Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/gOYyprxzZCgraPiSHx98Z_j2ly4.roa
File:                     gOYyprxzZCgraPiSHx98Z_j2ly4.roa (raw, json)
Hash identifier:          Jq0tGV+RSeJ69NS7DywPGofAnMIdLaC1eoXEB6G6rIU=
Subject key identifier:   80:E6:32:A6:BC:73:64:28:2B:68:F8:92:1F:1F:7C:67:F8:F6:97:2E
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       0194221FCD0EBB71C8B818E1E245EBD67ABC
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/gOYyprxzZCgraPiSHx98Z_j2ly4.roa
Signing time:             Wed 01 Jan 2025 13:48:16 +0000
ROA not before:           Wed 01 Jan 2025 13:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201549
IP address blocks:        85.219.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:cd:0e:bb:71:c8:b8:18:e1:e2:45:eb:d6:7a:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 13:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80e632a6bc7364282b68f8921f1f7c67f8f6972e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b4:a4:bf:fb:ca:0d:e4:cb:38:59:c2:99:bb:
                    31:21:77:40:6a:f3:e2:26:e2:88:25:67:9d:0a:e7:
                    e2:50:78:f6:0c:f9:14:92:70:27:a8:71:ff:61:6a:
                    67:94:b9:69:0d:eb:4f:8e:88:6c:5c:e7:11:d7:cb:
                    b2:35:e4:61:e2:5c:47:cb:51:6d:d3:24:20:d0:41:
                    b7:6c:cc:21:57:1a:44:cb:a6:05:d3:8e:13:9a:ad:
                    5d:aa:da:03:dc:f5:dc:34:24:a3:45:14:98:9d:59:
                    ed:e3:59:1a:03:28:c5:d5:d1:e3:be:2b:61:1d:d6:
                    35:9d:18:c0:48:c3:fd:93:65:d1:0e:ea:2d:b5:ef:
                    ab:a7:b4:ec:1e:3b:b9:bb:c2:2d:fc:07:cd:5c:a6:
                    0b:82:30:90:ec:e8:ab:c3:dd:71:ce:29:29:95:e8:
                    f2:21:b3:9b:04:9c:2f:66:e0:38:bc:c8:60:16:41:
                    a5:4c:01:86:41:77:65:74:02:a5:52:7d:4c:1d:54:
                    37:cc:95:dd:b6:db:4b:f2:0b:99:dd:3f:c8:f2:6c:
                    63:62:24:ad:24:6a:14:ee:f6:63:76:bc:a4:4d:aa:
                    6e:90:d4:41:69:a6:32:c5:2a:ce:cf:88:36:7a:f2:
                    fe:c1:0e:77:a8:42:f1:23:49:0c:6a:cd:31:e1:db:
                    6b:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:E6:32:A6:BC:73:64:28:2B:68:F8:92:1F:1F:7C:67:F8:F6:97:2E
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/gOYyprxzZCgraPiSHx98Z_j2ly4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.219.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:b0:55:8c:18:f7:1b:b5:51:fe:0c:c3:9d:2a:23:bf:14:92:
         82:a2:23:d9:c0:3a:c9:80:c1:ae:91:10:fe:7f:83:34:1d:97:
         a5:b7:dc:60:0b:9e:1f:c8:64:32:c1:2d:d3:8b:05:77:69:7a:
         20:34:31:3f:e7:4a:63:eb:5b:30:cb:02:54:59:52:ab:4d:b4:
         ef:38:d1:68:3c:7f:28:53:88:31:4d:f1:34:34:2a:61:f9:71:
         ad:83:28:92:86:d3:8f:52:a8:ee:90:3e:42:6e:ba:dc:6b:a4:
         f7:7b:7b:82:26:2c:e1:87:29:16:4f:bb:da:fc:6c:99:fd:ea:
         09:54:37:81:7c:7e:36:ac:cb:d2:bd:a2:6a:42:23:ad:9f:6a:
         c9:65:67:6b:c8:f7:b8:98:ed:d0:12:7e:5f:e5:bc:61:16:7d:
         19:2d:13:6a:73:30:66:ce:76:0e:18:65:70:78:f2:60:9d:fe:
         2f:f0:2a:ee:20:98:6e:94:42:c7:20:15:fb:01:f1:90:8a:b2:
         b4:59:d4:31:22:4a:32:9c:5d:94:e9:8a:ba:83:ba:24:7b:1f:
         9e:d1:c6:51:c0:c8:31:7d:58:53:db:0a:ad:ee:99:82:8a:20:
         82:62:0c:f8:90:11:51:bc:53:91:8c:0c:6c:42:b5:05:d4:09:
         47:5d:bf:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH80Ou3HIuBjh4kXr1nq8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjUwMTAxMTM0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGU2MzJhNmJjNzM2NDI4MmI2OGY4OTIxZjFmN2M2N2Y4ZjY5NzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLSkv/vKDeTLOFnCmbsxIXdAavPi
JuKIJWedCufiUHj2DPkUknAnqHH/YWpnlLlpDetPjohsXOcR18uyNeRh4lxHy1Ft
0yQg0EG3bMwhVxpEy6YF044Tmq1dqtoD3PXcNCSjRRSYnVnt41kaAyjF1dHjvith
HdY1nRjASMP9k2XRDuotte+rp7TsHju5u8It/AfNXKYLgjCQ7Oirw91xzikplejy
IbObBJwvZuA4vMhgFkGlTAGGQXdldAKlUn1MHVQ3zJXdtttL8guZ3T/I8mxjYiSt
JGoU7vZjdrykTapukNRBaaYyxSrOz4g2evL+wQ53qELxI0kMas0x4dtrJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIDmMqa8c2QoK2j4kh8ffGf49pcuMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvZ09ZeXByeHpaQ2dyYVBpU0h4OThaX2oybHk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVduUMA0G
CSqGSIb3DQEBCwUAA4IBAQAgsFWMGPcbtVH+DMOdKiO/FJKCoiPZwDrJgMGukRD+
f4M0HZelt9xgC54fyGQywS3TiwV3aXogNDE/50pj61swywJUWVKrTbTvONFoPH8o
U4gxTfE0NCph+XGtgyiShtOPUqjukD5Cbrrca6T3e3uCJizhhykWT7va/GyZ/eoJ
VDeBfH42rMvSvaJqQiOtn2rJZWdryPe4mO3QEn5f5bxhFn0ZLRNqczBmznYOGGVw
ePJgnf4v8CruIJhulELHIBX7AfGQirK0WdQxIkoynF2U6Yq6g7okex+e0cZRwMgx
fVhT2wqt7pmCiiCCYgz4kBFRvFORjAxsQrUF1AlHXb+S
-----END CERTIFICATE-----