Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/14b933-7e34-4a87-b215-8caad3e31adc/1/GnRBgfOJgqgbCKfVmItzXv5DJ54.roa
File:                     GnRBgfOJgqgbCKfVmItzXv5DJ54.roa (raw, json)
Hash identifier:          MiCCH7uvupnb1UHdVT5mWDwROiRyBunRSB+jjWhogas=
Subject key identifier:   1A:74:41:81:F3:89:82:A8:1B:08:A7:D5:98:8B:73:5E:FE:43:27:9E
Certificate issuer:       /CN=cd3dbd5fc6f91b807b7bc4cf6e646e345862af3e
Certificate serial:       01972196B7CE892BF274290B00B275402CCF
Authority key identifier: CD:3D:BD:5F:C6:F9:1B:80:7B:7B:C4:CF:6E:64:6E:34:58:62:AF:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zT29X8b5G4B7e8TPbmRuNFhirz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/14b933-7e34-4a87-b215-8caad3e31adc/1/GnRBgfOJgqgbCKfVmItzXv5DJ54.roa
Signing time:             Fri 30 May 2025 14:26:54 +0000
ROA not before:           Fri 30 May 2025 14:26:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211621
IP address blocks:        195.96.143.0/24 maxlen: 24
                          213.232.234.0/24 maxlen: 24
                          2a12:e800::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/14b933-7e34-4a87-b215-8caad3e31adc/1/zT29X8b5G4B7e8TPbmRuNFhirz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/14b933-7e34-4a87-b215-8caad3e31adc/1/zT29X8b5G4B7e8TPbmRuNFhirz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zT29X8b5G4B7e8TPbmRuNFhirz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:21:96:b7:ce:89:2b:f2:74:29:0b:00:b2:75:40:2c:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd3dbd5fc6f91b807b7bc4cf6e646e345862af3e
        Validity
            Not Before: May 30 14:26:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a744181f38982a81b08a7d5988b735efe43279e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d3:dd:57:b8:9c:8d:10:f8:c0:dd:6d:1c:15:
                    b6:29:53:52:0e:33:6a:59:60:52:1d:f0:ad:ec:dc:
                    8b:8c:a2:18:dc:71:92:13:62:ee:74:43:3a:ff:01:
                    64:41:ba:48:8d:1b:45:3c:28:c8:18:62:22:55:4e:
                    36:ab:b7:09:30:03:1f:f4:b1:52:c0:c6:76:30:7b:
                    51:06:05:96:ac:e6:40:71:da:9a:1b:3f:8c:62:35:
                    f8:da:7c:96:48:d5:f1:30:b4:80:bb:f9:19:26:73:
                    8c:b4:12:6c:20:fb:c3:bd:ce:2c:e3:f0:aa:d9:b4:
                    e4:5c:e7:68:9d:84:7a:3f:97:69:47:be:b6:91:0c:
                    e8:b9:a4:f7:b0:87:f3:ab:8e:6c:48:9b:3e:93:da:
                    e4:ff:c7:eb:94:c6:cd:c0:0d:db:28:fe:8e:55:69:
                    ba:c1:e8:cb:d0:df:80:c4:5d:76:45:21:c4:e2:19:
                    a7:d9:da:78:47:d4:da:c8:7d:ef:0b:52:52:71:bf:
                    74:e7:b2:67:c1:d3:44:97:63:95:fc:39:c1:f3:4d:
                    12:99:5f:37:5c:f8:0d:c7:a6:72:c4:42:61:7a:16:
                    98:e4:7c:3c:0f:5b:c7:94:49:21:9c:6b:57:42:a9:
                    0f:25:b9:74:86:f0:c8:68:75:b1:9d:6f:11:f1:f3:
                    39:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:74:41:81:F3:89:82:A8:1B:08:A7:D5:98:8B:73:5E:FE:43:27:9E
            X509v3 Authority Key Identifier:
