Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/efd282-33b2-4373-9948-3239a81c9fc8/1/1GNJJW2MjxVD_5YjOAnhTl6g1zg.roa
File:                     1GNJJW2MjxVD_5YjOAnhTl6g1zg.roa (raw, json)
Hash identifier:          p9+B/bwGUg8wWWb+goY+HH8qOHNqvJrQlybwIBP6B1Y=
Subject key identifier:   D4:63:49:25:6D:8C:8F:15:43:FF:96:23:38:09:E1:4E:5E:A0:D7:38
Certificate issuer:       /CN=c97edcedec3254b357b09615a02b16e06ebe63eb
Certificate serial:       0194258F7E4DBFEE3FECEA29DF06836B6402
Authority key identifier: C9:7E:DC:ED:EC:32:54:B3:57:B0:96:15:A0:2B:16:E0:6E:BE:63:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yX7c7ewyVLNXsJYVoCsW4G6-Y-s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/efd282-33b2-4373-9948-3239a81c9fc8/1/1GNJJW2MjxVD_5YjOAnhTl6g1zg.roa
Signing time:             Thu 02 Jan 2025 05:49:08 +0000
ROA not before:           Thu 02 Jan 2025 05:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12941
IP address blocks:        185.104.204.0/22 maxlen: 22
                          2a06:3380::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/efd282-33b2-4373-9948-3239a81c9fc8/1/yX7c7ewyVLNXsJYVoCsW4G6-Y-s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/efd282-33b2-4373-9948-3239a81c9fc8/1/yX7c7ewyVLNXsJYVoCsW4G6-Y-s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yX7c7ewyVLNXsJYVoCsW4G6-Y-s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:7e:4d:bf:ee:3f:ec:ea:29:df:06:83:6b:64:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c97edcedec3254b357b09615a02b16e06ebe63eb
        Validity
            Not Before: Jan  2 05:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d46349256d8c8f1543ff96233809e14e5ea0d738
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:8c:1a:b4:82:70:d8:61:e6:76:87:38:87:25:
                    3e:3d:8f:97:89:f8:de:b9:91:55:79:3c:b2:ac:79:
                    fc:58:cd:a5:5d:46:5c:e5:0e:c3:a4:4a:17:4a:b2:
                    b0:e4:22:27:eb:3a:6b:25:f5:3f:b9:4a:35:80:dc:
                    57:8b:31:17:34:6b:a7:60:93:33:c4:f3:20:2e:8d:
                    97:a2:18:91:14:ac:a8:d9:c5:a9:00:48:34:17:c2:
                    c0:b0:08:1c:f0:0c:41:da:02:a8:b4:07:2e:e4:6c:
                    4d:3f:40:76:1d:57:6a:23:d6:29:fc:0d:e8:54:86:
                    72:ab:63:c1:61:50:60:e6:be:e6:08:b3:21:56:a1:
                    3e:59:2e:1f:3c:9d:f3:64:03:60:57:a7:48:99:99:
                    26:ec:36:b5:7d:2c:2b:1b:90:26:a5:8e:79:c7:44:
                    bf:a0:bd:20:42:2c:38:52:14:58:30:d6:41:3b:9b:
                    23:c2:d8:05:29:bc:1f:23:6f:fc:97:6f:9f:82:77:
                    26:55:d5:64:42:d2:71:61:09:d5:fc:37:22:bb:a3:
                    7f:b1:0e:2b:dd:df:23:aa:58:6d:c6:30:cc:0d:9e:
                    dd:03:88:53:f8:3b:99:1b:61:1a:66:a4:2b:0f:a4:
                    ab:3c:83:d7:ad:17:2e:41:f7:4e:5e:69:e2:fe:57:
                    ba:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:63:49:25:6D:8C:8F:15:43:FF:96:23:38:09:E1:4E:5E:A0:D7:38
            X509v3 Authority Key Identifier:
