Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/51cd94-a055-43ee-a09b-472b0d072e83/1/GkXcWKv2tiZbmRFso5KDAtIlFEs.roa
File:                     GkXcWKv2tiZbmRFso5KDAtIlFEs.roa (raw, json)
Hash identifier:          qBk0djYI/QNSD8TA0vX6gS28tOn4bjIOUEqnaYwDuO8=
Subject key identifier:   1A:45:DC:58:AB:F6:B6:26:5B:99:11:6C:A3:92:83:02:D2:25:14:4B
Certificate issuer:       /CN=16ea37a8e73e7679a933d70f7b9c872081024455
Certificate serial:       01942143910EF65252991E452DFCC4799EBD
Authority key identifier: 16:EA:37:A8:E7:3E:76:79:A9:33:D7:0F:7B:9C:87:20:81:02:44:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fuo3qOc-dnmpM9cPe5yHIIECRFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/51cd94-a055-43ee-a09b-472b0d072e83/1/GkXcWKv2tiZbmRFso5KDAtIlFEs.roa
Signing time:             Wed 01 Jan 2025 09:47:43 +0000
ROA not before:           Wed 01 Jan 2025 09:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49666
IP address blocks:        185.81.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/51cd94-a055-43ee-a09b-472b0d072e83/1/Fuo3qOc-dnmpM9cPe5yHIIECRFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/51cd94-a055-43ee-a09b-472b0d072e83/1/Fuo3qOc-dnmpM9cPe5yHIIECRFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fuo3qOc-dnmpM9cPe5yHIIECRFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:91:0e:f6:52:52:99:1e:45:2d:fc:c4:79:9e:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16ea37a8e73e7679a933d70f7b9c872081024455
        Validity
            Not Before: Jan  1 09:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a45dc58abf6b6265b99116ca3928302d225144b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:82:09:09:1f:06:be:0a:56:57:fc:3f:a3:39:
                    94:2a:7c:35:86:dc:e6:67:c4:16:4c:97:3c:6f:03:
                    c0:9b:a3:f0:d1:bb:09:ff:13:3e:98:8d:b6:b4:00:
                    76:08:f4:f4:55:91:f9:05:55:f6:9d:d6:90:64:32:
                    d6:bc:b7:00:b1:3a:4a:b5:54:93:38:21:c5:14:33:
                    39:f4:ff:d5:79:70:ed:8b:5a:ee:fd:48:5d:5e:a9:
                    1b:5b:37:80:db:73:75:0b:c2:ea:d1:37:f1:68:8f:
                    fc:9b:3f:f9:83:b1:78:e2:3c:8b:ba:5a:a0:7f:3b:
                    4c:17:5b:a9:cb:4e:5b:02:6c:4c:cc:5b:db:46:20:
                    1c:2e:2f:a4:58:7c:a5:c4:a8:09:f7:d9:86:9e:5c:
                    ca:f2:3c:fd:56:eb:3e:a1:fd:48:81:a7:24:6c:64:
                    bf:2a:cd:e5:3f:71:62:e8:8d:e8:1b:d3:3d:0f:5d:
                    d4:45:ed:ce:71:55:e6:88:ad:a1:26:f7:da:af:4f:
                    f2:5c:eb:9f:09:9a:a1:ec:35:7c:4e:1b:ab:73:82:
                    59:f8:56:97:88:b3:c3:2e:1d:df:c4:2f:20:a5:93:
                    4f:52:1d:f5:4e:00:55:ec:ca:00:29:e4:63:39:7a:
                    f8:62:8b:82:32:39:de:2f:a3:1f:20:21:11:15:46:
                    53:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:45:DC:58:AB:F6:B6:26:5B:99:11:6C:A3:92:83:02:D2:25:14:4B
            X509v3 Authority Key Identifier:
