Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/GeAJ1HW4BIewoLPfGbb-SsL5NGw.roa
File:                     GeAJ1HW4BIewoLPfGbb-SsL5NGw.roa (raw, json)
Hash identifier:          srwRADwGDIIx52WT+/n/TTLrhpUiRbeWdmuzYXw/VCw=
Subject key identifier:   19:E0:09:D4:75:B8:04:87:B0:A0:B3:DF:19:B6:FE:4A:C2:F9:34:6C
Certificate issuer:       /CN=c2d21e804ab7713ad7877dde603aa7824b31983c
Certificate serial:       019424457946BB309A88E24E71A37E1A8AAE
Authority key identifier: C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/GeAJ1HW4BIewoLPfGbb-SsL5NGw.roa
Signing time:             Wed 01 Jan 2025 23:48:40 +0000
ROA not before:           Wed 01 Jan 2025 23:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47377
IP address blocks:        195.182.200.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:79:46:bb:30:9a:88:e2:4e:71:a3:7e:1a:8a:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2d21e804ab7713ad7877dde603aa7824b31983c
        Validity
            Not Before: Jan  1 23:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19e009d475b80487b0a0b3df19b6fe4ac2f9346c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:b4:81:4f:52:51:1d:98:2c:2b:70:3a:f1:1a:
                    d4:10:28:fd:13:42:4e:ed:49:83:64:24:5b:16:3f:
                    b3:1a:d7:cd:3e:b3:02:4e:6e:12:fe:1d:dc:46:3b:
                    37:26:08:53:6f:8b:00:4b:0a:e0:34:f9:a6:fb:70:
                    3e:dd:4f:bd:a9:2c:a8:9d:06:83:44:10:ce:f3:e0:
                    89:7b:e8:0c:df:ac:9a:ab:c4:ea:90:8a:20:ec:d2:
                    a7:67:8d:78:e1:d3:36:01:b0:3c:cc:95:72:b8:9a:
                    20:74:44:6a:28:ba:4b:ef:48:79:bd:09:66:60:4b:
                    02:ef:0e:f4:e7:fe:f2:ed:14:66:b7:39:67:03:6a:
                    de:f5:46:8d:08:53:70:04:41:0f:ee:b7:47:09:62:
                    96:5f:f2:47:eb:b5:73:9c:d7:a6:dc:30:83:bb:2d:
                    bf:26:8a:fc:2f:61:84:e0:02:80:68:52:55:e7:39:
                    0e:44:02:53:80:80:e2:68:df:ef:6a:75:c7:ac:5d:
                    80:c2:7d:4b:1b:d0:46:9f:52:cb:3e:7b:cc:b9:c4:
                    79:ef:57:84:2c:74:53:cb:7f:33:cc:91:8a:f0:83:
                    f1:30:98:2e:fe:01:f7:3a:08:a8:4d:19:87:a2:6e:
                    35:2a:05:84:9d:b2:52:32:85:47:48:56:f2:e5:fa:
                    bd:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:E0:09:D4:75:B8:04:87:B0:A0:B3:DF:19:B6:FE:4A:C2:F9:34:6C
            X509v3 Authority Key Identifier:
                keyid:C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/GeAJ1HW4BIewoLPfGbb-SsL5NGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.182.200.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:cb:22:59:d1:21:81:bd:2b:2c:70:af:79:c5:42:69:dc:0d:
         95:50:b0:ec:fc:9d:9d:64:b4:79:0a:53:c9:cb:ab:83:4d:2d:
         38:cd:54:64:3d:c5:cf:44:9a:7a:d4:12:36:fb:db:78:01:03:
         3c:f2:ca:db:f9:81:ce:c3:ac:bd:47:e6:ab:02:cf:99:6c:01:
         70:1e:87:ca:7d:8a:f2:c6:fd:76:17:52:f2:3e:22:a5:4d:ee:
         2d:48:da:72:89:45:26:e9:c3:a7:7e:1c:ba:00:a3:20:a6:8a:
         af:63:3f:54:6a:fa:ad:b0:21:c1:17:b2:1d:85:57:63:a0:d6:
         0c:e4:dd:0d:d0:14:68:a0:59:c5:9e:40:0b:09:50:1b:f5:a4:
         37:a6:cd:87:eb:65:a9:d7:2a:b9:07:69:13:60:2c:64:57:60:
         4f:21:97:7a:b4:52:a3:3c:9a:d1:15:3a:21:31:57:c5:0c:72:
         6e:71:6a:59:3b:04:24:e1:14:69:c8:d2:76:39:3a:c7:26:81:
         c1:4c:8f:6f:fb:14:0c:a0:58:ca:b3:c7:29:41:58:ed:c5:c8:
         5e:b2:ab:33:da:07:3a:08:cd:9d:76:3d:6e:34:50:1e:71:c5:
         e1:c2:8b:8a:31:a5:53:31:8c:65:b0:f0:f6:f5:73:d8:36:70:
         02:1a:31:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRXlGuzCaiOJOcaN+GoquMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZDIxZTgwNGFiNzcxM2FkNzg3N2RkZTYwM2FhNzgyNGIz
MTk4M2MwHhcNMjUwMTAxMjM0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWUwMDlkNDc1YjgwNDg3YjBhMGIzZGYxOWI2ZmU0YWMyZjkzNDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrSBT1JRHZgsK3A68RrUECj9E0JO
7UmDZCRbFj+zGtfNPrMCTm4S/h3cRjs3JghTb4sASwrgNPmm+3A+3U+9qSyonQaD
RBDO8+CJe+gM36yaq8TqkIog7NKnZ4144dM2AbA8zJVyuJogdERqKLpL70h5vQlm
YEsC7w705/7y7RRmtzlnA2re9UaNCFNwBEEP7rdHCWKWX/JH67VznNem3DCDuy2/
Jor8L2GE4AKAaFJV5zkORAJTgIDiaN/vanXHrF2Awn1LG9BGn1LLPnvMucR571eE
LHRTy38zzJGK8IPxMJgu/gH3OgioTRmHom41KgWEnbJSMoVHSFby5fq9SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBngCdR1uASHsKCz3xm2/krC+TRsMB8GA1UdIwQY
MBaAFMLSHoBKt3E614d93mA6p4JLMZg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYt
NTlhZTA5ZWRiZWI5LzEvR2VBSjFIVzRCSWV3b0xQZkdiYi1Tc0w1Tkd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYtNTlhZTA5ZWRiZWI5
LzEvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw7bIMA0G
CSqGSIb3DQEBCwUAA4IBAQApyyJZ0SGBvSsscK95xUJp3A2VULDs/J2dZLR5ClPJ
y6uDTS04zVRkPcXPRJp61BI2+9t4AQM88srb+YHOw6y9R+arAs+ZbAFwHofKfYry
xv12F1LyPiKlTe4tSNpyiUUm6cOnfhy6AKMgpoqvYz9UavqtsCHBF7IdhVdjoNYM
5N0N0BRooFnFnkALCVAb9aQ3ps2H62Wp1yq5B2kTYCxkV2BPIZd6tFKjPJrRFToh
MVfFDHJucWpZOwQk4RRpyNJ2OTrHJoHBTI9v+xQMoFjKs8cpQVjtxchesqsz2gc6
CM2ddj1uNFAeccXhwouKMaVTMYxlsPD29XPYNnACGjHX
-----END CERTIFICATE-----