Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/8ccf07-1e8b-411f-b043-4641ab6e4bfb/1/G_IYoZfZUxFUxoKj63LyULDLjWc.roa
File:                     G_IYoZfZUxFUxoKj63LyULDLjWc.roa (raw, json)
Hash identifier:          p32xiHa5RLyOZriAfbie5PUear7BZRAYgBWelDYnr3o=
Subject key identifier:   1B:F2:18:A1:97:D9:53:11:54:C6:82:A3:EB:72:F2:50:B0:CB:8D:67
Certificate issuer:       /CN=bd5c08323ac27ab6553a5a69a73a58f802423d68
Certificate serial:       0194206804DAACCF527642C50B2CE5FFB1F6
Authority key identifier: BD:5C:08:32:3A:C2:7A:B6:55:3A:5A:69:A7:3A:58:F8:02:42:3D:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vVwIMjrCerZVOlpppzpY-AJCPWg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/8ccf07-1e8b-411f-b043-4641ab6e4bfb/1/G_IYoZfZUxFUxoKj63LyULDLjWc.roa
Signing time:             Wed 01 Jan 2025 05:47:55 +0000
ROA not before:           Wed 01 Jan 2025 05:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15659
IP address blocks:        185.127.100.0/23 maxlen: 23
                          2a03:96e0::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/8ccf07-1e8b-411f-b043-4641ab6e4bfb/1/vVwIMjrCerZVOlpppzpY-AJCPWg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/8ccf07-1e8b-411f-b043-4641ab6e4bfb/1/vVwIMjrCerZVOlpppzpY-AJCPWg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vVwIMjrCerZVOlpppzpY-AJCPWg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:04:da:ac:cf:52:76:42:c5:0b:2c:e5:ff:b1:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd5c08323ac27ab6553a5a69a73a58f802423d68
        Validity
            Not Before: Jan  1 05:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1bf218a197d9531154c682a3eb72f250b0cb8d67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:4e:05:1a:ea:0e:9f:cd:cb:e0:36:ea:ff:85:
                    f3:59:60:98:a1:ee:82:82:09:db:93:a9:ff:2d:de:
                    46:73:28:ff:1d:bb:da:d0:60:02:ca:ec:2f:e7:89:
                    44:5d:d7:71:1a:c4:62:a5:f8:e1:67:62:84:ea:52:
                    1e:d3:dc:04:cc:fa:d8:8e:d9:23:24:b1:5f:d9:ae:
                    ce:db:90:bd:52:66:20:1a:f3:f7:05:4c:1b:01:ac:
                    f0:d8:43:c8:d7:be:59:43:84:6f:a0:c6:78:3f:a6:
                    9c:75:6c:9c:b7:c3:7e:2b:e8:95:2d:64:29:5b:6b:
                    a8:3f:3d:6d:92:69:1c:b3:ff:3d:72:49:77:5d:3e:
                    e7:3b:ae:47:88:8b:08:e5:a7:1a:4a:3e:59:7a:a7:
                    d4:21:c3:4b:eb:d3:2a:7c:d5:f8:2d:1d:ab:41:92:
                    36:8d:8c:43:bb:d1:23:f8:da:12:e9:4c:37:c9:d1:
                    4e:36:a5:df:15:7c:3f:21:d6:5d:4e:43:50:04:99:
                    ff:3d:eb:bb:52:f4:50:c9:54:f3:da:7e:8f:5e:c6:
                    70:09:02:19:0d:b4:66:1e:63:ac:8c:86:e0:46:a5:
                    d3:84:ad:61:38:89:68:f3:0e:75:73:ea:49:9f:07:
                    ba:8a:96:32:1c:98:87:32:bd:c7:29:2a:8f:18:2a:
                    ee:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:F2:18:A1:97:D9:53:11:54:C6:82:A3:EB:72:F2:50:B0:CB:8D:67
            X509v3 Authority Key Identifier:
