Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/GtUJ2ssMAEwmFAXvMELN9Tsyduk.roa
File:                     GtUJ2ssMAEwmFAXvMELN9Tsyduk.roa (raw, json)
Hash identifier:          aTGTucVW933EQPKB8+bTzbhp6tE8gtwIMPTu3y4B9og=
Subject key identifier:   1A:D5:09:DA:CB:0C:00:4C:26:14:05:EF:30:42:CD:F5:3B:32:76:E9
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       0194236A5B916E03D09D78D10707DD9BAE71
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/GtUJ2ssMAEwmFAXvMELN9Tsyduk.roa
Signing time:             Wed 01 Jan 2025 19:49:20 +0000
ROA not before:           Wed 01 Jan 2025 19:49:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1163
IP address blocks:        145.102.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 15:18:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:5b:91:6e:03:d0:9d:78:d1:07:07:dd:9b:ae:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Jan  1 19:49:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1ad509dacb0c004c261405ef3042cdf53b3276e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:8d:44:45:ad:e4:8f:41:46:24:a5:4f:e5:da:
                    2d:50:df:7f:46:bd:3c:33:f0:54:be:56:50:82:40:
                    ab:36:5f:6a:a3:83:a7:c4:2c:a6:b7:ef:e3:2c:c4:
                    0d:0a:b8:19:93:fc:d4:a3:4a:d3:bb:dc:0f:e2:b6:
                    b9:d6:aa:c0:f7:9c:40:19:19:f7:17:87:1c:d4:8b:
                    d0:b2:4d:1e:b2:4c:dd:a5:4d:97:0b:c9:11:00:d6:
                    6d:a1:cf:3d:94:88:3d:52:ef:29:c6:aa:38:4c:f7:
                    a4:ab:db:03:21:6b:a7:a4:ef:ba:18:de:97:97:07:
                    ea:3a:61:03:bb:e4:8f:70:e9:a4:b6:71:c4:6c:1d:
                    41:e0:b8:35:46:b8:fb:fd:cc:dd:97:7d:1a:5e:a4:
                    c6:b6:ea:2c:44:23:b4:a9:03:d6:79:8d:f4:2f:4c:
                    89:25:18:62:a2:e2:bf:4a:e6:c5:4d:94:56:17:48:
                    d2:4e:01:6d:ff:29:fd:c6:22:de:52:8f:83:dc:b2:
                    35:c7:59:1a:a8:d7:57:14:f9:11:df:1c:00:47:af:
                    ce:08:50:b3:19:44:fa:fa:cf:06:0c:e7:f2:4f:10:
                    25:e3:31:df:03:66:51:c9:47:62:5b:05:e3:42:d3:
                    ca:c7:82:85:ed:67:98:2a:7a:d2:48:c0:5d:f6:7f:
                    01:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:D5:09:DA:CB:0C:00:4C:26:14:05:EF:30:42:CD:F5:3B:32:76:E9
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/GtUJ2ssMAEwmFAXvMELN9Tsyduk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.102.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:6f:28:bf:96:77:03:34:ea:e2:73:75:d9:5c:08:21:b9:90:
         02:b8:b6:1f:07:f2:26:f5:02:79:1a:01:26:bf:31:d0:30:02:
         e9:3b:f0:85:5a:0b:ae:d3:bb:36:14:4e:52:65:07:2c:6d:d3:
         d3:47:42:3b:06:f6:c8:c3:4e:2f:f6:75:f2:17:70:28:71:50:
         3d:f6:cd:7b:3e:5d:b7:7a:fa:f4:56:39:fc:c9:f0:2c:64:7d:
         77:d2:9e:42:93:07:4a:fc:48:b6:9f:9f:60:12:8e:99:e0:2b:
         bb:01:d1:35:6b:a1:30:84:1c:b4:e3:43:f2:62:f8:21:48:25:
         92:62:83:5a:b6:bc:1d:8a:12:7c:9d:7a:27:4e:53:48:4a:b7:
         91:09:1a:80:3b:19:13:89:ac:10:e7:b2:60:d4:cf:e2:4e:64:
         f0:af:94:ec:8a:20:6d:43:2b:21:f0:c8:c2:3e:d2:c4:dd:f8:
         e1:56:8a:8b:4f:9d:0a:81:38:d0:1a:75:d5:13:40:2e:42:46:
         fd:3b:f0:40:39:7f:22:ed:18:f3:05:20:4f:3a:4a:ce:10:d7:
         9c:97:f4:d1:d6:28:08:50:fd:0c:05:41:55:a7:93:aa:4f:39:
         5d:04:c0:46:f6:9c:0d:81:5b:a9:8a:22:73:13:d4:ec:55:16:
         eb:2c:08:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaluRbgPQnXjRBwfdm65xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjUwMTAxMTk0OTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWQ1MDlkYWNiMGMwMDRjMjYxNDA1ZWYzMDQyY2RmNTNiMzI3NmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwI1ERa3kj0FGJKVP5dotUN9/Rr08
M/BUvlZQgkCrNl9qo4OnxCymt+/jLMQNCrgZk/zUo0rTu9wP4ra51qrA95xAGRn3
F4cc1IvQsk0eskzdpU2XC8kRANZtoc89lIg9Uu8pxqo4TPekq9sDIWunpO+6GN6X
lwfqOmEDu+SPcOmktnHEbB1B4Lg1Rrj7/czdl30aXqTGtuosRCO0qQPWeY30L0yJ
JRhiouK/SubFTZRWF0jSTgFt/yn9xiLeUo+D3LI1x1kaqNdXFPkR3xwAR6/OCFCz
GUT6+s8GDOfyTxAl4zHfA2ZRyUdiWwXjQtPKx4KF7WeYKnrSSMBd9n8B7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBrVCdrLDABMJhQF7zBCzfU7MnbpMB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvR3RVSjJzc01BRXdtRkFYdk1FTE45VHN5ZHVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkWaBMA0G
CSqGSIb3DQEBCwUAA4IBAQBobyi/lncDNOric3XZXAghuZACuLYfB/Im9QJ5GgEm
vzHQMALpO/CFWguu07s2FE5SZQcsbdPTR0I7BvbIw04v9nXyF3AocVA99s17Pl23
evr0Vjn8yfAsZH130p5CkwdK/Ei2n59gEo6Z4Cu7AdE1a6EwhBy040PyYvghSCWS
YoNatrwdihJ8nXonTlNISreRCRqAOxkTiawQ57Jg1M/iTmTwr5TsiiBtQysh8MjC
PtLE3fjhVoqLT50KgTjQGnXVE0AuQkb9O/BAOX8i7RjzBSBPOkrOENecl/TR1igI
UP0MBUFVp5OqTzldBMBG9pwNgVupiiJzE9TsVRbrLAgF
-----END CERTIFICATE-----