Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/d_GmJYSiWtstngRCp4D-3Nytktc.roa
File:                     d_GmJYSiWtstngRCp4D-3Nytktc.roa (raw, json)
Hash identifier:          b5QdQbGkypzupkHkl6NURfR0Tou888+YLeKDY72J/ww=
Subject key identifier:   77:F1:A6:25:84:A2:5A:DB:2D:9E:04:42:A7:80:FE:DC:DC:AD:92:D7
Certificate issuer:       /CN=8b47aa09f2c610f6f44b4e75c1cd9dcd3884e55d
Certificate serial:       01956B1961525BE6C0E1CE65EBD116B3B2CC
Authority key identifier: 8B:47:AA:09:F2:C6:10:F6:F4:4B:4E:75:C1:CD:9D:CD:38:84:E5:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/d_GmJYSiWtstngRCp4D-3Nytktc.roa
Signing time:             Thu 06 Mar 2025 10:56:20 +0000
ROA not before:           Thu 06 Mar 2025 10:56:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59623
IP address blocks:        195.214.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6b:19:61:52:5b:e6:c0:e1:ce:65:eb:d1:16:b3:b2:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b47aa09f2c610f6f44b4e75c1cd9dcd3884e55d
        Validity
            Not Before: Mar  6 10:56:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=77f1a62584a25adb2d9e0442a780fedcdcad92d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:3e:ce:46:32:23:58:35:02:79:c1:fc:31:aa:
                    c2:38:67:e5:fd:ce:cd:fc:68:a1:d5:b2:14:06:f2:
                    7d:18:42:99:db:1d:ab:8b:62:b9:fe:66:09:6a:a4:
                    74:43:47:eb:c5:95:ea:55:9a:a1:95:cd:3a:a7:d0:
                    44:d4:df:ff:ac:4e:c8:05:7c:3b:7d:d5:31:c2:c0:
                    b4:f8:d3:4b:ad:d9:0b:56:3b:1e:80:b5:64:72:98:
                    bb:cc:06:66:7d:3d:74:0b:ae:a3:b9:70:80:fc:70:
                    c2:8d:1c:d2:09:57:aa:e5:a7:16:31:23:d1:df:16:
                    55:32:c8:01:eb:73:b9:7c:64:94:a6:6e:6c:4c:cb:
                    57:ab:76:ce:e2:de:5f:3c:46:80:58:e7:8a:52:bc:
                    ce:00:c8:41:44:8c:a3:31:30:61:1c:cf:03:87:1a:
                    45:9b:5f:f6:01:7d:be:ed:24:2c:6e:76:a8:ed:ee:
                    09:07:e4:99:d0:32:45:01:4f:b7:ed:22:ac:fa:51:
                    68:f2:3f:27:5f:b3:a0:93:77:45:48:3a:1e:b3:0a:
                    4c:6f:57:e0:78:2d:a4:67:ab:5e:35:c7:88:7c:33:
                    00:ef:4d:02:14:0c:00:82:b6:ef:a0:2d:06:0d:6b:
                    58:35:fd:0b:3e:e6:76:76:20:7b:03:74:0c:5e:2e:
                    96:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:F1:A6:25:84:A2:5A:DB:2D:9E:04:42:A7:80:FE:DC:DC:AD:92:D7
            X509v3 Authority Key Identifier:
                keyid:8B:47:AA:09:F2:C6:10:F6:F4:4B:4E:75:C1:CD:9D:CD:38:84:E5:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/d_GmJYSiWtstngRCp4D-3Nytktc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.214.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:19:a3:21:5b:56:58:62:3d:a9:49:ff:5f:cf:a8:2b:f5:17:
         45:ab:8f:29:aa:f3:c7:44:d1:90:09:7b:98:16:4a:f9:aa:c1:
         ba:d1:4a:69:0c:b1:ec:07:62:70:85:c5:14:33:1d:f9:4c:c1:
         34:6c:7a:4d:a3:6e:a6:34:76:13:4c:7a:74:2d:3c:eb:ad:db:
         29:29:2d:d4:a6:ca:ec:67:bb:ff:68:d2:24:34:8f:ad:49:63:
         56:88:56:5d:13:43:1c:d3:4c:d6:a5:5d:ea:0b:25:2e:3f:2a:
         61:80:ff:11:08:b3:7b:2c:d3:38:8b:5e:f3:bb:37:9f:69:8a:
         3b:12:b7:97:ec:e3:91:bf:ab:93:33:cf:27:9a:ca:03:7d:d9:
         f4:e7:b0:01:e9:e3:08:b7:ce:28:b2:8d:64:ee:b4:b6:ab:df:
         f2:71:c2:84:0f:53:a4:20:7c:3b:a2:3e:98:82:cb:08:e9:a8:
         34:70:b9:2e:06:c6:54:32:9e:e8:01:5c:ed:5b:a0:94:96:15:
         fd:2e:fc:ea:ce:05:e7:da:6a:85:8d:17:b1:4a:16:0c:c5:c8:
         2a:0b:b1:45:c2:27:5a:b3:ef:a3:a4:36:a4:a9:db:77:8c:f2:
         d3:80:db:12:3a:40:d0:69:5a:e1:49:d6:71:63:db:e9:49:40:
         05:5f:33:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVrGWFSW+bA4c5l69EWs7LMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiNDdhYTA5ZjJjNjEwZjZmNDRiNGU3NWMxY2Q5ZGNkMzg4
NGU1NWQwHhcNMjUwMzA2MTA1NjIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2YxYTYyNTg0YTI1YWRiMmQ5ZTA0NDJhNzgwZmVkY2RjYWQ5MmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyz7ORjIjWDUCecH8MarCOGfl/c7N
/Gih1bIUBvJ9GEKZ2x2ri2K5/mYJaqR0Q0frxZXqVZqhlc06p9BE1N//rE7IBXw7
fdUxwsC0+NNLrdkLVjsegLVkcpi7zAZmfT10C66juXCA/HDCjRzSCVeq5acWMSPR
3xZVMsgB63O5fGSUpm5sTMtXq3bO4t5fPEaAWOeKUrzOAMhBRIyjMTBhHM8DhxpF
m1/2AX2+7SQsbnao7e4JB+SZ0DJFAU+37SKs+lFo8j8nX7Ogk3dFSDoeswpMb1fg
eC2kZ6teNceIfDMA700CFAwAgrbvoC0GDWtYNf0LPuZ2diB7A3QMXi6WGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHfxpiWEolrbLZ4EQqeA/tzcrZLXMB8GA1UdIwQY
MBaAFItHqgnyxhD29EtOdcHNnc04hOVdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTBlcUNmTEdFUGIwUzA1MXdjMmR6VGlFNVYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9mNTYwZTEtNzg0MC00OTUxLWFiNzgt
NTAwMTUzOWQ3MTg1LzEvZF9HbUpZU2lXdHN0bmdSQ3A0RC0zTnl0a3RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9mNTYwZTEtNzg0MC00OTUxLWFiNzgtNTAwMTUzOWQ3MTg1
LzEvaTBlcUNmTEdFUGIwUzA1MXdjMmR6VGlFNVYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9brMA0G
CSqGSIb3DQEBCwUAA4IBAQAkGaMhW1ZYYj2pSf9fz6gr9RdFq48pqvPHRNGQCXuY
Fkr5qsG60UppDLHsB2JwhcUUMx35TME0bHpNo26mNHYTTHp0LTzrrdspKS3Upsrs
Z7v/aNIkNI+tSWNWiFZdE0Mc00zWpV3qCyUuPyphgP8RCLN7LNM4i17zuzefaYo7
EreX7OORv6uTM88nmsoDfdn057AB6eMIt84oso1k7rS2q9/yccKED1OkIHw7oj6Y
gssI6ag0cLkuBsZUMp7oAVztW6CUlhX9LvzqzgXn2mqFjRexShYMxcgqC7FFwida
s++jpDakqdt3jPLTgNsSOkDQaVrhSdZxY9vpSUAFXzPM
-----END CERTIFICATE-----