Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GREGAvhe2VgI6a54EtvB_eMcS0E.roa
File:                     GREGAvhe2VgI6a54EtvB_eMcS0E.roa (raw, json)
Hash identifier:          ihvkOXAEZ8FhNcqicvyUY7sdz9+IJC2Gp3V3tEgPjkI=
Subject key identifier:   19:11:06:02:F8:5E:D9:58:08:E9:AE:78:12:DB:C1:FD:E3:1C:4B:41
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       01942748906F2559D74A539E07F7065D41BF
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GREGAvhe2VgI6a54EtvB_eMcS0E.roa
Signing time:             Thu 02 Jan 2025 13:50:54 +0000
ROA not before:           Thu 02 Jan 2025 13:50:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64249
IP address blocks:        45.10.23.0/24 maxlen: 24
                          45.91.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:90:6f:25:59:d7:4a:53:9e:07:f7:06:5d:41:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 13:50:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19110602f85ed95808e9ae7812dbc1fde31c4b41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:fb:25:2b:3f:f7:16:e5:16:73:85:ab:6f:0a:
                    cc:ae:f9:e0:da:52:98:e6:b8:49:af:77:fe:6b:45:
                    2d:09:b2:f3:49:85:6f:d0:ab:1d:7e:f7:8a:2a:a0:
                    3d:a1:10:ba:da:c6:48:d8:cf:75:e4:6d:17:1a:66:
                    98:de:da:21:e6:fb:c6:94:38:2f:d0:96:ca:86:26:
                    6c:86:11:e7:c0:48:2b:8d:f9:87:4e:76:ba:30:ee:
                    31:74:96:e6:48:82:73:1a:97:a7:f7:21:bf:29:cb:
                    85:9f:1d:35:21:80:ef:0c:8d:54:e0:f6:58:e0:2d:
                    c3:9a:f3:67:4b:b3:9d:88:1a:36:94:ef:24:c6:f7:
                    f8:5d:21:24:ae:cb:50:db:ff:4c:4d:7a:0d:5a:c1:
                    42:cf:d5:05:75:28:e0:94:a5:2a:19:75:ef:f8:cd:
                    5a:bc:27:3b:d1:c8:0d:b9:bd:cd:8e:c6:7b:6a:d9:
                    a4:82:05:f4:24:8a:08:66:9b:c2:5b:ab:03:6d:af:
                    0e:53:dc:97:51:3a:51:98:69:59:67:e1:b2:2b:f8:
                    f1:39:dd:60:a4:10:1c:4e:1a:04:0e:07:63:29:8a:
                    3c:2f:b1:c5:2d:41:04:87:89:b7:6e:23:a9:f8:f6:
                    5d:dc:2f:e3:69:25:bc:da:1a:c2:82:94:c3:46:f5:
                    27:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:11:06:02:F8:5E:D9:58:08:E9:AE:78:12:DB:C1:FD:E3:1C:4B:41
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GREGAvhe2VgI6a54EtvB_eMcS0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.23.0/24
                  45.91.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:98:6f:d6:06:85:c5:c0:0d:43:5a:5b:10:fe:ff:68:19:39:
         61:32:3e:bf:d3:c7:5d:7f:a1:78:e0:dd:5b:9a:d1:c9:4c:a5:
         c8:6c:f5:55:64:f6:aa:7c:b3:43:55:0b:5d:ef:3e:5c:fb:bd:
         93:98:72:eb:b2:21:e5:bc:ca:e2:27:5d:30:2e:d3:33:a9:48:
         7c:2b:21:bc:37:2b:53:a7:3d:81:ba:8d:f6:fb:fa:0c:65:9f:
         5b:cd:bf:9d:2f:10:6d:d0:0c:5e:4e:d2:23:18:04:3d:b9:dd:
         11:9b:81:bf:67:28:d0:87:66:e9:19:8b:74:e8:fe:60:8a:1e:
         51:bb:60:34:66:68:ba:cc:8d:a2:33:a4:6a:5a:e3:b1:bf:b8:
         9b:a5:5c:84:e9:b5:2a:57:bd:6c:56:f6:fd:14:43:bd:a7:a4:
         35:2a:98:a5:2a:f0:2e:a1:88:d6:a8:8f:44:ab:ff:e0:38:0a:
         ed:05:ae:ad:6e:73:e7:4d:b0:b9:32:37:7e:64:a1:a0:f3:8e:
         ab:3f:58:0a:b7:2a:c8:64:5a:73:dd:8a:18:bb:31:c7:30:c4:
         6f:d9:44:7b:37:df:de:2c:0d:52:38:5b:49:15:45:90:1e:3d:
         f0:60:5d:44:83:7b:b2:5b:f6:34:de:0b:8e:cf:72:bf:cd:7b:
         09:7f:b6:fa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnSJBvJVnXSlOeB/cGXUG/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwMTAyMTM1MDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTExMDYwMmY4NWVkOTU4MDhlOWFlNzgxMmRiYzFmZGUzMWM0YjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPslKz/3FuUWc4WrbwrMrvng2lKY
5rhJr3f+a0UtCbLzSYVv0KsdfveKKqA9oRC62sZI2M915G0XGmaY3toh5vvGlDgv
0JbKhiZshhHnwEgrjfmHTna6MO4xdJbmSIJzGpen9yG/KcuFnx01IYDvDI1U4PZY
4C3DmvNnS7OdiBo2lO8kxvf4XSEkrstQ2/9MTXoNWsFCz9UFdSjglKUqGXXv+M1a
vCc70cgNub3NjsZ7atmkggX0JIoIZpvCW6sDba8OU9yXUTpRmGlZZ+GyK/jxOd1g
pBAcThoEDgdjKYo8L7HFLUEEh4m3biOp+PZd3C/jaSW82hrCgpTDRvUnhwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBkRBgL4XtlYCOmueBLbwf3jHEtBMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvR1JFR0F2aGUyVmdJNmE1NEV0dkJfZU1jUzBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQoXAwQA
LVv4MA0GCSqGSIb3DQEBCwUAA4IBAQCGmG/WBoXFwA1DWlsQ/v9oGTlhMj6/08dd
f6F44N1bmtHJTKXIbPVVZPaqfLNDVQtd7z5c+72TmHLrsiHlvMriJ10wLtMzqUh8
KyG8NytTpz2Buo32+/oMZZ9bzb+dLxBt0AxeTtIjGAQ9ud0Rm4G/ZyjQh2bpGYt0
6P5gih5Ru2A0Zmi6zI2iM6RqWuOxv7ibpVyE6bUqV71sVvb9FEO9p6Q1KpilKvAu
oYjWqI9Eq//gOArtBa6tbnPnTbC5Mjd+ZKGg846rP1gKtyrIZFpz3YoYuzHHMMRv
2UR7N9/eLA1SOFtJFUWQHj3wYF1Eg3uyW/Y03guOz3K/zXsJf7b6
-----END CERTIFICATE-----