Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/20c842-b494-4db6-aa75-3dd36a29fa28/1/GmOEGytdPBI0M6M4F6yAHlQDNk4.roa
File:                     GmOEGytdPBI0M6M4F6yAHlQDNk4.roa (raw, json)
Hash identifier:          rCxXhyimVf47IInvL9Aht6Onq89mIZd51JHlO7lZEGY=
Subject key identifier:   1A:63:84:1B:2B:5D:3C:12:34:33:A3:38:17:AC:80:1E:54:03:36:4E
Certificate issuer:       /CN=05eb12157317bec58fd41d92ff105b361864a6f2
Certificate serial:       019427B3D491F19EA15919FC25E4719FF5CB
Authority key identifier: 05:EB:12:15:73:17:BE:C5:8F:D4:1D:92:FF:10:5B:36:18:64:A6:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BesSFXMXvsWP1B2S_xBbNhhkpvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/20c842-b494-4db6-aa75-3dd36a29fa28/1/GmOEGytdPBI0M6M4F6yAHlQDNk4.roa
Signing time:             Thu 02 Jan 2025 15:48:04 +0000
ROA not before:           Thu 02 Jan 2025 15:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56599
IP address blocks:        194.9.42.0/23 maxlen: 23
                          195.158.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/20c842-b494-4db6-aa75-3dd36a29fa28/1/BesSFXMXvsWP1B2S_xBbNhhkpvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/20c842-b494-4db6-aa75-3dd36a29fa28/1/BesSFXMXvsWP1B2S_xBbNhhkpvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BesSFXMXvsWP1B2S_xBbNhhkpvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 18:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:d4:91:f1:9e:a1:59:19:fc:25:e4:71:9f:f5:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05eb12157317bec58fd41d92ff105b361864a6f2
        Validity
            Not Before: Jan  2 15:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a63841b2b5d3c123433a33817ac801e5403364e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:b1:32:6d:5f:0d:47:d5:77:cd:34:3f:ea:2a:
                    4e:38:56:b0:20:a9:b9:1d:dc:86:77:dc:cf:d9:4f:
                    99:92:77:62:18:48:df:3b:fc:f1:33:31:4f:bd:7e:
                    68:fe:67:b8:fb:28:5c:c8:c9:24:5e:16:28:c9:54:
                    40:8d:65:d9:0f:59:90:40:72:f5:e6:9d:b2:c5:80:
                    95:e7:42:17:ed:bd:31:6d:0e:b9:45:86:a7:ce:9c:
                    0a:17:ba:d5:14:ac:25:ac:d4:78:fa:e2:74:a2:27:
                    d8:59:c2:7a:dd:c1:05:64:53:31:8f:92:14:0d:a9:
                    88:20:60:9b:03:30:99:40:13:cc:4a:7e:07:96:f1:
                    8f:47:9c:79:f9:6e:16:a2:9c:c9:48:b3:70:eb:3a:
                    ec:33:ee:eb:97:c5:73:86:38:3e:86:a2:1a:d0:0a:
                    47:2e:74:5e:5e:11:80:ae:fd:64:4b:77:96:b6:4f:
                    ec:f6:5a:43:e4:ae:31:c7:a7:d0:40:de:2d:60:98:
                    9c:b8:7f:66:4f:7b:b7:48:20:9e:6d:60:53:eb:d9:
                    8e:16:3f:3b:7a:28:26:25:28:89:9a:a5:7b:8b:e4:
                    0c:bf:51:a6:ac:4f:93:bc:53:6d:89:6b:83:02:2f:
                    b6:92:c5:62:dc:20:18:18:f9:52:a6:c8:11:a7:ea:
                    fc:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:63:84:1B:2B:5D:3C:12:34:33:A3:38:17:AC:80:1E:54:03:36:4E
            X509v3 Authority Key Identifier:
                keyid:05:EB:12:15:73:17:BE:C5:8F:D4:1D:92:FF:10:5B:36:18:64:A6:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BesSFXMXvsWP1B2S_xBbNhhkpvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/20c842-b494-4db6-aa75-3dd36a29fa28/1/GmOEGytdPBI0M6M4F6yAHlQDNk4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/20c842-b494-4db6-aa75-3dd36a29fa28/1/BesSFXMXvsWP1B2S_xBbNhhkpvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.9.42.0/23
                  195.158.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:ac:ee:f3:de:51:04:f6:ad:6d:bc:75:62:8b:19:67:c9:cd:
         31:32:85:ab:46:a0:af:f8:2b:00:fa:a6:58:cc:20:8b:42:e1:
         b4:de:bd:05:3d:87:8a:67:2f:43:8a:21:2f:65:d7:69:4f:13:
         9d:41:d9:0e:48:04:a6:4f:e6:ef:4e:f1:3a:98:42:ed:23:f6:
         00:19:45:f6:ff:91:42:40:9e:68:45:8c:89:d1:e3:21:f6:53:
         1c:df:55:22:5f:d9:32:b4:38:91:e3:cc:80:55:57:22:00:1c:
         f4:0b:0d:93:2a:77:7e:ac:b2:8e:32:ef:a6:38:86:73:ec:11:
         57:63:dd:0c:d3:4e:17:4e:82:ba:06:04:e6:ae:46:83:a0:30:
         26:a3:25:d3:64:25:2c:a5:f6:e2:35:be:ff:70:32:7c:f0:df:
         25:26:17:de:15:14:44:aa:14:78:34:65:74:d3:ad:86:df:0b:
         d8:0e:50:95:55:9a:03:23:a2:dd:e1:55:94:70:8b:66:74:1a:
         13:82:bb:13:93:b4:31:3a:36:48:a6:c4:09:af:a8:d0:7d:1c:
         d7:e7:ab:95:41:9e:1f:20:6a:a6:5c:98:46:c9:e6:2f:0a:01:
         50:eb:a0:4e:0b:00:16:49:7d:78:ff:70:fd:31:ff:1f:91:5a:
         45:63:1d:bf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQns9SR8Z6hWRn8JeRxn/XLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZWIxMjE1NzMxN2JlYzU4ZmQ0MWQ5MmZmMTA1YjM2MTg2
NGE2ZjIwHhcNMjUwMTAyMTU0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTYzODQxYjJiNWQzYzEyMzQzM2EzMzgxN2FjODAxZTU0MDMzNjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA97EybV8NR9V3zTQ/6ipOOFawIKm5
HdyGd9zP2U+ZkndiGEjfO/zxMzFPvX5o/me4+yhcyMkkXhYoyVRAjWXZD1mQQHL1
5p2yxYCV50IX7b0xbQ65RYanzpwKF7rVFKwlrNR4+uJ0oifYWcJ63cEFZFMxj5IU
DamIIGCbAzCZQBPMSn4HlvGPR5x5+W4WopzJSLNw6zrsM+7rl8Vzhjg+hqIa0ApH
LnReXhGArv1kS3eWtk/s9lpD5K4xx6fQQN4tYJicuH9mT3u3SCCebWBT69mOFj87
eigmJSiJmqV7i+QMv1GmrE+TvFNtiWuDAi+2ksVi3CAYGPlSpsgRp+r8kQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBpjhBsrXTwSNDOjOBesgB5UAzZOMB8GA1UdIwQY
MBaAFAXrEhVzF77Fj9Qdkv8QWzYYZKbyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmVzU0ZYTVh2c1dQMUIyU194QmJOaGhrcHZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi8yMGM4NDItYjQ5NC00ZGI2LWFhNzUt
M2RkMzZhMjlmYTI4LzEvR21PRUd5dGRQQkkwTTZNNEY2eUFIbFFETms0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi8yMGM4NDItYjQ5NC00ZGI2LWFhNzUtM2RkMzZhMjlmYTI4
LzEvQmVzU0ZYTVh2c1dQMUIyU194QmJOaGhrcHZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwgkqAwQA
w570MA0GCSqGSIb3DQEBCwUAA4IBAQCYrO7z3lEE9q1tvHViixlnyc0xMoWrRqCv
+CsA+qZYzCCLQuG03r0FPYeKZy9DiiEvZddpTxOdQdkOSASmT+bvTvE6mELtI/YA
GUX2/5FCQJ5oRYyJ0eMh9lMc31UiX9kytDiR48yAVVciABz0Cw2TKnd+rLKOMu+m
OIZz7BFXY90M004XToK6BgTmrkaDoDAmoyXTZCUspfbiNb7/cDJ88N8lJhfeFRRE
qhR4NGV0062G3wvYDlCVVZoDI6Ld4VWUcItmdBoTgrsTk7QxOjZIpsQJr6jQfRzX
56uVQZ4fIGqmXJhGyeYvCgFQ66BOCwAWSX14/3D9Mf8fkVpFYx2/
-----END CERTIFICATE-----