Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/a28330-8ba0-4b88-a7ac-8bbf8bfc6d8e/1/GuwUdDFQjBufx1Rw2XvyCI5KCLY.roa
File:                     GuwUdDFQjBufx1Rw2XvyCI5KCLY.roa (raw, json)
Hash identifier:          gUEwC/edl/xfPxryFYxMx6Htdh7hvRtXE9Fd/Bp9SoY=
Subject key identifier:   1A:EC:14:74:31:50:8C:1B:9F:C7:54:70:D9:7B:F2:08:8E:4A:08:B6
Certificate issuer:       /CN=5758cb11e842bcaf1323647f3befeee2fc6f0e2c
Certificate serial:       019421B21259CEAD162741DD753C7B1BE172
Authority key identifier: 57:58:CB:11:E8:42:BC:AF:13:23:64:7F:3B:EF:EE:E2:FC:6F:0E:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V1jLEehCvK8TI2R_O-_u4vxvDiw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/a28330-8ba0-4b88-a7ac-8bbf8bfc6d8e/1/GuwUdDFQjBufx1Rw2XvyCI5KCLY.roa
Signing time:             Wed 01 Jan 2025 11:48:25 +0000
ROA not before:           Wed 01 Jan 2025 11:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48129
IP address blocks:        81.30.117.0/24 maxlen: 24
                          81.30.124.0/24 maxlen: 24
                          81.30.125.0/24 maxlen: 24
                          81.30.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/a28330-8ba0-4b88-a7ac-8bbf8bfc6d8e/1/V1jLEehCvK8TI2R_O-_u4vxvDiw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/a28330-8ba0-4b88-a7ac-8bbf8bfc6d8e/1/V1jLEehCvK8TI2R_O-_u4vxvDiw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V1jLEehCvK8TI2R_O-_u4vxvDiw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:12:59:ce:ad:16:27:41:dd:75:3c:7b:1b:e1:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5758cb11e842bcaf1323647f3befeee2fc6f0e2c
        Validity
            Not Before: Jan  1 11:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1aec147431508c1b9fc75470d97bf2088e4a08b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:76:01:9a:01:94:8e:e6:90:63:1d:3e:3f:26:
                    60:5d:e7:e7:54:38:f6:1f:74:87:f0:1f:fd:df:58:
                    b8:fd:0a:bd:55:e6:cb:71:9b:79:ba:36:3c:ae:f9:
                    e8:b8:a6:2f:e0:d1:62:0a:17:0f:01:51:1b:aa:67:
                    05:91:28:5a:58:9f:72:34:3c:91:12:f9:ec:f2:d4:
                    9c:16:1f:05:bc:48:72:6f:10:d9:4b:a9:9d:24:86:
                    ff:62:d8:ca:22:8c:74:bf:c0:b8:dc:fc:22:ac:76:
                    9d:ca:f1:0e:f1:4f:d0:0e:02:3f:0a:ed:cc:09:51:
                    20:72:6a:8d:2c:bf:3e:b5:ca:b4:06:69:2b:42:bb:
                    70:98:30:6a:20:01:da:36:79:48:99:d0:18:be:c8:
                    66:f8:7f:77:d4:81:98:64:da:a7:fc:87:f2:b7:6d:
                    5b:58:51:23:71:93:30:72:bc:d7:05:41:fb:47:89:
                    59:51:30:c9:6e:94:2f:5d:46:64:ef:d6:cb:48:4c:
                    a6:9c:75:c2:06:90:ea:e1:4c:04:3a:c4:83:00:48:
                    54:26:e4:51:0b:59:5b:6a:cf:a6:17:ec:18:4b:58:
                    02:e0:f8:ed:bc:44:e8:b4:3c:af:41:22:e5:e1:a2:
                    1b:53:a1:e9:dc:44:7d:25:0a:41:76:ff:6b:79:a6:
                    11:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:EC:14:74:31:50:8C:1B:9F:C7:54:70:D9:7B:F2:08:8E:4A:08:B6
            X509v3 Authority Key Identifier:
                keyid:57:58:CB:11:E8:42:BC:AF:13:23:64:7F:3B:EF:EE:E2:FC:6F:0E:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V1jLEehCvK8TI2R_O-_u4vxvDiw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/a28330-8ba0-4b88-a7ac-8bbf8bfc6d8e/1/GuwUdDFQjBufx1Rw2XvyCI5KCLY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/a28330-8ba0-4b88-a7ac-8bbf8bfc6d8e/1/V1jLEehCvK8TI2R_O-_u4vxvDiw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.30.117.0/24
                  81.30.124.0-81.30.126.255

    Signature Algorithm: sha256WithRSAEncryption
         2e:a1:ef:9e:a4:c9:f9:ed:de:71:3b:8e:9b:85:b5:6d:88:64:
         77:54:80:10:8f:7b:5b:ee:f6:9c:7e:da:d7:66:56:99:1f:79:
         5b:5d:4c:3f:9b:b3:af:ce:e1:f3:2c:87:84:b6:e0:2a:35:38:
         e1:72:71:b8:3f:2e:8c:86:64:7d:d7:dd:80:6c:a7:c1:7e:e7:
         78:c5:a8:b9:2a:62:6b:30:90:49:2b:1c:8f:70:4b:05:6d:c5:
         99:be:ef:9e:13:f4:13:10:ec:90:14:80:ff:01:04:f2:09:7e:
         a3:f7:73:4e:17:75:b7:d7:2b:ac:a7:35:a1:3b:05:1b:c6:1d:
         77:17:10:32:c2:58:4f:22:ff:a3:cb:3c:a5:37:3c:5f:ec:0e:
         bb:a3:cf:82:c4:1c:52:5a:66:2a:cb:b9:93:fe:ff:68:7c:fd:
         3f:fc:8b:92:a0:ad:4d:fc:d4:f1:3b:38:16:2c:40:6e:5c:43:
         36:75:4e:a6:82:b6:86:e3:1d:0e:e6:4b:36:f9:cb:90:d4:e9:
         24:7d:a8:64:68:ff:86:7c:9c:63:76:42:ad:a6:b2:fb:db:0b:
         ab:c5:af:6b:3b:e0:d8:46:12:fa:f0:39:af:7f:16:e6:b2:4f:
         ea:8f:72:1d:0e:57:c2:78:51:21:04:1c:8d:ed:ef:36:ff:1a:
         e9:42:cb:c2
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQhshJZzq0WJ0HddTx7G+FyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NThjYjExZTg0MmJjYWYxMzIzNjQ3ZjNiZWZlZWUyZmM2
ZjBlMmMwHhcNMjUwMTAxMTE0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWVjMTQ3NDMxNTA4YzFiOWZjNzU0NzBkOTdiZjIwODhlNGEwOGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXYBmgGUjuaQYx0+PyZgXefnVDj2
H3SH8B/931i4/Qq9VebLcZt5ujY8rvnouKYv4NFiChcPAVEbqmcFkShaWJ9yNDyR
Evns8tScFh8FvEhybxDZS6mdJIb/YtjKIox0v8C43PwirHadyvEO8U/QDgI/Cu3M
CVEgcmqNLL8+tcq0BmkrQrtwmDBqIAHaNnlImdAYvshm+H931IGYZNqn/Ifyt21b
WFEjcZMwcrzXBUH7R4lZUTDJbpQvXUZk79bLSEymnHXCBpDq4UwEOsSDAEhUJuRR
C1lbas+mF+wYS1gC4PjtvETotDyvQSLl4aIbU6Hp3ER9JQpBdv9reaYRvwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFBrsFHQxUIwbn8dUcNl78giOSgi2MB8GA1UdIwQY
MBaAFFdYyxHoQryvEyNkfzvv7uL8bw4sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjFqTEVlaEN2SzhUSTJSX08tX3U0dnh2RGl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy9hMjgzMzAtOGJhMC00Yjg4LWE3YWMt
OGJiZjhiZmM2ZDhlLzEvR3V3VWRERlFqQnVmeDFSdzJYdnlDSTVLQ0xZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy9hMjgzMzAtOGJhMC00Yjg4LWE3YWMtOGJiZjhiZmM2ZDhl
LzEvVjFqTEVlaEN2SzhUSTJSX08tX3U0dnh2RGl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAUR51MAwD
BAJRHnwDBABRHn4wDQYJKoZIhvcNAQELBQADggEBAC6h756kyfnt3nE7jpuFtW2I
ZHdUgBCPe1vu9px+2tdmVpkfeVtdTD+bs6/O4fMsh4S24Co1OOFycbg/LoyGZH3X
3YBsp8F+53jFqLkqYmswkEkrHI9wSwVtxZm+754T9BMQ7JAUgP8BBPIJfqP3c04X
dbfXK6ynNaE7BRvGHXcXEDLCWE8i/6PLPKU3PF/sDrujz4LEHFJaZirLuZP+/2h8
/T/8i5KgrU381PE7OBYsQG5cQzZ1TqaCtobjHQ7mSzb5y5DU6SR9qGRo/4Z8nGN2
Qq2msvvbC6vFr2s74NhGEvrwOa9/FuayT+qPch0OV8J4USEEHI3t7zb/GulCy8I=
-----END CERTIFICATE-----