Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/gvVZ7S_MT72Pje2By0Bby2Ij9C0.roa
File:                     gvVZ7S_MT72Pje2By0Bby2Ij9C0.roa (raw, json)
Hash identifier:          aibwfcNEkry2NIdkPF29Lq0Hlv6AHEZR5hCHySn0s2E=
Subject key identifier:   82:F5:59:ED:2F:CC:4F:BD:8F:8D:ED:81:CB:40:5B:CB:62:23:F4:2D
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       0194221FC9A45A2C69C135E26CF10A7DF709
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/gvVZ7S_MT72Pje2By0Bby2Ij9C0.roa
Signing time:             Wed 01 Jan 2025 13:48:16 +0000
ROA not before:           Wed 01 Jan 2025 13:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200115
IP address blocks:        85.219.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:c9:a4:5a:2c:69:c1:35:e2:6c:f1:0a:7d:f7:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 13:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82f559ed2fcc4fbd8f8ded81cb405bcb6223f42d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:99:90:da:24:07:8e:ae:2d:13:c8:4b:85:d0:
                    4a:99:ef:92:ed:e8:d4:b3:3d:68:83:ca:88:aa:90:
                    03:cc:84:36:fc:71:84:2b:1d:8b:0e:77:49:bd:b3:
                    6a:b1:cb:39:ff:45:56:e5:0e:9b:02:1c:e1:02:de:
                    4b:d0:61:42:cf:f6:01:83:fd:c9:ee:a0:68:51:3e:
                    76:9c:b9:fc:44:91:f0:0e:b1:2e:dc:4e:7c:cb:0d:
                    c2:24:49:c2:30:29:62:63:1c:81:8c:79:8d:13:61:
                    8f:81:0e:61:ee:35:04:38:a8:2d:d3:1b:f6:01:c0:
                    5d:b7:e6:98:e3:4d:a5:cc:aa:92:6b:b6:cd:70:82:
                    72:30:7d:6b:92:b4:0d:0e:74:d3:31:1a:2b:de:f4:
                    3f:77:7e:09:d8:b9:ab:7e:e9:07:9f:95:b6:ab:54:
                    3b:e9:95:ca:98:8b:57:ae:70:b5:a4:c2:e4:cd:d2:
                    16:71:66:e0:25:28:d1:ef:b6:f4:b9:82:b5:e0:7e:
                    7a:48:08:40:bd:f6:49:bf:60:38:d7:78:df:ff:33:
                    97:58:0e:e5:08:48:77:02:5e:81:63:f7:09:05:cf:
                    0d:43:70:80:2d:d5:ad:38:12:f6:a4:b0:eb:19:a8:
                    ae:7d:19:d7:b0:70:27:f9:71:27:7b:b3:f3:01:a8:
                    03:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:F5:59:ED:2F:CC:4F:BD:8F:8D:ED:81:CB:40:5B:CB:62:23:F4:2D
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/gvVZ7S_MT72Pje2By0Bby2Ij9C0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.219.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:30:f2:64:02:01:6f:56:36:6b:19:b0:25:8c:ed:45:5b:eb:
         b2:fd:0e:67:47:c9:ac:4a:25:29:9d:a9:03:59:68:03:ca:ca:
         e1:38:5b:89:e7:e3:d8:5f:c6:4a:d7:bf:a6:f7:5d:95:1c:df:
         c2:21:63:10:d3:03:55:70:88:5f:1c:0e:e4:02:18:38:6a:67:
         3b:b5:08:f2:2d:28:42:6e:3a:59:f2:aa:96:64:17:0d:eb:4c:
         9e:36:f9:8e:8c:5f:b0:e3:e5:bb:41:f7:3f:bf:64:14:25:3d:
         42:7b:bf:0e:77:23:4a:e1:25:11:67:99:a1:54:8a:03:b4:b3:
         f8:c6:30:eb:af:4b:92:99:a2:25:b4:5f:ec:74:57:55:41:e3:
         fa:24:f2:9a:dc:46:1b:e2:65:1b:d1:99:94:49:18:d0:7c:d9:
         9c:de:12:36:0c:57:55:60:16:dd:02:47:ba:cc:86:d1:98:54:
         e6:90:3e:56:37:3d:f1:03:7b:cd:2f:4e:2f:39:78:fd:df:c1:
         8f:68:33:b9:36:f9:1c:b7:13:51:2b:62:62:89:9c:3c:e1:1f:
         8e:29:b2:9d:a3:ca:60:2c:5d:ec:0d:86:fd:98:85:a0:de:e6:
         71:9b:d8:da:41:33:10:e4:dc:b2:f6:c3:c1:8f:e2:e6:f0:64:
         1f:87:37:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH8mkWixpwTXibPEKffcJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjUwMTAxMTM0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmY1NTllZDJmY2M0ZmJkOGY4ZGVkODFjYjQwNWJjYjYyMjNmNDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5mQ2iQHjq4tE8hLhdBKme+S7ejU
sz1og8qIqpADzIQ2/HGEKx2LDndJvbNqscs5/0VW5Q6bAhzhAt5L0GFCz/YBg/3J
7qBoUT52nLn8RJHwDrEu3E58yw3CJEnCMCliYxyBjHmNE2GPgQ5h7jUEOKgt0xv2
AcBdt+aY402lzKqSa7bNcIJyMH1rkrQNDnTTMRor3vQ/d34J2LmrfukHn5W2q1Q7
6ZXKmItXrnC1pMLkzdIWcWbgJSjR77b0uYK14H56SAhAvfZJv2A413jf/zOXWA7l
CEh3Al6BY/cJBc8NQ3CALdWtOBL2pLDrGaiufRnXsHAn+XEne7PzAagDMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIL1We0vzE+9j43tgctAW8tiI/QtMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvZ3ZWWjdTX01UNzJQamUyQnkwQmJ5MklqOUMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdutMA0G
CSqGSIb3DQEBCwUAA4IBAQBLMPJkAgFvVjZrGbAljO1FW+uy/Q5nR8msSiUpnakD
WWgDysrhOFuJ5+PYX8ZK17+m912VHN/CIWMQ0wNVcIhfHA7kAhg4amc7tQjyLShC
bjpZ8qqWZBcN60yeNvmOjF+w4+W7Qfc/v2QUJT1Ce78OdyNK4SURZ5mhVIoDtLP4
xjDrr0uSmaIltF/sdFdVQeP6JPKa3EYb4mUb0ZmUSRjQfNmc3hI2DFdVYBbdAke6
zIbRmFTmkD5WNz3xA3vNL04vOXj938GPaDO5NvkctxNRK2JiiZw84R+OKbKdo8pg
LF3sDYb9mIWg3uZxm9jaQTMQ5Nyy9sPBj+Lm8GQfhzel
-----END CERTIFICATE-----