Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/510a4e-66ef-4dc1-803b-20dddbc1281d/1/1-GwxGdQdSDv0GNH37kCGFbw_26Q.roa
File:                     1-GwxGdQdSDv0GNH37kCGFbw_26Q.roa (raw, json)
Hash identifier:          8CUzx4XPAhE8seJ5BK68QhEaKNzFZcIoKPr1Lhqpte4=
Subject key identifier:   F8:6C:31:19:D4:1D:48:3B:F4:18:D1:F7:EE:40:86:15:BC:3F:DB:A4
Certificate issuer:       /CN=a588604d25b87b82fd1259dfe294cd8fb9ff49b4
Certificate serial:       01942369437C5C386D2146E87568CEC70859
Authority key identifier: A5:88:60:4D:25:B8:7B:82:FD:12:59:DF:E2:94:CD:8F:B9:FF:49:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pYhgTSW4e4L9Elnf4pTNj7n_SbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/510a4e-66ef-4dc1-803b-20dddbc1281d/1/1-GwxGdQdSDv0GNH37kCGFbw_26Q.roa
Signing time:             Wed 01 Jan 2025 19:48:08 +0000
ROA not before:           Wed 01 Jan 2025 19:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20853
IP address blocks:        91.216.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/510a4e-66ef-4dc1-803b-20dddbc1281d/1/pYhgTSW4e4L9Elnf4pTNj7n_SbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/510a4e-66ef-4dc1-803b-20dddbc1281d/1/pYhgTSW4e4L9Elnf4pTNj7n_SbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pYhgTSW4e4L9Elnf4pTNj7n_SbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:43:7c:5c:38:6d:21:46:e8:75:68:ce:c7:08:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a588604d25b87b82fd1259dfe294cd8fb9ff49b4
        Validity
            Not Before: Jan  1 19:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f86c3119d41d483bf418d1f7ee408615bc3fdba4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:82:ce:52:7e:d5:d3:1e:cc:14:8e:37:d1:98:
                    19:91:82:e0:1f:ea:80:73:59:32:27:aa:84:ad:3c:
                    07:38:5d:81:9b:db:b4:08:e5:62:cd:d6:d0:e7:14:
                    cd:87:57:08:e0:d1:29:5c:a9:9d:5d:14:fd:35:2f:
                    fc:04:0d:57:59:ae:12:af:40:8c:04:07:66:50:84:
                    e1:42:c9:28:65:10:53:f9:38:3a:f7:47:49:e6:40:
                    26:f2:81:8a:5d:b1:f8:e8:a5:72:d9:d5:94:82:59:
                    11:46:67:62:d5:1a:d8:8d:bf:37:d5:51:2e:13:d5:
                    e1:d3:87:3a:4f:17:75:8c:56:2f:d8:46:0a:d2:90:
                    f4:65:48:dc:24:29:0a:7e:5e:38:56:9b:69:66:c0:
                    0f:44:21:0e:a6:94:ef:4d:d9:9e:88:09:19:f7:1a:
                    9e:d7:85:16:f7:7b:05:77:eb:68:e1:3f:08:e1:8d:
                    cf:70:34:6d:97:e5:07:0d:9a:16:07:53:de:7b:50:
                    be:12:f1:77:91:57:a7:b6:21:0f:b0:e0:af:71:83:
                    a5:e9:0e:c6:f8:4f:92:fe:65:76:03:5d:80:7a:6b:
                    d3:c9:e1:80:81:41:59:4e:24:a8:8b:53:99:6f:48:
                    ff:60:b2:28:05:63:1f:e3:5a:a0:d5:08:94:cf:23:
                    92:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:6C:31:19:D4:1D:48:3B:F4:18:D1:F7:EE:40:86:15:BC:3F:DB:A4
            X509v3 Authority Key Identifier:
                keyid:A5:88:60:4D:25:B8:7B:82:FD:12:59:DF:E2:94:CD:8F:B9:FF:49:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pYhgTSW4e4L9Elnf4pTNj7n_SbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/510a4e-66ef-4dc1-803b-20dddbc1281d/1/1-GwxGdQdSDv0GNH37kCGFbw_26Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/510a4e-66ef-4dc1-803b-20dddbc1281d/1/pYhgTSW4e4L9Elnf4pTNj7n_SbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:24:3a:5e:bf:75:05:68:e1:a5:61:90:ea:a1:b0:e0:33:3f:
         c6:df:48:0b:6f:86:c9:b7:f1:e7:f9:5c:eb:b4:40:a6:1f:51:
         5f:a1:d6:10:4e:b6:55:66:92:fd:f4:a9:c8:58:f0:ce:5e:2f:
         e7:e8:a4:e9:2f:39:29:09:c5:b7:f9:20:3f:6d:b2:eb:77:6f:
         41:a5:57:1b:84:46:34:4d:69:5a:73:f4:6c:a8:5f:15:df:b1:
         ca:9b:d0:17:6c:b4:c6:9b:84:b8:9c:34:1e:08:d7:3d:da:57:
         78:f2:0c:0b:bb:e4:d4:c1:73:06:cd:ff:2f:d9:88:2f:75:51:
         c7:8b:37:98:b0:5c:eb:7f:1b:0e:e7:c6:6e:8d:60:0f:de:7d:
         cc:d2:d2:cc:38:a8:48:ba:cb:8a:e1:38:34:3f:c5:01:92:03:
         8f:95:3c:b9:7e:87:a4:04:28:8c:ab:31:4a:54:19:b9:43:7a:
         55:4e:09:65:b3:17:7d:44:22:44:aa:91:c4:63:0f:74:a2:bd:
         1b:5e:d8:7e:80:3d:95:f4:84:69:e0:c0:c3:dd:00:a1:79:cc:
         58:a8:55:e0:c9:6b:6a:39:7c:62:33:b1:2c:d0:50:04:67:e1:
         59:8e:b1:66:62:a7:6c:d5:f0:4a:e8:50:3c:98:68:49:a5:f5:
         46:43:d2:cd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQjaUN8XDhtIUbodWjOxwhZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1ODg2MDRkMjViODdiODJmZDEyNTlkZmUyOTRjZDhmYjlm
ZjQ5YjQwHhcNMjUwMTAxMTk0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODZjMzExOWQ0MWQ0ODNiZjQxOGQxZjdlZTQwODYxNWJjM2ZkYmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoLOUn7V0x7MFI430ZgZkYLgH+qA
c1kyJ6qErTwHOF2Bm9u0COVizdbQ5xTNh1cI4NEpXKmdXRT9NS/8BA1XWa4Sr0CM
BAdmUIThQskoZRBT+Tg690dJ5kAm8oGKXbH46KVy2dWUglkRRmdi1RrYjb831VEu
E9Xh04c6Txd1jFYv2EYK0pD0ZUjcJCkKfl44VptpZsAPRCEOppTvTdmeiAkZ9xqe
14UW93sFd+to4T8I4Y3PcDRtl+UHDZoWB1Pee1C+EvF3kVentiEPsOCvcYOl6Q7G
+E+S/mV2A12AemvTyeGAgUFZTiSoi1OZb0j/YLIoBWMf41qg1QiUzyOSSQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPhsMRnUHUg79BjR9+5AhhW8P9ukMB8GA1UdIwQY
MBaAFKWIYE0luHuC/RJZ3+KUzY+5/0m0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFloZ1RTVzRlNEw5RWxuZjRwVE5qN25fU2JRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC81MTBhNGUtNjZlZi00ZGMxLTgwM2It
MjBkZGRiYzEyODFkLzEvMS1Hd3hHZFFkU0R2MEdOSDM3a0NHRmJ3XzI2US5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYmQvNTEwYTRlLTY2ZWYtNGRjMS04MDNiLTIwZGRkYmMxMjgx
ZC8xL3BZaGdUU1c0ZTRMOUVsbmY0cFROajduX1NiUS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvY4DAN
BgkqhkiG9w0BAQsFAAOCAQEATSQ6Xr91BWjhpWGQ6qGw4DM/xt9IC2+Gybfx5/lc
67RAph9RX6HWEE62VWaS/fSpyFjwzl4v5+ik6S85KQnFt/kgP22y63dvQaVXG4RG
NE1pWnP0bKhfFd+xypvQF2y0xpuEuJw0HgjXPdpXePIMC7vk1MFzBs3/L9mIL3VR
x4s3mLBc638bDufGbo1gD959zNLSzDioSLrLiuE4ND/FAZIDj5U8uX6HpAQojKsx
SlQZuUN6VU4JZbMXfUQiRKqRxGMPdKK9G17YfoA9lfSEaeDAw90AoXnMWKhV4Mlr
ajl8YjOxLNBQBGfhWY6xZmKnbNXwSuhQPJhoSaX1RkPSzQ==
-----END CERTIFICATE-----