Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/c39a8c-3bb0-449d-89c3-6fba6a1e0ee7/1/gTDuY8r1VNymJYjX19G7pBZoVz8.roa
File:                     gTDuY8r1VNymJYjX19G7pBZoVz8.roa (raw, json)
Hash identifier:          DFZawHbPH3fUqxF/xfDF3iDUtDCENnqE3cXs8GAuxpw=
Subject key identifier:   81:30:EE:63:CA:F5:54:DC:A6:25:88:D7:D7:D1:BB:A4:16:68:57:3F
Certificate issuer:       /CN=52e71b39d7c49430bbc77bb65952e4021a025316
Certificate serial:       0194282338DD6BFC2E1EDC00297555E5D4F8
Authority key identifier: 52:E7:1B:39:D7:C4:94:30:BB:C7:7B:B6:59:52:E4:02:1A:02:53:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UucbOdfElDC7x3u2WVLkAhoCUxY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/c39a8c-3bb0-449d-89c3-6fba6a1e0ee7/1/gTDuY8r1VNymJYjX19G7pBZoVz8.roa
Signing time:             Thu 02 Jan 2025 17:49:44 +0000
ROA not before:           Thu 02 Jan 2025 17:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39530
IP address blocks:        185.255.232.0/22 maxlen: 25
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/c39a8c-3bb0-449d-89c3-6fba6a1e0ee7/1/UucbOdfElDC7x3u2WVLkAhoCUxY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/c39a8c-3bb0-449d-89c3-6fba6a1e0ee7/1/UucbOdfElDC7x3u2WVLkAhoCUxY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UucbOdfElDC7x3u2WVLkAhoCUxY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:38:dd:6b:fc:2e:1e:dc:00:29:75:55:e5:d4:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52e71b39d7c49430bbc77bb65952e4021a025316
        Validity
            Not Before: Jan  2 17:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8130ee63caf554dca62588d7d7d1bba41668573f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:87:9c:3d:65:2a:48:4a:ca:5b:e3:af:12:ae:
                    28:e7:3d:65:b1:7c:5f:63:65:fb:71:36:de:a6:b6:
                    0e:57:7d:67:2e:d0:02:1e:75:9d:8d:17:2f:e6:53:
                    ef:eb:f6:68:db:a0:66:2c:20:e4:aa:db:f2:3b:66:
                    3b:e7:3a:41:f2:10:ac:7e:1b:92:e7:43:43:2b:12:
                    c4:e6:4a:4f:45:cf:c1:96:81:a6:ce:d0:6b:0b:42:
                    66:2a:aa:b2:16:59:4d:ce:0d:9c:c4:b6:10:dc:f4:
                    c7:fc:6e:06:fc:35:f2:f2:e7:a5:17:ac:1f:a2:52:
                    d0:e6:22:77:f9:8a:bf:24:29:af:20:c6:f3:6e:e2:
                    cd:74:82:5f:d5:cf:85:5e:3a:35:0e:f3:86:e9:87:
                    eb:6f:8c:c5:2d:cf:20:59:e3:26:01:19:2b:62:2f:
                    0f:61:85:62:d5:64:db:2a:34:23:1b:6e:58:f3:eb:
                    6e:28:72:b9:cb:3f:42:6d:2d:6b:bc:9a:ef:ca:5a:
                    b3:49:60:5f:32:8d:01:01:4b:3b:c0:11:f2:2b:a4:
                    c4:72:58:b3:36:3a:f4:56:0a:c6:e9:49:6f:3f:cd:
                    68:33:e5:48:ec:47:66:09:91:49:a0:b2:de:0e:e2:
                    07:9e:d5:a6:1b:c0:76:e3:bf:9f:29:69:25:76:d7:
                    1b:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:30:EE:63:CA:F5:54:DC:A6:25:88:D7:D7:D1:BB:A4:16:68:57:3F
            X509v3 Authority Key Identifier:
                keyid:52:E7:1B:39:D7:C4:94:30:BB:C7:7B:B6:59:52:E4:02:1A:02:53:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UucbOdfElDC7x3u2WVLkAhoCUxY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/c39a8c-3bb0-449d-89c3-6fba6a1e0ee7/1/gTDuY8r1VNymJYjX19G7pBZoVz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/c39a8c-3bb0-449d-89c3-6fba6a1e0ee7/1/UucbOdfElDC7x3u2WVLkAhoCUxY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:3c:e9:c6:df:e9:be:33:fd:cb:d3:39:69:d5:1e:f3:b2:75:
         76:5b:57:74:dd:80:e6:4e:3c:43:14:70:c8:fc:ce:f9:41:ad:
         e4:2a:36:f9:3d:83:c2:e6:ce:c9:12:b2:45:5b:6e:43:13:b5:
         6d:c3:66:99:f0:89:dd:97:b5:af:90:95:36:19:23:de:50:8e:
         9e:f7:88:53:bc:84:7f:e1:be:9a:db:b8:c3:86:dd:d8:ad:a2:
         06:2e:aa:a8:2f:46:eb:54:ab:f4:70:e0:2c:f4:43:dc:d6:e7:
         72:b1:c3:c5:0f:81:35:96:f0:c4:38:07:ce:f2:80:80:6d:d3:
         b2:1c:a8:d9:8a:46:9f:d8:30:51:46:f8:da:37:e7:c9:e9:f4:
         2c:31:b3:80:6f:6b:27:c5:6c:d2:19:20:fd:43:e6:c5:01:5d:
         3f:fc:e1:c0:a7:ce:84:4b:dd:be:c2:b4:4b:83:4c:15:7e:eb:
         56:a0:3e:d1:63:0f:9d:bb:9d:65:b6:93:48:9e:f8:9b:d5:12:
         f9:bf:e6:1c:ce:3c:f5:6a:17:92:7a:c2:92:d3:a2:37:f2:80:
         72:9b:64:91:ee:4d:91:04:85:ec:47:e3:ba:58:74:b8:2a:3e:
         ca:5b:f9:b4:b6:6f:3f:73:e7:c8:4b:05:a6:94:01:90:14:cd:
         2f:82:c9:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoIzjda/wuHtwAKXVV5dT4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZTcxYjM5ZDdjNDk0MzBiYmM3N2JiNjU5NTJlNDAyMWEw
MjUzMTYwHhcNMjUwMTAyMTc0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTMwZWU2M2NhZjU1NGRjYTYyNTg4ZDdkN2QxYmJhNDE2Njg1NzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIecPWUqSErKW+OvEq4o5z1lsXxf
Y2X7cTbeprYOV31nLtACHnWdjRcv5lPv6/Zo26BmLCDkqtvyO2Y75zpB8hCsfhuS
50NDKxLE5kpPRc/BloGmztBrC0JmKqqyFllNzg2cxLYQ3PTH/G4G/DXy8uelF6wf
olLQ5iJ3+Yq/JCmvIMbzbuLNdIJf1c+FXjo1DvOG6Yfrb4zFLc8gWeMmARkrYi8P
YYVi1WTbKjQjG25Y8+tuKHK5yz9CbS1rvJrvylqzSWBfMo0BAUs7wBHyK6TEcliz
Njr0VgrG6UlvP81oM+VI7EdmCZFJoLLeDuIHntWmG8B247+fKWkldtcbOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIEw7mPK9VTcpiWI19fRu6QWaFc/MB8GA1UdIwQY
MBaAFFLnGznXxJQwu8d7tllS5AIaAlMWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXVjYk9kZkVsREM3eDN1MldWTGtBaG9DVXhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9jMzlhOGMtM2JiMC00NDlkLTg5YzMt
NmZiYTZhMWUwZWU3LzEvZ1REdVk4cjFWTnltSllqWDE5RzdwQlpvVno4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9jMzlhOGMtM2JiMC00NDlkLTg5YzMtNmZiYTZhMWUwZWU3
LzEvVXVjYk9kZkVsREM3eDN1MldWTGtBaG9DVXhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuf/oMA0G
CSqGSIb3DQEBCwUAA4IBAQADPOnG3+m+M/3L0zlp1R7zsnV2W1d03YDmTjxDFHDI
/M75Qa3kKjb5PYPC5s7JErJFW25DE7Vtw2aZ8Indl7WvkJU2GSPeUI6e94hTvIR/
4b6a27jDht3YraIGLqqoL0brVKv0cOAs9EPc1udyscPFD4E1lvDEOAfO8oCAbdOy
HKjZikaf2DBRRvjaN+fJ6fQsMbOAb2snxWzSGSD9Q+bFAV0//OHAp86ES92+wrRL
g0wVfutWoD7RYw+du51ltpNInvib1RL5v+Yczjz1aheSesKS06I38oBym2SR7k2R
BIXsR+O6WHS4Kj7KW/m0tm8/c+fISwWmlAGQFM0vgsmr
-----END CERTIFICATE-----