Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/GgheZMui_9obLhlNhZVy8uWvs5U.roa
File:                     GgheZMui_9obLhlNhZVy8uWvs5U.roa (raw, json)
Hash identifier:          7NB7RYWksH/wQuJ5gKOAyFQPxId7nbq3caWrTZFbMUE=
Subject key identifier:   1A:08:5E:64:CB:A2:FF:DA:1B:2E:19:4D:85:95:72:F2:E5:AF:B3:95
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       01968A9790706924EFD14AE406688A8746FF
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/GgheZMui_9obLhlNhZVy8uWvs5U.roa
Signing time:             Thu 01 May 2025 06:45:10 +0000
ROA not before:           Thu 01 May 2025 06:45:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        37.34.80.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 13:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:8a:97:90:70:69:24:ef:d1:4a:e4:06:68:8a:87:46:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: May  1 06:45:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a085e64cba2ffda1b2e194d859572f2e5afb395
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:59:70:b8:1c:8e:d4:4b:b8:b8:81:c9:f7:71:
                    37:c7:f2:15:b0:3b:41:f4:36:73:32:04:62:ef:2e:
                    f8:23:b4:92:b5:bf:ad:45:b0:7e:65:30:f7:7a:51:
                    53:72:d6:f6:8d:7e:ed:c2:e7:05:a3:bd:4e:65:9d:
                    fd:f9:84:43:70:35:c9:d1:40:ab:a2:0a:6e:bd:f4:
                    bc:95:2f:75:5b:dd:a3:bc:76:44:79:f8:c1:db:e4:
                    1a:a6:8e:13:4d:04:74:78:d6:49:8e:f0:73:7e:bf:
                    83:75:fd:04:ec:8c:9d:d7:e1:f6:92:43:fd:15:33:
                    4a:4d:87:a2:df:8b:7b:f6:1c:75:59:9e:9f:d1:0c:
                    45:c8:9b:5a:54:d3:5f:9d:4c:74:9d:39:7c:f4:a6:
                    53:f9:09:10:1f:83:5e:11:9b:fa:68:5f:2b:55:89:
                    81:63:77:f5:e0:f6:b1:4e:1b:7f:ab:b1:9e:8b:1a:
                    36:2c:e2:47:3e:ad:20:84:9f:58:a7:d6:34:bf:80:
                    b8:52:5e:eb:e6:50:9f:96:d6:1e:a9:4e:96:e0:18:
                    a2:76:42:69:09:91:81:10:c4:72:99:74:7e:23:34:
                    51:2d:f6:99:18:c1:6d:49:05:bf:a7:1e:5e:e8:78:
                    04:30:3b:d6:28:18:11:31:8b:2d:43:f3:64:5f:b4:
                    1d:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:08:5E:64:CB:A2:FF:DA:1B:2E:19:4D:85:95:72:F2:E5:AF:B3:95
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/GgheZMui_9obLhlNhZVy8uWvs5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.34.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8e:63:81:eb:4d:d9:7d:3c:a8:c0:56:4f:8c:cd:dc:dd:95:81:
         4c:7d:23:94:2e:b1:b3:f1:c4:d8:4f:64:4a:5f:0f:5f:6d:49:
         7a:5d:19:99:c8:f1:1b:f8:d9:2e:44:bb:44:05:fd:92:b3:30:
         23:55:e8:bf:51:72:aa:48:ae:1c:d1:7a:94:88:86:f4:e1:99:
         d8:51:48:94:1d:d2:30:09:58:d8:3f:aa:01:8c:cb:c0:5b:57:
         36:1f:95:11:9a:60:4c:16:6e:75:7b:36:3d:9b:a7:67:28:6e:
         1c:65:0b:f7:22:03:ab:47:ac:3b:f9:db:3d:4f:00:dd:c8:8d:
         71:4b:e8:73:d6:a6:02:71:54:7a:af:b5:1e:8b:56:1b:cc:03:
         ec:9c:f9:06:99:e6:60:78:cb:d0:3e:3b:f2:53:86:69:2e:2c:
         ce:f3:49:f7:65:3a:be:18:47:38:20:f5:2c:3b:1b:3b:16:1e:
         de:ff:06:b2:bf:4c:36:f9:c4:83:cd:82:d0:64:1d:39:59:1e:
         da:07:a0:a0:65:89:1d:82:2e:5f:59:70:f6:40:9b:c9:26:21:
         42:0b:7e:72:d2:ba:9f:f1:1c:66:5d:98:cc:75:1b:23:c0:4a:
         0e:6d:48:a9:55:e2:69:e9:8d:07:bb:fc:0c:8f:92:72:38:6f:
         ee:6e:25:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaKl5BwaSTv0UrkBmiKh0b/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUwNTAxMDY0NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTA4NWU2NGNiYTJmZmRhMWIyZTE5NGQ4NTk1NzJmMmU1YWZiMzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtllwuByO1Eu4uIHJ93E3x/IVsDtB
9DZzMgRi7y74I7SStb+tRbB+ZTD3elFTctb2jX7twucFo71OZZ39+YRDcDXJ0UCr
ogpuvfS8lS91W92jvHZEefjB2+Qapo4TTQR0eNZJjvBzfr+Ddf0E7Iyd1+H2kkP9
FTNKTYei34t79hx1WZ6f0QxFyJtaVNNfnUx0nTl89KZT+QkQH4NeEZv6aF8rVYmB
Y3f14PaxTht/q7Geixo2LOJHPq0ghJ9Yp9Y0v4C4Ul7r5lCfltYeqU6W4BiidkJp
CZGBEMRymXR+IzRRLfaZGMFtSQW/px5e6HgEMDvWKBgRMYstQ/NkX7QdsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBoIXmTLov/aGy4ZTYWVcvLlr7OVMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvR2doZVpNdWlfOW9iTGhsTmhaVnk4dVd2czVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDJSJQMA0G
CSqGSIb3DQEBCwUAA4IBAQCOY4HrTdl9PKjAVk+MzdzdlYFMfSOULrGz8cTYT2RK
Xw9fbUl6XRmZyPEb+NkuRLtEBf2SszAjVei/UXKqSK4c0XqUiIb04ZnYUUiUHdIw
CVjYP6oBjMvAW1c2H5URmmBMFm51ezY9m6dnKG4cZQv3IgOrR6w7+ds9TwDdyI1x
S+hz1qYCcVR6r7Uei1YbzAPsnPkGmeZgeMvQPjvyU4ZpLizO80n3ZTq+GEc4IPUs
Oxs7Fh7e/wayv0w2+cSDzYLQZB05WR7aB6CgZYkdgi5fWXD2QJvJJiFCC35y0rqf
8RxmXZjMdRsjwEoObUipVeJp6Y0Hu/wMj5JyOG/ubiVg
-----END CERTIFICATE-----