Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/GMzP4FK3BWd73BtB1rspDBtNJAI.roa
File:                     GMzP4FK3BWd73BtB1rspDBtNJAI.roa (raw, json)
Hash identifier:          RDWj3PKIvnG4Znaa0y/vyFyoiglGm7aIo1wXj8w5Ol8=
Subject key identifier:   18:CC:CF:E0:52:B7:05:67:7B:DC:1B:41:D6:BB:29:0C:1B:4D:24:02
Certificate issuer:       /CN=9c47ee73c28780b12f152cfa259ade3d8ae0d13b
Certificate serial:       0194236A299B39F4B08B3EAEB98EE17BDC13
Authority key identifier: 9C:47:EE:73:C2:87:80:B1:2F:15:2C:FA:25:9A:DE:3D:8A:E0:D1:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nEfuc8KHgLEvFSz6JZrePYrg0Ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/GMzP4FK3BWd73BtB1rspDBtNJAI.roa
Signing time:             Wed 01 Jan 2025 19:49:07 +0000
ROA not before:           Wed 01 Jan 2025 19:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59962
IP address blocks:        194.33.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/nEfuc8KHgLEvFSz6JZrePYrg0Ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/nEfuc8KHgLEvFSz6JZrePYrg0Ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nEfuc8KHgLEvFSz6JZrePYrg0Ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:29:9b:39:f4:b0:8b:3e:ae:b9:8e:e1:7b:dc:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c47ee73c28780b12f152cfa259ade3d8ae0d13b
        Validity
            Not Before: Jan  1 19:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18cccfe052b705677bdc1b41d6bb290c1b4d2402
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:77:60:e8:18:77:d4:63:37:60:8f:22:58:82:
                    3c:01:52:3b:82:6a:c9:c0:f3:98:0a:ee:08:9a:92:
                    27:30:05:a9:47:4f:35:f5:e7:b9:99:37:83:34:8a:
                    c2:64:a0:56:80:5e:d2:b6:2e:7e:c8:55:5b:26:d6:
                    46:41:42:4e:90:c8:c2:c2:f6:9d:fc:c3:0a:2c:91:
                    fd:53:0a:98:28:81:da:b8:dc:61:0d:48:57:b4:3e:
                    d5:e5:50:ec:71:35:2c:79:5c:44:0b:92:2f:0a:14:
                    d0:12:08:96:32:50:d1:75:dc:04:8a:e8:2b:5e:ee:
                    a0:a4:81:a0:df:96:fd:88:d1:6b:0b:2c:49:d4:89:
                    b3:96:db:20:99:eb:60:bb:77:9d:60:68:e3:e8:ef:
                    75:d8:69:21:ff:6a:9e:24:ef:d8:08:30:ac:85:0a:
                    06:e5:73:e3:c6:56:31:b3:d1:fa:67:61:17:cd:e3:
                    77:de:5b:af:74:6b:e4:09:b4:12:ce:0b:64:3e:35:
                    06:84:4d:5b:f3:1e:b8:c4:67:b5:c6:5b:db:ba:78:
                    05:ea:09:d7:37:9b:d0:be:90:b2:03:7c:e4:8d:64:
                    c4:e8:0c:a8:2a:56:96:c3:8e:a4:5d:0b:a6:0b:98:
                    82:a7:69:0e:32:b3:3b:17:76:29:51:96:4f:e1:53:
                    cc:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:CC:CF:E0:52:B7:05:67:7B:DC:1B:41:D6:BB:29:0C:1B:4D:24:02
            X509v3 Authority Key Identifier:
                keyid:9C:47:EE:73:C2:87:80:B1:2F:15:2C:FA:25:9A:DE:3D:8A:E0:D1:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nEfuc8KHgLEvFSz6JZrePYrg0Ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/GMzP4FK3BWd73BtB1rspDBtNJAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/nEfuc8KHgLEvFSz6JZrePYrg0Ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:34:a9:93:d0:31:ac:88:fc:3e:15:88:65:ea:d0:0b:ff:b3:
         21:ec:92:4f:e4:59:7f:22:8e:ad:d8:5a:fe:31:d4:e5:79:42:
         7b:26:16:7b:2d:b8:93:a2:ec:30:d5:86:eb:7a:97:9c:26:35:
         01:78:be:e5:50:29:66:67:ed:cf:c8:57:75:11:ce:f0:a4:d5:
         e9:9a:7e:d1:52:42:e1:ba:3a:03:a6:fc:9e:d6:e1:29:e5:66:
         f2:a6:81:ba:02:bc:11:fc:2a:9c:1f:8b:57:68:b7:d6:4b:db:
         00:cb:df:ed:e4:2d:aa:29:a0:74:88:f0:99:e7:5a:62:71:f7:
         3f:0a:ee:5c:20:cb:08:86:3b:de:2f:d9:97:53:96:ee:28:5e:
         c8:75:85:36:43:5d:a9:89:4a:31:8a:f8:9e:74:3c:a6:fd:4a:
         4b:80:54:5e:39:ea:aa:f8:b1:95:b1:0f:bd:ab:60:56:59:9b:
         7e:dd:22:6c:9a:da:8d:a4:1d:c5:c8:ff:d9:80:bc:78:8b:6e:
         35:9c:ce:5e:97:ec:55:0f:49:b9:15:3b:a5:0b:ab:fb:64:c3:
         d8:4c:da:32:da:95:c2:59:11:75:d9:40:33:48:19:4c:35:2f:
         3a:73:9d:c7:3e:c2:06:60:2f:bf:f3:a5:8e:df:70:5a:05:1a:
         2d:d9:52:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaimbOfSwiz6uuY7he9wTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNDdlZTczYzI4NzgwYjEyZjE1MmNmYTI1OWFkZTNkOGFl
MGQxM2IwHhcNMjUwMTAxMTk0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGNjY2ZlMDUyYjcwNTY3N2JkYzFiNDFkNmJiMjkwYzFiNGQyNDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvndg6Bh31GM3YI8iWII8AVI7gmrJ
wPOYCu4ImpInMAWpR0819ee5mTeDNIrCZKBWgF7Sti5+yFVbJtZGQUJOkMjCwvad
/MMKLJH9UwqYKIHauNxhDUhXtD7V5VDscTUseVxEC5IvChTQEgiWMlDRddwEiugr
Xu6gpIGg35b9iNFrCyxJ1Imzltsgmetgu3edYGjj6O912Gkh/2qeJO/YCDCshQoG
5XPjxlYxs9H6Z2EXzeN33luvdGvkCbQSzgtkPjUGhE1b8x64xGe1xlvbungF6gnX
N5vQvpCyA3zkjWTE6AyoKlaWw46kXQumC5iCp2kOMrM7F3YpUZZP4VPMRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBjMz+BStwVne9wbQda7KQwbTSQCMB8GA1UdIwQY
MBaAFJxH7nPCh4CxLxUs+iWa3j2K4NE7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkVmdWM4S0hnTEV2RlN6NkpacmVQWXJnMFRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9jN2M1MWQtNGY5MC00MDg3LWExM2Et
ZjNjMWE5YTExZDczLzEvR016UDRGSzNCV2Q3M0J0QjFyc3BEQnROSkFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9jN2M1MWQtNGY5MC00MDg3LWExM2EtZjNjMWE5YTExZDcz
LzEvbkVmdWM4S0hnTEV2RlN6NkpacmVQWXJnMFRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiFoMA0G
CSqGSIb3DQEBCwUAA4IBAQBtNKmT0DGsiPw+FYhl6tAL/7Mh7JJP5Fl/Io6t2Fr+
MdTleUJ7JhZ7LbiTouww1YbrepecJjUBeL7lUClmZ+3PyFd1Ec7wpNXpmn7RUkLh
ujoDpvye1uEp5WbypoG6ArwR/CqcH4tXaLfWS9sAy9/t5C2qKaB0iPCZ51picfc/
Cu5cIMsIhjveL9mXU5buKF7IdYU2Q12piUoxiviedDym/UpLgFReOeqq+LGVsQ+9
q2BWWZt+3SJsmtqNpB3FyP/ZgLx4i241nM5el+xVD0m5FTulC6v7ZMPYTNoy2pXC
WRF12UAzSBlMNS86c53HPsIGYC+/86WO33BaBRot2VIb
-----END CERTIFICATE-----