Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GhiRITWIqAvCsslwK3PRG5B3uTA.roa
File:                     GhiRITWIqAvCsslwK3PRG5B3uTA.roa (raw, json)
Hash identifier:          xTIsMDB3CRG3I21KLoBR1vj3/nMuVlpN5V0ndorVPm4=
Subject key identifier:   1A:18:91:21:35:88:A8:0B:C2:B2:C9:70:2B:73:D1:1B:90:77:B9:30
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0195CB85603B9289BAD570F0F7E36AAF623E
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GhiRITWIqAvCsslwK3PRG5B3uTA.roa
Signing time:             Tue 25 Mar 2025 04:17:50 +0000
ROA not before:           Tue 25 Mar 2025 04:17:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        2.59.252.0/24 maxlen: 24
                          185.216.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:57:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:cb:85:60:3b:92:89:ba:d5:70:f0:f7:e3:6a:af:62:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 25 04:17:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a1891213588a80bc2b2c9702b73d11b9077b930
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:98:98:81:89:0d:bc:11:37:ea:6a:26:bb:88:
                    f7:61:cd:c5:3b:8d:24:c2:16:cd:cd:e3:62:b4:4c:
                    b0:46:c4:58:9e:bd:0b:18:cd:49:c1:4f:88:d3:77:
                    5f:5c:19:eb:a3:c8:06:77:39:59:99:92:83:12:2e:
                    87:df:a4:ae:25:1e:8d:cb:e7:8d:23:2b:e3:d0:90:
                    ba:41:79:3d:04:e5:71:c6:48:23:4c:15:8d:fd:32:
                    7a:be:62:dd:54:d8:d9:32:90:18:35:5c:81:c0:fd:
                    c7:64:43:81:fb:c8:a7:ff:28:0e:83:bd:ad:a6:7c:
                    03:25:59:90:7f:59:69:3b:32:5f:7e:09:de:01:58:
                    f8:11:2d:6b:16:e2:9c:f4:c2:e8:62:3d:3a:94:ec:
                    35:54:1f:66:cc:6c:b0:a4:c0:2d:19:de:bf:c9:16:
                    1d:28:f7:50:8d:0d:38:7c:e1:b9:a2:ac:0e:00:41:
                    50:d3:4c:fd:ff:9b:13:f9:b4:b0:92:f5:e8:4b:a4:
                    3e:bb:0b:8d:38:e2:2a:b4:3f:88:67:69:67:bd:2f:
                    1c:1c:37:99:9b:d3:1e:e8:a5:0d:ba:ab:4f:23:42:
                    c4:65:ad:f9:42:ca:72:6d:5d:af:5c:3b:07:e9:9a:
                    a1:7e:24:a9:f5:64:ab:09:d6:9c:b1:d8:9a:fb:5b:
                    fa:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:18:91:21:35:88:A8:0B:C2:B2:C9:70:2B:73:D1:1B:90:77:B9:30
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GhiRITWIqAvCsslwK3PRG5B3uTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.252.0/24
                  185.216.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:b0:19:1a:43:ad:de:75:fe:f6:c2:f2:24:a7:57:c5:29:6f:
         59:62:04:e5:56:7c:a0:af:7d:83:6a:9f:8d:ee:17:1f:34:af:
         e8:48:90:41:68:0b:8e:d0:8f:72:72:84:f5:df:9e:ab:70:7f:
         2d:42:4d:32:0e:60:67:bb:5c:75:0e:53:b9:60:97:cf:fb:12:
         70:f3:36:71:76:38:4e:a4:9e:64:1d:1c:28:86:8c:ba:0d:bd:
         1a:20:c8:b6:9d:7c:d5:7e:33:45:6e:6f:99:f4:e9:36:1c:52:
         72:73:af:8c:90:af:ae:8c:b6:bb:9d:ec:88:44:3c:a2:80:17:
         90:2f:d5:15:47:19:10:b8:aa:a5:bb:b7:0d:e3:f9:04:b1:71:
         6c:a4:bf:e3:6b:11:d6:75:d9:17:cd:a0:4b:d5:af:a4:93:1c:
         41:90:6d:a9:75:e8:72:90:5b:a9:0f:54:37:33:89:94:f6:77:
         41:c3:e4:8e:ec:17:bc:95:e3:ae:35:5f:97:95:6c:57:71:b1:
         3a:90:86:8d:60:2e:02:8e:ae:f3:32:5a:a6:39:d0:38:76:b1:
         e2:0a:37:8c:65:f7:46:3a:19:1c:a9:1e:2f:87:cb:3f:79:4a:
         ec:88:6a:0f:ea:0b:27:29:ce:15:75:b5:fb:c1:26:a7:1b:bf:
         81:19:57:12
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZXLhWA7kom61XDw9+Nqr2I+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzI1MDQxNzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTE4OTEyMTM1ODhhODBiYzJiMmM5NzAyYjczZDExYjkwNzdiOTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZiYgYkNvBE36momu4j3Yc3FO40k
whbNzeNitEywRsRYnr0LGM1JwU+I03dfXBnro8gGdzlZmZKDEi6H36SuJR6Ny+eN
Iyvj0JC6QXk9BOVxxkgjTBWN/TJ6vmLdVNjZMpAYNVyBwP3HZEOB+8in/ygOg72t
pnwDJVmQf1lpOzJffgneAVj4ES1rFuKc9MLoYj06lOw1VB9mzGywpMAtGd6/yRYd
KPdQjQ04fOG5oqwOAEFQ00z9/5sT+bSwkvXoS6Q+uwuNOOIqtD+IZ2lnvS8cHDeZ
m9Me6KUNuqtPI0LEZa35QspybV2vXDsH6ZqhfiSp9WSrCdacsdia+1v6FwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBoYkSE1iKgLwrLJcCtz0RuQd7kwMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvR2hpUklUV0lxQXZDc3Nsd0szUFJHNUIzdVRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAjv8AwQA
udhGMA0GCSqGSIb3DQEBCwUAA4IBAQC1sBkaQ63edf72wvIkp1fFKW9ZYgTlVnyg
r32Dap+N7hcfNK/oSJBBaAuO0I9ycoT1356rcH8tQk0yDmBnu1x1DlO5YJfP+xJw
8zZxdjhOpJ5kHRwohoy6Db0aIMi2nXzVfjNFbm+Z9Ok2HFJyc6+MkK+ujLa7neyI
RDyigBeQL9UVRxkQuKqlu7cN4/kEsXFspL/jaxHWddkXzaBL1a+kkxxBkG2pdehy
kFupD1Q3M4mU9ndBw+SO7Be8leOuNV+XlWxXcbE6kIaNYC4Cjq7zMlqmOdA4drHi
CjeMZfdGOhkcqR4vh8s/eUrsiGoP6gsnKc4VdbX7wSanG7+BGVcS
-----END CERTIFICATE-----