Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/GBnzxJHJcx91GVdbjffG173KKRg.roa
File:                     GBnzxJHJcx91GVdbjffG173KKRg.roa (raw, json)
Hash identifier:          Uq7ZuwIV4j7jN1zG5trC9T5jun0cz7hkJszUPPFcda4=
Subject key identifier:   18:19:F3:C4:91:C9:73:1F:75:19:57:5B:8D:F7:C6:D7:BD:CA:29:18
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       0194214404F8DDE37FB323550BA5CE41B10F
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/GBnzxJHJcx91GVdbjffG173KKRg.roa
Signing time:             Wed 01 Jan 2025 09:48:13 +0000
ROA not before:           Wed 01 Jan 2025 09:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50284
IP address blocks:        88.151.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:04:f8:dd:e3:7f:b3:23:55:0b:a5:ce:41:b1:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Jan  1 09:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1819f3c491c9731f7519575b8df7c6d7bdca2918
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:82:55:20:fa:9c:74:04:8a:29:a3:26:a5:61:
                    16:59:fb:59:e7:ae:d1:23:89:30:6c:85:c3:b3:67:
                    6c:e9:56:b6:a8:ba:ac:2e:36:af:a4:bc:6d:21:ca:
                    cb:20:f5:89:6c:25:26:62:30:cf:36:55:86:d1:10:
                    ff:e6:90:36:a7:71:c0:17:1b:0a:f8:c6:b8:4c:b8:
                    26:e0:fd:27:ad:90:af:75:34:6e:ba:8e:f8:f3:99:
                    fd:a2:8b:f6:64:26:80:1d:55:60:14:44:48:ec:b1:
                    dd:53:6f:c2:9d:36:9f:68:57:80:ed:32:fb:31:53:
                    02:16:07:af:a3:ef:cc:ed:09:61:bc:f7:2b:f3:e0:
                    b0:2d:1e:c3:4f:e3:5b:75:73:f6:8a:9a:1b:f3:20:
                    d4:26:06:bd:2f:13:9d:cc:0e:2b:91:fe:d1:b8:bd:
                    11:32:dd:aa:2f:39:bb:30:65:7a:70:a6:02:8b:5a:
                    86:dc:b7:e2:7d:27:d9:60:6c:bf:1c:70:74:25:4e:
                    15:4f:cd:44:27:49:b5:f2:86:91:18:0f:d4:dc:a9:
                    9b:1e:b6:b5:ed:7f:c1:6e:b5:3e:ea:7f:27:b2:2b:
                    2d:77:13:de:9e:33:22:bb:93:98:92:2e:6d:e2:d4:
                    4d:f4:26:22:ad:df:a7:f2:67:dd:44:a4:09:ac:f9:
                    ed:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:19:F3:C4:91:C9:73:1F:75:19:57:5B:8D:F7:C6:D7:BD:CA:29:18
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/GBnzxJHJcx91GVdbjffG173KKRg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:ad:97:3b:e1:01:ee:50:3f:a4:97:13:e9:bb:fe:28:31:b6:
         7e:95:2c:b4:74:78:81:c0:d3:3d:e3:07:dd:70:a9:59:d7:35:
         f0:a7:d1:21:89:e3:ab:28:2c:ad:e2:8c:ff:28:6b:e0:fc:4d:
         c0:34:24:bc:68:0d:10:39:2e:d0:df:9a:f2:6a:1b:27:7f:38:
         a2:97:06:6a:2e:67:6b:fe:dd:fc:35:8f:26:2c:3e:ce:e1:6b:
         d7:fa:ed:02:a9:f8:64:20:ec:12:84:cf:ae:3f:ca:3d:6c:75:
         e5:85:ef:96:28:82:0f:70:b8:74:97:57:8d:76:b5:eb:1a:eb:
         cf:5d:5d:74:00:56:60:93:60:c5:f4:4e:80:30:22:6e:93:44:
         93:18:5a:dd:04:b3:b1:ef:19:cc:77:c8:44:e3:ab:07:e9:d0:
         35:70:8b:23:27:53:87:f7:d1:41:35:01:ba:89:c3:23:ad:0f:
         3e:a4:93:65:ec:97:0c:05:7c:43:ac:15:e4:04:b8:37:e8:4d:
         02:0b:7e:7e:dc:fd:d5:68:80:8c:c0:94:67:91:c7:18:92:8f:
         6a:f3:12:90:18:2d:b2:ca:12:0b:01:f6:bc:00:bc:96:5c:44:
         c7:a3:89:6c:be:92:de:f6:78:68:c5:9d:38:d9:88:74:ce:9f:
         c2:95:45:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRAT43eN/syNVC6XOQbEPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwMTAxMDk0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODE5ZjNjNDkxYzk3MzFmNzUxOTU3NWI4ZGY3YzZkN2JkY2EyOTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2oJVIPqcdASKKaMmpWEWWftZ567R
I4kwbIXDs2ds6Va2qLqsLjavpLxtIcrLIPWJbCUmYjDPNlWG0RD/5pA2p3HAFxsK
+Ma4TLgm4P0nrZCvdTRuuo7485n9oov2ZCaAHVVgFERI7LHdU2/CnTafaFeA7TL7
MVMCFgevo+/M7QlhvPcr8+CwLR7DT+NbdXP2ipob8yDUJga9LxOdzA4rkf7RuL0R
Mt2qLzm7MGV6cKYCi1qG3LfifSfZYGy/HHB0JU4VT81EJ0m18oaRGA/U3KmbHra1
7X/BbrU+6n8nsistdxPenjMiu5OYki5t4tRN9CYird+n8mfdRKQJrPnthwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBgZ88SRyXMfdRlXW433xte9yikYMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvR0JuenhKSEpjeDkxR1ZkYmpmZkcxNzNLS1JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWJd1MA0G
CSqGSIb3DQEBCwUAA4IBAQCSrZc74QHuUD+klxPpu/4oMbZ+lSy0dHiBwNM94wfd
cKlZ1zXwp9EhieOrKCyt4oz/KGvg/E3ANCS8aA0QOS7Q35ryahsnfziilwZqLmdr
/t38NY8mLD7O4WvX+u0CqfhkIOwShM+uP8o9bHXlhe+WKIIPcLh0l1eNdrXrGuvP
XV10AFZgk2DF9E6AMCJuk0STGFrdBLOx7xnMd8hE46sH6dA1cIsjJ1OH99FBNQG6
icMjrQ8+pJNl7JcMBXxDrBXkBLg36E0CC35+3P3VaICMwJRnkccYko9q8xKQGC2y
yhILAfa8ALyWXETHo4lsvpLe9nhoxZ042Yh0zp/ClUW8
-----END CERTIFICATE-----