Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/1cec02-26e6-400e-8d9a-32924ef47a1a/1/GQ42kTqn472NU0Utg1aKLG7W0bI.roa
File:                     GQ42kTqn472NU0Utg1aKLG7W0bI.roa (raw, json)
Hash identifier:          oM3P06tzeH7/sG3RLnC5jVN3WHhv6hvEc5nYDWBm418=
Subject key identifier:   19:0E:36:91:3A:A7:E3:BD:8D:53:45:2D:83:56:8A:2C:6E:D6:D1:B2
Certificate issuer:       /CN=8174649b1ef00dc83c28539a39d290b3530edfb0
Certificate serial:       019644676A6688A373151548D5FB5A2BBCEB
Authority key identifier: 81:74:64:9B:1E:F0:0D:C8:3C:28:53:9A:39:D2:90:B3:53:0E:DF:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gXRkmx7wDcg8KFOaOdKQs1MO37A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/1cec02-26e6-400e-8d9a-32924ef47a1a/1/GQ42kTqn472NU0Utg1aKLG7W0bI.roa
Signing time:             Thu 17 Apr 2025 15:39:10 +0000
ROA not before:           Thu 17 Apr 2025 15:39:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210192
IP address blocks:        45.67.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/1cec02-26e6-400e-8d9a-32924ef47a1a/1/gXRkmx7wDcg8KFOaOdKQs1MO37A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/1cec02-26e6-400e-8d9a-32924ef47a1a/1/gXRkmx7wDcg8KFOaOdKQs1MO37A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gXRkmx7wDcg8KFOaOdKQs1MO37A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 07:29:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:44:67:6a:66:88:a3:73:15:15:48:d5:fb:5a:2b:bc:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8174649b1ef00dc83c28539a39d290b3530edfb0
        Validity
            Not Before: Apr 17 15:39:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=190e36913aa7e3bd8d53452d83568a2c6ed6d1b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:77:27:10:4a:34:2d:fa:77:36:d4:ae:93:18:
                    25:b5:a4:7a:f3:37:12:95:e4:db:fc:b8:67:23:59:
                    74:7d:da:9c:b2:82:f4:0e:d8:3f:32:2c:53:22:63:
                    a2:5f:c2:98:79:32:bd:64:59:22:f7:d4:6b:a7:f9:
                    d2:36:ee:a8:da:5b:4b:e4:22:ba:b8:00:1f:d2:91:
                    f9:d7:51:37:a5:43:c7:1c:ef:a1:f0:f7:8e:0e:93:
                    f2:e6:cf:54:d3:17:20:0a:de:e0:c3:a7:2a:5e:44:
                    47:ca:3f:1a:31:f4:04:24:9f:12:b1:b5:54:81:16:
                    10:12:3f:bf:1a:02:b6:34:c0:15:3d:cd:37:14:6c:
                    bb:85:b1:27:ef:13:c0:e7:4d:de:66:50:bb:49:68:
                    46:05:1e:e1:6a:38:f8:71:23:3a:92:60:68:01:6d:
                    34:66:e1:ca:d8:b1:5f:aa:c1:41:7c:5e:ef:5c:06:
                    5b:92:2f:e1:43:a2:a5:3e:a9:38:d9:a4:60:6f:c4:
                    59:f9:a6:7e:6e:3b:de:e5:03:4f:6a:3e:14:f7:79:
                    ed:ec:97:a6:8b:7e:a3:31:ad:83:62:77:97:ca:31:
                    7b:b7:97:79:ca:3d:d8:e6:f1:89:6a:c8:11:df:47:
                    31:58:80:fe:3f:b9:8b:d4:f4:c4:54:7e:e3:7d:cd:
                    ec:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:0E:36:91:3A:A7:E3:BD:8D:53:45:2D:83:56:8A:2C:6E:D6:D1:B2
            X509v3 Authority Key Identifier:
