Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/f29268-2c6a-4e9d-aa2d-d99231e46457/1/gHDsE-M7Bds6BODdronU54n9Gb0.roa
File:                     gHDsE-M7Bds6BODdronU54n9Gb0.roa (raw, json)
Hash identifier:          wZSAuVITgB+tf10qxZ+G6OSnVz70iDg6RypnL81jrkY=
Subject key identifier:   80:70:EC:13:E3:3B:05:DB:3A:04:E0:DD:AE:89:D4:E7:89:FD:19:BD
Certificate issuer:       /CN=e634616edbd60154fa3dac77ea90dbd7c68a132d
Certificate serial:       019420D5D0E8E63508C2DCD40FC7F60E8D53
Authority key identifier: E6:34:61:6E:DB:D6:01:54:FA:3D:AC:77:EA:90:DB:D7:C6:8A:13:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5jRhbtvWAVT6Pax36pDb18aKEy0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/f29268-2c6a-4e9d-aa2d-d99231e46457/1/gHDsE-M7Bds6BODdronU54n9Gb0.roa
Signing time:             Wed 01 Jan 2025 07:47:51 +0000
ROA not before:           Wed 01 Jan 2025 07:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15830
IP address blocks:        195.245.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/f29268-2c6a-4e9d-aa2d-d99231e46457/1/5jRhbtvWAVT6Pax36pDb18aKEy0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/f29268-2c6a-4e9d-aa2d-d99231e46457/1/5jRhbtvWAVT6Pax36pDb18aKEy0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5jRhbtvWAVT6Pax36pDb18aKEy0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:d0:e8:e6:35:08:c2:dc:d4:0f:c7:f6:0e:8d:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e634616edbd60154fa3dac77ea90dbd7c68a132d
        Validity
            Not Before: Jan  1 07:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8070ec13e33b05db3a04e0ddae89d4e789fd19bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:67:4b:01:8a:50:31:b7:72:56:e3:57:1d:e3:
                    47:06:5b:20:bd:eb:65:f1:b6:7b:56:5c:0a:5c:c0:
                    4c:55:ae:db:e0:8c:18:b6:6b:d7:be:36:b4:4d:0c:
                    02:4e:96:d3:57:42:1e:82:5c:10:f1:26:76:27:3d:
                    91:80:fe:61:f7:8c:9d:d9:ba:8f:61:ed:e1:40:f1:
                    a6:f2:f4:91:09:aa:cb:24:d5:0c:56:6e:ee:c1:97:
                    e2:b4:92:4e:69:c4:ac:a0:92:75:c7:7a:59:00:e2:
                    d0:3f:cc:71:2a:7a:54:82:21:03:0d:c5:d4:b9:39:
                    d8:97:b1:1e:05:e8:3b:d3:bf:1e:ec:13:5f:38:f9:
                    b1:90:5f:1e:eb:94:12:af:c0:f4:f6:ce:e0:07:b7:
                    f3:cb:aa:0c:1a:b3:3a:db:90:62:14:d7:b8:5e:bf:
                    1b:77:dc:1a:76:85:0b:bb:42:0c:28:3d:1c:82:fb:
                    ba:2a:0c:1a:4f:38:27:c6:89:53:16:1e:ee:58:19:
                    0f:ab:fa:9a:55:0a:f5:46:ef:5e:04:29:e8:6b:56:
                    ae:d3:a7:5e:4e:1e:70:33:ce:1c:f7:53:3e:67:13:
                    e8:84:dc:91:4a:95:97:1e:5e:ee:88:5b:f9:b4:db:
                    27:5f:b6:0a:3f:93:87:85:17:3c:21:02:0e:43:ab:
                    75:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:70:EC:13:E3:3B:05:DB:3A:04:E0:DD:AE:89:D4:E7:89:FD:19:BD
            X509v3 Authority Key Identifier:
