Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/e417bd-14eb-4ca5-80f7-36c46f90d9a5/1/GCdodDNbb8kK5Nk7F_0-nAXSuto.roa
File:                     GCdodDNbb8kK5Nk7F_0-nAXSuto.roa (raw, json)
Hash identifier:          +rPewf2fSfxIULsaTk1i8u3POGDLVTn+S/ryNeqw1mw=
Subject key identifier:   18:27:68:74:33:5B:6F:C9:0A:E4:D9:3B:17:FD:3E:9C:05:D2:BA:DA
Certificate issuer:       /CN=92b5ac88f2cdb14934830c1ac096a5ef73098f12
Certificate serial:       01942369E20FBC087F5932BD22B94CC519C1
Authority key identifier: 92:B5:AC:88:F2:CD:B1:49:34:83:0C:1A:C0:96:A5:EF:73:09:8F:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/krWsiPLNsUk0gwwawJal73MJjxI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/e417bd-14eb-4ca5-80f7-36c46f90d9a5/1/GCdodDNbb8kK5Nk7F_0-nAXSuto.roa
Signing time:             Wed 01 Jan 2025 19:48:49 +0000
ROA not before:           Wed 01 Jan 2025 19:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213300
IP address blocks:        2.56.170.0/24 maxlen: 24
                          2a10:4040::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/e417bd-14eb-4ca5-80f7-36c46f90d9a5/1/krWsiPLNsUk0gwwawJal73MJjxI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/e417bd-14eb-4ca5-80f7-36c46f90d9a5/1/krWsiPLNsUk0gwwawJal73MJjxI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/krWsiPLNsUk0gwwawJal73MJjxI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 22:02:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:e2:0f:bc:08:7f:59:32:bd:22:b9:4c:c5:19:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92b5ac88f2cdb14934830c1ac096a5ef73098f12
        Validity
            Not Before: Jan  1 19:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18276874335b6fc90ae4d93b17fd3e9c05d2bada
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:e4:85:ea:21:4c:71:84:59:2b:0b:c1:cc:b0:
                    c1:5c:1f:14:01:34:80:f7:f6:72:49:24:68:69:ee:
                    94:25:f4:75:af:73:8b:51:a3:0c:56:b7:a7:f0:c4:
                    f8:bd:39:28:d6:a9:6e:c6:f7:a5:79:53:06:31:16:
                    70:62:76:cb:57:fb:85:c8:e3:22:2c:de:f0:13:cd:
                    55:84:e8:3d:f2:13:83:1b:28:1f:5b:2e:33:e7:a7:
                    b2:01:0a:85:11:ca:49:10:c4:11:10:ab:f4:07:ef:
                    4d:7e:f3:01:bd:d8:43:90:af:60:9c:89:83:24:7a:
                    98:f4:23:81:2b:d5:71:5b:c2:9b:c7:f8:c3:e8:07:
                    fd:d0:06:2e:62:1b:24:fc:fc:92:67:b2:ba:e8:46:
                    84:38:0e:01:f7:fe:96:fc:08:e2:8b:bf:2c:c3:68:
                    7c:2c:db:3f:a3:4c:0b:29:26:f9:ff:e1:c8:19:81:
                    e6:07:6e:2f:77:4c:d8:36:89:5a:38:22:8d:46:53:
                    0b:4e:92:8e:d1:47:87:46:bf:6b:ca:12:61:f1:07:
                    f2:c5:98:7b:76:34:7e:c1:13:e8:09:16:a9:d8:59:
                    6a:d3:24:35:40:b1:af:8d:78:ff:c8:9b:c9:ee:ba:
                    4b:ae:7d:62:67:ab:c7:e2:f3:c0:97:c6:ef:8e:49:
                    00:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:27:68:74:33:5B:6F:C9:0A:E4:D9:3B:17:FD:3E:9C:05:D2:BA:DA
            X509v3 Authority Key Identifier:
