Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/gicegBW5Q1xikkf_SLe1-6lH06U.roa
File:                     gicegBW5Q1xikkf_SLe1-6lH06U.roa (raw, json)
Hash identifier:          pqN+I3n4dBN3SZnpQPA/6vzrG5l7HojgVKb3SXvaH9M=
Subject key identifier:   82:27:1E:80:15:B9:43:5C:62:92:47:FF:48:B7:B5:FB:A9:47:D3:A5
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       01954CE5C034A575195F0746D4E4A5EA8ABA
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/gicegBW5Q1xikkf_SLe1-6lH06U.roa
Signing time:             Fri 28 Feb 2025 14:11:20 +0000
ROA not before:           Fri 28 Feb 2025 14:11:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205220
IP address blocks:        188.209.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:4c:e5:c0:34:a5:75:19:5f:07:46:d4:e4:a5:ea:8a:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: Feb 28 14:11:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82271e8015b9435c629247ff48b7b5fba947d3a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:45:60:cd:e4:5e:24:88:95:b8:d0:8a:cc:b1:
                    0d:a4:6d:1b:6d:de:4f:dc:b0:8f:d7:85:81:02:4f:
                    1a:63:2f:15:ea:03:f8:be:30:db:8c:fe:54:fd:8e:
                    91:08:0d:26:0c:87:c9:bf:1d:5e:34:82:79:17:f4:
                    e8:0d:a2:83:20:58:59:31:d9:c0:97:71:07:da:56:
                    cd:f6:d1:5c:d1:38:ce:09:cc:21:fa:24:d6:21:d2:
                    a9:54:c8:15:9a:fc:31:3b:59:a5:e6:98:b9:18:3c:
                    68:58:86:de:2a:e9:ed:86:54:2a:73:e7:95:fb:b0:
                    a1:2e:6e:c2:ae:dc:3b:67:e5:1e:1c:a2:33:6b:07:
                    cf:35:37:50:c6:88:a7:64:86:3a:be:98:07:aa:78:
                    34:00:7b:d0:3e:2f:df:6a:7d:e7:7c:1b:05:49:48:
                    e7:f5:09:9f:c2:54:9c:d6:44:5b:f8:a6:31:eb:b5:
                    46:c4:45:bb:d1:1c:fd:80:45:fd:99:84:57:57:8b:
                    92:58:cc:6f:23:1d:c0:e1:b8:f4:ca:6d:b8:b0:e8:
                    b8:cf:1c:10:2c:10:01:2c:52:7a:e0:a7:53:f1:76:
                    7b:08:43:0a:64:5a:37:bd:9f:2f:7e:ab:97:8f:9a:
                    fa:47:ca:08:c1:73:f7:bd:d1:bc:b3:3e:0f:d2:9b:
                    2f:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:27:1E:80:15:B9:43:5C:62:92:47:FF:48:B7:B5:FB:A9:47:D3:A5
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/gicegBW5Q1xikkf_SLe1-6lH06U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:93:5a:64:0d:ad:3f:70:33:0c:a5:e8:bf:90:55:b6:a0:6d:
         4d:ba:36:7f:3f:e1:5a:9e:a9:47:e4:90:ca:0d:c0:b7:f6:98:
         e6:a6:ad:d0:a8:7c:2c:4b:78:23:b6:c7:45:3c:a4:b1:2f:de:
         d8:41:14:bb:dd:89:75:20:e7:6b:80:5c:f9:17:d7:88:d4:2f:
         52:2a:d8:89:00:cf:fe:34:52:34:c9:d6:b6:30:fc:0b:a1:1d:
         cf:55:b3:68:74:8e:e4:5f:e4:2c:c7:c9:56:c9:4a:1e:b7:ad:
         b2:70:d6:3e:e6:b0:04:57:32:14:21:f4:93:c8:4b:87:a9:84:
         19:42:4c:f5:51:b0:7d:d0:79:9f:e9:7d:a1:6c:b9:ae:38:c0:
         85:af:26:a3:fd:3c:e3:cf:17:de:06:04:52:ff:d9:58:6f:a6:
         65:b4:d8:24:d6:ca:a3:10:15:ee:4f:df:fe:58:7e:1d:06:76:
         47:1e:02:f9:b8:60:bb:76:50:2a:d2:85:05:e1:7a:1d:5b:f5:
         c4:f2:1f:f5:10:ba:8d:a9:83:1d:69:af:ed:56:fb:8f:ec:2e:
         90:ea:81:03:84:ce:77:d1:dc:f2:7d:71:6a:21:8a:0b:5f:1f:
         b8:7a:0f:c6:92:74:93:f9:76:d2:3e:64:51:86:00:f4:bf:19:
         e0:78:8d:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVM5cA0pXUZXwdG1OSl6oq6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjUwMjI4MTQxMTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjI3MWU4MDE1Yjk0MzVjNjI5MjQ3ZmY0OGI3YjVmYmE5NDdkM2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkVgzeReJIiVuNCKzLENpG0bbd5P
3LCP14WBAk8aYy8V6gP4vjDbjP5U/Y6RCA0mDIfJvx1eNIJ5F/ToDaKDIFhZMdnA
l3EH2lbN9tFc0TjOCcwh+iTWIdKpVMgVmvwxO1ml5pi5GDxoWIbeKunthlQqc+eV
+7ChLm7Crtw7Z+UeHKIzawfPNTdQxoinZIY6vpgHqng0AHvQPi/fan3nfBsFSUjn
9QmfwlSc1kRb+KYx67VGxEW70Rz9gEX9mYRXV4uSWMxvIx3A4bj0ym24sOi4zxwQ
LBABLFJ64KdT8XZ7CEMKZFo3vZ8vfquXj5r6R8oIwXP3vdG8sz4P0psvUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIInHoAVuUNcYpJH/0i3tfupR9OlMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvZ2ljZWdCVzVRMXhpa2tmX1NMZTEtNmxIMDZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNGIMA0G
CSqGSIb3DQEBCwUAA4IBAQAUk1pkDa0/cDMMpei/kFW2oG1NujZ/P+FanqlH5JDK
DcC39pjmpq3QqHwsS3gjtsdFPKSxL97YQRS73Yl1IOdrgFz5F9eI1C9SKtiJAM/+
NFI0yda2MPwLoR3PVbNodI7kX+Qsx8lWyUoet62ycNY+5rAEVzIUIfSTyEuHqYQZ
Qkz1UbB90Hmf6X2hbLmuOMCFryaj/TzjzxfeBgRS/9lYb6ZltNgk1sqjEBXuT9/+
WH4dBnZHHgL5uGC7dlAq0oUF4XodW/XE8h/1ELqNqYMdaa/tVvuP7C6Q6oEDhM53
0dzyfXFqIYoLXx+4eg/GknST+XbSPmRRhgD0vxngeI0/
-----END CERTIFICATE-----