Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/cb1467-241a-4bc5-baa6-6f363e83a78e/1/GZ1s7d54viav3wnjL9leWDPX9XE.roa
File:                     GZ1s7d54viav3wnjL9leWDPX9XE.roa (raw, json)
Hash identifier:          havZ3bJj+OM6go5VLxui+205cgsq5mlbJ3gC7fDy5Sc=
Subject key identifier:   19:9D:6C:ED:DE:78:BE:26:AF:DF:09:E3:2F:D9:5E:58:33:D7:F5:71
Certificate issuer:       /CN=f22219eca54ab269c8aab9b0ff416e7293829b59
Certificate serial:       01942368F11F8123DC733E4A44C47DE55CEE
Authority key identifier: F2:22:19:EC:A5:4A:B2:69:C8:AA:B9:B0:FF:41:6E:72:93:82:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8iIZ7KVKsmnIqrmw_0FucpOCm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/cb1467-241a-4bc5-baa6-6f363e83a78e/1/GZ1s7d54viav3wnjL9leWDPX9XE.roa
Signing time:             Wed 01 Jan 2025 19:47:47 +0000
ROA not before:           Wed 01 Jan 2025 19:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35161
IP address blocks:        195.95.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/cb1467-241a-4bc5-baa6-6f363e83a78e/1/8iIZ7KVKsmnIqrmw_0FucpOCm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/cb1467-241a-4bc5-baa6-6f363e83a78e/1/8iIZ7KVKsmnIqrmw_0FucpOCm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8iIZ7KVKsmnIqrmw_0FucpOCm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 19:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:f1:1f:81:23:dc:73:3e:4a:44:c4:7d:e5:5c:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f22219eca54ab269c8aab9b0ff416e7293829b59
        Validity
            Not Before: Jan  1 19:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=199d6cedde78be26afdf09e32fd95e5833d7f571
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b2:38:7a:63:1c:9d:5a:ea:6e:5a:00:e9:a3:
                    6f:ae:f9:c2:46:ec:ae:53:e4:9c:ef:3b:18:6e:dd:
                    7b:39:dc:e8:47:2f:58:ae:58:1c:48:b2:e1:3b:56:
                    f8:03:b8:8e:84:cb:a5:c1:fb:4f:01:40:3a:dc:96:
                    69:a3:5f:4d:e2:9e:f9:0f:96:eb:03:7a:d4:d3:46:
                    c3:5d:c5:82:d5:14:63:37:c1:c8:4c:96:06:28:ea:
                    b3:8d:83:2f:3d:5f:46:a4:28:c0:f2:85:c3:67:5c:
                    54:42:29:02:2b:a4:4f:c0:ff:cf:c2:53:3f:ce:3a:
                    97:c5:e1:ad:b0:f7:ca:d6:e9:2b:cd:88:56:f8:1a:
                    db:f5:9d:26:4f:af:0c:0c:65:c4:84:2c:6a:3a:3f:
                    13:7e:f8:11:6c:40:e3:97:3f:46:e3:88:06:7f:9f:
                    d4:17:0b:b7:30:33:fb:90:79:3e:64:3b:c9:1f:eb:
                    08:83:1d:24:00:43:4c:14:7b:70:66:32:53:8b:4e:
                    d9:90:b2:a0:d5:5c:48:c8:b9:cd:68:c4:74:47:2e:
                    2f:43:70:84:9b:6d:30:e8:d6:d4:d5:15:ee:9c:f5:
                    b5:3c:d5:28:b0:7b:67:88:63:c6:26:d8:e1:14:af:
                    46:b0:f9:e4:ad:3a:8e:d0:fc:fa:e7:1c:90:a3:4a:
                    70:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:9D:6C:ED:DE:78:BE:26:AF:DF:09:E3:2F:D9:5E:58:33:D7:F5:71
            X509v3 Authority Key Identifier:
