Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/gtPZlYI7w3coAzc-MlHuuU1oFOM.roa
File:                     gtPZlYI7w3coAzc-MlHuuU1oFOM.roa (raw, json)
Hash identifier:          kHvdU6CJOqssI35/ez8kLYqLbyhabXcTkrkqWWbKmw8=
Subject key identifier:   82:D3:D9:95:82:3B:C3:77:28:03:37:3E:32:51:EE:B9:4D:68:14:E3
Certificate issuer:       /CN=0a37d807d4f7cdd3e0afe4abc8ee5a880c6090f1
Certificate serial:       019421B16F073C0B1FA0F316E59F1D63AF04
Authority key identifier: 0A:37:D8:07:D4:F7:CD:D3:E0:AF:E4:AB:C8:EE:5A:88:0C:60:90:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/gtPZlYI7w3coAzc-MlHuuU1oFOM.roa
Signing time:             Wed 01 Jan 2025 11:47:43 +0000
ROA not before:           Wed 01 Jan 2025 11:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31367
IP address blocks:        159.151.250.0/24 maxlen: 24
                          159.151.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CjfYB9T3zdPgr-SryO5aiAxgkPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CjfYB9T3zdPgr-SryO5aiAxgkPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 06:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:6f:07:3c:0b:1f:a0:f3:16:e5:9f:1d:63:af:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a37d807d4f7cdd3e0afe4abc8ee5a880c6090f1
        Validity
            Not Before: Jan  1 11:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82d3d995823bc3772803373e3251eeb94d6814e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:c9:76:1a:5c:df:a7:cf:7b:85:d7:81:12:30:
                    a3:f6:77:bf:5e:9f:4b:bd:6a:52:ec:a5:07:f5:d3:
                    8b:1f:7c:10:86:27:4b:fc:b8:fb:c2:35:25:ac:e2:
                    66:21:66:84:1d:b8:ab:02:3b:27:b0:40:a3:c8:a7:
                    b4:eb:03:d8:db:19:42:da:8c:70:39:4a:ce:1b:18:
                    5b:19:11:02:e3:c1:d7:b6:b0:45:64:d7:a4:6a:da:
                    0b:eb:24:71:80:4c:b8:ac:ed:32:04:d0:e5:be:b9:
                    1a:d0:7a:a0:9a:a9:06:3f:f7:24:9a:09:3b:1a:68:
                    d6:5f:85:f9:9f:42:d1:da:81:d5:42:f6:25:9a:76:
                    1b:6e:60:1f:5a:4f:23:9b:4e:b4:55:4d:fc:46:1a:
                    50:ef:74:79:a9:b8:8d:09:18:a8:6a:30:a9:c7:e5:
                    09:ef:b0:e6:ab:4b:87:36:f2:18:15:f0:05:2d:35:
                    5b:69:94:6a:6d:1d:af:c0:31:17:be:4f:d6:ae:ba:
                    7b:9b:62:f9:3b:99:18:75:6d:e9:13:01:38:6c:b1:
                    f8:68:f3:ae:4a:14:4e:86:4f:16:59:2a:51:15:7f:
                    1e:0c:8e:58:8a:cf:97:90:f4:7e:87:36:8d:c8:6d:
                    87:c8:1e:2b:49:68:74:70:80:f6:06:83:ec:be:9c:
                    c6:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:D3:D9:95:82:3B:C3:77:28:03:37:3E:32:51:EE:B9:4D:68:14:E3
            X509v3 Authority Key Identifier:
                keyid:0A:37:D8:07:D4:F7:CD:D3:E0:AF:E4:AB:C8:EE:5A:88:0C:60:90:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/gtPZlYI7w3coAzc-MlHuuU1oFOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CjfYB9T3zdPgr-SryO5aiAxgkPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.151.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         52:63:7b:04:55:16:09:18:04:74:bd:cb:f0:b4:d5:88:f8:98:
         f7:11:b5:98:f0:81:b1:2f:9f:ee:e4:c4:34:ea:ba:e6:eb:ae:
         6e:a4:46:ca:8a:59:f5:15:cd:f8:05:fa:ca:1f:24:d8:69:2d:
         63:2e:57:9a:ae:57:46:3c:e4:f5:73:02:1d:92:05:de:ac:33:
         85:b6:ae:63:42:06:e6:9b:57:60:dd:c7:9c:33:59:35:20:60:
         c1:b3:5b:52:88:3b:6d:a8:af:90:97:46:e5:f3:e8:30:fc:64:
         8f:44:8a:76:f3:5e:af:42:1f:e6:5c:5f:1a:bd:66:0d:7a:c6:
         1f:36:1a:d3:89:2f:4d:6a:6e:7a:1d:00:99:b8:43:5c:de:58:
         dc:31:ac:d8:aa:35:37:1a:2e:2e:c0:f2:03:c9:20:49:fe:4a:
         ce:5d:60:0f:0a:38:7d:46:03:dc:c1:ab:d4:93:0b:86:82:d7:
         f3:3c:34:42:a8:df:07:9a:50:a8:9b:7e:3c:dc:7f:21:cb:ca:
         57:0a:28:a1:45:40:77:d0:ac:75:04:b9:31:80:0d:c8:f2:29:
         1c:93:39:c1:14:59:99:61:a4:0f:9c:ab:63:99:aa:a2:e0:b3:
         d6:be:5b:0c:4b:d2:b8:d2:ec:f9:a0:77:28:50:e7:1d:94:85:
         da:1a:04:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsW8HPAsfoPMW5Z8dY68EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMzdkODA3ZDRmN2NkZDNlMGFmZTRhYmM4ZWU1YTg4MGM2
MDkwZjEwHhcNMjUwMTAxMTE0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmQzZDk5NTgyM2JjMzc3MjgwMzM3M2UzMjUxZWViOTRkNjgxNGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA18l2Glzfp897hdeBEjCj9ne/Xp9L
vWpS7KUH9dOLH3wQhidL/Lj7wjUlrOJmIWaEHbirAjsnsECjyKe06wPY2xlC2oxw
OUrOGxhbGREC48HXtrBFZNekatoL6yRxgEy4rO0yBNDlvrka0HqgmqkGP/ckmgk7
GmjWX4X5n0LR2oHVQvYlmnYbbmAfWk8jm060VU38RhpQ73R5qbiNCRioajCpx+UJ
77Dmq0uHNvIYFfAFLTVbaZRqbR2vwDEXvk/Wrrp7m2L5O5kYdW3pEwE4bLH4aPOu
ShROhk8WWSpRFX8eDI5Yis+XkPR+hzaNyG2HyB4rSWh0cID2BoPsvpzG1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFILT2ZWCO8N3KAM3PjJR7rlNaBTjMB8GA1UdIwQY
MBaAFAo32AfU983T4K/kq8juWogMYJDxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2pmWUI5VDN6ZFBnci1TcnlPNWFpQXhna1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9iYzI2OGQtNjFmMC00NzFmLWFhYjkt
ODAwZWRhMmNmYjM2LzEvZ3RQWmxZSTd3M2NvQXpjLU1sSHV1VTFvRk9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9iYzI2OGQtNjFmMC00NzFmLWFhYjktODAwZWRhMmNmYjM2
LzEvQ2pmWUI5VDN6ZFBnci1TcnlPNWFpQXhna1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBn5f6MA0G
CSqGSIb3DQEBCwUAA4IBAQBSY3sEVRYJGAR0vcvwtNWI+Jj3EbWY8IGxL5/u5MQ0
6rrm665upEbKiln1Fc34BfrKHyTYaS1jLlearldGPOT1cwIdkgXerDOFtq5jQgbm
m1dg3cecM1k1IGDBs1tSiDttqK+Ql0bl8+gw/GSPRIp2816vQh/mXF8avWYNesYf
NhrTiS9Nam56HQCZuENc3ljcMazYqjU3Gi4uwPIDySBJ/krOXWAPCjh9RgPcwavU
kwuGgtfzPDRCqN8HmlCom3483H8hy8pXCiihRUB30Kx1BLkxgA3I8ikckznBFFmZ
YaQPnKtjmaqi4LPWvlsMS9K40uz5oHcoUOcdlIXaGgQd
-----END CERTIFICATE-----