Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/gxlbepFDizY30e_VDf9e1RvjWgM.roa
File:                     gxlbepFDizY30e_VDf9e1RvjWgM.roa (raw, json)
Hash identifier:          6bnUAoZDd9UjKUbCDoEZob89bP3Q8i0Y7YskzssCFno=
Subject key identifier:   83:19:5B:7A:91:43:8B:36:37:D1:EF:D5:0D:FF:5E:D5:1B:E3:5A:03
Certificate issuer:       /CN=126c660b30f5692b2b16e289b24901c518fda520
Certificate serial:       01966C2780DD173E4D51F184B4FFA16E43A4
Authority key identifier: 12:6C:66:0B:30:F5:69:2B:2B:16:E2:89:B2:49:01:C5:18:FD:A5:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/gxlbepFDizY30e_VDf9e1RvjWgM.roa
Signing time:             Fri 25 Apr 2025 08:54:10 +0000
ROA not before:           Fri 25 Apr 2025 08:54:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398465
IP address blocks:        185.161.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6c:27:80:dd:17:3e:4d:51:f1:84:b4:ff:a1:6e:43:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=126c660b30f5692b2b16e289b24901c518fda520
        Validity
            Not Before: Apr 25 08:54:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83195b7a91438b3637d1efd50dff5ed51be35a03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:2f:8f:54:1b:4e:b5:36:5e:e0:43:7e:86:3c:
                    fb:ec:d2:09:ed:25:27:b9:b5:84:c5:00:95:f4:1a:
                    82:13:2f:74:68:86:eb:5e:62:61:7a:88:35:af:ca:
                    a9:15:08:ff:0d:09:50:0f:60:f3:80:de:4f:22:ab:
                    5c:4e:0b:77:3f:c9:3d:0c:29:83:0e:e2:0f:ff:9f:
                    c4:fe:61:c6:95:d9:94:8f:70:fc:63:21:c1:55:0d:
                    09:f8:09:3b:7f:c3:3c:78:71:85:6e:fc:05:fa:e0:
                    e0:76:24:02:95:f3:75:2d:b8:61:94:ea:90:dc:2b:
                    1e:51:01:b4:89:07:8a:2e:8b:6e:07:df:d1:8d:1c:
                    9b:b8:95:42:0f:7f:c1:2a:ee:f6:46:58:bc:45:6f:
                    82:73:33:e4:6c:58:7f:20:fe:0a:a4:ae:2f:d9:8b:
                    61:f6:f5:0f:aa:c5:10:15:45:66:8f:b4:88:61:9f:
                    06:48:da:d9:94:3f:62:ea:ba:97:9c:4b:29:95:fd:
                    30:08:8d:6d:a1:62:65:c2:d4:bd:88:a6:b1:15:51:
                    d5:3c:5b:22:06:65:37:e1:b6:91:6e:26:34:51:b6:
                    d8:dd:53:57:96:62:3e:86:b9:68:00:ef:40:c7:58:
                    5c:2b:62:50:1c:46:fd:ca:5e:86:b5:05:9a:75:29:
                    be:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:19:5B:7A:91:43:8B:36:37:D1:EF:D5:0D:FF:5E:D5:1B:E3:5A:03
            X509v3 Authority Key Identifier:
                keyid:12:6C:66:0B:30:F5:69:2B:2B:16:E2:89:B2:49:01:C5:18:FD:A5:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/gxlbepFDizY30e_VDf9e1RvjWgM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a7:31:ba:ab:34:34:f0:b2:f2:d7:81:7c:37:f7:44:c5:6f:07:
