Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/433c47-bf3e-4728-8b93-b070ec34d4c1/1/goFsxxYVVDsH1YxnuVEoHVEyuUQ.roa
File:                     goFsxxYVVDsH1YxnuVEoHVEyuUQ.roa (raw, json)
Hash identifier:          H+4TEC+hHsfjX7/LNloV4KRFUkMNXemYneHOCftwWZE=
Subject key identifier:   82:81:6C:C7:16:15:54:3B:07:D5:8C:67:B9:51:28:1D:51:32:B9:44
Certificate issuer:       /CN=073cc18fc706df5a9933b0be20dccb04675bf474
Certificate serial:       01942522013FFCAC27E0E48BFC428B9E71C4
Authority key identifier: 07:3C:C1:8F:C7:06:DF:5A:99:33:B0:BE:20:DC:CB:04:67:5B:F4:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BzzBj8cG31qZM7C-INzLBGdb9HQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/433c47-bf3e-4728-8b93-b070ec34d4c1/1/goFsxxYVVDsH1YxnuVEoHVEyuUQ.roa
Signing time:             Thu 02 Jan 2025 03:49:33 +0000
ROA not before:           Thu 02 Jan 2025 03:49:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29686
IP address blocks:        195.43.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/433c47-bf3e-4728-8b93-b070ec34d4c1/1/BzzBj8cG31qZM7C-INzLBGdb9HQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/433c47-bf3e-4728-8b93-b070ec34d4c1/1/BzzBj8cG31qZM7C-INzLBGdb9HQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BzzBj8cG31qZM7C-INzLBGdb9HQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:01:3f:fc:ac:27:e0:e4:8b:fc:42:8b:9e:71:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=073cc18fc706df5a9933b0be20dccb04675bf474
        Validity
            Not Before: Jan  2 03:49:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82816cc71615543b07d58c67b951281d5132b944
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:90:be:da:7b:3d:54:8d:63:e3:c3:ee:a3:aa:
                    27:99:4e:67:79:4e:34:ee:93:d6:3a:8a:ea:5d:9d:
                    11:1d:4b:69:86:b8:c3:45:4e:13:fc:15:79:49:af:
                    17:7b:b2:3c:31:d9:ce:ab:0d:b3:d8:6a:d9:15:a6:
                    4f:b8:fe:da:d2:82:82:65:06:f6:87:94:0a:d1:4d:
                    5d:54:c1:aa:f2:64:eb:61:78:4b:b2:b8:36:cd:db:
                    2f:47:31:4f:82:cf:2a:cf:ab:ed:7a:6c:f8:b5:43:
                    0d:68:c2:05:d3:94:38:0a:c7:ef:57:ba:4d:dd:3f:
                    e1:54:94:7c:c7:e9:8b:c4:34:99:35:8e:bc:0b:07:
                    ce:a5:bf:2c:09:37:01:cc:87:68:ee:e1:54:46:28:
                    f8:a8:26:53:08:15:fa:1e:23:dd:32:08:af:1d:e2:
                    f2:d2:11:e4:8e:99:30:0a:18:19:bf:f7:96:cf:3c:
                    91:71:80:d6:ca:d1:67:b5:a9:e6:2f:3d:34:27:eb:
                    eb:c5:1c:ac:a8:10:d1:7d:0e:3f:11:29:b3:af:20:
                    a8:a5:95:39:a6:95:48:1d:3f:0f:ff:40:88:13:90:
                    0d:8d:16:84:96:9c:f7:d5:cd:6a:ce:44:9f:13:28:
                    18:fd:ec:7f:f3:3b:f6:e6:2c:ba:ad:dc:f0:43:bd:
                    02:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:81:6C:C7:16:15:54:3B:07:D5:8C:67:B9:51:28:1D:51:32:B9:44
            X509v3 Authority Key Identifier:
                keyid:07:3C:C1:8F:C7:06:DF:5A:99:33:B0:BE:20:DC:CB:04:67:5B:F4:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BzzBj8cG31qZM7C-INzLBGdb9HQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/433c47-bf3e-4728-8b93-b070ec34d4c1/1/goFsxxYVVDsH1YxnuVEoHVEyuUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/433c47-bf3e-4728-8b93-b070ec34d4c1/1/BzzBj8cG31qZM7C-INzLBGdb9HQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.43.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:ca:3a:c4:e5:f2:c1:f8:ca:95:71:d3:3b:2c:c8:c0:ce:1e:
         fb:cd:94:30:a9:e9:29:1f:60:c2:fa:3e:be:48:04:a4:5a:7b:
         9c:f6:65:95:fe:38:cc:e4:d3:b5:88:a9:30:8d:b3:72:82:45:
         19:fd:4b:15:05:46:cb:43:86:47:15:ba:0f:57:1e:af:8f:7e:
         ed:52:42:77:6a:cc:b9:09:00:5b:f0:94:21:b2:76:f8:0f:0b:
         88:e7:4b:f9:c8:24:77:8b:b2:69:c8:c8:53:e2:fe:fe:30:e1:
         95:55:21:60:c7:d6:5c:66:cb:4a:8c:bf:08:fe:c6:ec:10:92:
         92:4c:d8:dd:00:24:b2:8c:91:a5:d7:91:00:e1:22:e1:82:39:
         8f:08:bd:29:38:2b:ed:d8:e4:be:b6:61:75:29:5f:ba:c2:5c:
         dc:f9:b0:9b:e3:22:29:ca:e0:7f:54:91:4d:78:08:ec:6f:79:
         a8:d2:59:18:31:d4:0d:3b:ce:92:3d:02:36:53:87:b4:18:f8:
         6a:b0:77:be:a9:dd:bb:41:56:18:90:50:41:d1:9d:f7:cd:fb:
         51:bb:a9:08:67:b3:ea:c9:7e:8c:1f:cd:11:d9:20:06:9c:ce:
         28:f6:d3:44:25:96:75:0b:14:e2:81:dc:68:5e:1d:35:1d:39:
         2e:f3:ce:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIgE//Kwn4OSL/EKLnnHEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3M2NjMThmYzcwNmRmNWE5OTMzYjBiZTIwZGNjYjA0Njc1
YmY0NzQwHhcNMjUwMTAyMDM0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjgxNmNjNzE2MTU1NDNiMDdkNThjNjdiOTUxMjgxZDUxMzJiOTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZC+2ns9VI1j48Puo6onmU5neU40
7pPWOorqXZ0RHUtphrjDRU4T/BV5Sa8Xe7I8MdnOqw2z2GrZFaZPuP7a0oKCZQb2
h5QK0U1dVMGq8mTrYXhLsrg2zdsvRzFPgs8qz6vtemz4tUMNaMIF05Q4CsfvV7pN
3T/hVJR8x+mLxDSZNY68CwfOpb8sCTcBzIdo7uFURij4qCZTCBX6HiPdMgivHeLy
0hHkjpkwChgZv/eWzzyRcYDWytFntanmLz00J+vrxRysqBDRfQ4/ESmzryCopZU5
ppVIHT8P/0CIE5ANjRaElpz31c1qzkSfEygY/ex/8zv25iy6rdzwQ70CBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIKBbMcWFVQ7B9WMZ7lRKB1RMrlEMB8GA1UdIwQY
MBaAFAc8wY/HBt9amTOwviDcywRnW/R0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnp6Qmo4Y0czMXFaTTdDLUlOekxCR2RiOUhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi80MzNjNDctYmYzZS00NzI4LThiOTMt
YjA3MGVjMzRkNGMxLzEvZ29Gc3h4WVZWRHNIMVl4bnVWRW9IVkV5dVVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi80MzNjNDctYmYzZS00NzI4LThiOTMtYjA3MGVjMzRkNGMx
LzEvQnp6Qmo4Y0czMXFaTTdDLUlOekxCR2RiOUhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyuNMA0G
CSqGSIb3DQEBCwUAA4IBAQB0yjrE5fLB+MqVcdM7LMjAzh77zZQwqekpH2DC+j6+
SASkWnuc9mWV/jjM5NO1iKkwjbNygkUZ/UsVBUbLQ4ZHFboPVx6vj37tUkJ3asy5
CQBb8JQhsnb4DwuI50v5yCR3i7JpyMhT4v7+MOGVVSFgx9ZcZstKjL8I/sbsEJKS
TNjdACSyjJGl15EA4SLhgjmPCL0pOCvt2OS+tmF1KV+6wlzc+bCb4yIpyuB/VJFN
eAjsb3mo0lkYMdQNO86SPQI2U4e0GPhqsHe+qd27QVYYkFBB0Z33zftRu6kIZ7Pq
yX6MH80R2SAGnM4o9tNEJZZ1CxTigdxoXh01HTku886C
-----END CERTIFICATE-----