cf:71:69:f9:bc:b5:52:e3:47:eb:
         13:a2:65:ee:a0:39:53:bc:14:e1:b9:b6:b3:df:64:60:85:dc:
         ba:a6:c4:54:79:48:e0:b8:b4:61:3a:52:c0:56:10:14:0d:07:
         22:f1:a2:b9:65:90:c5:2a:1e:78:f0:13:9d:63:49:3f:26:7b:
         fc:1e:47:b2:8f:0b:3c:13:d0:4e:8f:67:74:9f:37:b8:c3:e4:
         c1:0b:7f:73:1f:15:e1:be:ba:b7:62:6e:c5:8e:d7:f5:1e:5e:
         86:ca:14:55:53:f5:25:75:1c:75:20:c0:0b:08:a9:9a:6a:21:
         3c:d1:65:dd:ff:4c:c3:a4:d8:57:4b:ae:30:fc:2c:42:2a:a4:
         e2:b9:51:cc:a1:08:ce:40:9c:78:49:52:bc:0a:a4:e4:54:df:
         92:c4:30:18:10:d6:01:f5:d7:c5:d2:1a:f9:17:1a:ba:73:1a:
         bc:f8:71:9b:e5:fe:a4:1e:c6:cb:b9:81:0b:8f:00:cf:78:b6:
         7d:ea:d0:19:04:d0:de:dd:48:c8:63:91:a2:9c:69:eb:4a:98:
         58:80:98:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaAd7NH2qpOymmbV9G21A67MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MjA3Njk3ZDBiN2MyNDE5OWU2ZGQxMjgyYjQ5YjU2Y2Vm
MDI0NGYwHhcNMjUwNDI5MDczNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDIzYjUzNDNmNzA3MWEwNDMxZjMzNzRkZjlkOTY2NmZiYjYzOGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyeFdJnGEulDv86YyOhqXRjO//8sf
G/H1l4T5eQJU3OGgT01D3aaJlVPo0+xTMIJwY8f6E/ApIQPmJhI6+EWJRI3ANrRM
TkOkqskKZtFE+FkuJBM2xfiOxnijoONVXQDzFLY4qhtDDvqy9G1AtHQzOWQYZduP
O1SaAAjygH1OVWG4DnxnPUkLiNuiSgU+Au5B/dcKWWu/U10hRm70sKNIFfwz3sF9
6FUtaraBvn/KUpd3H9jyfQJybxrt+WRjZlroSEghoG33GnNQW3U1rgty+AUpthr4
HtsJSUIfa1PCGBwTgJtrr/b/zrH8mMR+OqIm6o3xS1yldfQDwH7lAfJGnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIAjtTQ/cHGgQx8zdN+dlmb7tjjPMB8GA1UdIwQY
MBaAFLggdpfQt8JBmebdEoK0m1bO8CRPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUNCMmw5QzN3a0daNXQwU2dyU2JWczd3SkU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9iOTkzZWYtYWFhNy00MDBjLThkYjct
OTZkMzA0YzhkYjAyLzEvZ0NPMU5EOXdjYUJESHpOMDM1MldadnUyT004LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9iOTkzZWYtYWFhNy00MDBjLThkYjctOTZkMzA0YzhkYjAy
LzEvdUNCMmw5QzN3a0daNXQwU2dyU2JWczd3SkU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiYLMA0G
CSqGSIb3DQEBCwUAA4IBAQBhup2gPMDiWTQHi+FiYF2B6D5m0jQduMfVKnSrSx/t
5TcK2ZIBgrezAhF6L89xafm8tVLjR+sTomXuoDlTvBThubaz32Rghdy6psRUeUjg
uLRhOlLAVhAUDQci8aK5ZZDFKh548BOdY0k/Jnv8Hkeyjws8E9BOj2d0nze4w+TB
C39zHxXhvrq3Ym7Fjtf1Hl6GyhRVU/UldRx1IMALCKmaaiE80WXd/0zDpNhXS64w
/CxCKqTiuVHMoQjOQJx4SVK8CqTkVN+SxDAYENYB9dfF0hr5Fxq6cxq8+HGb5f6k
HsbLuYELjwDPeLZ96tAZBNDe3UjIY5GinGnrSphYgJhE
-----END CERTIFICATE-----