Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/ggj52OiZ-Al4QIiDTqv_qCfNJrU.roa
File:                     ggj52OiZ-Al4QIiDTqv_qCfNJrU.roa (raw, json)
Hash identifier:          5ohJGr3R0m3t2sABXRubgAiUj9wNkJOHr+ylPCfJvqA=
Subject key identifier:   82:08:F9:D8:E8:99:F8:09:78:40:88:83:4E:AB:FF:A8:27:CD:26:B5
Certificate issuer:       /CN=99fee7cbd8e78d1f14a453a04b916f7c1581d204
Certificate serial:       018E952357497DAC072385E5907B1401D373
Authority key identifier: 99:FE:E7:CB:D8:E7:8D:1F:14:A4:53:A0:4B:91:6F:7C:15:81:D2:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/ggj52OiZ-Al4QIiDTqv_qCfNJrU.roa
Signing time:             Sun 31 Mar 2024 15:31:44 +0000
ROA not before:           Sun 31 Mar 2024 15:31:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50124
IP address blocks:        45.95.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:01:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:95:23:57:49:7d:ac:07:23:85:e5:90:7b:14:01:d3:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99fee7cbd8e78d1f14a453a04b916f7c1581d204
        Validity
            Not Before: Mar 31 15:31:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8208f9d8e899f809784088834eabffa827cd26b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:63:eb:7d:2c:43:ee:14:96:ac:91:59:c7:bc:
                    9c:3e:18:18:d5:b1:4b:76:4e:aa:3a:c4:72:c4:7c:
                    0d:b9:cd:eb:24:b1:39:73:c7:f4:89:72:29:c0:31:
                    26:6f:11:49:41:0c:aa:2f:4a:43:d5:3d:ca:8c:80:
                    39:0f:c1:36:71:0d:41:5c:68:53:48:d0:be:96:0b:
                    42:53:65:19:13:b8:7c:87:b0:61:f1:81:56:90:52:
                    0d:e4:fb:05:97:fa:0b:73:f8:69:89:33:fa:21:33:
                    9c:60:17:50:d1:3d:b8:3a:57:19:be:f3:4b:82:de:
                    e0:33:81:85:3b:9c:bb:35:20:7e:3a:7e:bc:79:44:
                    30:6f:62:7e:50:df:a9:3b:8e:16:43:c8:e6:a3:83:
                    5c:b8:ea:12:52:b2:07:43:94:86:63:7a:a3:e1:a5:
                    d3:52:43:65:fe:e2:6a:8d:d5:45:c8:b8:84:3e:3e:
                    2e:db:60:12:0c:fb:ea:f0:53:f6:4e:8e:e2:b4:02:
                    94:fb:5d:5e:36:b4:f4:36:6a:2d:67:0d:fa:9c:ac:
                    7a:3f:91:f2:37:d0:49:57:cd:16:b8:78:69:c5:86:
                    cc:6e:23:16:e0:43:bc:05:b8:a2:7a:85:70:ea:73:
                    54:51:4f:52:84:23:73:2b:5b:be:12:d2:ee:a0:0a:
                    cd:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:08:F9:D8:E8:99:F8:09:78:40:88:83:4E:AB:FF:A8:27:CD:26:B5
            X509v3 Authority Key Identifier:
