Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/b7d875-b12c-4ed8-b80f-41487f4d4171/1/gCOrJJaf7HO535LCuEoI7vxf65A.roa
File:                     gCOrJJaf7HO535LCuEoI7vxf65A.roa (raw, json)
Hash identifier:          7Nbxw9zLeIaRzeX3DJv4MIaTHvVYcSTc1CbOKxR59lQ=
Subject key identifier:   80:23:AB:24:96:9F:EC:73:B9:DF:92:C2:B8:4A:08:EE:FC:5F:EB:90
Certificate issuer:       /CN=df61a292223ad9aebc8ad82c2a56475fbd97a834
Certificate serial:       019420D5CA996F3B82B06FBB4F366D915E69
Authority key identifier: DF:61:A2:92:22:3A:D9:AE:BC:8A:D8:2C:2A:56:47:5F:BD:97:A8:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/32GikiI62a68itgsKlZHX72XqDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/b7d875-b12c-4ed8-b80f-41487f4d4171/1/gCOrJJaf7HO535LCuEoI7vxf65A.roa
Signing time:             Wed 01 Jan 2025 07:47:49 +0000
ROA not before:           Wed 01 Jan 2025 07:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39402
IP address blocks:        45.129.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/b7d875-b12c-4ed8-b80f-41487f4d4171/1/32GikiI62a68itgsKlZHX72XqDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/b7d875-b12c-4ed8-b80f-41487f4d4171/1/32GikiI62a68itgsKlZHX72XqDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/32GikiI62a68itgsKlZHX72XqDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:ca:99:6f:3b:82:b0:6f:bb:4f:36:6d:91:5e:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df61a292223ad9aebc8ad82c2a56475fbd97a834
        Validity
            Not Before: Jan  1 07:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8023ab24969fec73b9df92c2b84a08eefc5feb90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:fd:7d:83:a0:c5:ef:17:30:f6:2c:57:22:ca:
                    0c:35:02:5e:be:b4:b6:38:15:ff:c7:63:29:ac:55:
                    17:8c:4d:6d:0b:17:ee:ed:c7:8f:97:5c:53:4f:63:
                    bc:f3:ee:1e:04:9d:02:c2:29:60:17:fe:e6:19:4a:
                    28:6e:bf:6f:cc:bc:80:3c:b0:a7:2d:2f:dc:ca:e2:
                    40:e1:5a:41:f7:cc:68:c5:76:89:4a:e1:b6:3f:6f:
                    27:f6:03:bf:17:14:8e:36:da:9c:42:fa:60:5e:20:
                    c0:60:82:fc:46:fb:71:cc:99:ea:d9:bd:c0:29:39:
                    e6:a8:7b:72:b5:69:de:18:7d:23:51:90:f6:25:dd:
                    c8:31:d2:67:a5:4f:ba:15:f6:5f:cc:75:c7:02:b6:
                    09:c9:29:c3:38:2c:3d:08:64:52:4c:40:40:0e:7e:
                    1b:0b:29:c8:c4:2a:97:db:f1:6c:be:ce:2e:83:b6:
                    98:bd:b0:91:1f:2b:4f:03:20:14:f7:ee:44:59:47:
                    b5:f1:bc:43:82:d1:11:2a:8d:4c:34:95:18:f2:64:
                    b9:43:2d:2d:7a:94:3b:00:33:8f:3e:59:40:de:d7:
                    99:08:29:68:21:aa:8f:11:cc:f1:e2:6f:f6:c0:c1:
                    11:80:98:1c:50:7b:63:5e:91:bd:2a:98:9a:57:1d:
                    6d:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:23:AB:24:96:9F:EC:73:B9:DF:92:C2:B8:4A:08:EE:FC:5F:EB:90
            X509v3 Authority Key Identifier:
