Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/505b1a-0298-4e82-9161-09ad3277e84f/1/gxfPyS5KakpFEwmfLQLrUMtzDuA.roa
File:                     gxfPyS5KakpFEwmfLQLrUMtzDuA.roa (raw, json)
Hash identifier:          rxllc4raZ48lNaZN0VdX0i2mHb0wFctajLKxvoGGQes=
Subject key identifier:   83:17:CF:C9:2E:4A:6A:4A:45:13:09:9F:2D:02:EB:50:CB:73:0E:E0
Certificate issuer:       /CN=2109b475d3ab5cd1cc1c49671e77ff9db5ce19f1
Certificate serial:       019425FDAE2AB0C5C12A18BECCD9840855E1
Authority key identifier: 21:09:B4:75:D3:AB:5C:D1:CC:1C:49:67:1E:77:FF:9D:B5:CE:19:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IQm0ddOrXNHMHElnHnf_nbXOGfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/505b1a-0298-4e82-9161-09ad3277e84f/1/gxfPyS5KakpFEwmfLQLrUMtzDuA.roa
Signing time:             Thu 02 Jan 2025 07:49:29 +0000
ROA not before:           Thu 02 Jan 2025 07:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48222
IP address blocks:        195.43.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/505b1a-0298-4e82-9161-09ad3277e84f/1/IQm0ddOrXNHMHElnHnf_nbXOGfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/505b1a-0298-4e82-9161-09ad3277e84f/1/IQm0ddOrXNHMHElnHnf_nbXOGfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IQm0ddOrXNHMHElnHnf_nbXOGfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:ae:2a:b0:c5:c1:2a:18:be:cc:d9:84:08:55:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2109b475d3ab5cd1cc1c49671e77ff9db5ce19f1
        Validity
            Not Before: Jan  2 07:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8317cfc92e4a6a4a4513099f2d02eb50cb730ee0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:07:87:c2:90:e9:43:b8:49:86:59:f1:e5:8d:
                    01:16:eb:a3:1f:e1:49:c3:45:7a:78:d8:6f:4f:a6:
                    d9:f2:23:88:d1:89:aa:31:e5:97:2c:ff:c7:ff:d3:
                    3c:b1:86:12:31:af:4e:0b:57:0f:98:52:b2:f0:c5:
                    67:38:d9:a1:4b:42:c3:7e:bf:3e:f9:2d:2b:d6:c5:
                    7b:a9:70:e3:93:60:a8:14:96:f9:f5:a3:d2:58:ec:
                    4d:62:8e:87:23:ac:60:bf:60:b6:37:c5:80:37:b7:
                    4b:f6:e3:83:e2:73:cc:bf:97:e7:f5:67:a8:bc:4c:
                    91:a9:dd:9b:56:c6:ca:f4:40:66:92:6e:f2:20:ee:
                    bb:29:e3:1b:ff:61:da:ad:f9:1e:0b:a2:a6:73:9c:
                    e3:e2:3a:ef:46:72:02:69:b2:d9:5e:ed:a9:7d:e4:
                    c3:b1:31:05:f3:61:6b:27:6b:35:c4:f6:de:06:44:
                    a1:98:3c:9d:14:60:54:c8:cb:d8:78:1f:48:83:95:
                    6e:9e:82:9b:36:a7:7e:97:67:e6:6c:12:f1:a6:e3:
                    ce:9f:94:1f:85:f4:43:24:5a:cf:56:eb:e1:5a:da:
                    6e:14:d1:2c:cb:b5:02:42:d3:4b:be:b3:47:27:55:
                    18:1d:86:3f:96:6f:a1:2e:78:da:32:d6:c5:c6:58:
                    ef:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:17:CF:C9:2E:4A:6A:4A:45:13:09:9F:2D:02:EB:50:CB:73:0E:E0
            X509v3 Authority Key Identifier:
