Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/d1da6a-4919-499a-9a41-2bbb48efb0ed/1/gMIvq9YtCgOkL-7wopg1kqEgOOY.roa
File:                     gMIvq9YtCgOkL-7wopg1kqEgOOY.roa (raw, json)
Hash identifier:          CP7S68jNnZq7f3001jUkejgDjHIYNSAYCHyxzvgL+hw=
Subject key identifier:   80:C2:2F:AB:D6:2D:0A:03:A4:2F:EE:F0:A2:98:35:92:A1:20:38:E6
Certificate issuer:       /CN=79a295c80b54c2dbe77ba47de7daec6b986021b4
Certificate serial:       019585A5BCFB5A7C000E96E3D0791AFC02B4
Authority key identifier: 79:A2:95:C8:0B:54:C2:DB:E7:7B:A4:7D:E7:DA:EC:6B:98:60:21:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eaKVyAtUwtvne6R959rsa5hgIbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/d1da6a-4919-499a-9a41-2bbb48efb0ed/1/gMIvq9YtCgOkL-7wopg1kqEgOOY.roa
Signing time:             Tue 11 Mar 2025 14:39:46 +0000
ROA not before:           Tue 11 Mar 2025 14:39:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43858
IP address blocks:        91.234.236.0/24 maxlen: 24
                          185.103.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/d1da6a-4919-499a-9a41-2bbb48efb0ed/1/eaKVyAtUwtvne6R959rsa5hgIbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/d1da6a-4919-499a-9a41-2bbb48efb0ed/1/eaKVyAtUwtvne6R959rsa5hgIbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eaKVyAtUwtvne6R959rsa5hgIbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:85:a5:bc:fb:5a:7c:00:0e:96:e3:d0:79:1a:fc:02:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79a295c80b54c2dbe77ba47de7daec6b986021b4
        Validity
            Not Before: Mar 11 14:39:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80c22fabd62d0a03a42feef0a2983592a12038e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:46:23:77:85:80:be:3e:46:47:8a:6c:a5:f9:
                    1a:3a:58:fe:3e:76:9c:8b:b0:ee:28:04:a3:d6:24:
                    47:e4:f4:3d:1d:a2:da:84:a5:a4:4a:ca:67:ee:38:
                    99:88:02:ab:0d:71:95:6f:79:09:6f:44:93:86:2b:
                    dd:ab:ba:21:87:c5:ea:49:b9:d9:db:33:ce:45:0a:
                    fb:7e:60:10:b7:db:ba:0f:58:a4:c9:6f:07:26:c5:
                    6b:ed:60:96:83:59:f0:81:65:6a:f9:0b:64:c1:2c:
                    95:86:55:06:b6:b4:0c:69:45:48:2e:88:28:5a:71:
                    49:7f:2d:ea:62:9f:c2:1a:e8:2d:90:9a:a1:ed:b1:
                    00:71:6d:2f:46:b0:51:26:09:5e:e1:2c:08:25:0d:
                    b3:31:39:7a:75:ba:d9:ed:9b:da:f2:49:ea:00:ef:
                    51:bc:74:3f:07:d6:38:cf:86:f4:03:f9:d2:70:f0:
                    cb:b4:9b:83:d1:05:1b:14:6e:84:83:be:a6:ae:19:
                    b1:28:c5:c2:26:dd:5d:f4:cd:dd:ab:98:4b:90:c4:
                    fe:6b:c9:cb:88:99:50:ab:d8:0b:58:4a:2c:86:ad:
                    ea:d0:60:f3:fa:75:66:ad:d0:40:89:d6:e2:e9:59:
                    be:51:f9:df:24:30:5b:b6:79:62:5b:b0:9c:db:81:
                    b6:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:C2:2F:AB:D6:2D:0A:03:A4:2F:EE:F0:A2:98:35:92:A1:20:38:E6
            X509v3 Authority Key Identifier:
