Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/Gio1iTtemGJ7UFbiPMe5OE3FdgA.roa
File:                     Gio1iTtemGJ7UFbiPMe5OE3FdgA.roa (raw, json)
Hash identifier:          EygVPQdV1G2Rlz10Vmo3znoHM7wXgKkiL/dePk2eceA=
Subject key identifier:   1A:2A:35:89:3B:5E:98:62:7B:50:56:E2:3C:C7:B9:38:4D:C5:76:00
Certificate issuer:       /CN=7aef069e7e3ed5bf70f682ce40c5810ff3e5e378
Certificate serial:       018CC4924AA6C351B1C3C85C1B89968D5854
Authority key identifier: 7A:EF:06:9E:7E:3E:D5:BF:70:F6:82:CE:40:C5:81:0F:F3:E5:E3:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/Gio1iTtemGJ7UFbiPMe5OE3FdgA.roa
Signing time:             Mon 01 Jan 2024 10:29:30 +0000
ROA not before:           Mon 01 Jan 2024 10:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28721
IP address blocks:        194.149.245.0/24 maxlen: 24
                          185.88.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:4a:a6:c3:51:b1:c3:c8:5c:1b:89:96:8d:58:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aef069e7e3ed5bf70f682ce40c5810ff3e5e378
        Validity
            Not Before: Jan  1 10:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a2a35893b5e98627b5056e23cc7b9384dc57600
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:da:a0:e0:ca:a9:3a:0f:c3:70:9f:c3:36:b6:
                    63:a9:ad:1e:7c:76:33:ae:ce:3e:e7:f4:2c:e7:f6:
                    a4:04:15:9b:c6:02:42:43:bd:6a:7a:d3:96:7f:9f:
                    cd:3c:f1:72:34:7c:04:08:83:07:ff:39:2d:32:dd:
                    3c:12:9a:f0:07:cf:ac:a5:44:c6:75:3f:f9:a7:4b:
                    ad:48:1a:44:79:11:df:b4:56:b7:13:9a:0d:44:7b:
                    cd:ba:d7:44:9e:f2:0b:be:e8:1c:87:f5:1a:b2:5d:
                    e7:ee:87:8c:77:69:1b:1b:bd:0d:3e:d6:80:78:2d:
                    f1:18:d1:ba:ed:eb:ef:8a:15:3f:bb:19:8a:4c:21:
                    3c:49:81:86:05:e7:a2:18:69:68:11:d6:77:98:47:
                    a3:57:c8:ac:15:f1:2d:43:d0:16:ba:89:9b:1d:54:
                    e7:05:79:26:40:54:0b:1e:5b:fa:83:13:db:0d:90:
                    0b:42:67:38:e0:60:1b:3b:ac:d3:f4:b7:9b:d9:b7:
                    5b:f9:cc:82:70:c3:92:a2:87:38:82:94:1a:0e:72:
                    51:be:20:c6:00:04:7a:c7:21:7c:4b:f7:ec:42:0a:
                    51:b0:d4:82:fe:93:5a:d3:f6:8f:c6:a6:c7:23:23:
                    15:39:2f:68:0e:34:9e:29:2f:c9:e2:b8:28:61:eb:
                    c3:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:2A:35:89:3B:5E:98:62:7B:50:56:E2:3C:C7:B9:38:4D:C5:76:00
            X509v3 Authority Key Identifier:
                keyid:7A:EF:06:9E:7E:3E:D5:BF:70:F6:82:CE:40:C5:81:0F:F3:E5:E3:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/Gio1iTtemGJ7UFbiPMe5OE3FdgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.130.0/24