                keyid:CD:3D:BD:5F:C6:F9:1B:80:7B:7B:C4:CF:6E:64:6E:34:58:62:AF:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zT29X8b5G4B7e8TPbmRuNFhirz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/14b933-7e34-4a87-b215-8caad3e31adc/1/GnRBgfOJgqgbCKfVmItzXv5DJ54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/14b933-7e34-4a87-b215-8caad3e31adc/1/zT29X8b5G4B7e8TPbmRuNFhirz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.96.143.0/24
                  213.232.234.0/24
                IPv6:
                  2a12:e800::/29

    Signature Algorithm: sha256WithRSAEncryption
         15:bb:e6:9f:9a:3d:45:f6:17:20:99:f1:ab:b4:df:f2:4c:e7:
         12:8a:14:15:b1:18:34:e9:90:ac:48:59:d9:32:3b:49:cb:21:
         8a:69:76:0f:e0:4e:f7:4f:df:e9:7f:ee:78:f6:da:48:5c:78:
         3b:3c:aa:44:17:bb:d7:39:28:51:f3:5d:ae:40:ce:b6:ae:53:
         03:f5:ba:c3:79:07:ce:c7:7e:e2:43:70:d3:4d:5e:f4:2d:aa:
         f1:f1:34:e0:4f:cc:c1:87:c1:3d:77:51:4d:96:b6:0d:56:70:
         65:91:f8:e7:bc:95:70:67:2a:f2:98:50:c6:ea:ac:17:11:0d:
         f6:cb:39:61:2d:fa:15:8b:1f:fa:05:89:f8:42:6c:7d:5e:04:
         1d:22:3b:50:40:85:e4:ea:26:20:d1:ee:1e:23:9c:9c:29:6d:
         68:9a:1d:e7:32:30:86:91:23:22:86:88:76:1a:05:54:8d:50:
         e9:c0:e2:5a:24:06:5a:83:85:24:c4:79:30:8d:ab:2c:1e:1e:
         21:4f:af:b4:71:d3:f9:60:a5:b5:48:74:ac:a9:b3:42:b3:89:
         86:61:49:e8:c1:42:c6:30:11:6c:5b:7e:1f:a3:81:d3:42:53:
         ea:d6:7e:91:15:52:b1:7a:ca:42:5b:d8:26:04:1c:f4:31:74:
         eb:a6:8b:9c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZchlrfOiSvydCkLALJ1QCzPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkM2RiZDVmYzZmOTFiODA3YjdiYzRjZjZlNjQ2ZTM0NTg2
MmFmM2UwHhcNMjUwNTMwMTQyNjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTc0NDE4MWYzODk4MmE4MWIwOGE3ZDU5ODhiNzM1ZWZlNDMyNzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNPdV7icjRD4wN1tHBW2KVNSDjNq
WWBSHfCt7NyLjKIY3HGSE2LudEM6/wFkQbpIjRtFPCjIGGIiVU42q7cJMAMf9LFS
wMZ2MHtRBgWWrOZAcdqaGz+MYjX42nyWSNXxMLSAu/kZJnOMtBJsIPvDvc4s4/Cq
2bTkXOdonYR6P5dpR762kQzouaT3sIfzq45sSJs+k9rk/8frlMbNwA3bKP6OVWm6
wejL0N+AxF12RSHE4hmn2dp4R9TayH3vC1JScb9057JnwdNEl2OV/DnB800SmV83
XPgNx6ZyxEJhehaY5Hw8D1vHlEkhnGtXQqkPJbl0hvDIaHWxnW8R8fM5cQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBp0QYHziYKoGwin1ZiLc17+QyeeMB8GA1UdIwQY
MBaAFM09vV/G+RuAe3vEz25kbjRYYq8+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelQyOVg4YjVHNEI3ZThUUGJtUnVORmhpcno0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy8xNGI5MzMtN2UzNC00YTg3LWIyMTUt
OGNhYWQzZTMxYWRjLzEvR25SQmdmT0pncWdiQ0tmVm1JdHpYdjVESjU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy8xNGI5MzMtN2UzNC00YTg3LWIyMTUtOGNhYWQzZTMxYWRj
LzEvelQyOVg4YjVHNEI3ZThUUGJtUnVORmhpcno0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAw2CPAwQA
1ejqMA0EAgACMAcDBQMqEugAMA0GCSqGSIb3DQEBCwUAA4IBAQAVu+afmj1F9hcg
mfGrtN/yTOcSihQVsRg06ZCsSFnZMjtJyyGKaXYP4E73T9/pf+549tpIXHg7PKpE
F7vXOShR812uQM62rlMD9brDeQfOx37iQ3DTTV70Larx8TTgT8zBh8E9d1FNlrYN
VnBlkfjnvJVwZyrymFDG6qwXEQ32yzlhLfoVix/6BYn4Qmx9XgQdIjtQQIXk6iYg
0e4eI5ycKW1omh3nMjCGkSMihoh2GgVUjVDpwOJaJAZag4UkxHkwjassHh4hT6+0
cdP5YKW1SHSsqbNCs4mGYUnowULGMBFsW34fo4HTQlPq1n6RFVKxespCW9gmBBz0
MXTrpouc
-----END CERTIFICATE-----