Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/696f99-f411-4e2e-b26a-4cae54191cd5/1/GoiZfyB81lKATNd_KFA7YnPWFpM.roa
File:                     GoiZfyB81lKATNd_KFA7YnPWFpM.roa (raw, json)
Hash identifier:          YbMwTV3MQ9D3n56EjVHhkL6PRU8hYP51h8oBrPXUcjo=
Subject key identifier:   1A:88:99:7F:20:7C:D6:52:80:4C:D7:7F:28:50:3B:62:73:D6:16:93
Certificate issuer:       /CN=b80737ce1cfbe6533b5880b66ea9e2413cd9c825
Certificate serial:       0194228E2351CDF1D2653E0F80250FB4BBA8
Authority key identifier: B8:07:37:CE:1C:FB:E6:53:3B:58:80:B6:6E:A9:E2:41:3C:D9:C8:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAc3zhz75lM7WIC2bqniQTzZyCU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/696f99-f411-4e2e-b26a-4cae54191cd5/1/GoiZfyB81lKATNd_KFA7YnPWFpM.roa
Signing time:             Wed 01 Jan 2025 15:48:47 +0000
ROA not before:           Wed 01 Jan 2025 15:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33943
IP address blocks:        84.19.64.0/19 maxlen: 19
                          2a0a:8380::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/696f99-f411-4e2e-b26a-4cae54191cd5/1/uAc3zhz75lM7WIC2bqniQTzZyCU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/696f99-f411-4e2e-b26a-4cae54191cd5/1/uAc3zhz75lM7WIC2bqniQTzZyCU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAc3zhz75lM7WIC2bqniQTzZyCU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:23:51:cd:f1:d2:65:3e:0f:80:25:0f:b4:bb:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b80737ce1cfbe6533b5880b66ea9e2413cd9c825
        Validity
            Not Before: Jan  1 15:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a88997f207cd652804cd77f28503b6273d61693
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:6a:ad:e5:b7:2f:a9:2f:9f:22:17:99:19:d4:
                    cc:cb:59:16:df:9e:8c:61:24:db:07:f5:8f:88:df:
                    7a:98:d1:ba:17:b0:5e:87:53:65:b4:c7:0a:b0:b7:
                    f5:4c:c7:a4:db:23:0b:0e:73:4c:aa:31:ec:97:ca:
                    f7:2c:b7:f6:a0:e4:54:eb:59:45:05:d3:f5:ec:f8:
                    dd:d2:7f:ae:52:fb:17:47:20:1c:02:02:a8:bf:41:
                    f7:71:bd:a1:e8:00:6b:ff:a2:3a:96:25:cb:3f:84:
                    b6:01:de:10:ed:e0:59:ee:dd:84:59:65:40:72:18:
                    ee:93:8e:49:48:d6:4e:00:5d:b8:94:08:ce:81:87:
                    5c:42:19:8c:60:1e:9f:ad:78:13:46:a5:98:aa:56:
                    45:a1:d1:7d:ba:d5:45:c7:4a:7e:58:3f:c9:20:c1:
                    67:ca:9e:46:d0:4b:41:de:f3:0c:6d:a3:97:86:a7:
                    a1:89:9f:3c:1a:d1:ee:f2:e2:3e:07:71:24:77:15:
                    8b:09:fa:98:a8:b0:7a:a5:da:28:6c:49:a4:e2:30:
                    83:53:17:b0:6e:10:51:ea:e6:70:cd:f5:14:43:1a:
                    67:b1:a1:5a:72:8f:fd:34:03:99:96:ba:19:16:fb:
                    c9:ce:5a:2c:50:2c:b4:93:37:76:8b:07:1a:64:4a:
                    23:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:88:99:7F:20:7C:D6:52:80:4C:D7:7F:28:50:3B:62:73:D6:16:93
            X509v3 Authority Key Identifier:
                keyid:B8:07:37:CE:1C:FB:E6:53:3B:58:80:B6:6E:A9:E2:41:3C:D9:C8:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAc3zhz75lM7WIC2bqniQTzZyCU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/696f99-f411-4e2e-b26a-4cae54191cd5/1/GoiZfyB81lKATNd_KFA7YnPWFpM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/696f99-f411-4e2e-b26a-4cae54191cd5/1/uAc3zhz75lM7WIC2bqniQTzZyCU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.19.64.0/19
                IPv6:
                  2a0a:8380::/29

    Signature Algorithm: sha256WithRSAEncryption
         bd:82:a1:68:18:0c:e2:09:60:dd:96:47:13:cb:43:b2:d0:a4:
         89:40:dc:08:04:38:e3:34:84:7f:07:24:a9:0d:f4:cf:39:b9:
         a2:25:e1:7d:3c:56:4b:e8:70:a1:46:b7:7e:b6:06:af:24:e5:
         50:f9:ee:05:73:7d:45:94:01:58:bb:2b:a8:c1:29:c5:7b:ad:
         53:91:3a:42:5e:90:68:b0:16:81:f4:b7:70:28:73:6e:e5:55:
         ca:3d:f5:bf:8a:01:65:eb:4f:2f:da:04:6a:21:95:1c:bc:e4:
         13:1e:13:79:5e:ed:8c:ae:05:5f:a3:0e:b0:d1:ce:7e:e6:17:
         87:2e:b2:cf:fb:80:69:ed:0f:53:94:c2:a1:9b:48:5f:63:a2:
         24:e8:ee:72:7c:25:12:92:78:2e:2e:40:c4:74:fa:9d:4d:f8:
         ba:7b:42:70:53:90:86:1a:bd:83:31:ae:38:48:ad:0f:03:dc:
         01:9c:e2:f6:f7:c9:64:78:d3:41:3c:a5:61:75:ec:48:7b:ab:
         06:83:83:54:a3:e1:1f:06:c6:5f:95:01:e0:bc:58:8b:d3:6f:
         41:9c:32:e5:24:a0:c1:ec:80:95:7c:ab:a0:95:62:a4:36:c9:
         e5:a7:43:3c:8d:72:a4:e4:a7:43:f4:35:3e:99:b2:d7:ba:c4:
         b6:0d:bc:19
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQijiNRzfHSZT4PgCUPtLuoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDczN2NlMWNmYmU2NTMzYjU4ODBiNjZlYTllMjQxM2Nk
OWM4MjUwHhcNMjUwMTAxMTU0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTg4OTk3ZjIwN2NkNjUyODA0Y2Q3N2YyODUwM2I2MjczZDYxNjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGqt5bcvqS+fIheZGdTMy1kW356M
YSTbB/WPiN96mNG6F7Beh1NltMcKsLf1TMek2yMLDnNMqjHsl8r3LLf2oORU61lF
BdP17Pjd0n+uUvsXRyAcAgKov0H3cb2h6ABr/6I6liXLP4S2Ad4Q7eBZ7t2EWWVA
chjuk45JSNZOAF24lAjOgYdcQhmMYB6frXgTRqWYqlZFodF9utVFx0p+WD/JIMFn
yp5G0EtB3vMMbaOXhqehiZ88GtHu8uI+B3EkdxWLCfqYqLB6pdoobEmk4jCDUxew
bhBR6uZwzfUUQxpnsaFaco/9NAOZlroZFvvJzlosUCy0kzd2iwcaZEojUQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBqImX8gfNZSgEzXfyhQO2Jz1haTMB8GA1UdIwQY
MBaAFLgHN84c++ZTO1iAtm6p4kE82cglMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFjM3poejc1bE03V0lDMmJxbmlRVHpaeUNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS82OTZmOTktZjQxMS00ZTJlLWIyNmEt
NGNhZTU0MTkxY2Q1LzEvR29pWmZ5QjgxbEtBVE5kX0tGQTdZblBXRnBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS82OTZmOTktZjQxMS00ZTJlLWIyNmEtNGNhZTU0MTkxY2Q1
LzEvdUFjM3poejc1bE03V0lDMmJxbmlRVHpaeUNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFVBNAMA0E
AgACMAcDBQMqCoOAMA0GCSqGSIb3DQEBCwUAA4IBAQC9gqFoGAziCWDdlkcTy0Oy
0KSJQNwIBDjjNIR/BySpDfTPObmiJeF9PFZL6HChRrd+tgavJOVQ+e4Fc31FlAFY
uyuowSnFe61TkTpCXpBosBaB9LdwKHNu5VXKPfW/igFl608v2gRqIZUcvOQTHhN5
Xu2MrgVfow6w0c5+5heHLrLP+4Bp7Q9TlMKhm0hfY6Ik6O5yfCUSknguLkDEdPqd
Tfi6e0JwU5CGGr2DMa44SK0PA9wBnOL298lkeNNBPKVhdexIe6sGg4NUo+EfBsZf
lQHgvFiL029BnDLlJKDB7ICVfKuglWKkNsnlp0M8jXKk5KdD9DU+mbLXusS2DbwZ
-----END CERTIFICATE-----