Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/GYfP-_5AgF2tP76e5fRk1Obxams.roa
File:                     GYfP-_5AgF2tP76e5fRk1Obxams.roa (raw, json)
Hash identifier:          o0ArFfatnfvS0Hu8X7wzBqS07tXTfSEiGRtuEquAi7k=
Subject key identifier:   19:87:CF:FB:FE:40:80:5D:AD:3F:BE:9E:E5:F4:64:D4:E6:F1:6A:6B
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019421440082B0FB6417A470A6C2D1AD858B
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/GYfP-_5AgF2tP76e5fRk1Obxams.roa
Signing time:             Wed 01 Jan 2025 09:48:12 +0000
ROA not before:           Wed 01 Jan 2025 09:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44554
IP address blocks:        88.151.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:00:82:b0:fb:64:17:a4:70:a6:c2:d1:ad:85:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Jan  1 09:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1987cffbfe40805dad3fbe9ee5f464d4e6f16a6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a5:a1:d5:be:3f:22:5d:4d:7d:99:4e:87:cd:
                    e5:b5:36:46:e0:e0:37:60:e1:33:b2:8a:8f:56:28:
                    66:c7:2e:ca:e1:97:30:0a:94:d4:33:74:b4:6d:24:
                    8c:f9:aa:ec:0c:79:b7:26:d1:fc:a0:a4:ad:10:bc:
                    53:23:21:2a:b8:64:dd:b9:f8:0e:ce:3c:2c:de:5f:
                    f8:75:a6:ac:46:5e:42:cb:24:fb:79:d0:6a:8e:82:
                    21:bf:11:7f:43:e0:36:61:ac:8c:57:ce:7b:49:8b:
                    25:84:f2:0b:64:9f:95:11:37:41:83:a4:4d:fe:fe:
                    60:cc:99:4f:b5:ee:1c:a1:1f:76:46:9c:8e:f6:36:
                    76:79:70:c3:a2:0f:a6:c6:12:ad:c4:65:61:ff:e0:
                    bb:e9:6e:ad:5d:79:35:fd:78:01:fe:6f:14:9a:1c:
                    e0:ff:dc:97:c4:89:bb:ca:96:59:d4:f1:bd:d5:a8:
                    f4:02:ab:5e:58:40:86:a7:7b:df:56:a8:87:d7:99:
                    02:3f:30:68:bf:1d:83:49:08:ab:8a:38:e3:16:4b:
                    cd:74:6d:aa:29:82:db:32:c8:06:5e:89:02:ad:37:
                    e4:5f:f0:16:d4:1b:de:e3:13:f9:54:8c:d2:88:14:
                    c0:98:a5:84:32:88:9b:1e:a5:08:5f:d1:83:b1:e8:
                    e9:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:87:CF:FB:FE:40:80:5D:AD:3F:BE:9E:E5:F4:64:D4:E6:F1:6A:6B
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/GYfP-_5AgF2tP76e5fRk1Obxams.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:76:7d:1b:4e:bf:2c:8a:54:0f:4b:6d:d1:5e:ad:66:3c:ca:
         9d:47:58:6b:17:a9:87:e0:cc:8a:fa:18:83:74:1f:cf:d9:66:
         3d:0d:7c:27:c0:4a:e1:af:c1:64:c8:72:69:43:35:21:fb:8b:
         55:68:0b:27:5e:e5:66:f0:41:e5:bb:1c:b5:03:93:aa:c1:30:
         b3:3b:13:fc:f4:50:67:5d:a9:c5:bc:65:44:b1:c9:e4:2e:61:
         75:0f:b0:98:ca:13:10:5c:b7:17:ce:ae:33:a9:1e:23:b5:b3:
         85:08:d8:8f:36:78:0b:49:ef:58:a9:a4:25:57:cf:8f:2f:3a:
         00:85:e5:26:8c:8d:f8:c4:d6:06:6e:93:6a:73:59:1c:58:80:
         19:10:fd:25:32:fa:f7:85:c6:74:eb:c1:9e:9f:a1:65:cc:05:
         94:b7:e3:d4:12:38:64:e9:fb:e9:8b:44:b4:18:88:2c:cc:ec:
         e5:5d:44:81:b0:73:a0:00:2f:7f:c9:f6:59:91:a6:a2:93:cc:
         88:75:9f:77:ab:32:36:87:e4:31:4b:b9:9f:0c:79:d6:22:65:
         2b:a4:63:ae:fe:aa:d2:02:ec:dc:03:63:95:d2:5d:62:2f:24:
         35:8a:54:a9:39:d1:fa:52:83:69:b6:a9:d7:0f:05:b4:c6:72:
         b2:03:2b:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRACCsPtkF6RwpsLRrYWLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwMTAxMDk0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTg3Y2ZmYmZlNDA4MDVkYWQzZmJlOWVlNWY0NjRkNGU2ZjE2YTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaWh1b4/Il1NfZlOh83ltTZG4OA3
YOEzsoqPVihmxy7K4ZcwCpTUM3S0bSSM+arsDHm3JtH8oKStELxTIyEquGTdufgO
zjws3l/4daasRl5CyyT7edBqjoIhvxF/Q+A2YayMV857SYslhPILZJ+VETdBg6RN
/v5gzJlPte4coR92RpyO9jZ2eXDDog+mxhKtxGVh/+C76W6tXXk1/XgB/m8Umhzg
/9yXxIm7ypZZ1PG91aj0AqteWECGp3vfVqiH15kCPzBovx2DSQirijjjFkvNdG2q
KYLbMsgGXokCrTfkX/AW1Bve4xP5VIzSiBTAmKWEMoibHqUIX9GDsejpiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBmHz/v+QIBdrT++nuX0ZNTm8WprMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvR1lmUC1fNUFnRjJ0UDc2ZTVmUmsxT2J4YW1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWJd3MA0G
CSqGSIb3DQEBCwUAA4IBAQAedn0bTr8silQPS23RXq1mPMqdR1hrF6mH4MyK+hiD
dB/P2WY9DXwnwErhr8FkyHJpQzUh+4tVaAsnXuVm8EHluxy1A5OqwTCzOxP89FBn
XanFvGVEscnkLmF1D7CYyhMQXLcXzq4zqR4jtbOFCNiPNngLSe9YqaQlV8+PLzoA
heUmjI34xNYGbpNqc1kcWIAZEP0lMvr3hcZ068Gen6FlzAWUt+PUEjhk6fvpi0S0
GIgszOzlXUSBsHOgAC9/yfZZkaaik8yIdZ93qzI2h+QxS7mfDHnWImUrpGOu/qrS
AuzcA2OV0l1iLyQ1ilSpOdH6UoNptqnXDwW0xnKyAytl
-----END CERTIFICATE-----