                keyid:79:A2:95:C8:0B:54:C2:DB:E7:7B:A4:7D:E7:DA:EC:6B:98:60:21:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eaKVyAtUwtvne6R959rsa5hgIbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d1da6a-4919-499a-9a41-2bbb48efb0ed/1/gMIvq9YtCgOkL-7wopg1kqEgOOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d1da6a-4919-499a-9a41-2bbb48efb0ed/1/eaKVyAtUwtvne6R959rsa5hgIbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.236.0/24
                  185.103.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:f4:75:5b:df:bb:bf:8a:0c:d7:fb:1c:f5:c4:4a:ab:32:5e:
         a0:40:2a:88:37:f3:d5:20:cf:b4:7b:8b:d8:66:47:64:73:96:
         ac:6c:9f:1b:97:07:c4:10:ff:4f:93:c5:06:ef:e9:f0:9a:b6:
         e1:11:ca:90:2f:d7:96:18:2e:9a:78:6d:87:ed:5f:88:f7:6c:
         c6:ea:30:81:d0:cd:2e:06:b7:e2:b4:0b:4a:3d:8c:db:19:3c:
         5b:ff:f2:2c:a9:d4:5e:7c:49:96:5a:21:de:be:45:62:77:9b:
         d2:71:02:87:06:72:19:0f:c4:bb:d8:93:4a:f1:9a:fa:46:ee:
         16:f6:b7:f6:57:f9:47:f2:b1:21:06:42:19:33:c9:ee:23:b9:
         17:10:69:71:3b:97:09:15:a4:4a:bc:56:fb:68:29:3c:ef:f5:
         51:a1:04:b9:b1:f3:00:98:87:3f:2e:a8:7c:0f:86:3c:f7:7f:
         8f:a0:5b:83:36:83:05:e2:e7:1f:c0:c8:2f:a2:ed:1c:83:0d:
         d2:3b:5b:4e:41:f3:23:80:c3:aa:d2:9f:f5:53:7b:31:ac:2b:
         71:0d:95:ff:d4:04:b0:4d:88:d8:dc:86:ce:74:af:61:dd:80:
         22:1f:a6:31:16:3a:89:c6:bb:d2:6d:8d:a5:92:0b:a1:84:f1:
         1c:7f:98:53
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZWFpbz7WnwADpbj0Hka/AK0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YTI5NWM4MGI1NGMyZGJlNzdiYTQ3ZGU3ZGFlYzZiOTg2
MDIxYjQwHhcNMjUwMzExMTQzOTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGMyMmZhYmQ2MmQwYTAzYTQyZmVlZjBhMjk4MzU5MmExMjAzOGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0Yjd4WAvj5GR4pspfkaOlj+Pnac
i7DuKASj1iRH5PQ9HaLahKWkSspn7jiZiAKrDXGVb3kJb0SThivdq7ohh8XqSbnZ
2zPORQr7fmAQt9u6D1ikyW8HJsVr7WCWg1nwgWVq+QtkwSyVhlUGtrQMaUVILogo
WnFJfy3qYp/CGugtkJqh7bEAcW0vRrBRJgle4SwIJQ2zMTl6dbrZ7Zva8knqAO9R
vHQ/B9Y4z4b0A/nScPDLtJuD0QUbFG6Eg76mrhmxKMXCJt1d9M3dq5hLkMT+a8nL
iJlQq9gLWEoshq3q0GDz+nVmrdBAidbi6Vm+UfnfJDBbtnliW7Cc24G28wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIDCL6vWLQoDpC/u8KKYNZKhIDjmMB8GA1UdIwQY
MBaAFHmilcgLVMLb53ukfefa7GuYYCG0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWFLVnlBdFV3dHZuZTZSOTU5cnNhNWhnSWJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kMWRhNmEtNDkxOS00OTlhLTlhNDEt
MmJiYjQ4ZWZiMGVkLzEvZ01JdnE5WXRDZ09rTC03d29wZzFrcUVnT09ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kMWRhNmEtNDkxOS00OTlhLTlhNDEtMmJiYjQ4ZWZiMGVk
LzEvZWFLVnlBdFV3dHZuZTZSOTU5cnNhNWhnSWJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+rsAwQA
uWd2MA0GCSqGSIb3DQEBCwUAA4IBAQAY9HVb37u/igzX+xz1xEqrMl6gQCqIN/PV
IM+0e4vYZkdkc5asbJ8blwfEEP9Pk8UG7+nwmrbhEcqQL9eWGC6aeG2H7V+I92zG
6jCB0M0uBrfitAtKPYzbGTxb//IsqdRefEmWWiHevkVid5vScQKHBnIZD8S72JNK
8Zr6Ru4W9rf2V/lH8rEhBkIZM8nuI7kXEGlxO5cJFaRKvFb7aCk87/VRoQS5sfMA
mIc/Lqh8D4Y893+PoFuDNoMF4ucfwMgvou0cgw3SO1tOQfMjgMOq0p/1U3sxrCtx
DZX/1ASwTYjY3IbOdK9h3YAiH6YxFjqJxrvSbY2lkguhhPEcf5hT
-----END CERTIFICATE-----