Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/GMbSDfAevrOxJ5cPxDTION0X5XQ.roa
File:                     GMbSDfAevrOxJ5cPxDTION0X5XQ.roa (raw, json)
Hash identifier:          YHM0CnCUyDsEfug4VKGtOO0gWnY2QxJdtLt6iKPesAE=
Subject key identifier:   18:C6:D2:0D:F0:1E:BE:B3:B1:27:97:0F:C4:34:C8:38:DD:17:E5:74
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019672A4463CF09722BF8E26E22CA92C7553
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/GMbSDfAevrOxJ5cPxDTION0X5XQ.roa
Signing time:             Sat 26 Apr 2025 15:08:10 +0000
ROA not before:           Sat 26 Apr 2025 15:08:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     270824
IP address blocks:        124.198.128.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 05:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:72:a4:46:3c:f0:97:22:bf:8e:26:e2:2c:a9:2c:75:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Apr 26 15:08:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18c6d20df01ebeb3b127970fc434c838dd17e574
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:14:07:ad:74:f8:e2:32:14:93:fe:f5:a5:7a:
                    8e:e5:5e:e1:27:9d:3a:78:3a:cd:f0:9f:e7:f9:6a:
                    04:01:dc:12:4a:29:55:cd:eb:db:28:5d:ed:76:3f:
                    7e:27:b5:f8:bd:36:61:87:03:09:a6:c9:a1:da:99:
                    b1:55:9f:72:20:a6:fc:c9:92:d7:32:1c:28:8e:cc:
                    f1:c3:90:23:63:4c:59:5e:2b:3b:ed:bf:63:26:bc:
                    27:d3:10:df:81:fa:0a:ab:19:24:89:87:2d:8a:ae:
                    b9:2a:92:af:78:79:6a:35:ba:7a:8a:71:68:3e:d1:
                    9b:11:1b:94:63:69:f2:33:19:b9:76:9a:a3:e5:09:
                    16:3e:28:a6:9f:89:df:99:c0:39:d7:7b:ac:56:28:
                    bb:f1:4e:67:ca:74:21:aa:f8:72:f9:0a:c3:a5:52:
                    68:32:24:bb:b1:fa:88:f1:85:1e:42:ed:d7:ba:f9:
                    94:44:94:a4:78:1d:03:57:3a:cc:04:ea:53:14:82:
                    1d:33:65:fa:6a:a4:9d:70:85:4c:2b:42:93:47:f2:
                    f9:87:53:32:72:84:eb:5f:af:04:0c:63:04:d4:6b:
                    d9:47:d0:c2:7e:61:65:7a:db:9d:ac:2c:c3:15:ff:
                    02:54:b3:c3:7f:99:56:13:90:8f:43:51:a4:8b:12:
                    d3:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:C6:D2:0D:F0:1E:BE:B3:B1:27:97:0F:C4:34:C8:38:DD:17:E5:74
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/GMbSDfAevrOxJ5cPxDTION0X5XQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  124.198.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         30:5f:3b:c9:43:3f:70:0b:b3:d7:25:e5:e5:9e:35:c3:2f:49:
         69:82:fd:af:51:2d:91:40:4c:21:48:bc:68:50:23:1c:db:f4:
         51:1c:f1:7f:e7:e2:72:7f:78:0b:f7:7b:72:d5:bd:f4:b1:1f:
         68:1c:b3:6e:c2:2f:38:e5:7d:3f:3e:48:f0:bb:cd:86:87:60:
         6e:7b:98:f5:a0:f9:36:d9:b3:86:f8:b8:34:da:eb:a8:7d:1e:
         3d:dc:d9:7d:df:1d:a3:88:ac:9e:b5:7d:dd:36:91:8d:e7:cd:
         e0:0a:8d:de:6d:98:38:43:9b:6c:dc:ac:1a:e3:44:4e:34:44:
         96:f8:e5:6e:27:33:14:cd:9c:d8:09:22:33:a8:3e:c4:ea:0c:
         8b:f3:0a:b6:10:26:cd:c6:df:0e:ac:2e:47:f8:a8:df:71:65:
         ea:55:6a:86:46:cd:0e:c9:ce:77:15:6a:33:e2:72:71:88:9d:
         fa:85:8b:f1:e2:1f:54:6b:97:4b:93:68:a8:2d:55:c9:0a:57:
         9b:56:1f:e9:c3:60:27:6f:16:b8:6d:af:6d:48:a8:33:b4:ae:
         fe:68:ee:fe:97:b3:96:97:cd:e5:f6:5b:9e:f6:62:07:4c:ef:
         10:de:47:49:17:e3:40:de:33:35:90:b4:e1:6d:e7:5a:39:94:
         b4:bd:fd:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZypEY88Jciv44m4iypLHVTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwNDI2MTUwODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGM2ZDIwZGYwMWViZWIzYjEyNzk3MGZjNDM0YzgzOGRkMTdlNTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRQHrXT44jIUk/71pXqO5V7hJ506
eDrN8J/n+WoEAdwSSilVzevbKF3tdj9+J7X4vTZhhwMJpsmh2pmxVZ9yIKb8yZLX
Mhwojszxw5AjY0xZXis77b9jJrwn0xDfgfoKqxkkiYctiq65KpKveHlqNbp6inFo
PtGbERuUY2nyMxm5dpqj5QkWPiimn4nfmcA513usVii78U5nynQhqvhy+QrDpVJo
MiS7sfqI8YUeQu3XuvmURJSkeB0DVzrMBOpTFIIdM2X6aqSdcIVMK0KTR/L5h1My
coTrX68EDGME1GvZR9DCfmFletudrCzDFf8CVLPDf5lWE5CPQ1GkixLT9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBjG0g3wHr6zsSeXD8Q0yDjdF+V0MB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvR01iU0RmQWV2ck94SjVjUHhEVElPTjBYNVhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBfMaAMA0G
CSqGSIb3DQEBCwUAA4IBAQAwXzvJQz9wC7PXJeXlnjXDL0lpgv2vUS2RQEwhSLxo
UCMc2/RRHPF/5+Jyf3gL93ty1b30sR9oHLNuwi845X0/Pkjwu82Gh2Bue5j1oPk2
2bOG+Lg02uuofR493Nl93x2jiKyetX3dNpGN583gCo3ebZg4Q5ts3Kwa40RONESW
+OVuJzMUzZzYCSIzqD7E6gyL8wq2ECbNxt8OrC5H+KjfcWXqVWqGRs0Oyc53FWoz
4nJxiJ36hYvx4h9Ua5dLk2ioLVXJClebVh/pw2Anbxa4ba9tSKgztK7+aO7+l7OW
l83l9lue9mIHTO8Q3kdJF+NA3jM1kLThbedaOZS0vf0T
-----END CERTIFICATE-----