Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Gtxpgixa8rI37a-Wlg51n7TvARA.roa
File:                     Gtxpgixa8rI37a-Wlg51n7TvARA.roa (raw, json)
Hash identifier:          5RwEkl6EbWJXt1kXyT5C7n8nnW3fQ052ZMIoQqc9bzo=
Subject key identifier:   1A:DC:69:82:2C:5A:F2:B2:37:ED:AF:96:96:0E:75:9F:B4:EF:01:10
Certificate issuer:       /CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
Certificate serial:       01906CEC3822FEB64A5CFAAA26672174973F
Authority key identifier: 12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Gtxpgixa8rI37a-Wlg51n7TvARA.roa
Signing time:             Mon 01 Jul 2024 06:12:18 +0000
ROA not before:           Mon 01 Jul 2024 06:12:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214638
IP address blocks:        89.36.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6c:ec:38:22:fe:b6:4a:5c:fa:aa:26:67:21:74:97:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
        Validity
            Not Before: Jul  1 06:12:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1adc69822c5af2b237edaf96960e759fb4ef0110
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:a4:ef:03:3c:76:6b:7b:99:b0:5f:53:06:ec:
                    a0:3e:f8:8b:e4:7d:93:7f:d4:7c:d6:86:42:09:20:
                    b8:9e:28:ff:ae:8e:ee:93:3f:21:56:b7:8e:8e:84:
                    72:06:96:cc:1c:66:fb:8e:af:26:3f:f2:7d:7e:0d:
                    30:16:bc:69:d4:17:8e:f6:9e:0f:eb:ce:19:5c:76:
                    61:65:cf:c2:76:3d:0e:01:36:f1:95:6e:e2:19:c8:
                    12:44:53:29:c7:bd:dc:8d:21:fe:07:84:ee:65:35:
                    4c:1c:62:b9:0d:d0:ca:b1:83:49:89:36:86:3c:da:
                    5c:29:23:49:28:76:cd:0b:c6:69:05:98:39:7d:02:
                    fa:67:40:75:f9:64:31:65:6f:ab:ba:8c:28:5e:3b:
                    7b:3d:70:36:40:99:c5:3e:a7:4a:59:28:9e:43:c5:
                    80:27:8a:1d:11:b5:64:5a:88:54:88:54:b9:3b:bd:
                    96:99:9e:0b:06:c6:21:fd:9c:aa:67:b8:38:56:19:
                    96:c9:14:aa:8e:b4:51:c9:7b:85:a4:2d:d7:74:90:
                    95:d2:88:22:30:4b:9a:90:c4:03:4e:a2:7d:84:00:
                    c2:21:ef:ff:c6:db:34:43:5a:a0:87:73:c7:6f:ab:
                    a7:fb:02:0a:5f:eb:ec:20:a4:45:d0:ea:04:b0:68:
                    2f:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:DC:69:82:2C:5A:F2:B2:37:ED:AF:96:96:0E:75:9F:B4:EF:01:10
            X509v3 Authority Key Identifier:
                keyid:12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Gtxpgixa8rI37a-Wlg51n7TvARA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.36.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:06:4e:04:af:af:22:6c:69:4c:38:82:71:1a:2e:cb:0e:4d:
         8c:db:25:c2:e5:6c:a5:99:8b:cf:ec:61:c8:eb:5a:f1:b0:3b:
         94:a5:10:a9:14:79:d5:5e:3b:ac:eb:de:2d:c8:32:aa:a9:a6:
         72:f6:25:a1:b4:4c:c4:e7:33:e8:dc:b3:2e:1c:90:98:15:ce:
         cc:e3:e9:fc:84:5b:cb:5e:a6:21:a7:81:95:d2:87:00:47:0b:
         29:64:59:86:9e:62:22:f4:03:01:b7:26:23:10:aa:a1:18:98:
         31:33:19:9f:38:fe:5c:72:30:e5:79:63:f5:e2:0a:e5:7b:82:
         5d:d3:18:21:ab:a9:97:dd:ab:d3:9a:25:2a:65:e1:71:1d:ee:
         08:82:f3:bd:ec:1b:b2:20:0a:d9:ad:dc:88:e6:72:4f:c2:a3:
         74:0b:a6:8b:d0:de:8e:42:72:13:9d:39:1e:a9:5c:37:f3:67:
         7c:2c:ce:df:15:d1:be:f2:5b:37:27:75:66:44:5e:3b:b6:59:
         95:73:2f:16:67:a0:36:cd:99:8b:2b:5d:f9:f4:2c:cf:ce:81:
         8d:4e:c2:d7:90:e7:a8:26:66:ed:c6:2f:b5:9e:dd:58:09:64:
         ac:09:cd:1a:3c:ef:ea:3a:64:a5:06:72:8a:97:b6:23:f4:3e:
         75:eb:4f:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBs7Dgi/rZKXPqqJmchdJc/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYmUyOWM5NTY4OTRjNDljNmQ0YmUwZWQ5ODg4MmI5MGQx
YmM3N2YwHhcNMjQwNzAxMDYxMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWRjNjk4MjJjNWFmMmIyMzdlZGFmOTY5NjBlNzU5ZmI0ZWYwMTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqTvAzx2a3uZsF9TBuygPviL5H2T
f9R81oZCCSC4nij/ro7ukz8hVreOjoRyBpbMHGb7jq8mP/J9fg0wFrxp1BeO9p4P
684ZXHZhZc/Cdj0OATbxlW7iGcgSRFMpx73cjSH+B4TuZTVMHGK5DdDKsYNJiTaG
PNpcKSNJKHbNC8ZpBZg5fQL6Z0B1+WQxZW+ruowoXjt7PXA2QJnFPqdKWSieQ8WA
J4odEbVkWohUiFS5O72WmZ4LBsYh/ZyqZ7g4VhmWyRSqjrRRyXuFpC3XdJCV0ogi
MEuakMQDTqJ9hADCIe//xts0Q1qgh3PHb6un+wIKX+vsIKRF0OoEsGgvTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBrcaYIsWvKyN+2vlpYOdZ+07wEQMB8GA1UdIwQY
MBaAFBK+KclWiUxJxtS+DtmIgrkNG8d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjIt
YWE2ZWQ0ZGFmYjNiLzEvR3R4cGdpeGE4ckkzN2EtV2xnNTFuN1R2QVJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjItYWE2ZWQ0ZGFmYjNi
LzEvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSQiMA0G
CSqGSIb3DQEBCwUAA4IBAQBkBk4Er68ibGlMOIJxGi7LDk2M2yXC5WylmYvP7GHI
61rxsDuUpRCpFHnVXjus694tyDKqqaZy9iWhtEzE5zPo3LMuHJCYFc7M4+n8hFvL
XqYhp4GV0ocARwspZFmGnmIi9AMBtyYjEKqhGJgxMxmfOP5ccjDleWP14grle4Jd
0xghq6mX3avTmiUqZeFxHe4IgvO97BuyIArZrdyI5nJPwqN0C6aL0N6OQnITnTke
qVw382d8LM7fFdG+8ls3J3VmRF47tlmVcy8WZ6A2zZmLK1359CzPzoGNTsLXkOeo
Jmbtxi+1nt1YCWSsCc0aPO/qOmSlBnKKl7Yj9D51609M
-----END CERTIFICATE-----