Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/GxldgcnYeNX5_8zplcPh0gb0pWM.roa
File:                     GxldgcnYeNX5_8zplcPh0gb0pWM.roa (raw, json)
Hash identifier:          +HQkIOnYcTmyDCdI1yJAUlaKwZ0yjP6fKCY3F+1XnSQ=
Subject key identifier:   1B:19:5D:81:C9:D8:78:D5:F9:FF:CC:E9:95:C3:E1:D2:06:F4:A5:63
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       01941FFAACB0DDA66C4BA336B6B91E391326
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/GxldgcnYeNX5_8zplcPh0gb0pWM.roa
Signing time:             Wed 01 Jan 2025 03:48:29 +0000
ROA not before:           Wed 01 Jan 2025 03:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207935
IP address blocks:        141.101.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:ac:b0:dd:a6:6c:4b:a3:36:b6:b9:1e:39:13:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 03:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b195d81c9d878d5f9ffcce995c3e1d206f4a563
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:26:e8:5f:f6:35:af:ff:97:71:89:eb:76:78:
                    c1:a5:52:41:0d:86:ca:5a:70:f2:cd:00:d4:4c:93:
                    2a:ba:84:10:6d:6c:30:b3:d0:e7:8a:15:da:1f:68:
                    67:7b:8d:d6:bf:bc:a2:33:c0:30:9e:36:20:51:a5:
                    30:14:d8:4e:42:85:ae:8e:2b:01:27:3a:ad:cd:a3:
                    98:9c:08:da:93:f2:01:b2:3f:10:77:dd:c9:5e:2f:
                    cb:36:aa:93:15:05:35:16:35:5c:6e:b4:00:72:08:
                    50:c8:2e:47:a1:42:f4:b7:58:2c:fd:2f:91:81:a2:
                    7b:fb:e2:59:58:9b:f2:d8:f3:79:63:54:86:b2:eb:
                    f2:42:34:6d:24:87:75:9e:d0:f5:90:c6:1f:aa:74:
                    8e:af:48:2f:a7:74:e3:59:eb:b5:5d:64:0b:63:89:
                    28:4f:91:52:01:a7:76:35:22:1e:cf:22:64:77:bc:
                    b8:c7:e7:f0:48:af:f2:40:7e:70:a9:f2:2c:03:69:
                    71:36:8f:65:53:26:cf:f4:21:4b:6d:9f:6f:e6:71:
                    e6:c6:aa:f2:f6:0c:9a:cd:b9:45:05:ed:b3:b3:a8:
                    0d:cd:c3:bd:d9:bf:81:2c:ed:97:20:d9:5a:f1:22:
                    82:de:b7:55:38:39:d0:b4:8b:6c:e0:7d:32:e8:06:
                    7b:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:19:5D:81:C9:D8:78:D5:F9:FF:CC:E9:95:C3:E1:D2:06:F4:A5:63
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/GxldgcnYeNX5_8zplcPh0gb0pWM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.101.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:00:26:7d:57:17:b7:d6:18:a0:53:f5:ab:7b:e9:38:cc:00:
         c0:4c:10:91:a4:2e:58:11:25:71:e0:af:b5:8d:95:b4:89:01:
         7f:b5:53:29:c9:44:c6:06:4e:7c:37:b8:52:51:d5:15:09:9d:
         9f:97:0f:0d:ca:9a:0d:54:db:c3:18:ce:5c:49:1c:4b:7f:c7:
         7c:64:58:6f:95:ae:58:76:db:7a:e7:d7:02:20:f6:6c:aa:fa:
         20:b9:c6:7d:bc:a5:81:38:1a:c8:3e:c1:ce:a0:82:bf:9b:71:
         aa:0b:68:17:c1:56:f7:d3:f6:80:01:96:af:4f:97:d2:10:f0:
         e5:0a:77:8d:e4:61:97:dd:40:47:8f:2e:b6:94:dc:84:0d:8b:
         44:cd:5e:86:0d:f3:ba:a3:90:36:71:8d:84:09:e5:cf:24:64:
         6a:aa:5b:c3:4b:26:24:33:6c:8b:8b:29:72:cb:4a:78:08:ac:
         16:51:71:d8:72:a6:2a:15:66:27:1f:59:bc:65:f2:0c:8a:6e:
         60:71:86:99:41:1c:96:ae:f5:d4:2e:81:1e:ca:21:a3:3c:4a:
         0e:1b:cf:4e:a9:24:51:78:c3:73:19:f6:48:60:fc:39:f3:a5:
         09:06:99:4b:28:a1:da:bf:d1:34:8f:e8:47:09:ce:c5:74:cf:
         b3:05:86:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+qyw3aZsS6M2trkeORMmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjUwMTAxMDM0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjE5NWQ4MWM5ZDg3OGQ1ZjlmZmNjZTk5NWMzZTFkMjA2ZjRhNTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9iboX/Y1r/+XcYnrdnjBpVJBDYbK
WnDyzQDUTJMquoQQbWwws9DnihXaH2hne43Wv7yiM8AwnjYgUaUwFNhOQoWujisB
JzqtzaOYnAjak/IBsj8Qd93JXi/LNqqTFQU1FjVcbrQAcghQyC5HoUL0t1gs/S+R
gaJ7++JZWJvy2PN5Y1SGsuvyQjRtJId1ntD1kMYfqnSOr0gvp3TjWeu1XWQLY4ko
T5FSAad2NSIezyJkd7y4x+fwSK/yQH5wqfIsA2lxNo9lUybP9CFLbZ9v5nHmxqry
9gyazblFBe2zs6gNzcO92b+BLO2XINla8SKC3rdVODnQtIts4H0y6AZ71QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBsZXYHJ2HjV+f/M6ZXD4dIG9KVjMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvR3hsZGdjblllTlg1Xzh6cGxjUGgwZ2IwcFdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWXdMA0G
CSqGSIb3DQEBCwUAA4IBAQBFACZ9Vxe31higU/Wre+k4zADATBCRpC5YESVx4K+1
jZW0iQF/tVMpyUTGBk58N7hSUdUVCZ2flw8NypoNVNvDGM5cSRxLf8d8ZFhvla5Y
dtt659cCIPZsqvogucZ9vKWBOBrIPsHOoIK/m3GqC2gXwVb30/aAAZavT5fSEPDl
CneN5GGX3UBHjy62lNyEDYtEzV6GDfO6o5A2cY2ECeXPJGRqqlvDSyYkM2yLiyly
y0p4CKwWUXHYcqYqFWYnH1m8ZfIMim5gcYaZQRyWrvXULoEeyiGjPEoOG89OqSRR
eMNzGfZIYPw586UJBplLKKHav9E0j+hHCc7FdM+zBYYs
-----END CERTIFICATE-----