Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/GH8P0gg__suRNMxySKArDbLIUbo.roa
File:                     GH8P0gg__suRNMxySKArDbLIUbo.roa (raw, json)
Hash identifier:          CREvKk6BsOTIR63NWVCXaLnIOzzXpgUV4RXIplASiHk=
Subject key identifier:   18:7F:0F:D2:08:3F:FE:CB:91:34:CC:72:48:A0:2B:0D:B2:C8:51:BA
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       0194214406D67E4DA85C2F0BC5041FCE3E4A
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/GH8P0gg__suRNMxySKArDbLIUbo.roa
Signing time:             Wed 01 Jan 2025 09:48:13 +0000
ROA not before:           Wed 01 Jan 2025 09:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57529
IP address blocks:        45.131.160.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:06:d6:7e:4d:a8:5c:2f:0b:c5:04:1f:ce:3e:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Jan  1 09:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=187f0fd2083ffecb9134cc7248a02b0db2c851ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:a8:a1:3e:61:0e:b9:25:8f:a3:98:88:c3:e1:
                    9a:37:4c:bb:04:4e:a3:09:ad:bc:9a:ab:e7:c0:ee:
                    80:95:4f:e8:f7:99:47:39:2e:d8:fc:6e:63:67:d4:
                    3b:96:ae:34:b7:81:c0:b5:4c:e0:ee:78:82:55:ae:
                    f8:cd:52:e8:9d:37:13:26:2e:6d:14:81:54:5c:fd:
                    04:57:72:26:69:8d:e4:bf:e9:db:61:ea:23:22:13:
                    47:d8:e9:0e:72:ad:f1:1e:30:d4:6c:88:eb:26:6a:
                    7f:9c:24:9c:f3:4c:76:ec:fb:bc:be:10:ff:63:f4:
                    92:ca:ab:94:7f:c4:b7:f1:74:9f:82:1a:c8:17:de:
                    da:58:d7:62:52:12:aa:3c:18:fb:70:4a:d9:60:67:
                    df:c1:3b:39:28:54:07:f2:83:96:64:11:c5:d8:84:
                    ec:3c:4a:d6:a1:a8:87:23:62:b5:c9:3c:24:14:7a:
                    ea:01:f1:15:0f:77:5e:57:ee:c4:cd:db:4b:9c:ff:
                    89:40:d1:32:22:57:39:6a:c9:6b:30:3a:24:6f:35:
                    95:ca:c1:a8:bd:24:52:11:96:7c:2d:e5:58:36:79:
                    17:9a:4c:2a:6f:2f:ea:2e:81:f1:ec:01:04:2a:40:
                    05:66:10:1b:49:c1:fa:f7:5a:41:d0:1d:24:19:83:
                    4a:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:7F:0F:D2:08:3F:FE:CB:91:34:CC:72:48:A0:2B:0D:B2:C8:51:BA
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/GH8P0gg__suRNMxySKArDbLIUbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4d:b7:8c:9c:96:9f:ef:c2:09:ac:02:c0:94:75:4a:ca:ff:c6:
         f1:33:e5:ca:01:43:45:b2:0e:99:9c:7b:eb:79:de:20:58:64:
         0d:e7:c5:2f:f8:04:b5:f3:bf:b9:49:b3:e5:f8:f1:86:ec:a6:
         1f:22:37:95:2f:27:68:65:3e:66:fb:99:02:74:b6:46:4c:b0:
         10:25:17:8f:ed:e5:bd:d5:63:18:09:88:f4:78:2b:47:fe:10:
         76:59:d7:6c:6e:09:e3:2c:a1:16:48:4d:5b:67:33:56:98:dd:
         3b:2f:94:1e:2c:61:4e:56:b8:72:a9:01:46:23:a5:b5:f1:25:
         ca:0b:fc:1f:5c:5e:8b:fe:bf:e9:59:e9:ae:84:a7:e2:86:6c:
         37:e8:57:8a:4a:89:f6:69:38:c3:37:48:b9:74:25:da:3a:9f:
         79:dc:f6:26:eb:85:03:27:b8:66:4d:10:7c:05:e3:77:92:f8:
         39:52:1a:31:5f:41:16:1f:3b:f9:cb:fd:05:02:70:44:3e:8c:
         f5:47:d4:0f:4f:d8:ee:36:f3:31:d4:70:9b:e2:ef:72:bd:43:
         73:23:98:13:26:39:1b:00:80:25:81:ea:c4:69:5d:ff:9d:b0:
         ca:ba:f5:08:d7:f7:d5:64:59:aa:28:ab:2e:2f:58:98:ce:1c:
         f8:f8:51:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRAbWfk2oXC8LxQQfzj5KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwMTAxMDk0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODdmMGZkMjA4M2ZmZWNiOTEzNGNjNzI0OGEwMmIwZGIyYzg1MWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3aihPmEOuSWPo5iIw+GaN0y7BE6j
Ca28mqvnwO6AlU/o95lHOS7Y/G5jZ9Q7lq40t4HAtUzg7niCVa74zVLonTcTJi5t
FIFUXP0EV3ImaY3kv+nbYeojIhNH2OkOcq3xHjDUbIjrJmp/nCSc80x27Pu8vhD/
Y/SSyquUf8S38XSfghrIF97aWNdiUhKqPBj7cErZYGffwTs5KFQH8oOWZBHF2ITs
PErWoaiHI2K1yTwkFHrqAfEVD3deV+7EzdtLnP+JQNEyIlc5aslrMDokbzWVysGo
vSRSEZZ8LeVYNnkXmkwqby/qLoHx7AEEKkAFZhAbScH691pB0B0kGYNKpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBh/D9IIP/7LkTTMckigKw2yyFG6MB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvR0g4UDBnZ19fc3VSTk14eVNLQXJEYkxJVWJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYOgMA0G
CSqGSIb3DQEBCwUAA4IBAQBNt4yclp/vwgmsAsCUdUrK/8bxM+XKAUNFsg6ZnHvr
ed4gWGQN58Uv+AS187+5SbPl+PGG7KYfIjeVLydoZT5m+5kCdLZGTLAQJReP7eW9
1WMYCYj0eCtH/hB2WddsbgnjLKEWSE1bZzNWmN07L5QeLGFOVrhyqQFGI6W18SXK
C/wfXF6L/r/pWemuhKfihmw36FeKSon2aTjDN0i5dCXaOp953PYm64UDJ7hmTRB8
BeN3kvg5UhoxX0EWHzv5y/0FAnBEPoz1R9QPT9juNvMx1HCb4u9yvUNzI5gTJjkb
AIAlgerEaV3/nbDKuvUI1/fVZFmqKKsuL1iYzhz4+FFe
-----END CERTIFICATE-----