Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/GRNi9FaG_cegQglT0i8FIDNWU2U.roa
File:                     GRNi9FaG_cegQglT0i8FIDNWU2U.roa (raw, json)
Hash identifier:          bCWNDCmq66YbcJ+QlNZxut5x3FKlyihHpYRCb3I31oo=
Subject key identifier:   19:13:62:F4:56:86:FD:C7:A0:42:09:53:D2:2F:05:20:33:56:53:65
Certificate issuer:       /CN=0e64f81b9e36b849917787678d014db4bfcef311
Certificate serial:       01941F8C424DE8A1DB090DE7AD049CBF5414
Authority key identifier: 0E:64:F8:1B:9E:36:B8:49:91:77:87:67:8D:01:4D:B4:BF:CE:F3:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/GRNi9FaG_cegQglT0i8FIDNWU2U.roa
Signing time:             Wed 01 Jan 2025 01:47:53 +0000
ROA not before:           Wed 01 Jan 2025 01:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4785
IP address blocks:        2a12:a300::/29 maxlen: 128
                          2a14:1f80::/29 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:42:4d:e8:a1:db:09:0d:e7:ad:04:9c:bf:54:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e64f81b9e36b849917787678d014db4bfcef311
        Validity
            Not Before: Jan  1 01:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=191362f45686fdc7a0420953d22f052033565365
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b6:8b:ee:01:12:52:52:a9:57:86:3a:e8:46:
                    47:44:51:98:26:48:5b:1b:64:68:0c:ac:51:87:72:
                    e4:31:36:a6:fb:5f:92:30:34:06:86:35:1e:18:77:
                    8d:f4:4a:45:6f:72:48:46:a9:db:0a:0a:14:3d:5e:
                    72:ee:2a:ea:0a:a2:e1:7d:5c:6a:6f:a1:51:bd:9b:
                    10:fa:18:04:8f:ec:bd:c0:c0:4c:3c:80:61:98:06:
                    80:09:cd:0b:d2:ac:ea:35:90:92:65:45:9d:e6:e3:
                    5b:02:55:e9:77:7d:ba:8c:1a:70:4b:79:2f:82:0d:
                    81:96:a8:ee:92:b8:e9:5e:0f:80:22:14:95:b7:df:
                    6f:e4:91:09:2d:c7:3e:fc:9d:c1:70:68:96:e8:4b:
                    de:da:ab:ed:f1:d9:2d:7b:0c:d9:3c:4c:32:94:c5:
                    61:5e:f6:72:bd:05:09:a5:82:c1:4b:1f:53:53:b8:
                    92:4c:3f:3c:c7:19:3a:66:0a:e9:dd:f1:ea:bb:2a:
                    85:c6:36:1f:cb:4b:db:cc:76:f1:af:0e:5e:28:5f:
                    60:52:7a:18:2d:90:de:f1:94:dc:9a:e6:ef:db:5d:
                    ff:c3:1d:96:a8:af:e4:30:77:3a:a1:28:c8:0b:1c:
                    c1:2a:e8:06:b4:04:38:85:a3:7e:3e:d6:99:88:9a:
                    da:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:13:62:F4:56:86:FD:C7:A0:42:09:53:D2:2F:05:20:33:56:53:65
            X509v3 Authority Key Identifier:
                keyid:0E:64:F8:1B:9E:36:B8:49:91:77:87:67:8D:01:4D:B4:BF:CE:F3:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DmT4G542uEmRd4dnjQFNtL_O8xE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/GRNi9FaG_cegQglT0i8FIDNWU2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/594d25-f1c6-4044-a8a7-c8f182e95ea5/1/DmT4G542uEmRd4dnjQFNtL_O8xE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:a300::/29