                  194.149.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:46:0f:9b:56:54:14:2a:41:61:54:b4:44:2d:94:ff:6d:ef:
         ff:2a:04:30:d4:9c:e2:31:0b:29:52:91:3a:46:8f:8f:45:02:
         90:e8:c6:c5:27:8e:fe:79:1c:04:e2:1c:bb:55:f4:32:2b:28:
         c0:e7:5a:3b:94:10:f0:1b:f0:ba:b0:53:ff:79:ab:c9:f6:7d:
         79:94:9c:23:b6:ea:15:72:ec:18:de:02:47:dd:ac:bd:3b:9c:
         10:28:4b:83:a1:92:32:00:11:67:26:7f:a6:95:fd:38:20:42:
         fb:5c:22:42:2f:6c:7f:23:c3:01:1c:aa:a5:03:8b:04:9a:78:
         2b:d2:81:78:c9:31:40:00:38:4d:9a:00:f4:ac:d0:a0:15:87:
         23:05:de:6e:cb:ec:2d:70:91:ce:5b:85:4e:80:0c:06:22:cd:
         ca:25:4b:ae:79:51:2b:3c:7d:82:22:d4:ca:da:c6:ae:a1:6e:
         a4:6a:96:3e:2c:9b:41:9f:e9:c4:70:e1:d0:98:57:5a:7f:f4:
         97:66:cd:e5:01:a8:e4:e3:08:3b:c6:e8:34:cb:76:7e:22:7b:
         1c:c5:6b:18:91:dc:41:ea:24:1a:84:38:73:72:30:1e:10:ad:
         3a:b7:2c:a0:1b:e0:f2:74:00:5b:8e:54:7f:96:68:d6:d2:be:
         67:a7:ef:1b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEkkqmw1Gxw8hcG4mWjVhUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZWYwNjllN2UzZWQ1YmY3MGY2ODJjZTQwYzU4MTBmZjNl
NWUzNzgwHhcNMjQwMTAxMTAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTJhMzU4OTNiNWU5ODYyN2I1MDU2ZTIzY2M3YjkzODRkYzU3NjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4dqg4MqpOg/DcJ/DNrZjqa0efHYz
rs4+5/Qs5/akBBWbxgJCQ71qetOWf5/NPPFyNHwECIMH/zktMt08EprwB8+spUTG
dT/5p0utSBpEeRHftFa3E5oNRHvNutdEnvILvugch/Uasl3n7oeMd2kbG70NPtaA
eC3xGNG67evvihU/uxmKTCE8SYGGBeeiGGloEdZ3mEejV8isFfEtQ9AWuombHVTn
BXkmQFQLHlv6gxPbDZALQmc44GAbO6zT9Leb2bdb+cyCcMOSooc4gpQaDnJRviDG
AAR6xyF8S/fsQgpRsNSC/pNa0/aPxqbHIyMVOS9oDjSeKS/J4rgoYevD9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBoqNYk7Xphie1BW4jzHuThNxXYAMB8GA1UdIwQY
MBaAFHrvBp5+PtW/cPaCzkDFgQ/z5eN4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXU4R25uNC0xYjl3OW9MT1FNV0JEX1BsNDNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9jMGJiNTItNzBkZS00YWYwLWE5ZmIt
OTAwMDM0ZjAwZDllLzEvR2lvMWlUdGVtR0o3VUZiaVBNZTVPRTNGZGdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9jMGJiNTItNzBkZS00YWYwLWE5ZmItOTAwMDM0ZjAwZDll
LzEvZXU4R25uNC0xYjl3OW9MT1FNV0JEX1BsNDNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuViCAwQA
wpX1MA0GCSqGSIb3DQEBCwUAA4IBAQCXRg+bVlQUKkFhVLRELZT/be//KgQw1Jzi
MQspUpE6Ro+PRQKQ6MbFJ47+eRwE4hy7VfQyKyjA51o7lBDwG/C6sFP/eavJ9n15
lJwjtuoVcuwY3gJH3ay9O5wQKEuDoZIyABFnJn+mlf04IEL7XCJCL2x/I8MBHKql
A4sEmngr0oF4yTFAADhNmgD0rNCgFYcjBd5uy+wtcJHOW4VOgAwGIs3KJUuueVEr
PH2CItTK2sauoW6kapY+LJtBn+nEcOHQmFdaf/SXZs3lAajk4wg7xug0y3Z+Insc
xWsYkdxB6iQahDhzcjAeEK06tyygG+DydABbjlR/lmjW0r5np+8b
-----END CERTIFICATE-----