                keyid:21:09:B4:75:D3:AB:5C:D1:CC:1C:49:67:1E:77:FF:9D:B5:CE:19:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQm0ddOrXNHMHElnHnf_nbXOGfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/505b1a-0298-4e82-9161-09ad3277e84f/1/gxfPyS5KakpFEwmfLQLrUMtzDuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/505b1a-0298-4e82-9161-09ad3277e84f/1/IQm0ddOrXNHMHElnHnf_nbXOGfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.43.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:8e:0c:a8:dd:c1:df:e6:03:97:46:89:d7:53:f2:ad:25:87:
         b9:c6:2c:75:96:82:5b:51:aa:5b:67:9c:5d:45:26:d5:de:12:
         bd:f9:4b:34:f9:76:9f:ee:58:83:cc:d2:c6:45:71:11:59:43:
         7d:6c:c3:99:b6:d9:d2:23:d3:04:0e:03:ba:b3:a7:21:19:9a:
         e3:7a:35:3f:3a:ff:2b:8f:af:26:7d:2c:ef:b9:b1:64:82:ee:
         38:a9:7f:41:60:0d:0e:5c:3d:55:de:ee:2c:a1:f6:11:4e:69:
         64:59:0b:f6:83:14:1f:d1:36:80:dc:5f:61:8b:cc:3e:cd:58:
         1b:0c:a4:6a:68:b7:c7:78:e7:f8:56:92:6b:b1:bc:65:f5:00:
         81:07:0a:30:bf:96:26:52:3f:a7:6f:15:b3:89:bb:82:4b:20:
         f7:32:27:69:10:86:5d:29:18:46:48:c5:bc:74:07:be:9a:8f:
         69:3f:ab:b5:0a:f6:ca:e3:6e:77:2a:18:21:75:53:8d:cf:da:
         d9:dd:65:ee:1c:52:b7:00:d2:31:e1:5c:db:8f:47:16:ba:1e:
         a9:9e:cf:a3:ba:a5:59:d9:24:9a:64:87:4a:55:42:b0:d7:01:
         36:42:e1:3e:6e:31:7b:de:cd:3b:a3:08:2f:19:a4:0b:4d:60:
         43:d8:40:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/a4qsMXBKhi+zNmECFXhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDliNDc1ZDNhYjVjZDFjYzFjNDk2NzFlNzdmZjlkYjVj
ZTE5ZjEwHhcNMjUwMTAyMDc0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzE3Y2ZjOTJlNGE2YTRhNDUxMzA5OWYyZDAyZWI1MGNiNzMwZWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugeHwpDpQ7hJhlnx5Y0BFuujH+FJ
w0V6eNhvT6bZ8iOI0YmqMeWXLP/H/9M8sYYSMa9OC1cPmFKy8MVnONmhS0LDfr8+
+S0r1sV7qXDjk2CoFJb59aPSWOxNYo6HI6xgv2C2N8WAN7dL9uOD4nPMv5fn9Weo
vEyRqd2bVsbK9EBmkm7yIO67KeMb/2HarfkeC6Kmc5zj4jrvRnICabLZXu2pfeTD
sTEF82FrJ2s1xPbeBkShmDydFGBUyMvYeB9Ig5VunoKbNqd+l2fmbBLxpuPOn5Qf
hfRDJFrPVuvhWtpuFNEsy7UCQtNLvrNHJ1UYHYY/lm+hLnjaMtbFxljviwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIMXz8kuSmpKRRMJny0C61DLcw7gMB8GA1UdIwQY
MBaAFCEJtHXTq1zRzBxJZx53/521zhnxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFtMGRkT3JYTkhNSEVsbkhuZl9uYlhPR2ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS81MDViMWEtMDI5OC00ZTgyLTkxNjEt
MDlhZDMyNzdlODRmLzEvZ3hmUHlTNUtha3BGRXdtZkxRTHJVTXR6RHVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS81MDViMWEtMDI5OC00ZTgyLTkxNjEtMDlhZDMyNzdlODRm
LzEvSVFtMGRkT3JYTkhNSEVsbkhuZl9uYlhPR2ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyuFMA0G
CSqGSIb3DQEBCwUAA4IBAQBKjgyo3cHf5gOXRonXU/KtJYe5xix1loJbUapbZ5xd
RSbV3hK9+Us0+Xaf7liDzNLGRXERWUN9bMOZttnSI9MEDgO6s6chGZrjejU/Ov8r
j68mfSzvubFkgu44qX9BYA0OXD1V3u4sofYRTmlkWQv2gxQf0TaA3F9hi8w+zVgb
DKRqaLfHeOf4VpJrsbxl9QCBBwowv5YmUj+nbxWzibuCSyD3MidpEIZdKRhGSMW8
dAe+mo9pP6u1CvbK4253KhghdVONz9rZ3WXuHFK3ANIx4Vzbj0cWuh6pns+juqVZ
2SSaZIdKVUKw1wE2QuE+bjF73s07owgvGaQLTWBD2EAt
-----END CERTIFICATE-----