Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/G4Jxn_aqBgyU9_YGlRiE9ULjWaU.roa
File:                     G4Jxn_aqBgyU9_YGlRiE9ULjWaU.roa (raw, json)
Hash identifier:          RbL+vfgJwT99KSNM/1Fv+iOzh78qncOg1wBYg2kVVuA=
Subject key identifier:   1B:82:71:9F:F6:AA:06:0C:94:F7:F6:06:95:18:84:F5:42:E3:59:A5
Certificate issuer:       /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial:       01942067FE28D831F8752F2CB33EF9CFC79A
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/G4Jxn_aqBgyU9_YGlRiE9ULjWaU.roa
Signing time:             Wed 01 Jan 2025 05:47:53 +0000
ROA not before:           Wed 01 Jan 2025 05:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57353
IP address blocks:        89.58.192.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:fe:28:d8:31:f8:75:2f:2c:b3:3e:f9:cf:c7:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
        Validity
            Not Before: Jan  1 05:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b82719ff6aa060c94f7f606951884f542e359a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:4a:21:94:98:ad:de:f1:e7:c0:ef:c5:58:6b:
                    c5:44:84:14:99:90:a8:7a:55:8a:eb:90:80:df:82:
                    5e:75:d1:cb:45:90:34:9c:b6:69:09:26:09:66:a3:
                    4f:c6:fa:9b:cc:73:60:36:c7:b5:72:ed:d9:c9:f5:
                    a0:2c:53:b6:15:a5:0b:3b:ae:e5:b3:65:68:6b:51:
                    12:f2:44:17:b1:e3:9d:69:b3:d8:a3:70:d7:c9:fc:
                    f7:05:32:8e:fb:bb:ff:45:c7:d2:77:fd:76:c3:54:
                    49:3e:1a:d7:11:a2:ee:e1:94:11:6c:9e:61:31:d5:
                    59:49:4d:a7:b2:a1:af:d4:6b:da:58:23:41:b7:f3:
                    ce:f0:3f:40:72:e1:cc:f6:97:1f:d0:a2:82:9e:d5:
                    e2:36:28:38:56:d1:3e:f7:3a:0b:57:cb:17:a7:56:
                    2b:2a:14:dc:fc:fa:1b:1b:fb:60:8d:c5:63:01:ef:
                    33:fd:b7:86:41:22:3e:bf:76:76:49:80:d3:87:a8:
                    22:25:f1:71:09:0d:0f:67:1e:1a:3d:7f:2c:b4:6b:
                    1b:3c:c7:cb:da:ec:56:31:85:f0:80:49:e0:a0:77:
                    77:a2:26:70:34:6d:f8:bf:0c:89:25:e7:a8:e0:a8:
                    69:4e:fb:f8:af:49:fe:45:3f:bc:fa:cf:39:37:87:
                    cf:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:82:71:9F:F6:AA:06:0C:94:F7:F6:06:95:18:84:F5:42:E3:59:A5
            X509v3 Authority Key Identifier:
                keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/G4Jxn_aqBgyU9_YGlRiE9ULjWaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.58.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         07:91:4d:98:ef:a1:35:5a:fd:dd:9f:c7:3c:af:c8:28:6f:8a:
         29:2e:f7:46:86:1c:fa:1b:3b:68:9f:57:43:52:ad:df:7c:97:
         40:7d:cf:7b:77:8f:17:9e:13:d8:f3:17:50:e9:d2:27:f5:99:
         c2:9d:5e:f7:42:bc:f9:89:ce:fc:be:84:4b:b2:8e:68:b6:06:
         44:0e:cd:a4:b9:e7:e9:11:5b:fa:11:e1:eb:5d:d1:1d:62:7d:
         57:3c:c8:82:3d:8a:c5:84:35:5b:62:b6:62:b1:8d:df:eb:f1:
         84:a3:c0:d0:ed:54:87:ab:12:3b:39:e1:5b:99:cc:87:d6:1f:
         b6:0b:9d:4e:63:37:24:37:15:d2:51:1f:84:4f:e4:ab:54:ac:
         6c:8b:bb:97:cd:2b:eb:45:87:6d:4b:36:d5:22:65:46:c6:c8:
         cc:02:3a:ba:2c:55:21:6e:12:16:86:bb:5f:fb:01:70:ca:5f:
         b2:90:b8:db:87:ad:be:df:3e:51:eb:80:6c:bc:ac:f5:6c:b3:
         34:5f:7b:27:82:18:96:4e:71:9d:d3:41:6f:b5:d8:38:4e:e7:
         cc:c2:19:af:28:9f:01:fe:b0:18:4d:f4:a0:16:6e:53:f0:e3:
         eb:ef:29:28:5f:6d:56:d0:46:f2:12:b8:dd:26:3a:9f:19:f3:
         7d:0f:cf:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ/4o2DH4dS8ssz75z8eaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODAxOTg0Y2MzOGYwYTRmYzVhZmUxYWRlYWI2ODBjMWI4
OWU5NWIwHhcNMjUwMTAxMDU0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjgyNzE5ZmY2YWEwNjBjOTRmN2Y2MDY5NTE4ODRmNTQyZTM1OWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0ohlJit3vHnwO/FWGvFRIQUmZCo
elWK65CA34JeddHLRZA0nLZpCSYJZqNPxvqbzHNgNse1cu3ZyfWgLFO2FaULO67l
s2Voa1ES8kQXseOdabPYo3DXyfz3BTKO+7v/RcfSd/12w1RJPhrXEaLu4ZQRbJ5h
MdVZSU2nsqGv1GvaWCNBt/PO8D9AcuHM9pcf0KKCntXiNig4VtE+9zoLV8sXp1Yr
KhTc/PobG/tgjcVjAe8z/beGQSI+v3Z2SYDTh6giJfFxCQ0PZx4aPX8stGsbPMfL
2uxWMYXwgEngoHd3oiZwNG34vwyJJeeo4KhpTvv4r0n+RT+8+s85N4fPoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBuCcZ/2qgYMlPf2BpUYhPVC41mlMB8GA1UdIwQY
MBaAFK+AGYTMOPCk/Fr+Gt6raAwbielbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQt
NDAyMTI2NWMzOWIwLzEvRzRKeG5fYXFCZ3lVOV9ZR2xSaUU5VUxqV2FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQtNDAyMTI2NWMzOWIw
LzEvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGWTrAMA0G
CSqGSIb3DQEBCwUAA4IBAQAHkU2Y76E1Wv3dn8c8r8gob4opLvdGhhz6Gzton1dD
Uq3ffJdAfc97d48XnhPY8xdQ6dIn9ZnCnV73Qrz5ic78voRLso5otgZEDs2kuefp
EVv6EeHrXdEdYn1XPMiCPYrFhDVbYrZisY3f6/GEo8DQ7VSHqxI7OeFbmcyH1h+2
C51OYzckNxXSUR+ET+SrVKxsi7uXzSvrRYdtSzbVImVGxsjMAjq6LFUhbhIWhrtf
+wFwyl+ykLjbh62+3z5R64BsvKz1bLM0X3snghiWTnGd00Fvtdg4TufMwhmvKJ8B
/rAYTfSgFm5T8OPr7ykoX21W0EbyErjdJjqfGfN9D8+5
-----END CERTIFICATE-----