Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/7b296a-fd03-4afa-bcd2-cbf60700eb92/1/ggyXYBYJYDyjENMrTDEoM9cmQuY.roa
File:                     ggyXYBYJYDyjENMrTDEoM9cmQuY.roa (raw, json)
Hash identifier:          nvujf7S88P1Vb2Lev6oUVClTcezEWcGUqDcy1w7ylUY=
Subject key identifier:   82:0C:97:60:16:09:60:3C:A3:10:D3:2B:4C:31:28:33:D7:26:42:E6
Certificate issuer:       /CN=868256ae34e54526c5b25aac2b9d5f5fa87d061e
Certificate serial:       019424B3E269ECEC45B066D1DDB0569A7C76
Authority key identifier: 86:82:56:AE:34:E5:45:26:C5:B2:5A:AC:2B:9D:5F:5F:A8:7D:06:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hoJWrjTlRSbFslqsK51fX6h9Bh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/7b296a-fd03-4afa-bcd2-cbf60700eb92/1/ggyXYBYJYDyjENMrTDEoM9cmQuY.roa
Signing time:             Thu 02 Jan 2025 01:49:16 +0000
ROA not before:           Thu 02 Jan 2025 01:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39809
IP address blocks:        195.170.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/7b296a-fd03-4afa-bcd2-cbf60700eb92/1/hoJWrjTlRSbFslqsK51fX6h9Bh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/7b296a-fd03-4afa-bcd2-cbf60700eb92/1/hoJWrjTlRSbFslqsK51fX6h9Bh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hoJWrjTlRSbFslqsK51fX6h9Bh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:e2:69:ec:ec:45:b0:66:d1:dd:b0:56:9a:7c:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=868256ae34e54526c5b25aac2b9d5f5fa87d061e
        Validity
            Not Before: Jan  2 01:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=820c97601609603ca310d32b4c312833d72642e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:d0:66:23:03:85:5d:95:d4:ce:f1:40:78:bc:
                    b6:d8:84:c5:83:1a:b4:1a:da:b6:a0:98:f2:79:38:
                    80:e0:57:c6:b9:be:6b:d0:01:3b:c4:cf:c9:ea:2a:
                    ff:15:c1:02:1c:13:43:df:b4:79:85:2b:93:1b:76:
                    65:0b:38:96:38:ed:88:e9:22:00:4e:76:25:8a:16:
                    85:a9:b1:44:eb:5a:46:c6:d8:bd:0a:14:ce:9b:c0:
                    f1:91:f4:5b:14:a1:ab:02:11:88:19:5a:b0:87:10:
                    64:f1:38:63:f6:07:a8:da:de:44:9a:5c:58:dd:89:
                    d8:64:28:5f:10:ab:db:6f:4a:68:4c:33:7f:80:03:
                    48:be:c0:75:1d:5e:29:95:e1:bf:3d:74:a8:81:89:
                    65:8f:5b:2c:7e:80:7c:99:c6:9e:73:00:45:4e:c6:
                    d7:30:18:7a:a9:fd:bd:44:01:a7:2e:46:85:45:0b:
                    00:dd:bd:2d:8f:7b:53:ac:9e:01:e8:0a:31:2a:a8:
                    97:e5:e8:cd:49:48:06:11:bc:ff:8d:e1:f9:39:d9:
                    8b:fe:84:70:ec:07:97:ae:95:ca:3f:42:64:17:30:
                    c7:8e:44:2e:52:a1:f9:61:64:58:ad:d2:3f:98:76:
                    98:9f:a2:a4:d7:f2:11:0a:a5:75:b3:55:ef:63:00:
                    1b:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:0C:97:60:16:09:60:3C:A3:10:D3:2B:4C:31:28:33:D7:26:42:E6
            X509v3 Authority Key Identifier:
                keyid:86:82:56:AE:34:E5:45:26:C5:B2:5A:AC:2B:9D:5F:5F:A8:7D:06:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hoJWrjTlRSbFslqsK51fX6h9Bh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/7b296a-fd03-4afa-bcd2-cbf60700eb92/1/ggyXYBYJYDyjENMrTDEoM9cmQuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/7b296a-fd03-4afa-bcd2-cbf60700eb92/1/hoJWrjTlRSbFslqsK51fX6h9Bh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.170.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:4d:26:c2:1b:f7:18:28:d6:b8:03:15:2b:03:2f:24:c0:c3:
         be:65:5a:c3:23:9d:1a:5c:ed:3e:cb:c1:4b:9d:e8:9b:18:c0:
         ec:27:10:48:62:17:55:7d:c3:3a:13:d8:16:73:de:f1:95:4d:
         04:07:1f:e6:30:c1:c5:0a:92:87:d4:e9:7d:76:9a:a2:8f:e0:
         2a:ff:4d:c1:d9:da:4a:a1:98:35:66:ab:e6:3f:4d:a8:f6:6c:
         14:a8:de:e0:04:e7:b6:e9:30:91:b7:2f:c5:9f:c9:f8:22:24:
         32:0e:c7:8c:8f:23:b2:41:d4:cd:30:2a:ba:2b:43:8f:8a:f4:
         bc:e3:8e:f1:d0:cc:7b:af:a6:e9:f6:cf:40:ea:8c:b2:f9:6f:
         ae:66:d5:40:bc:1f:61:1f:80:71:06:a8:cf:a2:af:23:88:95:
         64:1c:09:f5:4c:25:81:e5:80:76:13:7e:ad:d4:46:20:5c:69:
         01:76:f3:4b:43:5b:34:8d:4b:5b:d4:2a:a5:81:38:ab:a3:0d:
         1d:76:d8:92:14:09:1f:af:5d:2f:a3:10:93:cb:29:cf:9b:f3:
         e9:40:7c:b3:cb:67:32:0d:ef:8a:80:97:32:2e:4e:a4:1e:c1:
         8e:d6:c2:fa:22:57:5e:54:59:51:10:00:79:b1:6b:0c:d8:63:
         ec:21:7d:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks+Jp7OxFsGbR3bBWmnx2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ODI1NmFlMzRlNTQ1MjZjNWIyNWFhYzJiOWQ1ZjVmYTg3
ZDA2MWUwHhcNMjUwMTAyMDE0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjBjOTc2MDE2MDk2MDNjYTMxMGQzMmI0YzMxMjgzM2Q3MjY0MmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9BmIwOFXZXUzvFAeLy22ITFgxq0
Gtq2oJjyeTiA4FfGub5r0AE7xM/J6ir/FcECHBND37R5hSuTG3ZlCziWOO2I6SIA
TnYlihaFqbFE61pGxti9ChTOm8DxkfRbFKGrAhGIGVqwhxBk8Thj9geo2t5EmlxY
3YnYZChfEKvbb0poTDN/gANIvsB1HV4pleG/PXSogYllj1ssfoB8mcaecwBFTsbX
MBh6qf29RAGnLkaFRQsA3b0tj3tTrJ4B6AoxKqiX5ejNSUgGEbz/jeH5OdmL/oRw
7AeXrpXKP0JkFzDHjkQuUqH5YWRYrdI/mHaYn6Kk1/IRCqV1s1XvYwAb3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIIMl2AWCWA8oxDTK0wxKDPXJkLmMB8GA1UdIwQY
MBaAFIaCVq405UUmxbJarCudX1+ofQYeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaG9KV3JqVGxSU2JGc2xxc0s1MWZYNmg5Qmg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS83YjI5NmEtZmQwMy00YWZhLWJjZDIt
Y2JmNjA3MDBlYjkyLzEvZ2d5WFlCWUpZRHlqRU5NclRERW9NOWNtUXVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS83YjI5NmEtZmQwMy00YWZhLWJjZDItY2JmNjA3MDBlYjky
LzEvaG9KV3JqVGxSU2JGc2xxc0s1MWZYNmg5Qmg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw6qhMA0G
CSqGSIb3DQEBCwUAA4IBAQAqTSbCG/cYKNa4AxUrAy8kwMO+ZVrDI50aXO0+y8FL
neibGMDsJxBIYhdVfcM6E9gWc97xlU0EBx/mMMHFCpKH1Ol9dpqij+Aq/03B2dpK
oZg1ZqvmP02o9mwUqN7gBOe26TCRty/Fn8n4IiQyDseMjyOyQdTNMCq6K0OPivS8
447x0Mx7r6bp9s9A6oyy+W+uZtVAvB9hH4BxBqjPoq8jiJVkHAn1TCWB5YB2E36t
1EYgXGkBdvNLQ1s0jUtb1CqlgTirow0ddtiSFAkfr10voxCTyynPm/PpQHyzy2cy
De+KgJcyLk6kHsGO1sL6IldeVFlREAB5sWsM2GPsIX3F
-----END CERTIFICATE-----