Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/8efd2e-692c-4f47-b749-4f36c6a20c0e/1/GB5yxI4ByHznh8BVy7-0wKqCL9o.roa
File:                     GB5yxI4ByHznh8BVy7-0wKqCL9o.roa (raw, json)
Hash identifier:          uNiZ21GMmhqlbkGeCw3XR4SWt0bm2+3p2g+5iqS1414=
Subject key identifier:   18:1E:72:C4:8E:01:C8:7C:E7:87:C0:55:CB:BF:B4:C0:AA:82:2F:DA
Certificate issuer:       /CN=2c0ac8d3690511203a31ef785e6d1c44392ca28b
Certificate serial:       019422FB1A4B783FE937393A24202CB083EF
Authority key identifier: 2C:0A:C8:D3:69:05:11:20:3A:31:EF:78:5E:6D:1C:44:39:2C:A2:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LArI02kFESA6Me94Xm0cRDksoos.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/8efd2e-692c-4f47-b749-4f36c6a20c0e/1/GB5yxI4ByHznh8BVy7-0wKqCL9o.roa
Signing time:             Wed 01 Jan 2025 17:47:49 +0000
ROA not before:           Wed 01 Jan 2025 17:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31027
IP address blocks:        91.212.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/8efd2e-692c-4f47-b749-4f36c6a20c0e/1/LArI02kFESA6Me94Xm0cRDksoos.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/8efd2e-692c-4f47-b749-4f36c6a20c0e/1/LArI02kFESA6Me94Xm0cRDksoos.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LArI02kFESA6Me94Xm0cRDksoos.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 11:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:1a:4b:78:3f:e9:37:39:3a:24:20:2c:b0:83:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c0ac8d3690511203a31ef785e6d1c44392ca28b
        Validity
            Not Before: Jan  1 17:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=181e72c48e01c87ce787c055cbbfb4c0aa822fda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:49:6c:ee:04:e2:f5:0f:a7:2e:53:76:77:87:
                    c2:a8:6c:38:39:67:56:a0:af:25:cc:6d:eb:bd:a4:
                    f4:72:b4:2e:1b:c2:9d:0b:10:84:39:28:b2:24:8b:
                    c8:28:06:af:30:5b:36:7d:7d:cd:b0:45:f8:17:a8:
                    d7:b1:4b:6f:23:c3:6a:2f:c8:bd:97:cb:44:d5:3f:
                    8f:fd:73:07:4c:f8:82:72:fe:98:96:ac:b7:81:80:
                    13:19:e6:8d:c4:11:a7:01:e5:c5:7f:ad:17:24:ff:
                    72:73:b3:b2:b2:ba:f1:01:44:1b:75:c8:bb:31:34:
                    fd:53:84:49:5f:25:53:0e:f4:55:5c:4a:56:d6:ac:
                    11:fb:be:4f:6e:4a:4d:9f:dc:ea:54:37:4e:88:32:
                    6d:e3:d6:09:b0:af:99:f2:a7:f7:48:58:78:3e:2a:
                    88:d0:09:5b:c7:09:5c:64:73:be:4c:69:e8:f6:cd:
                    bd:aa:db:76:d5:70:7b:69:3b:b8:23:ed:da:b0:c2:
                    99:06:41:de:1c:c0:9a:9b:c8:7d:87:16:41:c4:26:
                    3a:3d:3a:b0:c3:5d:9c:36:cd:fa:b7:5e:68:ab:fb:
                    72:99:fa:ab:73:0e:57:3d:c5:1b:f9:3d:3b:5e:fb:
                    4b:7d:4b:bb:1b:70:78:2e:93:3d:68:73:c4:68:dd:
                    fa:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:1E:72:C4:8E:01:C8:7C:E7:87:C0:55:CB:BF:B4:C0:AA:82:2F:DA
            X509v3 Authority Key Identifier:
                keyid:2C:0A:C8:D3:69:05:11:20:3A:31:EF:78:5E:6D:1C:44:39:2C:A2:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LArI02kFESA6Me94Xm0cRDksoos.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/8efd2e-692c-4f47-b749-4f36c6a20c0e/1/GB5yxI4ByHznh8BVy7-0wKqCL9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/8efd2e-692c-4f47-b749-4f36c6a20c0e/1/LArI02kFESA6Me94Xm0cRDksoos.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:89:b4:ce:35:c4:c4:cb:9a:0c:19:31:45:60:20:20:48:7e:
         8e:f2:c6:88:12:29:f3:e7:8a:81:cd:87:56:6b:91:15:db:89:
         13:6a:55:bc:f6:da:bd:58:e2:82:70:d6:76:f4:46:bf:3c:70:
         02:ee:e5:64:cf:4f:43:da:61:f1:2b:e3:0e:43:0b:6b:76:f3:
         76:e2:19:ca:f9:1b:19:b2:b0:91:d4:65:21:24:cd:88:a1:b5:
         37:07:0c:f0:ff:b7:4a:3a:0c:47:37:e2:f1:45:38:fb:fc:36:
         47:2a:14:c8:41:89:a2:7e:01:ad:d9:52:0a:06:f0:7b:e4:3f:
         24:80:d3:e9:d6:2f:da:06:f8:e0:d4:65:e8:96:7d:b3:c5:0b:
         44:b2:6c:69:fb:6d:68:73:92:b4:e3:13:75:ca:a2:25:98:e8:
         b6:67:25:e6:c7:08:1b:b8:8a:cc:5e:74:3f:9e:4a:ea:98:15:
         36:38:76:b3:94:5b:88:8a:6e:5c:2b:c8:52:0d:fd:f2:c9:f3:
         95:ab:49:d9:74:ab:18:ac:0a:a0:70:fc:6b:e3:9e:57:f3:15:
         0f:c3:7d:a4:8b:6e:ef:99:83:a6:f5:73:40:e6:50:82:f2:19:
         55:5d:cb:3a:86:ef:31:16:73:bb:d1:9a:2d:fd:48:e1:e7:f2:
         f6:b5:cf:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+xpLeD/pNzk6JCAssIPvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjMGFjOGQzNjkwNTExMjAzYTMxZWY3ODVlNmQxYzQ0Mzky
Y2EyOGIwHhcNMjUwMTAxMTc0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODFlNzJjNDhlMDFjODdjZTc4N2MwNTVjYmJmYjRjMGFhODIyZmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA30ls7gTi9Q+nLlN2d4fCqGw4OWdW
oK8lzG3rvaT0crQuG8KdCxCEOSiyJIvIKAavMFs2fX3NsEX4F6jXsUtvI8NqL8i9
l8tE1T+P/XMHTPiCcv6Ylqy3gYATGeaNxBGnAeXFf60XJP9yc7OysrrxAUQbdci7
MTT9U4RJXyVTDvRVXEpW1qwR+75PbkpNn9zqVDdOiDJt49YJsK+Z8qf3SFh4PiqI
0AlbxwlcZHO+TGno9s29qtt21XB7aTu4I+3asMKZBkHeHMCam8h9hxZBxCY6PTqw
w12cNs36t15oq/tymfqrcw5XPcUb+T07XvtLfUu7G3B4LpM9aHPEaN368wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBgecsSOAch854fAVcu/tMCqgi/aMB8GA1UdIwQY
MBaAFCwKyNNpBREgOjHveF5tHEQ5LKKLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEFySTAya0ZFU0E2TWU5NFhtMGNSRGtzb29zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi84ZWZkMmUtNjkyYy00ZjQ3LWI3NDkt
NGYzNmM2YTIwYzBlLzEvR0I1eXhJNEJ5SHpuaDhCVnk3LTB3S3FDTDlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi84ZWZkMmUtNjkyYy00ZjQ3LWI3NDktNGYzNmM2YTIwYzBl
LzEvTEFySTAya0ZFU0E2TWU5NFhtMGNSRGtzb29zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9SBMA0G
CSqGSIb3DQEBCwUAA4IBAQBHibTONcTEy5oMGTFFYCAgSH6O8saIEinz54qBzYdW
a5EV24kTalW89tq9WOKCcNZ29Ea/PHAC7uVkz09D2mHxK+MOQwtrdvN24hnK+RsZ
srCR1GUhJM2IobU3Bwzw/7dKOgxHN+LxRTj7/DZHKhTIQYmifgGt2VIKBvB75D8k
gNPp1i/aBvjg1GXoln2zxQtEsmxp+21oc5K04xN1yqIlmOi2ZyXmxwgbuIrMXnQ/
nkrqmBU2OHazlFuIim5cK8hSDf3yyfOVq0nZdKsYrAqgcPxr455X8xUPw32ki27v
mYOm9XNA5lCC8hlVXcs6hu8xFnO70Zot/Ujh5/L2tc/b
-----END CERTIFICATE-----