                  2a14:1f80::/29

    Signature Algorithm: sha256WithRSAEncryption
         50:eb:92:18:b5:1f:85:49:9b:ce:bc:3b:72:32:7e:b6:3c:d2:
         61:a0:28:1e:ab:eb:0a:4e:bf:22:de:8f:c3:c4:20:86:9c:cc:
         bb:02:da:79:9a:1d:ce:97:cc:f8:7f:38:23:9a:8f:14:5a:3b:
         e1:56:85:8f:33:09:1a:fa:1f:02:e8:1f:0f:3c:a5:e7:48:fa:
         5b:42:d1:89:42:a2:b0:9e:70:e6:ed:0f:a9:c4:ac:ad:b7:eb:
         f5:12:25:5d:66:d3:b1:f4:24:cd:83:7c:85:c7:ce:d9:40:8b:
         07:53:ee:b0:47:b7:94:26:3b:92:54:e2:24:e3:ce:a1:12:c7:
         b4:74:7e:7e:85:88:1c:d6:31:03:26:2a:fe:ed:ed:f2:22:b9:
         63:da:de:d7:25:c7:20:08:2c:3f:52:12:5a:0b:32:46:e1:77:
         f9:2b:8b:aa:9f:72:58:ec:46:43:1c:59:1d:aa:b7:e1:41:a0:
         dc:de:4d:6b:4b:1c:05:46:73:6f:e4:bf:6e:27:8e:19:1c:0a:
         b2:87:4c:39:29:b5:4d:4c:b4:14:2a:9d:31:8a:d2:0b:e2:12:
         40:c9:4f:3d:84:e9:91:6a:6e:08:91:29:ca:e1:98:eb:5d:67:
         9b:bd:99:61:a5:f4:c8:c9:c0:2d:75:f8:43:57:7f:ff:42:d0:
         55:8d:b2:a8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQfjEJN6KHbCQ3nrQScv1QUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNjRmODFiOWUzNmI4NDk5MTc3ODc2NzhkMDE0ZGI0YmZj
ZWYzMTEwHhcNMjUwMTAxMDE0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTEzNjJmNDU2ODZmZGM3YTA0MjA5NTNkMjJmMDUyMDMzNTY1MzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbaL7gESUlKpV4Y66EZHRFGYJkhb
G2RoDKxRh3LkMTam+1+SMDQGhjUeGHeN9EpFb3JIRqnbCgoUPV5y7irqCqLhfVxq
b6FRvZsQ+hgEj+y9wMBMPIBhmAaACc0L0qzqNZCSZUWd5uNbAlXpd326jBpwS3kv
gg2BlqjukrjpXg+AIhSVt99v5JEJLcc+/J3BcGiW6Eve2qvt8dktewzZPEwylMVh
XvZyvQUJpYLBSx9TU7iSTD88xxk6Zgrp3fHquyqFxjYfy0vbzHbxrw5eKF9gUnoY
LZDe8ZTcmubv213/wx2WqK/kMHc6oSjICxzBKugGtAQ4haN+PtaZiJraOQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBkTYvRWhv3HoEIJU9IvBSAzVlNlMB8GA1UdIwQY
MBaAFA5k+BueNrhJkXeHZ40BTbS/zvMRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG1UNEc1NDJ1RW1SZDRkbmpRRk50TF9POHhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy81OTRkMjUtZjFjNi00MDQ0LWE4YTct
YzhmMTgyZTk1ZWE1LzEvR1JOaTlGYUdfY2VnUWdsVDBpOEZJRE5XVTJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy81OTRkMjUtZjFjNi00MDQ0LWE4YTctYzhmMTgyZTk1ZWE1
LzEvRG1UNEc1NDJ1RW1SZDRkbmpRRk50TF9POHhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhKjAAMF
AyoUH4AwDQYJKoZIhvcNAQELBQADggEBAFDrkhi1H4VJm868O3IyfrY80mGgKB6r
6wpOvyLej8PEIIaczLsC2nmaHc6XzPh/OCOajxRaO+FWhY8zCRr6HwLoHw88pedI
+ltC0YlCorCecObtD6nErK236/USJV1m07H0JM2DfIXHztlAiwdT7rBHt5QmO5JU
4iTjzqESx7R0fn6FiBzWMQMmKv7t7fIiuWPa3tclxyAILD9SEloLMkbhd/kri6qf
cljsRkMcWR2qt+FBoNzeTWtLHAVGc2/kv24njhkcCrKHTDkptU1MtBQqnTGK0gvi
EkDJTz2E6ZFqbgiRKcrhmOtdZ5u9mWGl9MjJwC11+ENXf/9C0FWNsqg=
-----END CERTIFICATE-----