Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/39d5f1-66f7-49d8-afba-14a1909b1237/1/_GP8StenfvBJOKnQr7M_P7qAzf4.roa
File:                     _GP8StenfvBJOKnQr7M_P7qAzf4.roa (raw, json)
Hash identifier:          kdSVEH13j0prqXPkHz8Kr5u7PPDHiQCPmIC83dYc1oc=
Subject key identifier:   FC:63:FC:4A:D7:A7:7E:F0:49:38:A9:D0:AF:B3:3F:3F:BA:80:CD:FE
Certificate issuer:       /CN=ee1cce901e5fb7c92f09a915cf6e656f693ba100
Certificate serial:       01941FFA9130ED50329148C77F87312DA060
Authority key identifier: EE:1C:CE:90:1E:5F:B7:C9:2F:09:A9:15:CF:6E:65:6F:69:3B:A1:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hzOkB5ft8kvCakVz25lb2k7oQA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/39d5f1-66f7-49d8-afba-14a1909b1237/1/_GP8StenfvBJOKnQr7M_P7qAzf4.roa
Signing time:             Wed 01 Jan 2025 03:48:22 +0000
ROA not before:           Wed 01 Jan 2025 03:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     10122
IP address blocks:        185.155.137.0/24 maxlen: 24
                          185.155.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/39d5f1-66f7-49d8-afba-14a1909b1237/1/7hzOkB5ft8kvCakVz25lb2k7oQA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/39d5f1-66f7-49d8-afba-14a1909b1237/1/7hzOkB5ft8kvCakVz25lb2k7oQA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hzOkB5ft8kvCakVz25lb2k7oQA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:91:30:ed:50:32:91:48:c7:7f:87:31:2d:a0:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1cce901e5fb7c92f09a915cf6e656f693ba100
        Validity
            Not Before: Jan  1 03:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc63fc4ad7a77ef04938a9d0afb33f3fba80cdfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:c2:6c:4a:28:b4:3a:72:d2:d9:67:67:da:93:
                    64:09:a9:46:48:da:38:19:36:c1:e1:a7:bf:e0:26:
                    b6:b1:9c:be:10:99:41:c7:d3:74:84:4a:78:58:3b:
                    1c:ec:6c:7e:67:f6:d5:28:9c:a7:33:3a:5c:d4:24:
                    83:6d:16:d4:25:77:5f:c5:b8:2d:ef:61:03:d7:04:
                    00:35:68:e3:45:4a:10:26:96:ce:2c:77:d4:f2:31:
                    ae:68:4d:a6:88:cc:17:12:49:eb:eb:dc:99:41:f8:
                    4e:75:c2:a8:53:25:18:a7:2c:c5:75:4f:6b:de:92:
                    9d:c8:a3:e4:53:9a:f1:69:1e:41:0d:17:f1:41:11:
                    36:56:08:27:b5:d1:df:76:49:9a:77:00:b0:60:01:
                    8a:2f:75:67:d1:3b:94:a0:ce:76:07:ec:7d:c3:2d:
                    f1:75:94:00:f9:58:00:37:84:d4:de:0e:29:ca:c9:
                    e9:a2:c2:ed:36:72:49:a8:21:24:63:8c:37:44:b2:
                    10:57:64:3c:8b:64:68:0b:ef:9a:cd:d3:7d:61:60:
                    4a:24:21:37:9d:09:9e:ab:49:f3:26:fa:8f:a4:94:
                    2b:07:15:40:d6:53:1d:9b:3f:dc:7a:d4:a7:87:4f:
                    90:01:92:0b:07:2c:57:fc:61:03:73:b8:8f:e8:b6:
                    88:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:63:FC:4A:D7:A7:7E:F0:49:38:A9:D0:AF:B3:3F:3F:BA:80:CD:FE
            X509v3 Authority Key Identifier:
