Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/6ad9b8-9f0e-4ad0-a220-3ac3b6737042/1/GoeAUL2QksRS16LiLx9M0SmG6h8.roa
File:                     GoeAUL2QksRS16LiLx9M0SmG6h8.roa (raw, json)
Hash identifier:          Lp7ZvoPe3FFQc8UoBl571bW941fIgYX0UUaKwSRXqLI=
Subject key identifier:   1A:87:80:50:BD:90:92:C4:52:D7:A2:E2:2F:1F:4C:D1:29:86:EA:1F
Certificate issuer:       /CN=af0f5a9bd2ad1e96865f00d08522b9aad3e91a4d
Certificate serial:       01942143CA2DAB76062C108F8DBB1D65F327
Authority key identifier: AF:0F:5A:9B:D2:AD:1E:96:86:5F:00:D0:85:22:B9:AA:D3:E9:1A:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rw9am9KtHpaGXwDQhSK5qtPpGk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/6ad9b8-9f0e-4ad0-a220-3ac3b6737042/1/GoeAUL2QksRS16LiLx9M0SmG6h8.roa
Signing time:             Wed 01 Jan 2025 09:47:58 +0000
ROA not before:           Wed 01 Jan 2025 09:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24940
IP address blocks:        195.60.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/6ad9b8-9f0e-4ad0-a220-3ac3b6737042/1/rw9am9KtHpaGXwDQhSK5qtPpGk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/6ad9b8-9f0e-4ad0-a220-3ac3b6737042/1/rw9am9KtHpaGXwDQhSK5qtPpGk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rw9am9KtHpaGXwDQhSK5qtPpGk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:ca:2d:ab:76:06:2c:10:8f:8d:bb:1d:65:f3:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af0f5a9bd2ad1e96865f00d08522b9aad3e91a4d
        Validity
            Not Before: Jan  1 09:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a878050bd9092c452d7a2e22f1f4cd12986ea1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:58:43:20:ea:75:ea:d8:a3:3e:0c:f3:6d:8d:
                    35:89:b1:b3:1b:d5:d5:fc:c0:0c:4d:bf:f1:3c:79:
                    15:91:4a:dd:6a:a8:a7:42:d4:18:2f:4f:15:40:5a:
                    b6:55:97:d0:dd:81:d4:d1:9f:0c:b8:6e:b3:2b:c8:
                    03:b4:be:d6:bf:5b:de:bc:1f:59:8d:a2:9a:87:6b:
                    b6:7b:86:b6:a2:f1:48:52:6e:51:e2:75:46:8f:b2:
                    35:b0:7d:10:1f:bf:87:91:9c:00:3b:5b:22:bd:e8:
                    06:11:bb:f6:3e:4e:c2:94:a3:39:36:ee:fc:88:dd:
                    65:f0:e7:52:52:be:e7:5d:49:41:e9:62:e3:b7:eb:
                    01:56:8b:aa:05:a8:f3:ee:89:46:0c:5c:bf:20:8e:
                    62:b4:4f:9e:5f:33:fe:d7:60:52:7f:41:ce:08:24:
                    be:8d:e0:15:9b:89:b3:2b:57:d5:23:65:0b:52:57:
                    0b:c2:cd:32:01:22:ea:a5:43:9b:8e:1e:75:c4:de:
                    7d:ea:7f:45:b5:83:33:d4:f5:4d:1c:7c:02:04:48:
                    ad:10:b1:01:49:b9:e9:6f:c4:54:25:1c:0e:09:b6:
                    74:59:8e:80:29:59:62:3f:e2:00:ea:93:f9:97:84:
                    39:6f:c1:f7:61:a8:bf:e9:0a:85:57:e0:f5:a3:89:
                    84:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:87:80:50:BD:90:92:C4:52:D7:A2:E2:2F:1F:4C:D1:29:86:EA:1F
            X509v3 Authority Key Identifier:
                keyid:AF:0F:5A:9B:D2:AD:1E:96:86:5F:00:D0:85:22:B9:AA:D3:E9:1A:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rw9am9KtHpaGXwDQhSK5qtPpGk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/6ad9b8-9f0e-4ad0-a220-3ac3b6737042/1/GoeAUL2QksRS16LiLx9M0SmG6h8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/6ad9b8-9f0e-4ad0-a220-3ac3b6737042/1/rw9am9KtHpaGXwDQhSK5qtPpGk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:63:4f:3c:09:eb:3e:25:b1:34:5a:cb:7f:68:4d:9d:c0:c7:
         81:69:64:16:c6:23:06:17:1a:e6:af:24:8c:ea:82:78:80:dd:
         ef:6e:40:a0:eb:f7:d2:75:66:0e:7c:09:f8:1a:15:2d:35:3a:
         45:aa:75:4e:f2:87:d7:2a:60:3b:34:d8:b2:70:be:de:a1:2e:
         76:9d:88:20:50:f8:4c:38:a6:fd:dc:15:1d:f0:8e:f0:8e:6d:
         43:4d:20:2d:54:c9:42:d3:23:a6:aa:19:e4:eb:78:ba:71:7e:
         16:88:3a:6d:76:6d:a4:98:96:c6:fe:ac:9e:92:62:81:01:fa:
         8c:b7:2a:37:97:b3:f7:39:d7:9a:96:c8:c8:96:fd:6d:52:1f:
         25:cf:d4:a9:27:91:6e:ed:2e:6f:e9:f3:bc:a3:84:01:39:ec:
         18:b0:ed:8c:dd:77:4e:c7:e1:cc:60:e2:85:9e:ee:80:47:c7:
         65:84:85:01:98:91:62:39:5e:73:5a:f9:b7:81:71:1d:56:03:
         72:9d:ff:ba:56:14:67:25:af:33:74:cf:60:e8:8b:51:ea:f5:
         4a:cb:e9:4d:04:82:ea:f4:11:c9:ef:3d:2a:2a:ff:4f:fe:4d:
         c8:c4:63:b6:ac:92:11:a8:77:2a:8c:d6:48:32:33:93:b9:5b:
         e9:aa:a8:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ8otq3YGLBCPjbsdZfMnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMGY1YTliZDJhZDFlOTY4NjVmMDBkMDg1MjJiOWFhZDNl
OTFhNGQwHhcNMjUwMTAxMDk0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTg3ODA1MGJkOTA5MmM0NTJkN2EyZTIyZjFmNGNkMTI5ODZlYTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVhDIOp16tijPgzzbY01ibGzG9XV
/MAMTb/xPHkVkUrdaqinQtQYL08VQFq2VZfQ3YHU0Z8MuG6zK8gDtL7Wv1vevB9Z
jaKah2u2e4a2ovFIUm5R4nVGj7I1sH0QH7+HkZwAO1sivegGEbv2Pk7ClKM5Nu78
iN1l8OdSUr7nXUlB6WLjt+sBVouqBajz7olGDFy/II5itE+eXzP+12BSf0HOCCS+
jeAVm4mzK1fVI2ULUlcLws0yASLqpUObjh51xN596n9FtYMz1PVNHHwCBEitELEB
Sbnpb8RUJRwOCbZ0WY6AKVliP+IA6pP5l4Q5b8H3Yai/6QqFV+D1o4mE6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBqHgFC9kJLEUtei4i8fTNEphuofMB8GA1UdIwQY
MBaAFK8PWpvSrR6Whl8A0IUiuarT6RpNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnc5YW05S3RIcGFHWHdEUWhTSzVxdFBwR2swLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS82YWQ5YjgtOWYwZS00YWQwLWEyMjAt
M2FjM2I2NzM3MDQyLzEvR29lQVVMMlFrc1JTMTZMaUx4OU0wU21HNmg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS82YWQ5YjgtOWYwZS00YWQwLWEyMjAtM2FjM2I2NzM3MDQy
LzEvcnc5YW05S3RIcGFHWHdEUWhTSzVxdFBwR2swLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwzziMA0G
CSqGSIb3DQEBCwUAA4IBAQBOY088Ces+JbE0Wst/aE2dwMeBaWQWxiMGFxrmrySM
6oJ4gN3vbkCg6/fSdWYOfAn4GhUtNTpFqnVO8ofXKmA7NNiycL7eoS52nYggUPhM
OKb93BUd8I7wjm1DTSAtVMlC0yOmqhnk63i6cX4WiDptdm2kmJbG/qyekmKBAfqM
tyo3l7P3OdealsjIlv1tUh8lz9SpJ5Fu7S5v6fO8o4QBOewYsO2M3XdOx+HMYOKF
nu6AR8dlhIUBmJFiOV5zWvm3gXEdVgNynf+6VhRnJa8zdM9g6ItR6vVKy+lNBILq
9BHJ7z0qKv9P/k3IxGO2rJIRqHcqjNZIMjOTuVvpqqgn
-----END CERTIFICATE-----