Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/G3gmpYNNP9JYrhaqiMsAU_EbEhU.roa
File:                     G3gmpYNNP9JYrhaqiMsAU_EbEhU.roa (raw, json)
Hash identifier:          JYCLWmpn2x1tQh9BdgAPsoxEsKAREWa0Chd9mMo9Jyk=
Subject key identifier:   1B:78:26:A5:83:4D:3F:D2:58:AE:16:AA:88:CB:00:53:F1:1B:12:15
Certificate issuer:       /CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Certificate serial:       019426D9FD3C301B45CCDE625C6898A070D9
Authority key identifier: 40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/G3gmpYNNP9JYrhaqiMsAU_EbEhU.roa
Signing time:             Thu 02 Jan 2025 11:50:07 +0000
ROA not before:           Thu 02 Jan 2025 11:50:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56514
IP address blocks:        109.95.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 12:10:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:fd:3c:30:1b:45:cc:de:62:5c:68:98:a0:70:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
        Validity
            Not Before: Jan  2 11:50:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b7826a5834d3fd258ae16aa88cb0053f11b1215
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:5e:09:11:f4:b2:6b:0f:00:00:06:dd:96:19:
                    82:87:41:54:a6:30:4a:b0:c6:be:1d:fe:c9:20:75:
                    8f:c4:74:c1:e3:5c:09:4a:9b:b1:1e:e9:14:5b:0b:
                    45:b0:cd:fd:7e:f8:59:5e:47:5c:80:fd:54:ff:46:
                    cf:2b:7b:66:d0:1e:8d:e3:4f:57:50:fc:32:a0:cf:
                    1e:aa:fa:8a:d2:32:59:70:38:cb:0a:e3:6b:7f:b3:
                    56:58:f4:b6:0c:5b:7e:17:35:0b:4d:31:59:48:12:
                    a1:1f:10:21:41:c9:2a:74:c7:99:b4:52:7d:6c:89:
                    3c:6a:c6:3a:f1:4a:9e:fc:ac:9c:90:6b:f9:4a:76:
                    ff:35:90:05:2f:33:2e:8e:23:85:c9:d8:c6:09:69:
                    51:ce:7c:75:e0:8e:d7:52:7d:ee:a9:85:ff:ac:d5:
                    c7:64:40:a6:65:3a:75:6f:9f:9a:66:4c:48:25:95:
                    ec:c0:8b:31:06:d7:1d:e9:7d:7a:a3:6b:ec:89:16:
                    8b:de:c3:e2:d9:71:f0:20:1a:50:44:77:48:e7:3f:
                    02:f0:de:33:16:84:13:83:80:4e:54:61:2a:17:57:
                    68:c1:63:36:0c:65:bb:a5:85:63:8b:04:6e:68:1c:
                    a3:71:6e:11:a7:1a:2e:40:47:59:02:10:3b:1d:d3:
                    e6:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:78:26:A5:83:4D:3F:D2:58:AE:16:AA:88:CB:00:53:F1:1B:12:15
            X509v3 Authority Key Identifier:
                keyid:40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/G3gmpYNNP9JYrhaqiMsAU_EbEhU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.95.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:82:db:c5:ce:60:73:fb:a6:76:59:76:1d:54:0a:58:dc:97:
         9d:f3:bc:5e:0c:70:b4:5c:e4:0b:88:d8:a2:f1:97:04:eb:a7:
         46:79:16:0f:45:f9:0a:c0:3b:75:a5:24:8c:ef:f8:ed:ce:54:
         29:39:1f:a9:56:ca:1b:e2:d3:19:51:e2:3f:18:e4:fc:dc:1b:
         18:a7:af:0d:b5:4f:bf:06:87:47:2a:77:7c:4b:ee:03:9d:5c:
         26:99:04:6d:43:89:91:ab:9d:90:9f:bb:d6:78:65:78:14:96:
         58:f0:35:83:30:d5:0e:9e:5d:37:d3:96:46:d2:40:83:d3:5c:
         ba:77:0b:83:34:c7:9a:ef:bb:39:9a:61:1a:26:73:23:d6:5d:
         3a:c7:a8:32:f1:01:7a:a5:a3:97:59:53:b9:16:fa:84:fb:c0:
         c0:d4:bd:57:c4:0e:da:64:9f:9f:3b:f5:3d:e1:01:b7:d4:08:
         b7:0e:b4:7b:df:87:54:98:f8:d3:53:66:7c:9f:a4:47:1d:cb:
         3a:be:89:10:a7:44:68:6d:58:df:f5:e7:6f:b7:45:c3:c7:89:
         52:9f:28:d3:d5:59:40:51:1e:61:34:8d:0e:b0:c8:c7:82:18:
         35:81:a7:47:33:c0:b2:3e:d4:8f:20:d5:95:c8:6b:71:a9:bd:
         73:3b:88:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2f08MBtFzN5iXGiYoHDZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwOGFmNDg1YjRmZDBmMDM3MTdjZDRhNzA5ZWYxMWM2MWQz
ZWY0NmUwHhcNMjUwMTAyMTE1MDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjc4MjZhNTgzNGQzZmQyNThhZTE2YWE4OGNiMDA1M2YxMWIxMjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtV4JEfSyaw8AAAbdlhmCh0FUpjBK
sMa+Hf7JIHWPxHTB41wJSpuxHukUWwtFsM39fvhZXkdcgP1U/0bPK3tm0B6N409X
UPwyoM8eqvqK0jJZcDjLCuNrf7NWWPS2DFt+FzULTTFZSBKhHxAhQckqdMeZtFJ9
bIk8asY68Uqe/KyckGv5Snb/NZAFLzMujiOFydjGCWlRznx14I7XUn3uqYX/rNXH
ZECmZTp1b5+aZkxIJZXswIsxBtcd6X16o2vsiRaL3sPi2XHwIBpQRHdI5z8C8N4z
FoQTg4BOVGEqF1dowWM2DGW7pYVjiwRuaByjcW4RpxouQEdZAhA7HdPmRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBt4JqWDTT/SWK4WqojLAFPxGxIVMB8GA1UdIwQY
MBaAFECK9IW0/Q8DcXzUpwnvEcYdPvRuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzkt
Yjk1YjA4YTIzYWUxLzEvRzNnbXBZTk5QOUpZcmhhcWlNc0FVX0ViRWhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzktYjk1YjA4YTIzYWUx
LzEvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbV8PMA0G
CSqGSIb3DQEBCwUAA4IBAQAdgtvFzmBz+6Z2WXYdVApY3Jed87xeDHC0XOQLiNii
8ZcE66dGeRYPRfkKwDt1pSSM7/jtzlQpOR+pVsob4tMZUeI/GOT83BsYp68NtU+/
BodHKnd8S+4DnVwmmQRtQ4mRq52Qn7vWeGV4FJZY8DWDMNUOnl0305ZG0kCD01y6
dwuDNMea77s5mmEaJnMj1l06x6gy8QF6paOXWVO5FvqE+8DA1L1XxA7aZJ+fO/U9
4QG31Ai3DrR734dUmPjTU2Z8n6RHHcs6vokQp0RobVjf9edvt0XDx4lSnyjT1VlA
UR5hNI0OsMjHghg1gadHM8CyPtSPINWVyGtxqb1zO4jY
-----END CERTIFICATE-----