Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/GZXYF8iaZo7N0WjiikJhwosF-BI.roa
File:                     GZXYF8iaZo7N0WjiikJhwosF-BI.roa (raw, json)
Hash identifier:          8DqkHpeAVcqFksTuc+Z9PByj/JSevdNSjp+C0s8df/g=
Subject key identifier:   19:95:D8:17:C8:9A:66:8E:CD:D1:68:E2:8A:42:61:C2:8B:05:F8:12
Certificate issuer:       /CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
Certificate serial:       01975A57258FF9A78CF12D7F6EA67E1B4D99
Authority key identifier: 2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/GZXYF8iaZo7N0WjiikJhwosF-BI.roa
Signing time:             Tue 10 Jun 2025 14:55:50 +0000
ROA not before:           Tue 10 Jun 2025 14:55:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209263
IP address blocks:        146.19.74.0/24 maxlen: 24
                          195.96.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 02:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5a:57:25:8f:f9:a7:8c:f1:2d:7f:6e:a6:7e:1b:4d:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
        Validity
            Not Before: Jun 10 14:55:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1995d817c89a668ecdd168e28a4261c28b05f812
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:b9:1a:37:26:f4:96:3d:dd:57:e0:54:15:fb:
                    d5:24:c0:53:b1:8b:d6:92:a5:54:51:1d:2b:53:09:
                    97:95:6c:b6:6a:fa:25:9b:e8:cb:53:f7:14:26:ae:
                    2e:c3:89:de:1c:f0:ac:ac:6b:0d:ed:de:eb:20:14:
                    c8:bd:17:1c:84:08:12:f1:03:95:7b:34:bb:af:5c:
                    45:5d:7e:9e:db:c4:d7:97:e9:69:ad:cf:ec:d8:3f:
                    b6:76:65:e8:d4:e2:6a:b3:27:d9:ce:74:a9:a9:da:
                    5a:b8:f0:ec:bb:1f:08:a2:8c:d5:b1:87:15:3a:9a:
                    f5:10:db:8d:8a:cc:e7:39:16:ea:b7:90:54:24:b1:
                    b2:54:4d:0f:bf:c9:c1:47:b1:51:b5:9d:bd:89:ff:
                    c4:2d:f5:a6:c7:0b:fa:0d:4a:34:ef:5d:90:82:05:
                    d1:86:36:36:f7:a3:64:a6:ac:f0:bd:05:03:23:57:
                    42:51:48:46:91:78:98:d1:82:f0:9e:ab:2c:3f:9f:
                    42:d4:11:62:a1:30:af:ad:7e:22:74:08:39:99:c9:
                    3a:cb:9d:f6:af:2b:94:5d:88:7e:f0:b8:54:f5:61:
                    5d:f3:97:e6:a3:07:f5:26:b0:36:6b:ca:3d:a5:49:
                    d9:de:12:27:f3:2e:4d:68:4e:85:49:69:5a:ee:b9:
                    27:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:95:D8:17:C8:9A:66:8E:CD:D1:68:E2:8A:42:61:C2:8B:05:F8:12
            X509v3 Authority Key Identifier:
                keyid:2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/GZXYF8iaZo7N0WjiikJhwosF-BI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.74.0/24
                  195.96.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:46:f3:0e:f8:ac:eb:94:fd:ec:54:c1:f5:e8:4e:95:1f:5d:
         59:09:eb:f8:48:eb:72:69:d6:89:ce:2e:dc:45:da:9a:62:0d:
         5a:d1:41:ad:4b:3c:0f:0b:9b:12:6d:e0:3d:de:44:c3:01:ba:
         b3:2f:5a:f7:23:ed:a9:1c:fe:82:81:9b:4b:0c:d9:a0:ae:db:
         79:53:77:d8:f6:f6:86:b5:c1:df:dd:9b:0a:ba:59:0a:f4:a0:
         30:39:9b:c1:1b:c7:7e:fc:15:25:00:28:1d:86:a7:3c:f5:0b:
         d8:aa:d1:49:93:03:63:a5:02:a6:93:39:cd:85:02:3e:93:9b:
         22:5a:a5:fc:ca:1c:96:5b:b4:04:93:c1:9a:53:fb:f2:f8:3e:
         c8:74:66:2f:da:3f:8b:9e:77:2e:63:e8:a3:bf:b6:08:2c:01:
         33:87:0e:94:97:60:ef:53:39:a4:c9:24:f6:7f:cd:fd:57:f1:
         0c:bc:11:35:71:a8:43:72:29:f5:b8:bf:04:28:be:0c:90:c3:
         be:e0:61:4e:24:17:eb:6b:c8:56:c7:37:55:e4:c0:c0:0f:29:
         41:14:39:a0:2a:8a:f7:71:f2:bf:c2:c3:79:ce:50:fa:03:ec:
         e3:69:2a:b2:21:fe:5d:58:33:dd:ec:7f:f3:75:60:1e:68:82:
         c5:23:c3:bf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdaVyWP+aeM8S1/bqZ+G02ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMzY4YjBhZWM2YzdmZDQ4ZDBkOTZiNDA3N2EyM2Y5MDZh
ODZhNDgwHhcNMjUwNjEwMTQ1NTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTk1ZDgxN2M4OWE2NjhlY2RkMTY4ZTI4YTQyNjFjMjhiMDVmODEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5LkaNyb0lj3dV+BUFfvVJMBTsYvW
kqVUUR0rUwmXlWy2avolm+jLU/cUJq4uw4neHPCsrGsN7d7rIBTIvRcchAgS8QOV
ezS7r1xFXX6e28TXl+lprc/s2D+2dmXo1OJqsyfZznSpqdpauPDsux8IoozVsYcV
Opr1ENuNisznORbqt5BUJLGyVE0Pv8nBR7FRtZ29if/ELfWmxwv6DUo0712QggXR
hjY296NkpqzwvQUDI1dCUUhGkXiY0YLwnqssP59C1BFioTCvrX4idAg5mck6y532
ryuUXYh+8LhU9WFd85fmowf1JrA2a8o9pUnZ3hIn8y5NaE6FSWla7rkntQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBmV2BfImmaOzdFo4opCYcKLBfgSMB8GA1UdIwQY
MBaAFC42iwrsbH/UjQ2WtAd6I/kGqGpIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQt
MTQyN2RkMTZlZmE0LzEvR1pYWUY4aWFabzdOMFdqaWlrSmh3b3NGLUJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQtMTQyN2RkMTZlZmE0
LzEvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAkhNKAwQA
w2CRMA0GCSqGSIb3DQEBCwUAA4IBAQBNRvMO+KzrlP3sVMH16E6VH11ZCev4SOty
adaJzi7cRdqaYg1a0UGtSzwPC5sSbeA93kTDAbqzL1r3I+2pHP6CgZtLDNmgrtt5
U3fY9vaGtcHf3ZsKulkK9KAwOZvBG8d+/BUlACgdhqc89QvYqtFJkwNjpQKmkznN
hQI+k5siWqX8yhyWW7QEk8GaU/vy+D7IdGYv2j+LnncuY+ijv7YILAEzhw6Ul2Dv
UzmkyST2f839V/EMvBE1cahDcin1uL8EKL4MkMO+4GFOJBfra8hWxzdV5MDADylB
FDmgKor3cfK/wsN5zlD6A+zjaSqyIf5dWDPd7H/zdWAeaILFI8O/
-----END CERTIFICATE-----