Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/80b4c0-06cb-4424-9dd5-5a988931ea33/1/GL9mMoVzYzt9cAMp9ZMhDNvyxpY.roa
File:                     GL9mMoVzYzt9cAMp9ZMhDNvyxpY.roa (raw, json)
Hash identifier:          sr1sGLjbfiu/0SvHpnzyQUaLuHxB9sxU75fTY0SHxZw=
Subject key identifier:   18:BF:66:32:85:73:63:3B:7D:70:03:29:F5:93:21:0C:DB:F2:C6:96
Certificate issuer:       /CN=297194f4b52b9ff433f2bf0d16b58c11c7cf1131
Certificate serial:       0195F5302CF63C68409028269BAC1510D603
Authority key identifier: 29:71:94:F4:B5:2B:9F:F4:33:F2:BF:0D:16:B5:8C:11:C7:CF:11:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXGU9LUrn_Qz8r8NFrWMEcfPETE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/80b4c0-06cb-4424-9dd5-5a988931ea33/1/GL9mMoVzYzt9cAMp9ZMhDNvyxpY.roa
Signing time:             Wed 02 Apr 2025 06:28:49 +0000
ROA not before:           Wed 02 Apr 2025 06:28:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206150
IP address blocks:        185.201.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/80b4c0-06cb-4424-9dd5-5a988931ea33/1/KXGU9LUrn_Qz8r8NFrWMEcfPETE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/80b4c0-06cb-4424-9dd5-5a988931ea33/1/KXGU9LUrn_Qz8r8NFrWMEcfPETE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXGU9LUrn_Qz8r8NFrWMEcfPETE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 06:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f5:30:2c:f6:3c:68:40:90:28:26:9b:ac:15:10:d6:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297194f4b52b9ff433f2bf0d16b58c11c7cf1131
        Validity
            Not Before: Apr  2 06:28:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18bf66328573633b7d700329f593210cdbf2c696
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:5a:42:e8:56:cb:7f:6d:35:f0:17:48:c5:a0:
                    6b:8a:e3:98:24:98:31:b5:6d:18:27:72:81:f6:d4:
                    d7:c8:e8:a8:60:fc:15:a8:e9:50:8d:be:c9:5a:6b:
                    7a:82:cc:ca:f3:9a:31:81:c8:ea:be:44:fe:d9:dc:
                    ca:3e:8b:44:80:e6:4c:5d:30:90:db:2f:cc:74:e8:
                    10:df:1e:0a:71:fc:a4:15:07:ac:aa:7e:05:41:3e:
                    1f:2b:2a:20:fc:92:40:e8:da:33:48:31:1b:5b:7e:
                    92:62:82:bd:43:e7:f9:c5:c1:74:25:3d:76:37:fc:
                    f7:c6:25:94:fe:a0:3a:32:7d:eb:92:c4:7d:30:3d:
                    59:66:62:33:d8:8c:c0:8e:da:64:7e:6f:ba:16:fd:
                    a0:73:56:5b:98:48:96:0b:be:61:c2:42:78:6c:be:
                    35:9e:ed:27:ff:50:31:47:64:c9:e8:2d:d8:ed:6a:
                    ac:0a:48:e4:64:3c:73:82:ca:f5:a2:76:d2:17:85:
                    fa:92:73:b0:2c:71:59:2d:4e:f2:12:a2:38:06:a3:
                    c3:84:bb:12:4b:70:1c:78:0d:99:e3:5d:da:e9:c4:
                    ed:f8:ec:34:19:ac:a2:de:69:44:a6:65:70:ce:75:
                    5c:5d:1d:bd:0f:e5:4f:4a:61:ac:32:56:71:48:b9:
                    15:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:BF:66:32:85:73:63:3B:7D:70:03:29:F5:93:21:0C:DB:F2:C6:96
            X509v3 Authority Key Identifier:
                keyid:29:71:94:F4:B5:2B:9F:F4:33:F2:BF:0D:16:B5:8C:11:C7:CF:11:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXGU9LUrn_Qz8r8NFrWMEcfPETE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/80b4c0-06cb-4424-9dd5-5a988931ea33/1/GL9mMoVzYzt9cAMp9ZMhDNvyxpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/80b4c0-06cb-4424-9dd5-5a988931ea33/1/KXGU9LUrn_Qz8r8NFrWMEcfPETE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.201.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:3d:a8:49:99:e6:97:ce:a9:a5:ca:67:64:fa:7f:7a:b0:b2:
         dd:64:56:81:24:27:f5:dd:db:93:92:e1:6b:b4:70:9e:32:44:
         f7:7c:bd:3a:d6:8e:6e:24:f8:1d:82:d6:0d:68:81:6a:56:9b:
         4a:28:c9:d6:03:b5:fe:23:67:0b:3b:0c:43:85:ce:51:ef:99:
         4d:b6:9d:2f:43:95:44:7c:31:c8:a0:f8:52:50:a2:d3:47:0e:
         ca:e3:6c:87:da:13:bc:a2:90:aa:3d:43:d1:a1:c1:cc:c8:cb:
         5a:d0:a0:54:13:9e:b8:12:bd:66:2c:ef:e8:ea:b4:c1:fd:cf:
         9a:0a:81:7c:e2:41:de:4c:ea:e1:ba:fc:6d:7c:23:d7:ce:38:
         04:7e:34:49:40:0b:f3:fe:b4:13:a4:a3:93:8d:74:05:46:36:
         77:49:b7:26:c8:e9:33:c6:72:8e:f7:be:cb:71:83:f5:3a:5b:
         27:40:07:22:c7:c1:d5:50:53:65:e7:08:1b:50:ea:da:ea:4c:
         7a:5e:c4:3a:f4:61:81:e8:be:09:19:38:65:67:60:d2:87:ac:
         53:3b:7e:7b:48:02:6c:b2:50:51:ae:0f:e8:f5:9c:6d:78:9c:
         12:9b:41:e4:94:26:94:4b:46:7c:23:d4:f9:8f:e0:95:ad:5f:
         78:5f:99:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZX1MCz2PGhAkCgmm6wVENYDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NzE5NGY0YjUyYjlmZjQzM2YyYmYwZDE2YjU4YzExYzdj
ZjExMzEwHhcNMjUwNDAyMDYyODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGJmNjYzMjg1NzM2MzNiN2Q3MDAzMjlmNTkzMjEwY2RiZjJjNjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1FpC6FbLf2018BdIxaBriuOYJJgx
tW0YJ3KB9tTXyOioYPwVqOlQjb7JWmt6gszK85oxgcjqvkT+2dzKPotEgOZMXTCQ
2y/MdOgQ3x4KcfykFQesqn4FQT4fKyog/JJA6NozSDEbW36SYoK9Q+f5xcF0JT12
N/z3xiWU/qA6Mn3rksR9MD1ZZmIz2IzAjtpkfm+6Fv2gc1ZbmEiWC75hwkJ4bL41
nu0n/1AxR2TJ6C3Y7WqsCkjkZDxzgsr1onbSF4X6knOwLHFZLU7yEqI4BqPDhLsS
S3AceA2Z413a6cTt+Ow0Gayi3mlEpmVwznVcXR29D+VPSmGsMlZxSLkVdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBi/ZjKFc2M7fXADKfWTIQzb8saWMB8GA1UdIwQY
MBaAFClxlPS1K5/0M/K/DRa1jBHHzxExMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1hHVTlMVXJuX1F6OHI4TkZyV01FY2ZQRVRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS84MGI0YzAtMDZjYi00NDI0LTlkZDUt
NWE5ODg5MzFlYTMzLzEvR0w5bU1vVnpZenQ5Y0FNcDlaTWhETnZ5eHBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS84MGI0YzAtMDZjYi00NDI0LTlkZDUtNWE5ODg5MzFlYTMz
LzEvS1hHVTlMVXJuX1F6OHI4TkZyV01FY2ZQRVRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucmOMA0G
CSqGSIb3DQEBCwUAA4IBAQAWPahJmeaXzqmlymdk+n96sLLdZFaBJCf13duTkuFr
tHCeMkT3fL061o5uJPgdgtYNaIFqVptKKMnWA7X+I2cLOwxDhc5R75lNtp0vQ5VE
fDHIoPhSUKLTRw7K42yH2hO8opCqPUPRocHMyMta0KBUE564Er1mLO/o6rTB/c+a
CoF84kHeTOrhuvxtfCPXzjgEfjRJQAvz/rQTpKOTjXQFRjZ3SbcmyOkzxnKO977L
cYP1OlsnQAcix8HVUFNl5wgbUOra6kx6XsQ69GGB6L4JGThlZ2DSh6xTO357SAJs
slBRrg/o9ZxteJwSm0HklCaUS0Z8I9T5j+CVrV94X5n/
-----END CERTIFICATE-----