                keyid:E6:34:61:6E:DB:D6:01:54:FA:3D:AC:77:EA:90:DB:D7:C6:8A:13:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5jRhbtvWAVT6Pax36pDb18aKEy0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/f29268-2c6a-4e9d-aa2d-d99231e46457/1/gHDsE-M7Bds6BODdronU54n9Gb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/f29268-2c6a-4e9d-aa2d-d99231e46457/1/5jRhbtvWAVT6Pax36pDb18aKEy0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.245.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:07:a9:88:44:4d:6e:5b:ca:23:26:2a:ea:58:c8:7e:16:d7:
         21:0a:34:2a:6c:20:4d:e9:ef:c8:f5:d3:17:15:9a:01:61:13:
         48:08:04:f9:b0:71:f9:ff:3b:95:75:e6:f8:d4:88:fa:74:cb:
         6a:45:8e:5b:28:48:23:21:8a:0a:06:a5:a1:75:33:8d:0a:59:
         7c:54:07:47:6b:4a:a3:5c:8a:b4:94:60:e9:33:74:83:9e:42:
         9a:31:a3:a8:81:33:90:6e:d7:8e:3b:ef:e7:83:e0:f3:e9:91:
         a4:ba:1c:1d:39:9e:27:75:17:f2:3a:04:72:e9:c0:4a:c8:78:
         cd:bc:5e:61:c0:a3:6e:76:ec:9c:be:25:ba:82:76:19:7e:7c:
         5b:ac:cd:5e:6a:39:60:c6:ba:73:0d:a5:6c:9c:e6:2e:c4:a2:
         b0:4a:fa:f5:97:4e:a7:45:84:97:04:c9:ca:23:ab:4d:e6:d4:
         80:9b:0c:ed:5b:2e:53:c8:f1:05:18:d8:6d:18:06:55:40:cd:
         9e:f4:bf:c3:c6:db:d2:96:78:c2:63:7b:99:92:75:42:27:94:
         87:a5:fb:41:d2:18:51:35:c2:fb:d4:8a:97:41:e6:d6:04:96:
         e4:00:c7:4f:2f:40:48:cb:2e:f2:51:70:cf:c9:0a:02:b8:04:
         ed:4c:f0:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1dDo5jUIwtzUD8f2Do1TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MzQ2MTZlZGJkNjAxNTRmYTNkYWM3N2VhOTBkYmQ3YzY4
YTEzMmQwHhcNMjUwMTAxMDc0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDcwZWMxM2UzM2IwNWRiM2EwNGUwZGRhZTg5ZDRlNzg5ZmQxOWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmdLAYpQMbdyVuNXHeNHBlsgvetl
8bZ7VlwKXMBMVa7b4IwYtmvXvja0TQwCTpbTV0IeglwQ8SZ2Jz2RgP5h94yd2bqP
Ye3hQPGm8vSRCarLJNUMVm7uwZfitJJOacSsoJJ1x3pZAOLQP8xxKnpUgiEDDcXU
uTnYl7EeBeg7078e7BNfOPmxkF8e65QSr8D09s7gB7fzy6oMGrM625BiFNe4Xr8b
d9wadoULu0IMKD0cgvu6KgwaTzgnxolTFh7uWBkPq/qaVQr1Ru9eBCnoa1au06de
Th5wM84c91M+ZxPohNyRSpWXHl7uiFv5tNsnX7YKP5OHhRc8IQIOQ6t1UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIBw7BPjOwXbOgTg3a6J1OeJ/Rm9MB8GA1UdIwQY
MBaAFOY0YW7b1gFU+j2sd+qQ29fGihMtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWpSaGJ0dldBVlQ2UGF4MzZwRGIxOGFLRXkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9mMjkyNjgtMmM2YS00ZTlkLWFhMmQt
ZDk5MjMxZTQ2NDU3LzEvZ0hEc0UtTTdCZHM2Qk9EZHJvblU1NG45R2IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9mMjkyNjgtMmM2YS00ZTlkLWFhMmQtZDk5MjMxZTQ2NDU3
LzEvNWpSaGJ0dldBVlQ2UGF4MzZwRGIxOGFLRXkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/VVMA0G
CSqGSIb3DQEBCwUAA4IBAQALB6mIRE1uW8ojJirqWMh+FtchCjQqbCBN6e/I9dMX
FZoBYRNICAT5sHH5/zuVdeb41Ij6dMtqRY5bKEgjIYoKBqWhdTONCll8VAdHa0qj
XIq0lGDpM3SDnkKaMaOogTOQbteOO+/ng+Dz6ZGkuhwdOZ4ndRfyOgRy6cBKyHjN
vF5hwKNuduycviW6gnYZfnxbrM1eajlgxrpzDaVsnOYuxKKwSvr1l06nRYSXBMnK
I6tN5tSAmwztWy5TyPEFGNhtGAZVQM2e9L/DxtvSlnjCY3uZknVCJ5SHpftB0hhR
NcL71IqXQebWBJbkAMdPL0BIyy7yUXDPyQoCuATtTPBw
-----END CERTIFICATE-----