Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/998a1d-3095-4643-873d-d8c950cacab5/1/gNGKUpZCXd8q1DoJLImZ6jAcs7E.roa
File:                     gNGKUpZCXd8q1DoJLImZ6jAcs7E.roa (raw, json)
Hash identifier:          sSxxOvPgg252LzRC1H4oHyqsDh65DNBimoIxyS9qxFo=
Subject key identifier:   80:D1:8A:52:96:42:5D:DF:2A:D4:3A:09:2C:89:99:EA:30:1C:B3:B1
Certificate issuer:       /CN=a72472c3f004b0b71f118e872b9838a4e0c721c7
Certificate serial:       0195C79649BF562E71582B2A79DB5FB7F8D2
Authority key identifier: A7:24:72:C3:F0:04:B0:B7:1F:11:8E:87:2B:98:38:A4:E0:C7:21:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pyRyw_AEsLcfEY6HK5g4pODHIcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/998a1d-3095-4643-873d-d8c950cacab5/1/gNGKUpZCXd8q1DoJLImZ6jAcs7E.roa
Signing time:             Mon 24 Mar 2025 09:57:49 +0000
ROA not before:           Mon 24 Mar 2025 09:57:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15830
IP address blocks:        158.120.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/998a1d-3095-4643-873d-d8c950cacab5/1/pyRyw_AEsLcfEY6HK5g4pODHIcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/998a1d-3095-4643-873d-d8c950cacab5/1/pyRyw_AEsLcfEY6HK5g4pODHIcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pyRyw_AEsLcfEY6HK5g4pODHIcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:c7:96:49:bf:56:2e:71:58:2b:2a:79:db:5f:b7:f8:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a72472c3f004b0b71f118e872b9838a4e0c721c7
        Validity
            Not Before: Mar 24 09:57:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80d18a5296425ddf2ad43a092c8999ea301cb3b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:7d:e4:f6:39:4b:44:74:2c:af:c8:10:38:b3:
                    fd:1f:1f:84:71:9b:8b:36:bc:9f:12:26:8d:6f:48:
                    e7:9c:b1:da:bb:92:50:fb:6b:d7:19:30:eb:55:fd:
                    ce:d9:40:70:29:25:25:10:fd:6f:c8:83:61:52:94:
                    39:23:ae:b1:ea:2d:f2:7f:e3:3c:1c:26:52:99:92:
                    1e:8d:37:0a:61:74:23:7e:79:5e:14:39:e4:23:f4:
                    67:c8:00:b2:fd:36:a6:f5:f2:eb:b7:c3:7a:22:55:
                    07:37:03:2c:81:fb:2d:f4:06:6b:a0:75:da:e4:48:
                    4c:3c:6e:77:17:9f:7f:32:c7:fd:d7:de:1a:e8:75:
                    63:2c:0b:b5:a9:03:dc:ec:e3:e1:79:c0:77:13:0e:
                    85:01:7c:06:d7:df:71:64:d2:29:4a:a7:05:df:bf:
                    de:4b:c6:16:05:ab:f5:25:ee:69:89:e8:9c:8b:c4:
                    46:6a:66:be:c9:8c:77:a1:e5:c0:d0:a2:39:03:33:
                    5c:2e:e2:79:c1:68:da:ae:b1:5e:64:0c:3a:87:bb:
                    3a:74:cf:27:94:8c:5a:32:cf:f8:41:b8:eb:cb:0d:
                    f4:85:88:dc:f0:39:6c:a3:82:51:79:a6:45:2e:a1:
                    d3:19:6d:d4:08:5f:5b:04:1b:32:f2:81:a0:fe:53:
                    9a:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:D1:8A:52:96:42:5D:DF:2A:D4:3A:09:2C:89:99:EA:30:1C:B3:B1
            X509v3 Authority Key Identifier:
                keyid:A7:24:72:C3:F0:04:B0:B7:1F:11:8E:87:2B:98:38:A4:E0:C7:21:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pyRyw_AEsLcfEY6HK5g4pODHIcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/998a1d-3095-4643-873d-d8c950cacab5/1/gNGKUpZCXd8q1DoJLImZ6jAcs7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/998a1d-3095-4643-873d-d8c950cacab5/1/pyRyw_AEsLcfEY6HK5g4pODHIcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.120.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:45:24:73:61:48:22:48:a7:e7:b3:80:42:ac:f8:60:d6:66:
         d1:b4:cf:53:f4:a9:00:92:e1:e0:81:c2:8a:26:68:ba:70:ba:
         dc:aa:02:4e:a6:54:9a:9f:11:63:f1:d9:cb:1d:61:b8:12:d8:
         f4:0e:aa:38:b4:8c:e1:e4:e3:6c:66:c4:6d:5e:8b:0f:f4:ab:
         c1:e1:2b:2c:e8:8b:a8:2e:59:9b:5d:0f:d1:36:ce:5f:9d:94:
         29:a6:53:29:cb:52:d4:56:98:3b:e4:80:f7:ea:c9:2a:4c:0e:
         3e:64:e8:16:26:7d:a0:b0:e7:5b:b8:f6:3c:aa:95:43:7f:4c:
         d0:e7:ba:c7:fd:07:71:7d:60:7e:d8:cd:3d:70:5b:24:2a:9d:
         87:8e:b7:05:e0:27:e9:e4:7c:09:5d:b8:77:67:25:39:50:21:
         75:f5:e2:2e:19:b8:34:1c:d4:18:4e:8c:8c:d8:17:26:f9:6c:
         24:c1:11:06:38:fd:a1:62:46:2c:f6:e8:51:b3:90:2c:c6:de:
         6c:16:d8:07:f8:4f:6d:66:20:14:ec:fd:51:86:fc:bd:e2:fb:
         af:d1:c9:03:7c:42:27:8e:5c:ae:d5:50:69:ae:cb:e8:3a:97:
         84:8f:cc:4b:5a:3c:27:a7:59:e2:e2:27:4f:3e:c9:6c:02:e2:
         99:b1:70:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXHlkm/Vi5xWCsqedtft/jSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3MjQ3MmMzZjAwNGIwYjcxZjExOGU4NzJiOTgzOGE0ZTBj
NzIxYzcwHhcNMjUwMzI0MDk1NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGQxOGE1Mjk2NDI1ZGRmMmFkNDNhMDkyYzg5OTllYTMwMWNiM2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyn3k9jlLRHQsr8gQOLP9Hx+EcZuL
NryfEiaNb0jnnLHau5JQ+2vXGTDrVf3O2UBwKSUlEP1vyINhUpQ5I66x6i3yf+M8
HCZSmZIejTcKYXQjfnleFDnkI/RnyACy/Tam9fLrt8N6IlUHNwMsgfst9AZroHXa
5EhMPG53F59/Msf9194a6HVjLAu1qQPc7OPhecB3Ew6FAXwG199xZNIpSqcF37/e
S8YWBav1Je5pieici8RGama+yYx3oeXA0KI5AzNcLuJ5wWjarrFeZAw6h7s6dM8n
lIxaMs/4Qbjryw30hYjc8Dlso4JReaZFLqHTGW3UCF9bBBsy8oGg/lOaTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIDRilKWQl3fKtQ6CSyJmeowHLOxMB8GA1UdIwQY
MBaAFKckcsPwBLC3HxGOhyuYOKTgxyHHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHlSeXdfQUVzTGNmRVk2SEs1ZzRwT0RISWNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS85OThhMWQtMzA5NS00NjQzLTg3M2Qt
ZDhjOTUwY2FjYWI1LzEvZ05HS1VwWkNYZDhxMURvSkxJbVo2akFjczdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS85OThhMWQtMzA5NS00NjQzLTg3M2QtZDhjOTUwY2FjYWI1
LzEvcHlSeXdfQUVzTGNmRVk2SEs1ZzRwT0RISWNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnnj+MA0G
CSqGSIb3DQEBCwUAA4IBAQCYRSRzYUgiSKfns4BCrPhg1mbRtM9T9KkAkuHggcKK
Jmi6cLrcqgJOplSanxFj8dnLHWG4Etj0Dqo4tIzh5ONsZsRtXosP9KvB4Sss6Iuo
LlmbXQ/RNs5fnZQpplMpy1LUVpg75ID36skqTA4+ZOgWJn2gsOdbuPY8qpVDf0zQ
57rH/QdxfWB+2M09cFskKp2HjrcF4Cfp5HwJXbh3ZyU5UCF19eIuGbg0HNQYToyM
2Bcm+WwkwREGOP2hYkYs9uhRs5Asxt5sFtgH+E9tZiAU7P1Rhvy94vuv0ckDfEIn
jlyu1VBprsvoOpeEj8xLWjwnp1ni4idPPslsAuKZsXAQ
-----END CERTIFICATE-----