                keyid:DF:61:A2:92:22:3A:D9:AE:BC:8A:D8:2C:2A:56:47:5F:BD:97:A8:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/32GikiI62a68itgsKlZHX72XqDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/b7d875-b12c-4ed8-b80f-41487f4d4171/1/gCOrJJaf7HO535LCuEoI7vxf65A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/b7d875-b12c-4ed8-b80f-41487f4d4171/1/32GikiI62a68itgsKlZHX72XqDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:be:ee:cc:72:68:ed:32:6e:29:92:26:9a:b2:69:9d:ab:97:
         e2:cb:b9:eb:4e:77:24:85:72:f3:32:26:3c:7b:3e:4a:1e:d7:
         2e:84:56:f0:81:3d:c9:bd:41:cf:ed:8c:94:1c:7c:8d:cb:da:
         ef:cf:db:aa:ef:fa:54:14:51:65:ed:94:5a:35:63:36:2a:93:
         5e:ec:18:bf:7e:91:82:04:c5:ad:6d:68:de:7f:3e:1d:d7:f3:
         9a:e6:83:cb:96:31:e6:6e:96:36:11:93:97:2f:0d:b0:0e:a6:
         90:3d:f3:0a:68:94:fe:e4:4b:be:92:22:86:98:d0:12:d3:da:
         3e:e8:6b:b5:f7:a0:6a:cc:cb:96:bf:92:67:8e:4b:28:73:58:
         71:fd:10:7d:31:c3:96:2a:05:95:86:84:ee:68:a8:85:92:81:
         c1:70:8c:ef:ae:ce:6e:b1:bd:a3:7f:b1:56:80:bb:ca:f2:a9:
         9e:87:f8:9a:0f:5d:76:9b:fe:09:bc:af:8b:ff:5d:c5:79:0f:
         6b:af:96:17:e0:39:6a:bb:68:cd:99:48:e3:ea:4f:df:e7:11:
         db:5a:79:3b:97:51:ed:09:ff:6c:1f:b9:43:8c:df:b7:5d:db:
         e2:e2:5a:13:b6:9c:4b:da:98:02:ba:02:6b:45:19:d1:b7:bf:
         e3:b3:15:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1cqZbzuCsG+7TzZtkV5pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmNjFhMjkyMjIzYWQ5YWViYzhhZDgyYzJhNTY0NzVmYmQ5
N2E4MzQwHhcNMjUwMTAxMDc0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDIzYWIyNDk2OWZlYzczYjlkZjkyYzJiODRhMDhlZWZjNWZlYjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/19g6DF7xcw9ixXIsoMNQJevrS2
OBX/x2MprFUXjE1tCxfu7cePl1xTT2O88+4eBJ0CwilgF/7mGUoobr9vzLyAPLCn
LS/cyuJA4VpB98xoxXaJSuG2P28n9gO/FxSONtqcQvpgXiDAYIL8RvtxzJnq2b3A
KTnmqHtytWneGH0jUZD2Jd3IMdJnpU+6FfZfzHXHArYJySnDOCw9CGRSTEBADn4b
CynIxCqX2/Fsvs4ug7aYvbCRHytPAyAU9+5EWUe18bxDgtERKo1MNJUY8mS5Qy0t
epQ7ADOPPllA3teZCCloIaqPEczx4m/2wMERgJgcUHtjXpG9KpiaVx1tFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIAjqySWn+xzud+SwrhKCO78X+uQMB8GA1UdIwQY
MBaAFN9hopIiOtmuvIrYLCpWR1+9l6g0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzJHaWtpSTYyYTY4aXRnc0tsWkhYNzJYcURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9iN2Q4NzUtYjEyYy00ZWQ4LWI4MGYt
NDE0ODdmNGQ0MTcxLzEvZ0NPckpKYWY3SE81MzVMQ3VFb0k3dnhmNjVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9iN2Q4NzUtYjEyYy00ZWQ4LWI4MGYtNDE0ODdmNGQ0MTcx
LzEvMzJHaWtpSTYyYTY4aXRnc0tsWkhYNzJYcURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYGKMA0G
CSqGSIb3DQEBCwUAA4IBAQAPvu7McmjtMm4pkiaasmmdq5fiy7nrTnckhXLzMiY8
ez5KHtcuhFbwgT3JvUHP7YyUHHyNy9rvz9uq7/pUFFFl7ZRaNWM2KpNe7Bi/fpGC
BMWtbWjefz4d1/Oa5oPLljHmbpY2EZOXLw2wDqaQPfMKaJT+5Eu+kiKGmNAS09o+
6Gu196BqzMuWv5Jnjksoc1hx/RB9McOWKgWVhoTuaKiFkoHBcIzvrs5usb2jf7FW
gLvK8qmeh/iaD112m/4JvK+L/13FeQ9rr5YX4Dlqu2jNmUjj6k/f5xHbWnk7l1Ht
Cf9sH7lDjN+3Xdvi4loTtpxL2pgCugJrRRnRt7/jsxXB
-----END CERTIFICATE-----