         a7:d9:ce:77:ec:92:73:0a:20:c8:b4:61:72:69:ae:ec:c0:6d:
         05:a9:06:9d:f9:20:ef:de:89:67:c9:0c:e9:bb:21:69:30:4d:
         0c:a2:c0:5f:d1:ea:8b:ab:3d:51:c0:20:77:e1:f1:60:ed:43:
         40:cf:43:9a:56:69:92:d8:4c:8b:b3:a7:df:25:1d:2f:19:8d:
         c6:cb:25:de:83:2b:ea:30:4d:28:4b:db:ec:87:5c:bb:3f:d3:
         56:81:fe:02:a8:69:a2:ba:f8:e4:45:fe:5a:fb:00:d6:2b:42:
         b5:28:b5:8f:43:ca:ce:c2:c7:cb:29:92:62:38:0b:d6:06:7d:
         36:a7:c8:75:f5:f5:48:27:9f:9e:cd:7f:a4:bf:87:d4:ed:78:
         a6:b3:e1:75:40:bf:69:48:55:d3:4c:92:36:43:b0:c1:ef:0a:
         70:68:57:eb:c0:34:02:09:df:16:42:2d:50:dc:93:59:f9:fa:
         be:e8:16:ed:cc:69:59:9b:d3:96:50:a9:79:4d:c9:78:49:63:
         51:7b:25:95:78:32:7c:67:6b:29:2c:93:7d:8e:1c:c4:b2:8e:
         cc:26:dc:ed:08:2d:b9:7f:a5:24:39:84:93:e1:fd:7b:22:b8:
         91:58:73:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZsJ4DdFz5NUfGEtP+hbkOkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNmM2NjBiMzBmNTY5MmIyYjE2ZTI4OWIyNDkwMWM1MThm
ZGE1MjAwHhcNMjUwNDI1MDg1NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzE5NWI3YTkxNDM4YjM2MzdkMWVmZDUwZGZmNWVkNTFiZTM1YTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1i+PVBtOtTZe4EN+hjz77NIJ7SUn
ubWExQCV9BqCEy90aIbrXmJheog1r8qpFQj/DQlQD2DzgN5PIqtcTgt3P8k9DCmD
DuIP/5/E/mHGldmUj3D8YyHBVQ0J+Ak7f8M8eHGFbvwF+uDgdiQClfN1LbhhlOqQ
3CseUQG0iQeKLotuB9/RjRybuJVCD3/BKu72Rli8RW+CczPkbFh/IP4KpK4v2Yth
9vUPqsUQFUVmj7SIYZ8GSNrZlD9i6rqXnEsplf0wCI1toWJlwtS9iKaxFVHVPFsi
BmU34baRbiY0UbbY3VNXlmI+hrloAO9Ax1hcK2JQHEb9yl6GtQWadSm+UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIMZW3qRQ4s2N9Hv1Q3/XtUb41oDMB8GA1UdIwQY
MBaAFBJsZgsw9WkrKxbiibJJAcUY/aUgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRW14bUN6RDFhU3NyRnVLSnNra0J4Umo5cFNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9kYjc4N2YtYzI3YS00ZjIzLTk5YjIt
NDM4YWNiNzJmYzViLzEvZ3hsYmVwRkRpelkzMGVfVkRmOWUxUnZqV2dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9kYjc4N2YtYzI3YS00ZjIzLTk5YjItNDM4YWNiNzJmYzVi
LzEvRW14bUN6RDFhU3NyRnVLSnNra0J4Umo5cFNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaH8MA0G
CSqGSIb3DQEBCwUAA4IBAQCnMbqrNDTwsvLXgXw390TFbwen2c537JJzCiDItGFy
aa7swG0FqQad+SDv3olnyQzpuyFpME0MosBf0eqLqz1RwCB34fFg7UNAz0OaVmmS
2EyLs6ffJR0vGY3GyyXegyvqME0oS9vsh1y7P9NWgf4CqGmiuvjkRf5a+wDWK0K1
KLWPQ8rOwsfLKZJiOAvWBn02p8h19fVIJ5+ezX+kv4fU7Xims+F1QL9pSFXTTJI2
Q7DB7wpwaFfrwDQCCd8WQi1Q3JNZ+fq+6BbtzGlZm9OWUKl5Tcl4SWNReyWVeDJ8
Z2spLJN9jhzEso7MJtztCC25f6UkOYST4f17IriRWHNB
-----END CERTIFICATE-----