Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/GGh-0xxwn6ceElDQMHRGmEsQE-s.roa
File:                     GGh-0xxwn6ceElDQMHRGmEsQE-s.roa (raw, json)
Hash identifier:          P3CSh7y+NvPz/ZjtWmpED7vAzzUGfZNIvd2EgvFxP9s=
Subject key identifier:   18:68:7E:D3:1C:70:9F:A7:1E:12:50:D0:30:74:46:98:4B:10:13:EB
Certificate issuer:       /CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
Certificate serial:       0194228DA9E7D725362359057DE2D26EA353
Authority key identifier: 79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/GGh-0xxwn6ceElDQMHRGmEsQE-s.roa
Signing time:             Wed 01 Jan 2025 15:48:16 +0000
ROA not before:           Wed 01 Jan 2025 15:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201775
IP address blocks:        178.170.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:a9:e7:d7:25:36:23:59:05:7d:e2:d2:6e:a3:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
        Validity
            Not Before: Jan  1 15:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18687ed31c709fa71e1250d0307446984b1013eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:74:1f:a7:db:5c:a4:a5:80:de:4f:6f:e1:6d:
                    f2:0a:1f:8b:74:3e:73:96:23:d5:29:ea:c9:1a:24:
                    62:89:dd:c7:6c:39:8b:03:a4:47:d1:54:14:49:ec:
                    86:4b:ff:63:13:70:c2:1c:02:cf:16:57:b1:42:6f:
                    98:d1:35:0f:e5:01:49:98:d1:c4:6b:b6:d5:5a:96:
                    d3:bf:28:ea:05:32:c8:21:ba:6f:34:66:ed:02:01:
                    c8:47:f9:35:94:b5:23:3a:fc:8f:91:c9:03:d0:77:
                    7c:14:5b:5a:74:36:b7:b7:37:41:a6:25:0e:54:c1:
                    7f:43:a5:75:c6:d0:e2:4a:d5:90:2f:b8:97:ab:b5:
                    de:75:a5:14:5f:1d:bc:c8:ea:fe:73:78:8e:f1:6e:
                    86:3d:43:77:27:08:52:08:95:36:94:a7:f9:91:87:
                    ef:a8:4d:81:2f:ba:b8:c3:3e:c8:3e:f5:77:a9:b4:
                    39:86:16:d5:81:38:74:78:23:00:4a:1f:3a:0b:40:
                    4f:15:1f:4b:1e:6b:83:4a:84:0a:73:7d:0a:1f:31:
                    94:b8:89:24:63:d1:6a:45:1e:4c:02:37:f4:04:d4:
                    9d:56:dc:90:13:58:47:3c:6d:37:84:23:e7:a1:c6:
                    2e:11:2c:73:d3:0f:f6:63:9c:6d:8b:b2:e9:9d:bb:
                    16:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:68:7E:D3:1C:70:9F:A7:1E:12:50:D0:30:74:46:98:4B:10:13:EB
            X509v3 Authority Key Identifier:
                keyid:79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/GGh-0xxwn6ceElDQMHRGmEsQE-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.170.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:0d:f4:b9:63:af:05:5a:a9:aa:6d:1d:49:21:01:ec:b7:0f:
         09:63:42:59:bd:1d:4f:41:ce:c5:cd:30:f3:e8:33:fa:f7:f9:
         a9:44:02:58:1a:cd:c4:ba:cd:33:7b:0d:98:c5:88:ef:66:85:
         80:4f:98:da:79:b1:44:9b:d7:a1:95:66:39:07:75:5b:07:c7:
         a9:f5:82:a8:5d:71:54:9b:ec:9f:d5:f1:46:31:9e:95:9f:7c:
         31:0b:82:7e:97:31:21:4a:e9:f4:0f:ce:44:18:97:7b:cb:db:
         b5:b3:52:bf:d4:00:f9:81:77:5a:a6:e6:9b:38:36:2b:07:86:
         0e:40:a1:c4:16:23:d6:fd:89:8d:f2:0a:ec:c6:72:86:08:65:
         f4:41:6f:8d:39:38:26:cc:3d:ad:20:ba:91:6d:27:3e:a2:9b:
         88:e4:33:14:e0:0c:2e:d9:2e:ca:25:1a:ac:d9:74:f7:18:c5:
         9b:da:18:80:70:4b:05:3b:23:2b:bf:f1:35:4d:e8:53:71:73:
         d0:bd:13:2a:95:fc:71:81:52:1d:79:4c:a5:4a:e2:20:da:d3:
         0e:d8:d2:45:b0:51:f0:3a:d8:e8:44:53:51:e2:ed:5e:f3:3b:
         ea:48:fd:82:3b:75:f5:2e:1f:c4:64:a7:b7:c6:0b:1e:02:35:
         fa:5e:87:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijann1yU2I1kFfeLSbqNTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5Nzk4NjNjZWE4MmFlYjhlOWRmMzg0YjM5YWE1MTc2ZjRi
Y2ZhNjEwHhcNMjUwMTAxMTU0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODY4N2VkMzFjNzA5ZmE3MWUxMjUwZDAzMDc0NDY5ODRiMTAxM2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXQfp9tcpKWA3k9v4W3yCh+LdD5z
liPVKerJGiRiid3HbDmLA6RH0VQUSeyGS/9jE3DCHALPFlexQm+Y0TUP5QFJmNHE
a7bVWpbTvyjqBTLIIbpvNGbtAgHIR/k1lLUjOvyPkckD0Hd8FFtadDa3tzdBpiUO
VMF/Q6V1xtDiStWQL7iXq7XedaUUXx28yOr+c3iO8W6GPUN3JwhSCJU2lKf5kYfv
qE2BL7q4wz7IPvV3qbQ5hhbVgTh0eCMASh86C0BPFR9LHmuDSoQKc30KHzGUuIkk
Y9FqRR5MAjf0BNSdVtyQE1hHPG03hCPnocYuESxz0w/2Y5xti7LpnbsWowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBhoftMccJ+nHhJQ0DB0RphLEBPrMB8GA1UdIwQY
MBaAFHl5hjzqgq646d84SzmqUXb0vPphMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEt
ZGU0YWNmNDQ3ZmFlLzEvR0doLTB4eHduNmNlRWxEUU1IUkdtRXNRRS1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEtZGU0YWNmNDQ3ZmFl
LzEvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsqrlMA0G
CSqGSIb3DQEBCwUAA4IBAQBcDfS5Y68FWqmqbR1JIQHstw8JY0JZvR1PQc7FzTDz
6DP69/mpRAJYGs3Eus0zew2YxYjvZoWAT5jaebFEm9ehlWY5B3VbB8ep9YKoXXFU
m+yf1fFGMZ6Vn3wxC4J+lzEhSun0D85EGJd7y9u1s1K/1AD5gXdapuabODYrB4YO
QKHEFiPW/YmN8grsxnKGCGX0QW+NOTgmzD2tILqRbSc+opuI5DMU4Awu2S7KJRqs
2XT3GMWb2hiAcEsFOyMrv/E1TehTcXPQvRMqlfxxgVIdeUylSuIg2tMO2NJFsFHw
OtjoRFNR4u1e8zvqSP2CO3X1Lh/EZKe3xgseAjX6Xof1
-----END CERTIFICATE-----