Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ca8125-5477-4222-b055-bbeb4550d9e6/1/GeKBRab06m2Sa_WEDlm2vrbqt80.roa
File:                     GeKBRab06m2Sa_WEDlm2vrbqt80.roa (raw, json)
Hash identifier:          rshNYrEYAk6Ccd9rs6FmkxFoBRIeaz8vJy7lI8MW13k=
Subject key identifier:   19:E2:81:45:A6:F4:EA:6D:92:6B:F5:84:0E:59:B6:BE:B6:EA:B7:CD
Certificate issuer:       /CN=5cbb6f7d11debf9e4ba8b1f69c383b8fc3c4ae12
Certificate serial:       0194228D88C23555D4F0914E3F6EF29C9221
Authority key identifier: 5C:BB:6F:7D:11:DE:BF:9E:4B:A8:B1:F6:9C:38:3B:8F:C3:C4:AE:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XLtvfRHev55LqLH2nDg7j8PErhI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ca8125-5477-4222-b055-bbeb4550d9e6/1/GeKBRab06m2Sa_WEDlm2vrbqt80.roa
Signing time:             Wed 01 Jan 2025 15:48:08 +0000
ROA not before:           Wed 01 Jan 2025 15:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13045
IP address blocks:        195.8.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/ca8125-5477-4222-b055-bbeb4550d9e6/1/XLtvfRHev55LqLH2nDg7j8PErhI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/ca8125-5477-4222-b055-bbeb4550d9e6/1/XLtvfRHev55LqLH2nDg7j8PErhI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XLtvfRHev55LqLH2nDg7j8PErhI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:88:c2:35:55:d4:f0:91:4e:3f:6e:f2:9c:92:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5cbb6f7d11debf9e4ba8b1f69c383b8fc3c4ae12
        Validity
            Not Before: Jan  1 15:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19e28145a6f4ea6d926bf5840e59b6beb6eab7cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:e4:4f:42:22:71:be:2d:d9:f4:bc:8b:08:d6:
                    df:57:e9:70:96:79:ec:30:ad:3f:c4:86:b5:08:d9:
                    34:b4:5a:a6:d4:59:46:ef:2d:80:bc:b7:89:f6:6a:
                    40:94:c9:a0:23:65:21:8d:dd:74:2d:19:49:90:d3:
                    a8:1f:7a:5c:06:07:eb:7b:04:fa:47:9d:1c:05:87:
                    64:29:b2:a0:0f:af:72:36:22:7f:e5:27:41:ac:3f:
                    c8:3a:89:5e:73:e9:4a:ae:2a:d5:cc:af:df:63:20:
                    96:50:b7:5c:1f:35:0c:0a:56:a9:bd:58:f8:6c:d3:
                    59:7d:d3:ad:40:a7:d7:7e:3d:5e:4e:da:3d:78:fe:
                    5b:23:0d:a8:df:5c:2c:08:8f:28:cf:f1:43:55:5b:
                    cd:c5:00:7c:69:54:9c:3e:2a:0a:d9:8a:59:3d:e7:
                    0c:74:bf:27:9b:62:89:21:ac:ef:af:25:e5:56:3a:
                    51:5a:51:8a:bc:a5:f5:47:97:d7:45:80:46:d7:b9:
                    d7:90:85:71:d5:ab:1b:7c:a2:96:8c:67:35:83:06:
                    e7:ed:da:9d:ce:09:57:37:b2:9a:dd:ad:dd:fc:f3:
                    3f:95:0d:cc:06:3a:a8:c4:1d:dc:3b:e7:f6:38:3e:
                    8c:82:ff:ee:14:8d:c8:b8:40:90:eb:96:9b:50:0a:
                    8c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:E2:81:45:A6:F4:EA:6D:92:6B:F5:84:0E:59:B6:BE:B6:EA:B7:CD
            X509v3 Authority Key Identifier:
                keyid:5C:BB:6F:7D:11:DE:BF:9E:4B:A8:B1:F6:9C:38:3B:8F:C3:C4:AE:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XLtvfRHev55LqLH2nDg7j8PErhI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ca8125-5477-4222-b055-bbeb4550d9e6/1/GeKBRab06m2Sa_WEDlm2vrbqt80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ca8125-5477-4222-b055-bbeb4550d9e6/1/XLtvfRHev55LqLH2nDg7j8PErhI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:8d:f9:20:96:ff:13:3a:00:81:e8:bf:bc:09:5f:a1:b7:bd:
         3f:30:c1:1b:af:48:72:c9:fa:32:5c:0b:93:01:a3:ea:3f:8c:
         6f:27:07:b7:91:66:64:1e:bc:90:56:d2:16:f2:bc:da:52:3c:
         73:2a:d2:d6:f4:d6:f8:1b:d8:d8:4e:1b:96:3e:1a:1c:e3:b0:
         97:43:08:9b:d3:88:d4:82:f2:f7:2c:21:bf:0f:fe:73:22:34:
         d9:63:c8:a8:11:d3:aa:d2:22:54:12:7b:f0:55:20:f4:a2:fd:
         c0:38:56:be:57:8b:5c:99:65:f9:e7:57:ed:d9:b4:81:88:bf:
         02:e9:2f:72:85:4f:ce:05:cc:9f:ab:24:9f:e4:d8:77:d2:14:
         3d:92:7e:15:2d:f5:6f:00:3d:2b:d9:d3:53:d2:ea:e5:41:e0:
         76:85:d1:ea:b3:74:61:bb:ee:06:de:eb:e5:50:eb:0e:0c:e2:
         74:33:bf:66:8e:e2:14:f5:07:fa:6e:af:eb:b4:03:bd:b0:c8:
         7f:7a:4e:2f:ba:80:e3:37:16:d2:02:d9:92:9e:88:90:56:9b:
         ed:a2:03:fa:8f:10:15:cd:09:2e:24:a7:6a:11:40:d2:4b:08:
         c9:11:d9:45:02:2d:61:c9:3c:a1:89:dc:49:db:e1:d6:57:f9:
         a2:a3:2b:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijYjCNVXU8JFOP27ynJIhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjYmI2ZjdkMTFkZWJmOWU0YmE4YjFmNjljMzgzYjhmYzNj
NGFlMTIwHhcNMjUwMTAxMTU0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWUyODE0NWE2ZjRlYTZkOTI2YmY1ODQwZTU5YjZiZWI2ZWFiN2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ORPQiJxvi3Z9LyLCNbfV+lwlnns
MK0/xIa1CNk0tFqm1FlG7y2AvLeJ9mpAlMmgI2Uhjd10LRlJkNOoH3pcBgfrewT6
R50cBYdkKbKgD69yNiJ/5SdBrD/IOolec+lKrirVzK/fYyCWULdcHzUMClapvVj4
bNNZfdOtQKfXfj1eTto9eP5bIw2o31wsCI8oz/FDVVvNxQB8aVScPioK2YpZPecM
dL8nm2KJIazvryXlVjpRWlGKvKX1R5fXRYBG17nXkIVx1asbfKKWjGc1gwbn7dqd
zglXN7Ka3a3d/PM/lQ3MBjqoxB3cO+f2OD6Mgv/uFI3IuECQ65abUAqMNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBnigUWm9Optkmv1hA5Ztr626rfNMB8GA1UdIwQY
MBaAFFy7b30R3r+eS6ix9pw4O4/DxK4SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEx0dmZSSGV2NTVMcUxIMm5EZzdqOFBFcmhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9jYTgxMjUtNTQ3Ny00MjIyLWIwNTUt
YmJlYjQ1NTBkOWU2LzEvR2VLQlJhYjA2bTJTYV9XRURsbTJ2cmJxdDgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9jYTgxMjUtNTQ3Ny00MjIyLWIwNTUtYmJlYjQ1NTBkOWU2
LzEvWEx0dmZSSGV2NTVMcUxIMm5EZzdqOFBFcmhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwhoMA0G
CSqGSIb3DQEBCwUAA4IBAQBAjfkglv8TOgCB6L+8CV+ht70/MMEbr0hyyfoyXAuT
AaPqP4xvJwe3kWZkHryQVtIW8rzaUjxzKtLW9Nb4G9jYThuWPhoc47CXQwib04jU
gvL3LCG/D/5zIjTZY8ioEdOq0iJUEnvwVSD0ov3AOFa+V4tcmWX551ft2bSBiL8C
6S9yhU/OBcyfqySf5Nh30hQ9kn4VLfVvAD0r2dNT0urlQeB2hdHqs3Rhu+4G3uvl
UOsODOJ0M79mjuIU9Qf6bq/rtAO9sMh/ek4vuoDjNxbSAtmSnoiQVpvtogP6jxAV
zQkuJKdqEUDSSwjJEdlFAi1hyTyhidxJ2+HWV/mioytl
-----END CERTIFICATE-----