                keyid:EE:1C:CE:90:1E:5F:B7:C9:2F:09:A9:15:CF:6E:65:6F:69:3B:A1:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hzOkB5ft8kvCakVz25lb2k7oQA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/39d5f1-66f7-49d8-afba-14a1909b1237/1/_GP8StenfvBJOKnQr7M_P7qAzf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/39d5f1-66f7-49d8-afba-14a1909b1237/1/7hzOkB5ft8kvCakVz25lb2k7oQA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.137.0/24
                  185.155.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:e5:02:df:c9:60:5c:37:31:cd:f4:2a:e9:93:e2:e1:c3:36:
         6f:09:2c:27:5b:3f:c0:4a:ba:86:65:f5:35:29:1b:1a:57:8d:
         62:5a:9e:ea:0a:f1:78:59:1c:62:a1:96:1a:e6:5f:7d:b7:d3:
         53:40:55:13:82:66:05:39:7f:c7:bd:4c:57:50:9e:a9:05:97:
         74:78:84:e5:fc:ba:41:bd:02:52:b2:f7:05:ec:e8:a1:64:53:
         d8:67:69:d2:3a:5a:da:db:ce:86:77:42:ab:38:b7:89:96:58:
         0f:ab:61:49:81:d7:da:3d:db:39:60:1f:51:d7:a1:6c:99:87:
         2c:2f:98:91:4a:81:b6:e4:64:84:a6:40:3c:be:96:7a:a9:11:
         c6:b7:0b:73:7b:7b:1d:17:d1:ce:d5:aa:6c:7d:ed:11:70:f4:
         af:f4:c9:80:15:8f:a4:fc:66:ab:5f:f6:71:b1:ff:7c:f0:23:
         f7:21:66:e1:16:b4:48:db:83:2d:ac:6c:e4:37:36:3a:26:89:
         ce:34:9a:b6:75:c0:a3:0f:15:6d:e9:37:ce:d1:61:6d:8b:e2:
         d8:e5:fc:13:33:b0:1e:88:14:97:0b:7a:a5:d1:a8:2f:d2:01:
         94:8e:33:11:29:1a:1f:8b:40:fb:9c:8d:bd:a6:b0:5b:0f:a9:
         98:82:d2:b1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+pEw7VAykUjHf4cxLaBgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWNjZTkwMWU1ZmI3YzkyZjA5YTkxNWNmNmU2NTZmNjkz
YmExMDAwHhcNMjUwMTAxMDM0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzYzZmM0YWQ3YTc3ZWYwNDkzOGE5ZDBhZmIzM2YzZmJhODBjZGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAisJsSii0OnLS2Wdn2pNkCalGSNo4
GTbB4ae/4Ca2sZy+EJlBx9N0hEp4WDsc7Gx+Z/bVKJynMzpc1CSDbRbUJXdfxbgt
72ED1wQANWjjRUoQJpbOLHfU8jGuaE2miMwXEknr69yZQfhOdcKoUyUYpyzFdU9r
3pKdyKPkU5rxaR5BDRfxQRE2VggntdHfdkmadwCwYAGKL3Vn0TuUoM52B+x9wy3x
dZQA+VgAN4TU3g4pysnposLtNnJJqCEkY4w3RLIQV2Q8i2RoC++azdN9YWBKJCE3
nQmeq0nzJvqPpJQrBxVA1lMdmz/cetSnh0+QAZILByxX/GEDc7iP6LaIiwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPxj/ErXp37wSTip0K+zPz+6gM3+MB8GA1UdIwQY
MBaAFO4czpAeX7fJLwmpFc9uZW9pO6EAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h6T2tCNWZ0OGt2Q2FrVnoyNWxiMms3b1FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8zOWQ1ZjEtNjZmNy00OWQ4LWFmYmEt
MTRhMTkwOWIxMjM3LzEvX0dQOFN0ZW5mdkJKT0tuUXI3TV9QN3FBemY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8zOWQ1ZjEtNjZmNy00OWQ4LWFmYmEtMTRhMTkwOWIxMjM3
LzEvN2h6T2tCNWZ0OGt2Q2FrVnoyNWxiMms3b1FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuZuJAwQA
uZuLMA0GCSqGSIb3DQEBCwUAA4IBAQCX5QLfyWBcNzHN9Crpk+LhwzZvCSwnWz/A
SrqGZfU1KRsaV41iWp7qCvF4WRxioZYa5l99t9NTQFUTgmYFOX/HvUxXUJ6pBZd0
eITl/LpBvQJSsvcF7OihZFPYZ2nSOlra286Gd0KrOLeJllgPq2FJgdfaPds5YB9R
16FsmYcsL5iRSoG25GSEpkA8vpZ6qRHGtwtze3sdF9HO1apsfe0RcPSv9MmAFY+k
/GarX/Zxsf988CP3IWbhFrRI24MtrGzkNzY6JonONJq2dcCjDxVt6TfO0WFti+LY
5fwTM7AeiBSXC3ql0agv0gGUjjMRKRofi0D7nI29prBbD6mYgtKx
-----END CERTIFICATE-----