Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/GcB06A0joSaNqm1qjn8cqCLYdMs.roa
File:                     GcB06A0joSaNqm1qjn8cqCLYdMs.roa (raw, json)
Hash identifier:          SOrq0ErpDn8P+KeZvvit9W/GaDxPmKvV9O+Jo+aosIk=
Subject key identifier:   19:C0:74:E8:0D:23:A1:26:8D:AA:6D:6A:8E:7F:1C:A8:22:D8:74:CB
Certificate issuer:       /CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
Certificate serial:       0196519C764DAA391AD2DB86B5C5EF81957C
Authority key identifier: A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/GcB06A0joSaNqm1qjn8cqCLYdMs.roa
Signing time:             Sun 20 Apr 2025 05:12:10 +0000
ROA not before:           Sun 20 Apr 2025 05:12:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        46.236.192.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:51:9c:76:4d:aa:39:1a:d2:db:86:b5:c5:ef:81:95:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
        Validity
            Not Before: Apr 20 05:12:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19c074e80d23a1268daa6d6a8e7f1ca822d874cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:10:c9:43:3a:50:04:2e:08:75:80:2f:8b:79:
                    a1:09:11:df:64:eb:6f:bc:a2:11:94:f9:74:ce:80:
                    be:25:69:c0:ad:93:9e:7b:92:69:ac:56:5e:f0:c3:
                    01:48:14:d8:33:4b:45:de:c2:23:b0:9d:43:e2:f7:
                    c8:65:f1:ac:98:4c:8d:2d:95:00:a1:e1:4c:70:7f:
                    6b:29:f2:5f:eb:18:88:bc:ce:3d:4e:47:c6:84:17:
                    8e:dc:bf:b0:61:3f:15:9f:ac:58:89:e9:6a:53:84:
                    6f:b3:7a:e1:c2:46:e1:fc:bc:5c:2c:80:9d:28:31:
                    04:ac:f1:1e:bd:7e:6e:12:ff:f2:87:5d:60:22:0a:
                    07:76:1a:9e:fe:3b:8a:e5:d1:a5:5c:90:91:a2:0a:
                    af:c4:c5:5b:c0:13:cd:2c:3e:a4:b6:cb:1a:dd:31:
                    6e:b7:16:21:b0:a2:ab:53:f2:77:e6:3a:25:df:99:
                    dd:04:7c:9f:9c:51:90:26:d6:9f:62:e4:a7:15:70:
                    56:3e:6c:9c:78:1b:a7:61:35:b3:05:8e:8e:c5:c2:
                    2c:04:0e:79:49:1d:1d:71:34:37:79:0c:c6:1e:ff:
                    ab:aa:d3:82:f4:74:fa:f8:a1:a3:3f:fd:ee:15:0d:
                    c2:fd:99:4f:ea:84:57:6d:c6:39:0a:3c:eb:06:aa:
                    ec:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:C0:74:E8:0D:23:A1:26:8D:AA:6D:6A:8E:7F:1C:A8:22:D8:74:CB
            X509v3 Authority Key Identifier:
                keyid:A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/GcB06A0joSaNqm1qjn8cqCLYdMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:19:d5:bb:da:d2:47:ab:e4:87:31:d6:50:8a:f1:ed:70:ea:
         54:c4:ed:58:49:b7:b7:89:32:fc:d8:c2:b5:c1:4f:48:53:65:
         41:7d:64:dd:7e:c9:4d:df:4a:36:ef:6d:6b:41:a5:a5:e2:a0:
         46:d5:e9:bf:00:ad:c2:ab:eb:19:91:60:fa:2c:15:d6:4b:00:
         df:48:bd:51:32:39:4b:eb:9c:b3:85:49:ad:28:e0:77:c8:02:
         18:95:a5:a0:4c:c2:67:df:bc:8d:47:fc:82:14:bd:a1:8b:ef:
         ac:99:40:ba:ae:c4:9d:ea:c3:95:83:bc:9e:db:7c:7d:ee:8f:
         80:d9:63:3b:90:9f:b7:af:69:38:85:96:87:d0:91:d2:cf:60:
         43:54:40:6f:bf:f0:f2:a9:27:89:34:43:18:93:64:e7:c7:f6:
         c5:8e:37:55:cc:e5:fc:28:35:19:8a:5a:3e:b2:d0:83:e9:e0:
         43:fc:37:ba:69:0e:1c:e0:96:0e:f0:c1:5b:e5:51:b1:40:ea:
         01:80:af:df:6e:de:ab:08:a0:24:22:49:bf:82:19:e5:96:fa:
         50:17:85:8e:0f:36:30:b9:4a:5a:d8:00:a4:fc:c8:57:c5:3d:
         5b:47:e3:cc:07:e0:13:c6:dd:32:a8:69:ba:bf:ca:1d:af:95:
         6a:db:b1:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZRnHZNqjka0tuGtcXvgZV8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjEyZThkZjNhYmQ1NTU5ZjljZjk2ODBhZjY1ZGQxNjU4
OWRlODYwHhcNMjUwNDIwMDUxMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWMwNzRlODBkMjNhMTI2OGRhYTZkNmE4ZTdmMWNhODIyZDg3NGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7BDJQzpQBC4IdYAvi3mhCRHfZOtv
vKIRlPl0zoC+JWnArZOee5JprFZe8MMBSBTYM0tF3sIjsJ1D4vfIZfGsmEyNLZUA
oeFMcH9rKfJf6xiIvM49TkfGhBeO3L+wYT8Vn6xYielqU4Rvs3rhwkbh/LxcLICd
KDEErPEevX5uEv/yh11gIgoHdhqe/juK5dGlXJCRogqvxMVbwBPNLD6ktssa3TFu
txYhsKKrU/J35jol35ndBHyfnFGQJtafYuSnFXBWPmyceBunYTWzBY6OxcIsBA55
SR0dcTQ3eQzGHv+rqtOC9HT6+KGjP/3uFQ3C/ZlP6oRXbcY5CjzrBqrs8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBnAdOgNI6Emjaptao5/HKgi2HTLMB8GA1UdIwQY
MBaAFKKxLo3zq9VVn5z5aAr2XdFlid6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEt
YjRjYjYzN2RhOGMzLzEvR2NCMDZBMGpvU2FOcW0xcWpuOGNxQ0xZZE1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEtYjRjYjYzN2RhOGMz
LzEvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLuzAMA0G
CSqGSIb3DQEBCwUAA4IBAQA5GdW72tJHq+SHMdZQivHtcOpUxO1YSbe3iTL82MK1
wU9IU2VBfWTdfslN30o2721rQaWl4qBG1em/AK3Cq+sZkWD6LBXWSwDfSL1RMjlL
65yzhUmtKOB3yAIYlaWgTMJn37yNR/yCFL2hi++smUC6rsSd6sOVg7ye23x97o+A
2WM7kJ+3r2k4hZaH0JHSz2BDVEBvv/DyqSeJNEMYk2Tnx/bFjjdVzOX8KDUZilo+
stCD6eBD/De6aQ4c4JYO8MFb5VGxQOoBgK/fbt6rCKAkIkm/ghnllvpQF4WODzYw
uUpa2ACk/MhXxT1bR+PMB+ATxt0yqGm6v8odr5Vq27HC
-----END CERTIFICATE-----