Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/01aac3-bce9-4d7e-a5fc-3f1b16c6cd63/1/GP2HIzJfCfnGM2MVlkSHwUHaN84.roa
File:                     GP2HIzJfCfnGM2MVlkSHwUHaN84.roa (raw, json)
Hash identifier:          ETW1pgFwQtTKE9AFyJGtQ+Xl0Zj/E5KZv9xhDaWW5T8=
Subject key identifier:   18:FD:87:23:32:5F:09:F9:C6:33:63:15:96:44:87:C1:41:DA:37:CE
Certificate issuer:       /CN=080369a358961f7284fbd591e927737cdb05c35d
Certificate serial:       019425217470784D41B0BA6C49E6BD6CD4DA
Authority key identifier: 08:03:69:A3:58:96:1F:72:84:FB:D5:91:E9:27:73:7C:DB:05:C3:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CANpo1iWH3KE-9WR6SdzfNsFw10.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/01aac3-bce9-4d7e-a5fc-3f1b16c6cd63/1/GP2HIzJfCfnGM2MVlkSHwUHaN84.roa
Signing time:             Thu 02 Jan 2025 03:48:56 +0000
ROA not before:           Thu 02 Jan 2025 03:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8426
IP address blocks:        81.92.128.0/20 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/01aac3-bce9-4d7e-a5fc-3f1b16c6cd63/1/CANpo1iWH3KE-9WR6SdzfNsFw10.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/01aac3-bce9-4d7e-a5fc-3f1b16c6cd63/1/CANpo1iWH3KE-9WR6SdzfNsFw10.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CANpo1iWH3KE-9WR6SdzfNsFw10.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 21:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:74:70:78:4d:41:b0:ba:6c:49:e6:bd:6c:d4:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=080369a358961f7284fbd591e927737cdb05c35d
        Validity
            Not Before: Jan  2 03:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18fd8723325f09f9c6336315964487c141da37ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:50:d6:41:c3:6d:cd:ed:dd:f7:2b:17:0e:dc:
                    8b:90:ff:81:20:4d:83:29:47:60:6a:e1:42:bd:af:
                    38:2b:13:7f:9a:d2:bb:22:9f:b8:ac:09:39:fa:81:
                    b8:94:75:2f:1b:81:dd:92:f9:d1:42:6c:00:70:3b:
                    fd:fd:67:69:a5:ff:73:cb:11:3b:45:f6:13:4a:3c:
                    4f:28:d9:46:d2:05:ad:3e:65:39:e3:db:98:1f:a5:
                    08:71:e6:01:f8:cf:0b:88:25:4c:76:9e:9e:77:80:
                    47:5e:68:5b:95:c1:e0:f2:98:ae:64:f1:ae:83:87:
                    30:aa:e9:2a:45:fc:7a:ca:9c:2f:bb:74:c5:1b:45:
                    54:9c:be:33:f1:11:3c:0a:82:25:d5:fd:a8:cb:0e:
                    be:e2:b1:0d:32:0d:09:e4:d1:45:80:77:14:1a:40:
                    74:b5:d4:1e:53:0c:58:1b:a9:8b:3b:98:77:65:2e:
                    34:97:ca:60:3e:e4:58:83:31:74:b2:d4:b3:ef:62:
                    17:32:86:73:8b:fa:d8:a2:4c:ad:c1:8d:97:1c:bc:
                    c8:ff:94:d4:30:90:f7:bc:81:79:6c:7a:e8:4c:fc:
                    7b:24:da:6f:73:da:16:fe:73:79:ed:b4:65:22:77:
                    52:f1:55:56:8f:6a:20:b5:5f:aa:dc:c8:04:28:bb:
                    b5:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:FD:87:23:32:5F:09:F9:C6:33:63:15:96:44:87:C1:41:DA:37:CE
            X509v3 Authority Key Identifier:
