Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/af5657-c8b2-4855-82a7-1dd57e3f3d97/1/GBm75ZmZioJB2ocCMhAt7gwcAjo.roa
File:                     GBm75ZmZioJB2ocCMhAt7gwcAjo.roa (raw, json)
Hash identifier:          gsh5fLNtNPH78sBeeVxRzXrv6jA9hVTz/xvnQZtNCkc=
Subject key identifier:   18:19:BB:E5:99:99:8A:82:41:DA:87:02:32:10:2D:EE:0C:1C:02:3A
Certificate issuer:       /CN=5355040ae92786bf1727b6b4ecc1093b8a7401eb
Certificate serial:       0194221FAE211F27CC7D4A2835376B910FBC
Authority key identifier: 53:55:04:0A:E9:27:86:BF:17:27:B6:B4:EC:C1:09:3B:8A:74:01:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U1UECuknhr8XJ7a07MEJO4p0Aes.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/af5657-c8b2-4855-82a7-1dd57e3f3d97/1/GBm75ZmZioJB2ocCMhAt7gwcAjo.roa
Signing time:             Wed 01 Jan 2025 13:48:09 +0000
ROA not before:           Wed 01 Jan 2025 13:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204621
IP address blocks:        93.95.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/af5657-c8b2-4855-82a7-1dd57e3f3d97/1/U1UECuknhr8XJ7a07MEJO4p0Aes.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/af5657-c8b2-4855-82a7-1dd57e3f3d97/1/U1UECuknhr8XJ7a07MEJO4p0Aes.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U1UECuknhr8XJ7a07MEJO4p0Aes.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:ae:21:1f:27:cc:7d:4a:28:35:37:6b:91:0f:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5355040ae92786bf1727b6b4ecc1093b8a7401eb
        Validity
            Not Before: Jan  1 13:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1819bbe599998a8241da870232102dee0c1c023a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:6f:93:64:d2:2b:71:5d:6d:f7:6c:3b:de:8d:
                    8c:c3:37:27:fa:34:b1:cf:90:27:75:ed:c9:56:6b:
                    82:81:22:6c:7e:e2:64:46:4b:29:6c:03:ea:c1:d9:
                    03:34:10:77:ae:4a:78:77:f3:d8:e7:d3:37:ae:02:
                    8c:34:49:fe:b0:7c:a6:b2:74:40:22:26:3f:8a:52:
                    30:5d:f9:fb:02:ca:49:7f:5c:9d:fa:22:0c:c5:16:
                    e5:e7:e2:93:17:4a:9a:b8:79:78:09:03:1d:75:f6:
                    dc:ab:42:19:64:ac:f5:a4:04:1f:8f:74:e2:ad:9c:
                    8c:ee:8c:5a:17:77:66:3f:95:6f:38:ba:d1:e5:d7:
                    70:c2:66:d9:6e:5c:95:a9:f7:8c:89:a9:52:d6:ce:
                    ad:d4:13:0f:31:7a:e0:ce:01:93:45:3a:cc:55:67:
                    d8:55:af:7d:77:08:33:52:11:1d:2b:a2:1e:31:c5:
                    21:58:b6:8b:b3:08:c2:f1:c2:94:81:29:60:3a:07:
                    0b:27:1a:75:23:eb:20:92:ef:5c:90:75:b3:8c:4d:
                    74:68:2f:26:b0:36:78:61:ea:03:73:eb:21:e5:fa:
                    b6:2e:23:93:3d:92:a0:f9:b0:a7:25:2b:82:71:a1:
                    31:5a:37:79:a8:92:59:51:a0:c0:68:07:1e:35:19:
                    6a:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:19:BB:E5:99:99:8A:82:41:DA:87:02:32:10:2D:EE:0C:1C:02:3A
            X509v3 Authority Key Identifier:
                keyid:53:55:04:0A:E9:27:86:BF:17:27:B6:B4:EC:C1:09:3B:8A:74:01:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U1UECuknhr8XJ7a07MEJO4p0Aes.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/af5657-c8b2-4855-82a7-1dd57e3f3d97/1/GBm75ZmZioJB2ocCMhAt7gwcAjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/af5657-c8b2-4855-82a7-1dd57e3f3d97/1/U1UECuknhr8XJ7a07MEJO4p0Aes.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.95.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:a5:60:dc:d2:8b:97:51:d6:4d:aa:18:f3:29:26:7b:08:89:
         0c:c5:a6:59:14:72:27:b6:23:9b:81:bc:f3:f1:2f:e4:32:c7:
         7a:b5:f4:04:16:e9:ad:90:f3:d2:15:6a:7d:14:c3:16:c3:0f:
         dc:1f:96:00:d5:92:60:65:eb:f5:a0:b4:f6:74:2d:92:b1:a1:
         a5:0e:b8:c4:23:39:41:4e:33:77:bb:43:87:7f:5f:e7:9d:59:
         76:d7:e5:9c:04:57:ee:c8:15:e7:e6:21:57:15:67:86:a3:e5:
         80:70:d6:c2:42:ea:c2:a4:43:8f:14:4f:09:a9:25:34:df:59:
         15:01:d0:6e:93:23:65:44:bc:c0:12:8e:d0:93:4f:b8:77:6e:
         26:a2:fd:ed:09:30:6a:51:78:87:79:9d:17:ea:3d:51:0a:d1:
         46:0b:df:60:c3:8f:9c:ae:a9:1b:1c:da:ce:40:04:92:74:0d:
         d1:e5:ca:f7:02:74:0b:bb:68:37:70:40:93:76:e0:20:46:e5:
         88:57:53:5e:8c:5a:04:4b:a7:9a:6f:bd:4b:b3:b1:0c:c1:3f:
         dc:ef:f5:2a:15:c5:f5:3b:e0:da:f9:f5:b4:f3:81:12:3e:78:
         19:95:e0:7d:a7:58:8a:8f:7f:9b:ff:8a:3f:fd:8e:b4:b4:78:
         2e:b6:35:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH64hHyfMfUooNTdrkQ+8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNTUwNDBhZTkyNzg2YmYxNzI3YjZiNGVjYzEwOTNiOGE3
NDAxZWIwHhcNMjUwMTAxMTM0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODE5YmJlNTk5OTk4YTgyNDFkYTg3MDIzMjEwMmRlZTBjMWMwMjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsm+TZNIrcV1t92w73o2Mwzcn+jSx
z5Ande3JVmuCgSJsfuJkRkspbAPqwdkDNBB3rkp4d/PY59M3rgKMNEn+sHymsnRA
IiY/ilIwXfn7AspJf1yd+iIMxRbl5+KTF0qauHl4CQMddfbcq0IZZKz1pAQfj3Ti
rZyM7oxaF3dmP5VvOLrR5ddwwmbZblyVqfeMialS1s6t1BMPMXrgzgGTRTrMVWfY
Va99dwgzUhEdK6IeMcUhWLaLswjC8cKUgSlgOgcLJxp1I+sgku9ckHWzjE10aC8m
sDZ4YeoDc+sh5fq2LiOTPZKg+bCnJSuCcaExWjd5qJJZUaDAaAceNRlqdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBgZu+WZmYqCQdqHAjIQLe4MHAI6MB8GA1UdIwQY
MBaAFFNVBArpJ4a/Fye2tOzBCTuKdAHrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTFVRUN1a25ocjhYSjdhMDdNRUpPNHAwQWVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9hZjU2NTctYzhiMi00ODU1LTgyYTct
MWRkNTdlM2YzZDk3LzEvR0JtNzVabVppb0pCMm9jQ01oQXQ3Z3djQWpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9hZjU2NTctYzhiMi00ODU1LTgyYTctMWRkNTdlM2YzZDk3
LzEvVTFVRUN1a25ocjhYSjdhMDdNRUpPNHAwQWVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXV/UMA0G
CSqGSIb3DQEBCwUAA4IBAQB8pWDc0ouXUdZNqhjzKSZ7CIkMxaZZFHIntiObgbzz
8S/kMsd6tfQEFumtkPPSFWp9FMMWww/cH5YA1ZJgZev1oLT2dC2SsaGlDrjEIzlB
TjN3u0OHf1/nnVl21+WcBFfuyBXn5iFXFWeGo+WAcNbCQurCpEOPFE8JqSU031kV
AdBukyNlRLzAEo7Qk0+4d24mov3tCTBqUXiHeZ0X6j1RCtFGC99gw4+crqkbHNrO
QASSdA3R5cr3AnQLu2g3cECTduAgRuWIV1NejFoES6eab71Ls7EMwT/c7/UqFcX1
O+Da+fW084ESPngZleB9p1iKj3+b/4o//Y60tHgutjWQ
-----END CERTIFICATE-----