Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/GC-oFBhbKfsmcnr3xXcJTkPNW84.roa
File:                     GC-oFBhbKfsmcnr3xXcJTkPNW84.roa (raw, json)
Hash identifier:          1mwilaFdRL/aTZ5dN3c/DgTe70HzmAh6lpypghAkwCA=
Subject key identifier:   18:2F:A8:14:18:5B:29:FB:26:72:7A:F7:C5:77:09:4E:43:CD:5B:CE
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       01941FFAA3CE4885454676EE90093EE18E2D
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/GC-oFBhbKfsmcnr3xXcJTkPNW84.roa
Signing time:             Wed 01 Jan 2025 03:48:27 +0000
ROA not before:           Wed 01 Jan 2025 03:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200215
IP address blocks:        178.170.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 06:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:a3:ce:48:85:45:46:76:ee:90:09:3e:e1:8e:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 03:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=182fa814185b29fb26727af7c577094e43cd5bce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ea:8f:3e:b2:32:b4:b4:f7:51:de:28:d2:89:
                    12:ca:cf:2b:b7:e5:1f:b5:0c:be:96:ac:f5:e4:83:
                    66:eb:89:72:5d:a8:12:2e:1a:17:95:75:5a:24:9a:
                    4c:c5:40:17:bf:87:3b:40:d8:90:50:cb:85:38:b5:
                    27:70:23:fa:b6:d1:66:24:15:38:23:7f:e1:7d:57:
                    8f:73:49:e8:6e:50:41:6d:84:76:4d:e8:23:c3:80:
                    be:cf:b2:87:5c:8e:fe:16:84:06:cb:6a:72:fc:b5:
                    01:1e:d0:88:03:2a:03:ed:bf:d1:cd:ba:a6:cc:db:
                    62:ff:22:2e:c7:a2:63:38:23:a7:de:b2:61:a9:19:
                    bd:80:e9:4b:b5:28:dd:16:0f:fa:3b:6f:62:8f:4f:
                    da:64:5d:72:81:76:ad:5f:18:41:a6:7e:5d:d6:a9:
                    42:8c:15:f6:53:52:07:53:e7:a8:1c:20:46:91:9b:
                    db:fc:70:2b:7b:f3:b7:7b:97:ad:b1:90:43:0a:e5:
                    a3:41:d0:66:41:34:d1:08:f4:74:b6:0e:96:0a:75:
                    af:1d:38:14:62:63:4d:77:ba:27:b2:8e:f0:72:79:
                    64:e3:be:99:c9:a5:a1:58:41:b3:fe:5b:52:a9:d7:
                    16:1e:96:4a:57:6f:15:30:be:e7:6b:06:02:ae:37:
                    30:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:2F:A8:14:18:5B:29:FB:26:72:7A:F7:C5:77:09:4E:43:CD:5B:CE
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/GC-oFBhbKfsmcnr3xXcJTkPNW84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.170.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:21:4f:ba:6c:20:38:d0:7a:7d:f0:b2:81:c1:f7:cc:36:a3:
         db:69:02:bc:b2:84:2d:a8:17:6b:a3:65:58:cd:b6:b5:42:c1:
         24:1c:f1:93:f9:78:29:f8:a6:46:0c:2a:26:2d:3e:dd:fe:1c:
         5a:56:b3:ce:94:94:ca:22:a5:82:31:86:32:ac:b3:ce:c5:77:
         ca:a4:c6:7a:fe:80:d5:f0:29:58:9f:69:68:25:53:d3:10:db:
         3b:80:0c:71:30:9c:86:35:8b:52:90:08:51:10:02:e0:68:5b:
         e9:10:43:b0:22:a5:58:47:6a:a1:52:a0:fa:f1:ab:d4:25:22:
         64:d4:bd:43:5a:f0:d6:22:dc:0f:04:e0:d0:60:9e:85:82:d3:
         93:54:6b:e4:63:90:b7:b6:cd:99:06:81:7d:8b:a1:91:79:10:
         4a:a9:80:54:fe:8e:51:38:a7:b3:39:5a:25:49:fb:86:a0:89:
         a4:b5:7f:e8:1b:9d:f1:4a:78:7a:0e:80:34:ce:40:af:b4:78:
         bc:36:61:4e:74:39:14:a2:24:1f:a8:87:64:5f:26:09:5c:39:
         53:fc:33:f9:15:7e:62:f9:df:f9:19:b6:53:94:a4:70:bf:57:
         40:9a:ae:df:2a:28:d8:b8:03:e1:c9:9d:b5:53:bb:9e:3a:0f:
         bb:36:67:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+qPOSIVFRnbukAk+4Y4tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjUwMTAxMDM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODJmYTgxNDE4NWIyOWZiMjY3MjdhZjdjNTc3MDk0ZTQzY2Q1YmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuqPPrIytLT3Ud4o0okSys8rt+Uf
tQy+lqz15INm64lyXagSLhoXlXVaJJpMxUAXv4c7QNiQUMuFOLUncCP6ttFmJBU4
I3/hfVePc0noblBBbYR2Tegjw4C+z7KHXI7+FoQGy2py/LUBHtCIAyoD7b/Rzbqm
zNti/yIux6JjOCOn3rJhqRm9gOlLtSjdFg/6O29ij0/aZF1ygXatXxhBpn5d1qlC
jBX2U1IHU+eoHCBGkZvb/HAre/O3e5etsZBDCuWjQdBmQTTRCPR0tg6WCnWvHTgU
YmNNd7onso7wcnlk476ZyaWhWEGz/ltSqdcWHpZKV28VML7nawYCrjcwBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBgvqBQYWyn7JnJ698V3CU5DzVvOMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvR0Mtb0ZCaGJLZnNtY25yM3hYY0pUa1BOVzg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsqrnMA0G
CSqGSIb3DQEBCwUAA4IBAQC4IU+6bCA40Hp98LKBwffMNqPbaQK8soQtqBdro2VY
zba1QsEkHPGT+Xgp+KZGDComLT7d/hxaVrPOlJTKIqWCMYYyrLPOxXfKpMZ6/oDV
8ClYn2loJVPTENs7gAxxMJyGNYtSkAhREALgaFvpEEOwIqVYR2qhUqD68avUJSJk
1L1DWvDWItwPBODQYJ6FgtOTVGvkY5C3ts2ZBoF9i6GReRBKqYBU/o5ROKezOVol
SfuGoImktX/oG53xSnh6DoA0zkCvtHi8NmFOdDkUoiQfqIdkXyYJXDlT/DP5FX5i
+d/5GbZTlKRwv1dAmq7fKijYuAPhyZ21U7ueOg+7NmcQ
-----END CERTIFICATE-----