                keyid:F2:22:19:EC:A5:4A:B2:69:C8:AA:B9:B0:FF:41:6E:72:93:82:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8iIZ7KVKsmnIqrmw_0FucpOCm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/cb1467-241a-4bc5-baa6-6f363e83a78e/1/GZ1s7d54viav3wnjL9leWDPX9XE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/cb1467-241a-4bc5-baa6-6f363e83a78e/1/8iIZ7KVKsmnIqrmw_0FucpOCm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:9a:89:f4:71:70:a8:00:1e:73:56:0c:c3:64:b4:d8:41:f8:
         fc:ec:6e:1d:35:8d:a3:96:6c:3d:3f:3f:a4:b2:1b:7b:26:37:
         72:19:5a:f2:84:ec:22:38:70:ad:44:86:ba:69:e0:21:37:04:
         24:dc:78:c9:af:26:6d:04:5e:c6:3f:dd:0f:2c:1f:4f:f2:a2:
         ad:e4:ee:b9:b7:07:4f:38:ab:c1:d8:e3:9d:cc:7b:fc:00:f3:
         c8:06:89:be:09:36:ca:6e:01:0a:f2:60:4b:1a:90:66:1a:b6:
         aa:ed:40:96:8b:e6:0e:ca:15:3b:d6:78:b6:72:f2:0a:6f:a9:
         08:55:b8:bf:b3:94:fa:84:c1:a8:71:37:03:32:b4:56:30:55:
         b7:1e:3c:8f:0a:12:ca:ac:67:93:61:ac:04:02:f5:4d:c7:a6:
         3e:d8:10:66:3f:c4:a7:08:93:b0:d5:76:cb:03:5b:2b:d4:fd:
         92:9e:b4:d7:68:c2:d9:41:10:cc:7f:0f:86:f5:c9:70:4d:52:
         92:d1:db:19:70:e6:e5:18:aa:7f:08:8b:a8:af:9d:bf:1b:2b:
         e0:c3:24:3e:16:87:66:af:a9:ff:7c:c1:73:fd:fd:20:f9:19:
         c7:b9:b1:ea:8b:ff:65:b4:22:9a:6c:39:c4:c1:20:78:04:c5:
         7f:4b:6e:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaPEfgSPccz5KRMR95VzuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyMjIxOWVjYTU0YWIyNjljOGFhYjliMGZmNDE2ZTcyOTM4
MjliNTkwHhcNMjUwMTAxMTk0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTlkNmNlZGRlNzhiZTI2YWZkZjA5ZTMyZmQ5NWU1ODMzZDdmNTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurI4emMcnVrqbloA6aNvrvnCRuyu
U+Sc7zsYbt17OdzoRy9YrlgcSLLhO1b4A7iOhMulwftPAUA63JZpo19N4p75D5br
A3rU00bDXcWC1RRjN8HITJYGKOqzjYMvPV9GpCjA8oXDZ1xUQikCK6RPwP/PwlM/
zjqXxeGtsPfK1ukrzYhW+Brb9Z0mT68MDGXEhCxqOj8TfvgRbEDjlz9G44gGf5/U
Fwu3MDP7kHk+ZDvJH+sIgx0kAENMFHtwZjJTi07ZkLKg1VxIyLnNaMR0Ry4vQ3CE
m20w6NbU1RXunPW1PNUosHtniGPGJtjhFK9GsPnkrTqO0Pz65xyQo0pw0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBmdbO3eeL4mr98J4y/ZXlgz1/VxMB8GA1UdIwQY
MBaAFPIiGeylSrJpyKq5sP9BbnKTgptZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGlJWjdLVktzbW5JcXJtd18wRnVjcE9DbTFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9jYjE0NjctMjQxYS00YmM1LWJhYTYt
NmYzNjNlODNhNzhlLzEvR1oxczdkNTR2aWF2M3duakw5bGVXRFBYOVhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9jYjE0NjctMjQxYS00YmM1LWJhYTYtNmYzNjNlODNhNzhl
LzEvOGlJWjdLVktzbW5JcXJtd18wRnVjcE9DbTFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1+YMA0G
CSqGSIb3DQEBCwUAA4IBAQCtmon0cXCoAB5zVgzDZLTYQfj87G4dNY2jlmw9Pz+k
sht7JjdyGVryhOwiOHCtRIa6aeAhNwQk3HjJryZtBF7GP90PLB9P8qKt5O65twdP
OKvB2OOdzHv8APPIBom+CTbKbgEK8mBLGpBmGraq7UCWi+YOyhU71ni2cvIKb6kI
Vbi/s5T6hMGocTcDMrRWMFW3HjyPChLKrGeTYawEAvVNx6Y+2BBmP8SnCJOw1XbL
A1sr1P2SnrTXaMLZQRDMfw+G9clwTVKS0dsZcOblGKp/CIuor52/GyvgwyQ+Fodm
r6n/fMFz/f0g+RnHubHqi/9ltCKabDnEwSB4BMV/S26J
-----END CERTIFICATE-----