Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/GCtyi3lw7wvdjThL7ys1PgP9Xnc.roa
File:                     GCtyi3lw7wvdjThL7ys1PgP9Xnc.roa (raw, json)
Hash identifier:          5CeTby/6o+AF4t0XHb3kaPZv+C11iBwU5xTq1fJyEaY=
Subject key identifier:   18:2B:72:8B:79:70:EF:0B:DD:8D:38:4B:EF:2B:35:3E:03:FD:5E:77
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       0194282830E4DC50521DD4DE1AADC0B39642
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/GCtyi3lw7wvdjThL7ys1PgP9Xnc.roa
Signing time:             Thu 02 Jan 2025 17:55:10 +0000
ROA not before:           Thu 02 Jan 2025 17:55:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215361
IP address blocks:        151.251.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:28:30:e4:dc:50:52:1d:d4:de:1a:ad:c0:b3:96:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  2 17:55:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=182b728b7970ef0bdd8d384bef2b353e03fd5e77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:23:81:97:bd:64:b8:55:14:78:5e:b0:79:6d:
                    38:82:e9:2e:11:24:82:8e:31:20:f4:8f:c8:7f:46:
                    3d:bf:da:89:a2:f4:cd:83:34:33:88:4e:82:65:e9:
                    f2:73:5c:e4:95:c3:a0:b2:bb:0d:a3:3a:f2:9f:95:
                    cc:53:7b:b3:69:42:13:58:73:0d:d6:d0:c5:6b:c7:
                    43:1d:d7:c2:5d:8d:72:5a:39:34:23:a1:1d:59:3b:
                    69:72:aa:e4:00:0c:c2:7c:c8:b8:b2:3a:00:2a:b6:
                    e5:ec:13:1f:83:94:31:82:30:02:4e:79:8c:89:ff:
                    f7:af:c2:f4:14:ac:52:f0:9f:3f:53:db:fb:c2:a8:
                    b4:e1:1a:76:d0:f9:5b:e6:6b:02:b6:70:93:60:93:
                    39:6d:51:38:71:83:e8:0a:54:f8:9d:6f:bf:ef:12:
                    95:69:5c:2d:3e:cf:5d:bc:94:ac:8e:9f:49:2f:de:
                    28:e6:e5:51:67:e4:00:30:fb:e0:57:2b:a8:cb:ac:
                    66:c1:f2:45:b0:bd:20:db:b6:b1:7c:57:1d:19:32:
                    b7:b3:a2:fc:5f:80:74:0b:86:40:05:f8:7f:51:c3:
                    84:24:6a:c5:11:fc:68:4b:ca:9a:f9:7b:d8:11:d6:
                    88:70:a6:74:22:25:74:af:b0:86:5a:af:aa:1c:8c:
                    17:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:2B:72:8B:79:70:EF:0B:DD:8D:38:4B:EF:2B:35:3E:03:FD:5E:77
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/GCtyi3lw7wvdjThL7ys1PgP9Xnc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.251.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:cb:51:f2:47:90:b0:10:76:7e:bb:ff:d7:20:c9:72:bb:92:
         0f:e6:ab:ad:ae:c6:f5:f3:44:eb:ef:48:f0:66:86:af:44:8d:
         b0:69:33:e8:b6:f9:4c:00:1b:ba:82:d4:21:41:51:e3:ba:2d:
         e0:37:96:bd:5b:db:36:30:02:85:b7:79:c4:2d:c5:03:d5:7d:
         23:79:20:7f:1d:a0:bf:e4:fd:12:50:e2:38:b7:de:c8:02:34:
         3a:c0:14:e1:5f:e5:0c:aa:3c:6c:29:87:50:8b:64:28:2c:ed:
         f6:54:74:e6:3c:8d:52:c4:18:2e:8f:27:6d:19:68:3b:4c:3b:
         64:ca:3c:d4:7f:44:42:24:ea:4b:d1:3c:b3:6f:eb:df:6f:71:
         20:26:33:82:45:71:0f:e3:d8:70:db:8d:77:cd:01:a8:f2:2f:
         8a:30:f0:38:ff:78:b0:89:ea:27:8f:6f:42:c9:b2:3b:b9:b9:
         5d:9b:28:20:3b:b9:a7:c7:ed:09:c9:1a:d3:e5:7d:7e:a5:4c:
         0f:69:8c:9e:62:a9:61:63:3d:19:81:ba:7d:78:7e:41:36:06:
         e1:88:65:81:87:df:36:55:31:d9:01:18:cd:da:10:4f:df:cc:
         50:b2:57:99:bf:00:8f:41:f3:a0:14:06:7d:e7:c8:60:c9:73:
         7d:65:3a:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoKDDk3FBSHdTeGq3As5ZCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjUwMTAyMTc1NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODJiNzI4Yjc5NzBlZjBiZGQ4ZDM4NGJlZjJiMzUzZTAzZmQ1ZTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhiOBl71kuFUUeF6weW04gukuESSC
jjEg9I/If0Y9v9qJovTNgzQziE6CZenyc1zklcOgsrsNozryn5XMU3uzaUITWHMN
1tDFa8dDHdfCXY1yWjk0I6EdWTtpcqrkAAzCfMi4sjoAKrbl7BMfg5QxgjACTnmM
if/3r8L0FKxS8J8/U9v7wqi04Rp20Plb5msCtnCTYJM5bVE4cYPoClT4nW+/7xKV
aVwtPs9dvJSsjp9JL94o5uVRZ+QAMPvgVyuoy6xmwfJFsL0g27axfFcdGTK3s6L8
X4B0C4ZABfh/UcOEJGrFEfxoS8qa+XvYEdaIcKZ0IiV0r7CGWq+qHIwX+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBgrcot5cO8L3Y04S+8rNT4D/V53MB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvR0N0eWkzbHc3d3ZkalRoTDd5czFQZ1A5WG5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/smMA0G
CSqGSIb3DQEBCwUAA4IBAQBsy1HyR5CwEHZ+u//XIMlyu5IP5qutrsb180Tr70jw
ZoavRI2waTPotvlMABu6gtQhQVHjui3gN5a9W9s2MAKFt3nELcUD1X0jeSB/HaC/
5P0SUOI4t97IAjQ6wBThX+UMqjxsKYdQi2QoLO32VHTmPI1SxBgujydtGWg7TDtk
yjzUf0RCJOpL0Tyzb+vfb3EgJjOCRXEP49hw2413zQGo8i+KMPA4/3iwieonj29C
ybI7ubldmyggO7mnx+0JyRrT5X1+pUwPaYyeYqlhYz0Zgbp9eH5BNgbhiGWBh982
VTHZARjN2hBP38xQsleZvwCPQfOgFAZ958hgyXN9ZTp0
-----END CERTIFICATE-----