                keyid:BD:5C:08:32:3A:C2:7A:B6:55:3A:5A:69:A7:3A:58:F8:02:42:3D:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vVwIMjrCerZVOlpppzpY-AJCPWg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/8ccf07-1e8b-411f-b043-4641ab6e4bfb/1/G_IYoZfZUxFUxoKj63LyULDLjWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/8ccf07-1e8b-411f-b043-4641ab6e4bfb/1/vVwIMjrCerZVOlpppzpY-AJCPWg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.127.100.0/23
                IPv6:
                  2a03:96e0::/33

    Signature Algorithm: sha256WithRSAEncryption
         1e:54:67:d1:42:cd:4e:73:d4:df:54:e8:ab:ab:ac:a2:c7:67:
         e5:c8:b8:6c:2c:29:0c:98:e0:ff:1f:b7:51:e4:d4:cc:57:3a:
         03:7d:4b:89:88:17:1f:0a:29:fe:82:19:36:43:d3:c0:17:c7:
         c8:c9:06:a5:13:8f:07:e2:b9:e2:3f:86:75:2e:70:b9:2b:64:
         1e:02:91:59:ab:2f:c8:f8:5d:13:6d:66:23:0a:46:ff:d7:ae:
         99:9f:16:50:57:79:21:00:b7:73:8d:1c:af:05:e3:9e:6c:3d:
         00:2a:74:b7:54:26:fe:08:47:d5:15:98:22:0d:2d:3a:70:62:
         2d:f8:98:64:d5:6e:f3:6f:62:c4:e1:28:41:fd:f3:c6:c3:5d:
         5c:f8:15:d0:8a:f2:9f:dd:55:07:d8:49:f9:f7:c9:c9:23:63:
         f0:6c:18:e1:85:48:1e:76:37:56:56:9a:a5:fa:89:b1:5d:dc:
         3a:4a:37:e5:31:43:06:17:99:73:63:95:26:46:ea:2a:34:b8:
         24:25:66:ee:94:ea:ae:7f:f1:7e:b5:09:92:14:be:63:5c:14:
         18:e1:a5:62:04:ca:fd:49:a9:55:7e:8b:74:3a:cd:ef:c6:50:
         ae:64:99:46:40:21:b1:6f:cc:ed:31:4a:5a:89:e0:9a:00:43:
         78:49:7c:fd
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQgaATarM9SdkLFCyzl/7H2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkNWMwODMyM2FjMjdhYjY1NTNhNWE2OWE3M2E1OGY4MDI0
MjNkNjgwHhcNMjUwMTAxMDU0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmYyMThhMTk3ZDk1MzExNTRjNjgyYTNlYjcyZjI1MGIwY2I4ZDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7U4FGuoOn83L4Dbq/4XzWWCYoe6C
ggnbk6n/Ld5Gcyj/Hbva0GACyuwv54lEXddxGsRipfjhZ2KE6lIe09wEzPrYjtkj
JLFf2a7O25C9UmYgGvP3BUwbAazw2EPI175ZQ4RvoMZ4P6acdWyct8N+K+iVLWQp
W2uoPz1tkmkcs/89ckl3XT7nO65HiIsI5acaSj5ZeqfUIcNL69MqfNX4LR2rQZI2
jYxDu9Ej+NoS6Uw3ydFONqXfFXw/IdZdTkNQBJn/Peu7UvRQyVTz2n6PXsZwCQIZ
DbRmHmOsjIbgRqXThK1hOIlo8w51c+pJnwe6ipYyHJiHMr3HKSqPGCruaQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFBvyGKGX2VMRVMaCo+ty8lCwy41nMB8GA1UdIwQY
MBaAFL1cCDI6wnq2VTpaaac6WPgCQj1oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlZ3SU1qckNlclpWT2xwcHB6cFktQUpDUFdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS84Y2NmMDctMWU4Yi00MTFmLWIwNDMt
NDY0MWFiNmU0YmZiLzEvR19JWW9aZlpVeEZVeG9LajYzTHlVTERMaldjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS84Y2NmMDctMWU4Yi00MTFmLWIwNDMtNDY0MWFiNmU0YmZi
LzEvdlZ3SU1qckNlclpWT2xwcHB6cFktQUpDUFdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQBuX9kMA4E
AgACMAgDBgcqA5bgADANBgkqhkiG9w0BAQsFAAOCAQEAHlRn0ULNTnPU31Toq6us
osdn5ci4bCwpDJjg/x+3UeTUzFc6A31LiYgXHwop/oIZNkPTwBfHyMkGpROPB+K5
4j+GdS5wuStkHgKRWasvyPhdE21mIwpG/9eumZ8WUFd5IQC3c40crwXjnmw9ACp0
t1Qm/ghH1RWYIg0tOnBiLfiYZNVu829ixOEoQf3zxsNdXPgV0Iryn91VB9hJ+ffJ
ySNj8GwY4YVIHnY3VlaapfqJsV3cOko35TFDBheZc2OVJkbqKjS4JCVm7pTqrn/x
frUJkhS+Y1wUGOGlYgTK/UmpVX6LdDrN78ZQrmSZRkAhsW/M7TFKWongmgBDeEl8
/Q==
-----END CERTIFICATE-----