                keyid:92:B5:AC:88:F2:CD:B1:49:34:83:0C:1A:C0:96:A5:EF:73:09:8F:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/krWsiPLNsUk0gwwawJal73MJjxI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/e417bd-14eb-4ca5-80f7-36c46f90d9a5/1/GCdodDNbb8kK5Nk7F_0-nAXSuto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/e417bd-14eb-4ca5-80f7-36c46f90d9a5/1/krWsiPLNsUk0gwwawJal73MJjxI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.170.0/24
                IPv6:
                  2a10:4040::/29

    Signature Algorithm: sha256WithRSAEncryption
         57:d9:ff:4c:ac:e6:d1:c7:dc:06:e8:cb:e3:61:41:06:33:79:
         af:63:7f:b9:4c:75:ad:d9:4a:b7:4f:3e:52:75:35:cb:70:66:
         61:56:0a:27:94:3f:51:dd:63:ef:18:17:0f:53:97:39:34:10:
         8f:dd:83:7a:52:1c:27:35:85:63:48:a8:30:26:c0:d2:e6:68:
         c0:14:15:72:f4:b2:25:fe:6b:97:bb:6b:ff:2f:6d:cc:ec:69:
         b0:10:18:2a:a5:41:28:78:55:f6:e7:3c:97:32:eb:00:da:e8:
         6c:4f:a9:d9:20:4c:9f:14:a9:22:e4:27:35:f3:2d:13:cd:a4:
         b2:d2:5c:36:24:99:9a:06:2e:ca:ca:98:34:3e:93:47:07:af:
         98:eb:aa:b5:1c:3c:81:ec:41:5c:54:71:9f:c5:4e:c9:97:f2:
         ae:d6:5c:e8:59:c8:b1:2f:20:12:d0:f2:ca:c0:c0:03:68:b6:
         55:df:fa:4d:62:86:9e:e9:a4:54:56:55:4c:6f:2d:f5:af:d2:
         87:46:4c:15:e1:fe:09:a4:39:17:fd:d2:46:95:d7:e1:21:8d:
         2e:11:9f:7a:7c:c9:a6:67:9a:c6:f9:3c:99:ae:49:c6:4a:bb:
         11:63:38:cc:40:d2:b9:70:1c:6c:c5:86:70:b5:03:53:1f:46:
         34:2f:b5:05
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQjaeIPvAh/WTK9IrlMxRnBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyYjVhYzg4ZjJjZGIxNDkzNDgzMGMxYWMwOTZhNWVmNzMw
OThmMTIwHhcNMjUwMTAxMTk0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODI3Njg3NDMzNWI2ZmM5MGFlNGQ5M2IxN2ZkM2U5YzA1ZDJiYWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweSF6iFMcYRZKwvBzLDBXB8UATSA
9/ZySSRoae6UJfR1r3OLUaMMVren8MT4vTko1qluxveleVMGMRZwYnbLV/uFyOMi
LN7wE81VhOg98hODGygfWy4z56eyAQqFEcpJEMQREKv0B+9NfvMBvdhDkK9gnImD
JHqY9COBK9VxW8Kbx/jD6Af90AYuYhsk/PySZ7K66EaEOA4B9/6W/Ajii78sw2h8
LNs/o0wLKSb5/+HIGYHmB24vd0zYNolaOCKNRlMLTpKO0UeHRr9ryhJh8QfyxZh7
djR+wRPoCRap2Flq0yQ1QLGvjXj/yJvJ7rpLrn1iZ6vH4vPAl8bvjkkAAwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBgnaHQzW2/JCuTZOxf9PpwF0rraMB8GA1UdIwQY
MBaAFJK1rIjyzbFJNIMMGsCWpe9zCY8SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3JXc2lQTE5zVWswZ3d3YXdKYWw3M01KanhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9lNDE3YmQtMTRlYi00Y2E1LTgwZjct
MzZjNDZmOTBkOWE1LzEvR0Nkb2RETmJiOGtLNU5rN0ZfMC1uQVhTdXRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9lNDE3YmQtMTRlYi00Y2E1LTgwZjctMzZjNDZmOTBkOWE1
LzEva3JXc2lQTE5zVWswZ3d3YXdKYWw3M01KanhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAAjiqMA0E
AgACMAcDBQMqEEBAMA0GCSqGSIb3DQEBCwUAA4IBAQBX2f9MrObRx9wG6MvjYUEG
M3mvY3+5THWt2Uq3Tz5SdTXLcGZhVgonlD9R3WPvGBcPU5c5NBCP3YN6UhwnNYVj
SKgwJsDS5mjAFBVy9LIl/muXu2v/L23M7GmwEBgqpUEoeFX25zyXMusA2uhsT6nZ
IEyfFKki5Cc18y0TzaSy0lw2JJmaBi7Kypg0PpNHB6+Y66q1HDyB7EFcVHGfxU7J
l/Ku1lzoWcixLyAS0PLKwMADaLZV3/pNYoae6aRUVlVMby31r9KHRkwV4f4JpDkX
/dJGldfhIY0uEZ96fMmmZ5rG+TyZrknGSrsRYzjMQNK5cBxsxYZwtQNTH0Y0L7UF
-----END CERTIFICATE-----