                keyid:81:74:64:9B:1E:F0:0D:C8:3C:28:53:9A:39:D2:90:B3:53:0E:DF:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gXRkmx7wDcg8KFOaOdKQs1MO37A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/1cec02-26e6-400e-8d9a-32924ef47a1a/1/GQ42kTqn472NU0Utg1aKLG7W0bI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/1cec02-26e6-400e-8d9a-32924ef47a1a/1/gXRkmx7wDcg8KFOaOdKQs1MO37A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:0b:96:27:72:aa:97:c6:03:80:28:3c:d4:10:12:e0:5d:f0:
         f2:c6:0b:d8:51:d4:73:a3:e2:b1:d5:4d:d2:6a:e7:88:40:3d:
         0d:6d:cc:dc:34:99:bc:fa:b0:86:c6:84:17:56:9d:74:6d:64:
         64:76:ac:a9:30:8a:b8:18:f5:bd:62:30:41:d5:39:9a:3e:8c:
         7e:26:a0:4a:bb:b8:82:15:51:c7:25:a7:6c:a2:66:eb:ad:f9:
         17:3f:21:0b:cb:9b:4d:c7:74:f2:07:3c:c3:6d:7e:f3:5b:54:
         b2:5c:fe:08:26:c3:60:ff:6b:db:3c:3a:43:04:5a:0b:02:c3:
         53:a9:c5:df:60:83:70:6c:50:bd:3a:db:19:fd:e4:95:77:4d:
         97:cf:b1:fc:98:fe:78:5d:9f:1c:48:41:40:28:41:bd:88:2e:
         13:55:7f:fb:8e:ce:1f:ad:dd:2a:7e:99:7d:02:a1:0b:4a:20:
         05:28:0c:19:a5:e4:b6:81:95:34:52:05:92:d5:50:80:77:de:
         fb:cb:2f:a5:5a:1d:c7:f6:93:a0:75:cb:17:d5:1e:2b:6b:7b:
         a4:ee:b9:33:87:3f:4f:84:58:d7:55:76:ad:bd:f5:0c:ae:7a:
         5b:72:1e:d0:7c:cf:83:35:6b:22:01:e2:0c:d8:b3:f3:33:a8:
         45:f8:3c:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZEZ2pmiKNzFRVI1ftaK7zrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxNzQ2NDliMWVmMDBkYzgzYzI4NTM5YTM5ZDI5MGIzNTMw
ZWRmYjAwHhcNMjUwNDE3MTUzOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTBlMzY5MTNhYTdlM2JkOGQ1MzQ1MmQ4MzU2OGEyYzZlZDZkMWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw3cnEEo0Lfp3NtSukxgltaR68zcS
leTb/LhnI1l0fdqcsoL0Dtg/MixTImOiX8KYeTK9ZFki99Rrp/nSNu6o2ltL5CK6
uAAf0pH511E3pUPHHO+h8PeODpPy5s9U0xcgCt7gw6cqXkRHyj8aMfQEJJ8SsbVU
gRYQEj+/GgK2NMAVPc03FGy7hbEn7xPA503eZlC7SWhGBR7hajj4cSM6kmBoAW00
ZuHK2LFfqsFBfF7vXAZbki/hQ6KlPqk42aRgb8RZ+aZ+bjve5QNPaj4U93nt7Jem
i36jMa2DYneXyjF7t5d5yj3Y5vGJasgR30cxWID+P7mL1PTEVH7jfc3skQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBkONpE6p+O9jVNFLYNWiixu1tGyMB8GA1UdIwQY
MBaAFIF0ZJse8A3IPChTmjnSkLNTDt+wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1hSa214N3dEY2c4S0ZPYU9kS1FzMU1PMzdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC8xY2VjMDItMjZlNi00MDBlLThkOWEt
MzI5MjRlZjQ3YTFhLzEvR1E0MmtUcW40NzJOVTBVdGcxYUtMRzdXMGJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC8xY2VjMDItMjZlNi00MDBlLThkOWEtMzI5MjRlZjQ3YTFh
LzEvZ1hSa214N3dEY2c4S0ZPYU9kS1FzMU1PMzdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUMMMA0G
CSqGSIb3DQEBCwUAA4IBAQBEC5YncqqXxgOAKDzUEBLgXfDyxgvYUdRzo+Kx1U3S
aueIQD0NbczcNJm8+rCGxoQXVp10bWRkdqypMIq4GPW9YjBB1TmaPox+JqBKu7iC
FVHHJadsombrrfkXPyELy5tNx3TyBzzDbX7zW1SyXP4IJsNg/2vbPDpDBFoLAsNT
qcXfYINwbFC9OtsZ/eSVd02Xz7H8mP54XZ8cSEFAKEG9iC4TVX/7js4frd0qfpl9
AqELSiAFKAwZpeS2gZU0UgWS1VCAd977yy+lWh3H9pOgdcsX1R4ra3uk7rkzhz9P
hFjXVXatvfUMrnpbch7QfM+DNWsiAeIM2LPzM6hF+Dwm
-----END CERTIFICATE-----