Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/GDjcSJRpbxsP-Ma2iZ9DaoE0V9g.roa
File:                     GDjcSJRpbxsP-Ma2iZ9DaoE0V9g.roa (raw, json)
Hash identifier:          lxo7qLtx8kT9QBskdr6m2TJhZmTGchO2yAES9/mHLyE=
Subject key identifier:   18:38:DC:48:94:69:6F:1B:0F:F8:C6:B6:89:9F:43:6A:81:34:57:D8
Certificate issuer:       /CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
Certificate serial:       018EF61F3C863FB92D75499560B8319611EA
Authority key identifier: CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/GDjcSJRpbxsP-Ma2iZ9DaoE0V9g.roa
Signing time:             Fri 19 Apr 2024 11:30:25 +0000
ROA not before:           Fri 19 Apr 2024 11:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51659
IP address blocks:        2a0e:7f46::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f6:1f:3c:86:3f:b9:2d:75:49:95:60:b8:31:96:11:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
        Validity
            Not Before: Apr 19 11:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1838dc4894696f1b0ff8c6b6899f436a813457d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:7f:d9:8f:28:9f:4f:75:24:7f:a2:67:87:6f:
                    13:3f:5d:96:03:9f:51:b2:0b:f7:f4:48:fc:14:7c:
                    e7:17:40:b8:25:ab:b2:48:6f:fa:87:31:e1:a6:34:
                    3a:c7:d8:4c:36:b4:c9:d8:44:30:d8:bb:7c:2e:a0:
                    b7:5a:22:7d:81:46:c1:fb:68:70:73:cc:17:70:27:
                    9f:63:da:bf:39:bf:80:1c:d8:df:fd:ff:8e:5e:dc:
                    20:cd:8d:8d:0f:da:48:e7:1a:29:14:84:a9:ed:d5:
                    8e:0c:42:4e:57:70:84:68:53:ab:fd:aa:d7:56:c7:
                    57:ac:47:4e:72:0f:28:a7:89:2e:00:f5:db:a9:a9:
                    42:b2:92:93:cf:a5:11:5c:1e:a4:ec:fd:b1:1d:0e:
                    45:b8:17:92:8c:6e:2a:de:a6:33:c9:4f:0d:24:a5:
                    a2:92:55:41:a7:17:6f:0f:75:58:ce:a3:c8:60:c8:
                    71:ab:51:35:8e:94:76:6d:e6:a1:15:ad:f6:28:c6:
                    dd:06:f5:66:8b:5c:49:26:de:99:67:56:9e:ed:27:
                    d3:2b:66:4d:d8:41:5b:8c:a3:b6:b1:25:22:da:4e:
                    cf:63:e2:8e:0e:b4:92:9f:86:73:28:4b:b4:c4:6e:
                    7d:9f:3f:c9:f8:f5:04:a8:61:20:ff:e2:db:69:7c:
                    b6:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:38:DC:48:94:69:6F:1B:0F:F8:C6:B6:89:9F:43:6A:81:34:57:D8
            X509v3 Authority Key Identifier:
                keyid:CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/GDjcSJRpbxsP-Ma2iZ9DaoE0V9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:7f46::/32

    Signature Algorithm: sha256WithRSAEncryption
         63:31:74:6a:67:97:56:98:5f:76:48:c1:48:f7:c9:b2:13:23:
         b2:0f:47:3b:f5:f5:57:92:46:58:b0:f2:43:42:f9:1a:44:eb:
         d0:d4:af:fc:be:30:05:a3:f5:b6:7c:7b:c0:42:bf:c9:ca:89:
         c3:62:5f:97:3c:c5:f7:4c:00:0a:9a:f1:81:13:ea:81:1a:d9:
         05:32:b7:51:53:08:9f:8f:65:af:13:21:59:1e:3c:1f:d4:53:
         c4:32:e4:f3:52:24:61:06:f9:b0:8a:c2:d8:cf:18:b0:5f:41:
         de:ec:06:8a:fd:1e:36:91:e2:58:30:d4:36:7f:b7:6f:27:fa:
         a3:f7:9c:b6:97:de:70:d8:71:9e:06:ac:0b:2f:63:4c:38:c2:
         9c:4d:7f:47:c6:54:36:95:5f:1d:f6:61:d7:47:d0:d1:70:cf:
         49:c9:d5:2f:c6:93:50:e7:54:32:3d:e8:ac:84:e4:e3:09:8a:
         93:cb:bc:64:8f:24:1c:bf:59:8c:d1:07:99:33:e8:b0:66:ed:
         5d:48:36:1c:56:7e:b8:69:d7:f1:aa:01:ff:b8:71:f3:39:ad:
         6b:fb:6f:91:c2:c1:72:90:fc:a7:5e:1b:5d:8d:7a:24:0f:93:
         c0:fd:6c:16:e2:a8:ca:1d:f7:e2:6b:c9:4c:83:9e:9a:cf:c6:
         47:ba:ea:05
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY72HzyGP7ktdUmVYLgxlhHqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOWNjZDgzMGI3ZTAzMzA4YmY1Y2YyNWU2N2E3ZmMyYmRl
MDk1N2MwHhcNMjQwNDE5MTEzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODM4ZGM0ODk0Njk2ZjFiMGZmOGM2YjY4OTlmNDM2YTgxMzQ1N2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqX/ZjyifT3Ukf6Jnh28TP12WA59R
sgv39Ej8FHznF0C4JauySG/6hzHhpjQ6x9hMNrTJ2EQw2Lt8LqC3WiJ9gUbB+2hw
c8wXcCefY9q/Ob+AHNjf/f+OXtwgzY2ND9pI5xopFISp7dWODEJOV3CEaFOr/arX
VsdXrEdOcg8op4kuAPXbqalCspKTz6URXB6k7P2xHQ5FuBeSjG4q3qYzyU8NJKWi
klVBpxdvD3VYzqPIYMhxq1E1jpR2beahFa32KMbdBvVmi1xJJt6ZZ1ae7SfTK2ZN
2EFbjKO2sSUi2k7PY+KODrSSn4ZzKEu0xG59nz/J+PUEqGEg/+LbaXy2UwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBg43EiUaW8bD/jGtomfQ2qBNFfYMB8GA1UdIwQY
MBaAFMqczYMLfgMwi/XPJeZ6f8K94JV8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQt
ZDFjZGUyNDY1Zjg5LzEvR0RqY1NKUnBieHNQLU1hMmlaOURhb0UwVjlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQtZDFjZGUyNDY1Zjg5
LzEveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg5/RjAN
BgkqhkiG9w0BAQsFAAOCAQEAYzF0ameXVphfdkjBSPfJshMjsg9HO/X1V5JGWLDy
Q0L5GkTr0NSv/L4wBaP1tnx7wEK/ycqJw2JflzzF90wACprxgRPqgRrZBTK3UVMI
n49lrxMhWR48H9RTxDLk81IkYQb5sIrC2M8YsF9B3uwGiv0eNpHiWDDUNn+3byf6
o/ectpfecNhxngasCy9jTDjCnE1/R8ZUNpVfHfZh10fQ0XDPScnVL8aTUOdUMj3o
rITk4wmKk8u8ZI8kHL9ZjNEHmTPosGbtXUg2HFZ+uGnX8aoB/7hx8zmta/tvkcLB
cpD8p14bXY16JA+TwP1sFuKoyh334mvJTIOems/GR7rqBQ==
-----END CERTIFICATE-----