                keyid:99:FE:E7:CB:D8:E7:8D:1F:14:A4:53:A0:4B:91:6F:7C:15:81:D2:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/ggj52OiZ-Al4QIiDTqv_qCfNJrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:18:f9:3c:93:c8:a2:96:6c:4d:98:7f:5e:10:80:58:0d:92:
         d5:32:ce:93:bc:1c:d8:ed:43:af:01:45:84:55:92:75:4f:09:
         88:bc:c7:39:eb:65:54:82:58:a2:e7:f5:93:ae:da:64:58:f0:
         69:0a:96:93:ab:38:b8:f5:c1:f0:d8:0a:b6:77:cb:7f:30:0c:
         b5:37:f8:12:12:40:e5:36:d6:ec:71:cc:17:26:37:69:11:bb:
         9a:c1:7e:0a:04:8d:d3:4d:46:ae:f6:dd:2b:a8:73:18:17:7d:
         c1:66:1a:17:a1:04:2c:23:8b:56:12:1d:52:ae:43:31:d2:bb:
         6c:3c:7e:19:44:b9:52:a9:9a:e6:a9:66:dc:b4:ac:6a:4f:7a:
         14:38:97:a8:e2:9e:56:f2:3a:30:d7:28:c1:80:d0:0b:05:42:
         12:2c:c4:a0:a6:93:59:1a:d3:90:c6:7e:b5:bf:68:e0:70:17:
         39:40:a1:c3:29:4f:9e:82:a9:fc:ef:07:62:c2:57:d6:b0:75:
         2e:5d:ec:3a:fe:97:bc:59:17:0c:ed:c6:55:53:1e:2c:bd:65:
         dd:31:ed:77:b7:50:43:12:97:60:06:87:f1:9a:6a:52:6a:43:
         b0:8a:50:cd:c3:4a:5d:d8:40:73:e7:27:ed:12:4f:4f:91:42:
         85:b8:89:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6VI1dJfawHI4XlkHsUAdNzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZmVlN2NiZDhlNzhkMWYxNGE0NTNhMDRiOTE2ZjdjMTU4
MWQyMDQwHhcNMjQwMzMxMTUzMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjA4ZjlkOGU4OTlmODA5Nzg0MDg4ODM0ZWFiZmZhODI3Y2QyNmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmPrfSxD7hSWrJFZx7ycPhgY1bFL
dk6qOsRyxHwNuc3rJLE5c8f0iXIpwDEmbxFJQQyqL0pD1T3KjIA5D8E2cQ1BXGhT
SNC+lgtCU2UZE7h8h7Bh8YFWkFIN5PsFl/oLc/hpiTP6ITOcYBdQ0T24OlcZvvNL
gt7gM4GFO5y7NSB+On68eUQwb2J+UN+pO44WQ8jmo4NcuOoSUrIHQ5SGY3qj4aXT
UkNl/uJqjdVFyLiEPj4u22ASDPvq8FP2To7itAKU+11eNrT0NmotZw36nKx6P5Hy
N9BJV80WuHhpxYbMbiMW4EO8BbiieoVw6nNUUU9ShCNzK1u+EtLuoArNpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIII+djomfgJeECIg06r/6gnzSa1MB8GA1UdIwQY
MBaAFJn+58vY540fFKRToEuRb3wVgdIEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWY3bnk5am5qUjhVcEZPZ1M1RnZmQldCMGdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8wZGQ0Y2ItMWY3Mi00MGVkLWE2NTct
MWMyMmVmZjcyODE4LzEvZ2dqNTJPaVotQWw0UUlpRFRxdl9xQ2ZOSnJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8wZGQ0Y2ItMWY3Mi00MGVkLWE2NTctMWMyMmVmZjcyODE4
LzEvbWY3bnk5am5qUjhVcEZPZ1M1RnZmQldCMGdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV9xMA0G
CSqGSIb3DQEBCwUAA4IBAQAkGPk8k8iilmxNmH9eEIBYDZLVMs6TvBzY7UOvAUWE
VZJ1TwmIvMc562VUglii5/WTrtpkWPBpCpaTqzi49cHw2Aq2d8t/MAy1N/gSEkDl
NtbsccwXJjdpEbuawX4KBI3TTUau9t0rqHMYF33BZhoXoQQsI4tWEh1SrkMx0rts
PH4ZRLlSqZrmqWbctKxqT3oUOJeo4p5W8jow1yjBgNALBUISLMSgppNZGtOQxn61
v2jgcBc5QKHDKU+egqn87wdiwlfWsHUuXew6/pe8WRcM7cZVUx4svWXdMe13t1BD
EpdgBofxmmpSakOwilDNw0pd2EBz5yftEk9PkUKFuImG
-----END CERTIFICATE-----