                keyid:16:EA:37:A8:E7:3E:76:79:A9:33:D7:0F:7B:9C:87:20:81:02:44:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fuo3qOc-dnmpM9cPe5yHIIECRFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/51cd94-a055-43ee-a09b-472b0d072e83/1/GkXcWKv2tiZbmRFso5KDAtIlFEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/51cd94-a055-43ee-a09b-472b0d072e83/1/Fuo3qOc-dnmpM9cPe5yHIIECRFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:9d:ae:45:ba:9e:5c:55:2f:50:a7:98:60:f2:25:0b:d5:ae:
         1c:3d:48:8d:2f:17:83:50:ef:55:6a:3b:e7:c8:4d:33:23:a9:
         7b:62:db:31:02:c5:10:d9:1d:80:55:a2:ac:f8:b2:d8:ec:42:
         b4:2e:c4:ef:f1:b3:f8:1b:8f:52:66:e2:4c:96:4d:e3:21:e3:
         8e:eb:81:50:22:29:58:81:5a:23:d1:da:6d:e1:a6:3a:12:15:
         dd:62:ad:9e:71:89:84:b8:27:42:d8:34:cb:82:dc:43:99:12:
         43:4d:7d:f0:5c:ec:c5:95:ea:c0:36:97:ef:d6:ef:dd:da:b6:
         53:f8:78:9a:e3:92:55:3a:ae:ff:13:ea:63:5f:12:b4:a4:87:
         3b:f5:83:e6:4e:46:91:39:d1:41:2e:7f:c4:8c:d5:67:5c:f0:
         1b:2e:e7:81:a7:b3:8d:8b:61:58:2c:bf:00:88:6a:0c:13:47:
         04:cc:42:83:ca:57:a2:51:d1:de:ab:0f:d6:66:df:07:78:16:
         2a:2c:09:9e:6b:8a:9d:7b:cf:7e:92:ca:1f:db:c5:40:4e:2c:
         15:59:1c:91:68:a2:b9:ff:00:09:59:9e:1d:8e:c8:ed:b2:38:
         ee:a6:25:a8:f8:60:7e:80:14:4b:2b:a4:30:36:ca:c2:19:8e:
         d3:67:64:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ5EO9lJSmR5FLfzEeZ69MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2ZWEzN2E4ZTczZTc2NzlhOTMzZDcwZjdiOWM4NzIwODEw
MjQ0NTUwHhcNMjUwMTAxMDk0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTQ1ZGM1OGFiZjZiNjI2NWI5OTExNmNhMzkyODMwMmQyMjUxNDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoIJCR8GvgpWV/w/ozmUKnw1htzm
Z8QWTJc8bwPAm6Pw0bsJ/xM+mI22tAB2CPT0VZH5BVX2ndaQZDLWvLcAsTpKtVST
OCHFFDM59P/VeXDti1ru/UhdXqkbWzeA23N1C8Lq0TfxaI/8mz/5g7F44jyLulqg
fztMF1upy05bAmxMzFvbRiAcLi+kWHylxKgJ99mGnlzK8jz9Vus+of1IgackbGS/
Ks3lP3Fi6I3oG9M9D13URe3OcVXmiK2hJvfar0/yXOufCZqh7DV8Thurc4JZ+FaX
iLPDLh3fxC8gpZNPUh31TgBV7MoAKeRjOXr4YouCMjneL6MfICERFUZTywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBpF3Fir9rYmW5kRbKOSgwLSJRRLMB8GA1UdIwQY
MBaAFBbqN6jnPnZ5qTPXD3uchyCBAkRVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnVvM3FPYy1kbm1wTTljUGU1eUhJSUVDUkZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My81MWNkOTQtYTA1NS00M2VlLWEwOWIt
NDcyYjBkMDcyZTgzLzEvR2tYY1dLdjJ0aVpibVJGc281S0RBdElsRkVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My81MWNkOTQtYTA1NS00M2VlLWEwOWItNDcyYjBkMDcyZTgz
LzEvRnVvM3FPYy1kbm1wTTljUGU1eUhJSUVDUkZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVFiMA0G
CSqGSIb3DQEBCwUAA4IBAQAXna5Fup5cVS9Qp5hg8iUL1a4cPUiNLxeDUO9Vajvn
yE0zI6l7YtsxAsUQ2R2AVaKs+LLY7EK0LsTv8bP4G49SZuJMlk3jIeOO64FQIilY
gVoj0dpt4aY6EhXdYq2ecYmEuCdC2DTLgtxDmRJDTX3wXOzFlerANpfv1u/d2rZT
+Hia45JVOq7/E+pjXxK0pIc79YPmTkaROdFBLn/EjNVnXPAbLueBp7ONi2FYLL8A
iGoME0cEzEKDyleiUdHeqw/WZt8HeBYqLAmea4qde89+ksof28VATiwVWRyRaKK5
/wAJWZ4djsjtsjjupiWo+GB+gBRLK6QwNsrCGY7TZ2RC
-----END CERTIFICATE-----