Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/GKIBvtXq3THm63QH_8TaUji8HSI.roa
File:                     GKIBvtXq3THm63QH_8TaUji8HSI.roa (raw, json)
Hash identifier:          +pvrI4erf1Lcj/8FcUip5ayRE0gXLz82FrGP84f2lSQ=
Subject key identifier:   18:A2:01:BE:D5:EA:DD:31:E6:EB:74:07:FF:C4:DA:52:38:BC:1D:22
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       01941F8CA66831FFC99EB6EE302559CDBB77
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/GKIBvtXq3THm63QH_8TaUji8HSI.roa
Signing time:             Wed 01 Jan 2025 01:48:18 +0000
ROA not before:           Wed 01 Jan 2025 01:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39281
IP address blocks:        194.35.88.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:a6:68:31:ff:c9:9e:b6:ee:30:25:59:cd:bb:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 01:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18a201bed5eadd31e6eb7407ffc4da5238bc1d22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:9b:c0:7c:cb:b8:2d:26:bb:b6:44:25:98:ca:
                    42:5d:41:8b:78:29:6e:c7:33:85:d7:a1:8a:2c:ac:
                    44:c4:a1:88:03:67:60:7e:5f:3c:0b:31:ff:5e:3d:
                    9b:c9:3f:74:4a:85:8e:d9:f2:9d:ff:79:7c:97:31:
                    d4:97:7e:58:11:2f:bb:99:22:24:56:72:e8:62:ad:
                    b6:c1:0c:15:19:22:52:00:60:bc:e9:34:e4:ce:c8:
                    ad:00:b8:f8:47:7d:a2:dd:21:ab:e5:b8:3b:9e:d2:
                    cc:4a:c7:dd:e6:1f:41:50:bf:30:e7:83:c6:79:93:
                    6a:91:9d:a3:bc:14:8e:94:cc:ab:07:42:c0:0a:47:
                    e7:98:d0:4f:a2:44:f6:9d:f3:2c:8c:99:1e:db:02:
                    10:8b:56:c7:9a:bc:ec:b5:45:56:09:61:95:99:01:
                    04:d0:d4:ae:11:83:3e:d2:f7:55:58:0c:43:9c:cb:
                    cc:33:69:dd:f5:55:ce:40:c8:2b:d0:76:da:ed:d7:
                    f4:16:2c:e6:0e:52:b1:20:6f:a3:4e:da:22:42:9d:
                    55:70:10:cc:b0:25:96:d1:6c:f5:0b:0a:2e:03:46:
                    d9:05:ea:0d:15:b0:1f:46:ec:c9:ab:cf:05:22:43:
                    a8:84:50:99:33:f2:d4:2d:3e:28:56:3a:b1:93:0b:
                    7d:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:A2:01:BE:D5:EA:DD:31:E6:EB:74:07:FF:C4:DA:52:38:BC:1D:22
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/GKIBvtXq3THm63QH_8TaUji8HSI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.35.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ad:ba:13:e7:90:64:47:8a:4d:ad:a6:e0:1b:23:04:e1:f9:35:
         2d:2c:7e:7e:3c:5a:45:54:87:b8:3f:84:21:ed:68:21:82:6e:
         bc:99:81:a9:10:ea:69:cd:0f:92:1f:24:83:42:63:79:43:75:
         5c:ef:38:5a:92:6e:87:aa:97:8d:70:00:e7:15:a6:bc:f9:04:
         27:f1:47:79:dd:46:d8:33:40:bb:55:b3:32:d2:5a:20:08:1c:
         08:99:88:78:1d:07:a6:5e:df:5a:a6:de:ee:08:71:0c:f1:6e:
         3e:b9:b8:1c:46:07:f9:8e:17:26:d9:7d:e9:0a:4b:b6:62:0f:
         a2:b0:25:f8:8b:95:e1:d7:a2:6d:25:2d:f7:5d:72:2e:8f:fb:
         00:6e:ef:20:c9:9d:00:5a:6b:de:60:37:c6:a0:01:c8:1e:02:
         4e:dc:cd:67:97:09:0b:ce:25:45:0f:7e:af:5b:b4:92:92:2d:
         3a:ce:ea:5a:88:43:8a:c0:9e:cf:d5:ae:50:4f:0b:1c:e0:ca:
         bc:be:a7:52:39:17:c6:2e:c2:3a:92:a8:c1:e2:6f:70:c5:5e:
         91:de:23:5b:a4:c9:f9:a9:09:14:e8:1c:30:72:1c:1f:d3:ea:
         5e:a1:74:48:40:98:42:21:bd:3c:e8:78:ed:00:9f:4f:da:f5:
         70:3d:a8:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjKZoMf/JnrbuMCVZzbt3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMTAxMDE0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGEyMDFiZWQ1ZWFkZDMxZTZlYjc0MDdmZmM0ZGE1MjM4YmMxZDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZvAfMu4LSa7tkQlmMpCXUGLeClu
xzOF16GKLKxExKGIA2dgfl88CzH/Xj2byT90SoWO2fKd/3l8lzHUl35YES+7mSIk
VnLoYq22wQwVGSJSAGC86TTkzsitALj4R32i3SGr5bg7ntLMSsfd5h9BUL8w54PG
eZNqkZ2jvBSOlMyrB0LACkfnmNBPokT2nfMsjJke2wIQi1bHmrzstUVWCWGVmQEE
0NSuEYM+0vdVWAxDnMvMM2nd9VXOQMgr0Hba7df0FizmDlKxIG+jTtoiQp1VcBDM
sCWW0Wz1CwouA0bZBeoNFbAfRuzJq88FIkOohFCZM/LULT4oVjqxkwt9zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBiiAb7V6t0x5ut0B//E2lI4vB0iMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvR0tJQnZ0WHEzVEhtNjNRSF84VGFVamk4SFNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiNYMA0G
CSqGSIb3DQEBCwUAA4IBAQCtuhPnkGRHik2tpuAbIwTh+TUtLH5+PFpFVIe4P4Qh
7Wghgm68mYGpEOppzQ+SHySDQmN5Q3Vc7zhakm6HqpeNcADnFaa8+QQn8Ud53UbY
M0C7VbMy0logCBwImYh4HQemXt9apt7uCHEM8W4+ubgcRgf5jhcm2X3pCku2Yg+i
sCX4i5Xh16JtJS33XXIuj/sAbu8gyZ0AWmveYDfGoAHIHgJO3M1nlwkLziVFD36v
W7SSki06zupaiEOKwJ7P1a5QTwsc4Mq8vqdSORfGLsI6kqjB4m9wxV6R3iNbpMn5
qQkU6Bwwchwf0+peoXRIQJhCIb086HjtAJ9P2vVwPaiG
-----END CERTIFICATE-----