                keyid:08:03:69:A3:58:96:1F:72:84:FB:D5:91:E9:27:73:7C:DB:05:C3:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CANpo1iWH3KE-9WR6SdzfNsFw10.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/01aac3-bce9-4d7e-a5fc-3f1b16c6cd63/1/GP2HIzJfCfnGM2MVlkSHwUHaN84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/01aac3-bce9-4d7e-a5fc-3f1b16c6cd63/1/CANpo1iWH3KE-9WR6SdzfNsFw10.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.92.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         28:66:0f:bc:45:db:e9:7f:fd:05:fc:f4:a7:0d:15:3a:96:4e:
         0a:34:47:65:b7:35:af:46:e1:75:17:01:29:43:59:f6:ed:3e:
         d4:bd:11:40:6e:93:f7:5c:6c:0a:f4:a7:ce:87:4f:d3:7f:32:
         38:c2:43:9a:df:ab:43:04:fb:26:fb:1a:12:c0:7a:40:73:2b:
         95:07:11:b9:d7:33:00:21:c8:23:f6:43:e2:ac:04:4a:26:08:
         63:61:4c:01:2c:cd:62:1f:0c:31:7e:e2:42:19:98:f7:f7:72:
         b6:a6:f9:21:e5:c5:f5:bf:6a:85:2a:80:df:a3:5c:96:bd:74:
         6e:20:27:d7:3f:4a:b2:cb:07:7c:26:2d:86:c7:c0:96:73:f7:
         ad:88:76:31:8b:8a:03:9c:71:2a:98:d8:59:93:3a:b6:6f:33:
         e4:b7:ea:b8:36:ec:99:b6:b6:33:28:78:d3:d8:53:ac:c9:9d:
         8e:eb:ce:cd:d7:4e:ec:2a:d5:33:9a:f4:a0:09:f5:fc:e4:24:
         6b:ed:0c:00:db:3e:1b:ca:3d:e7:ad:7d:f7:fd:0f:fd:66:0e:
         25:06:cc:9d:e6:33:18:99:8a:4e:3a:80:9a:c8:04:84:7e:76:
         e3:b6:a2:cc:f0:4b:86:b2:89:0f:25:cc:57:71:85:40:ea:2d:
         02:d5:01:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIXRweE1BsLpsSea9bNTaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDM2OWEzNTg5NjFmNzI4NGZiZDU5MWU5Mjc3MzdjZGIw
NWMzNWQwHhcNMjUwMTAyMDM0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGZkODcyMzMyNWYwOWY5YzYzMzYzMTU5NjQ0ODdjMTQxZGEzN2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFDWQcNtze3d9ysXDtyLkP+BIE2D
KUdgauFCva84KxN/mtK7Ip+4rAk5+oG4lHUvG4HdkvnRQmwAcDv9/Wdppf9zyxE7
RfYTSjxPKNlG0gWtPmU549uYH6UIceYB+M8LiCVMdp6ed4BHXmhblcHg8piuZPGu
g4cwqukqRfx6ypwvu3TFG0VUnL4z8RE8CoIl1f2oyw6+4rENMg0J5NFFgHcUGkB0
tdQeUwxYG6mLO5h3ZS40l8pgPuRYgzF0stSz72IXMoZzi/rYokytwY2XHLzI/5TU
MJD3vIF5bHroTPx7JNpvc9oW/nN57bRlIndS8VVWj2ogtV+q3MgEKLu1bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBj9hyMyXwn5xjNjFZZEh8FB2jfOMB8GA1UdIwQY
MBaAFAgDaaNYlh9yhPvVkeknc3zbBcNdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FOcG8xaVdIM0tFLTlXUjZTZHpmTnNGdzEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS8wMWFhYzMtYmNlOS00ZDdlLWE1ZmMt
M2YxYjE2YzZjZDYzLzEvR1AySEl6SmZDZm5HTTJNVmxrU0h3VUhhTjg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS8wMWFhYzMtYmNlOS00ZDdlLWE1ZmMtM2YxYjE2YzZjZDYz
LzEvQ0FOcG8xaVdIM0tFLTlXUjZTZHpmTnNGdzEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUVyAMA0G
CSqGSIb3DQEBCwUAA4IBAQAoZg+8Rdvpf/0F/PSnDRU6lk4KNEdltzWvRuF1FwEp
Q1n27T7UvRFAbpP3XGwK9KfOh0/TfzI4wkOa36tDBPsm+xoSwHpAcyuVBxG51zMA
Icgj9kPirARKJghjYUwBLM1iHwwxfuJCGZj393K2pvkh5cX1v2qFKoDfo1yWvXRu
ICfXP0qyywd8Ji2Gx8CWc/etiHYxi4oDnHEqmNhZkzq2bzPkt+q4NuyZtrYzKHjT
2FOsyZ2O687N107sKtUzmvSgCfX85CRr7QwA2z4byj3nrX33/Q/9Zg4lBsyd5jMY
mYpOOoCayASEfnbjtqLM8EuGsokPJcxXcYVA6i0C1QEO
-----END CERTIFICATE-----