                keyid:C9:7E:DC:ED:EC:32:54:B3:57:B0:96:15:A0:2B:16:E0:6E:BE:63:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yX7c7ewyVLNXsJYVoCsW4G6-Y-s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/efd282-33b2-4373-9948-3239a81c9fc8/1/1GNJJW2MjxVD_5YjOAnhTl6g1zg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/efd282-33b2-4373-9948-3239a81c9fc8/1/yX7c7ewyVLNXsJYVoCsW4G6-Y-s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.104.204.0/22
                IPv6:
                  2a06:3380::/29

    Signature Algorithm: sha256WithRSAEncryption
         a4:27:d0:24:b6:ae:d9:5e:19:50:08:87:4f:5e:4b:61:c9:8b:
         27:ef:fe:49:1d:c7:37:af:9e:9a:2c:91:af:91:f7:b6:ec:fe:
         8b:3b:45:48:db:f5:ec:85:21:38:9a:cf:62:07:12:72:26:01:
         92:6e:10:0f:3f:c7:65:f0:1a:af:8c:bd:8a:43:3c:21:bf:ad:
         87:52:95:57:d0:70:4d:04:38:39:2f:3a:7e:7e:49:91:bc:eb:
         84:01:60:c8:89:3e:09:a5:f9:7f:1b:26:c8:19:c6:41:f4:a9:
         9e:11:9b:27:6f:ff:e3:a5:57:8f:43:4f:d7:f3:d9:2b:4b:4c:
         b1:92:7f:b8:53:eb:27:9b:32:84:5d:3b:dc:42:22:03:19:f5:
         f8:da:a3:51:43:ed:8e:8e:4e:96:68:98:29:1b:45:58:19:16:
         de:9d:f4:d0:7d:9c:75:2a:c6:a4:1c:83:73:a6:a3:73:81:f3:
         59:fd:4f:43:48:e8:84:e5:48:84:96:95:23:75:c7:ec:c9:3f:
         d1:e5:18:28:70:8e:7e:f3:b2:5f:a6:7e:43:e9:8f:5c:d3:50:
         ed:b3:ff:86:57:07:ca:7f:a7:be:16:52:f6:e6:a7:9b:1e:74:
         45:5d:13:bd:40:3d:ad:83:68:ff:5d:25:9e:b7:5a:81:2a:32:
         8d:c0:9f:ba
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlj35Nv+4/7Oop3waDa2QCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5N2VkY2VkZWMzMjU0YjM1N2IwOTYxNWEwMmIxNmUwNmVi
ZTYzZWIwHhcNMjUwMTAyMDU0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDYzNDkyNTZkOGM4ZjE1NDNmZjk2MjMzODA5ZTE0ZTVlYTBkNzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnYwatIJw2GHmdoc4hyU+PY+Xifje
uZFVeTyyrHn8WM2lXUZc5Q7DpEoXSrKw5CIn6zprJfU/uUo1gNxXizEXNGunYJMz
xPMgLo2XohiRFKyo2cWpAEg0F8LAsAgc8AxB2gKotAcu5GxNP0B2HVdqI9Yp/A3o
VIZyq2PBYVBg5r7mCLMhVqE+WS4fPJ3zZANgV6dImZkm7Da1fSwrG5AmpY55x0S/
oL0gQiw4UhRYMNZBO5sjwtgFKbwfI2/8l2+fgncmVdVkQtJxYQnV/Dciu6N/sQ4r
3d8jqlhtxjDMDZ7dA4hT+DuZG2EaZqQrD6SrPIPXrRcuQfdOXmni/le6OQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNRjSSVtjI8VQ/+WIzgJ4U5eoNc4MB8GA1UdIwQY
MBaAFMl+3O3sMlSzV7CWFaArFuBuvmPrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVg3Yzdld3lWTE5Yc0pZVm9Dc1c0RzYtWS1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9lZmQyODItMzNiMi00MzczLTk5NDgt
MzIzOWE4MWM5ZmM4LzEvMUdOSkpXMk1qeFZEXzVZak9BbmhUbDZnMXpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9lZmQyODItMzNiMi00MzczLTk5NDgtMzIzOWE4MWM5ZmM4
LzEveVg3Yzdld3lWTE5Yc0pZVm9Dc1c0RzYtWS1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWjMMA0E
AgACMAcDBQMqBjOAMA0GCSqGSIb3DQEBCwUAA4IBAQCkJ9Aktq7ZXhlQCIdPXkth
yYsn7/5JHcc3r56aLJGvkfe27P6LO0VI2/XshSE4ms9iBxJyJgGSbhAPP8dl8Bqv
jL2KQzwhv62HUpVX0HBNBDg5Lzp+fkmRvOuEAWDIiT4Jpfl/GybIGcZB9KmeEZsn
b//jpVePQ0/X89krS0yxkn+4U+snmzKEXTvcQiIDGfX42qNRQ+2Ojk6WaJgpG0VY
GRbenfTQfZx1KsakHINzpqNzgfNZ/U9DSOiE5UiElpUjdcfsyT/R5RgocI5+87Jf
pn5D6Y9c01Dts/+GVwfKf6e+FlL25qebHnRFXRO9QD2tg2j/XSWet1qBKjKNwJ+6
-----END CERTIFICATE-----