Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/GEthS81Dl3KiMgAyT0y0RVXOQCA.roa
File:                     GEthS81Dl3KiMgAyT0y0RVXOQCA.roa (raw, json)
Hash identifier:          mmII5oXUWCMxrq9i4WIp5PAVBsrpa+8XgGGaajVW714=
Subject key identifier:   18:4B:61:4B:CD:43:97:72:A2:32:00:32:4F:4C:B4:45:55:CE:40:20
Certificate issuer:       /CN=ec6b42021886d8eedbae90d9e6ab1de533c50d20
Certificate serial:       018CC94E5F07CE7395871E4F9E3D3D637238
Authority key identifier: EC:6B:42:02:18:86:D8:EE:DB:AE:90:D9:E6:AB:1D:E5:33:C5:0D:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/GEthS81Dl3KiMgAyT0y0RVXOQCA.roa
Signing time:             Tue 02 Jan 2024 08:33:25 +0000
ROA not before:           Tue 02 Jan 2024 08:33:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212789
IP address blocks:        2a0e:a6c7:1000::/38 maxlen: 48
                          2a0e:a6c7::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 11:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:5f:07:ce:73:95:87:1e:4f:9e:3d:3d:63:72:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec6b42021886d8eedbae90d9e6ab1de533c50d20
        Validity
            Not Before: Jan  2 08:33:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=184b614bcd439772a23200324f4cb44555ce4020
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:ea:8e:87:59:ae:4b:58:ec:f8:f0:ec:37:1c:
                    7f:67:97:19:82:fc:0d:61:e5:a1:ba:23:1f:0c:fa:
                    75:b7:e3:6d:ad:f7:8c:33:6b:e6:63:04:7b:94:2f:
                    41:dd:cc:8a:12:31:9d:6e:88:15:8c:16:6e:f7:11:
                    1b:25:2b:30:35:87:44:d8:78:a7:27:65:41:1c:8d:
                    7e:a3:7f:dc:98:c5:8e:e8:2b:78:d3:64:60:2e:0d:
                    71:5c:a0:4d:1b:7a:62:09:2e:f2:6e:d8:87:be:d1:
                    04:b5:5f:0e:06:c9:13:02:9e:d3:3c:fa:3d:11:f3:
                    ee:a5:c6:59:17:d7:00:88:6f:83:9e:2d:b6:70:e6:
                    7b:f9:dc:07:04:ff:95:9b:86:e5:1e:c1:78:93:7f:
                    28:3d:ee:ec:91:b8:ce:c0:7b:e4:98:c6:af:19:5f:
                    ed:ee:cf:63:ec:ee:aa:70:14:57:66:d4:e3:8e:0f:
                    79:60:16:59:8d:0d:db:01:37:b6:6d:75:17:0c:02:
                    1a:b3:f6:07:50:e6:b6:22:a3:79:ae:92:c9:2a:0f:
                    7e:d2:37:cb:8b:f0:5a:30:f5:cf:4d:a6:f4:fb:3c:
                    a7:33:cd:6f:ac:4f:3d:ec:50:37:1a:bf:2a:a3:ea:
                    fc:c5:f0:59:3e:c3:49:f6:60:b0:64:23:21:15:31:
                    c5:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:4B:61:4B:CD:43:97:72:A2:32:00:32:4F:4C:B4:45:55:CE:40:20
            X509v3 Authority Key Identifier:
                keyid:EC:6B:42:02:18:86:D8:EE:DB:AE:90:D9:E6:AB:1D:E5:33:C5:0D:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/GEthS81Dl3KiMgAyT0y0RVXOQCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:a6c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         52:74:41:14:6e:4f:b8:20:2b:ed:4b:af:e2:c3:d8:b5:90:38:
         aa:39:7e:ec:2d:8f:98:00:cd:22:d0:4a:a6:e1:e8:bc:ee:94:
         68:e3:32:b9:ae:5d:18:0f:d6:32:43:11:4d:b4:39:74:f1:68:
         a1:e7:20:f1:55:13:f4:75:dd:b6:b0:fc:ab:13:c1:c8:ce:8b:
         70:86:75:b1:bc:0e:88:1b:b7:82:34:a6:9a:3e:c8:fc:72:61:
         c6:c4:55:3a:12:d7:90:02:f1:79:12:85:3c:4f:ef:cf:f2:9d:
         f2:4f:4a:27:75:ce:11:35:cc:1a:98:38:79:94:b6:0b:e5:f2:
         29:d7:b2:73:cc:36:17:e4:24:df:9a:9c:26:52:c9:77:73:2e:
         53:34:80:44:6e:8c:60:13:83:50:95:e1:f9:96:ce:52:9c:72:
         9c:14:31:d9:45:07:55:c9:33:f7:35:68:35:9e:e7:fe:53:78:
         14:b9:39:97:b1:62:7a:c5:25:06:0d:2f:f4:f1:98:52:f8:71:
         23:15:11:6a:4f:eb:1c:30:1b:be:b1:c0:e1:13:bb:06:3a:52:
         df:e8:36:0f:75:fe:2b:54:f0:73:c1:9b:27:94:29:38:bf:04:
         d1:64:6f:b7:42:28:9b:24:9f:68:ba:fb:ef:8e:e8:6f:a3:c6:
         b4:b5:df:c7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJTl8HznOVhx5Pnj09Y3I4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNmI0MjAyMTg4NmQ4ZWVkYmFlOTBkOWU2YWIxZGU1MzNj
NTBkMjAwHhcNMjQwMTAyMDgzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODRiNjE0YmNkNDM5NzcyYTIzMjAwMzI0ZjRjYjQ0NTU1Y2U0MDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eqOh1muS1js+PDsNxx/Z5cZgvwN
YeWhuiMfDPp1t+NtrfeMM2vmYwR7lC9B3cyKEjGdbogVjBZu9xEbJSswNYdE2Hin
J2VBHI1+o3/cmMWO6Ct402RgLg1xXKBNG3piCS7ybtiHvtEEtV8OBskTAp7TPPo9
EfPupcZZF9cAiG+Dni22cOZ7+dwHBP+Vm4blHsF4k38oPe7skbjOwHvkmMavGV/t
7s9j7O6qcBRXZtTjjg95YBZZjQ3bATe2bXUXDAIas/YHUOa2IqN5rpLJKg9+0jfL
i/BaMPXPTab0+zynM81vrE897FA3Gr8qo+r8xfBZPsNJ9mCwZCMhFTHFjwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBhLYUvNQ5dyojIAMk9MtEVVzkAgMB8GA1UdIwQY
MBaAFOxrQgIYhtju266Q2earHeUzxQ0gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0d0Q0FoaUcyTzdicnBEWjVxc2Q1VFBGRFNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8yNmMzZTEtNjQ4Ni00ZTA5LTk5YTQt
YTY4NzNiMzc0ZTI2LzEvR0V0aFM4MURsM0tpTWdBeVQweTBSVlhPUUNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8yNmMzZTEtNjQ4Ni00ZTA5LTk5YTQtYTY4NzNiMzc0ZTI2
LzEvN0d0Q0FoaUcyTzdicnBEWjVxc2Q1VFBGRFNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg6mxzAN
BgkqhkiG9w0BAQsFAAOCAQEAUnRBFG5PuCAr7Uuv4sPYtZA4qjl+7C2PmADNItBK
puHovO6UaOMyua5dGA/WMkMRTbQ5dPFooecg8VUT9HXdtrD8qxPByM6LcIZ1sbwO
iBu3gjSmmj7I/HJhxsRVOhLXkALxeRKFPE/vz/Kd8k9KJ3XOETXMGpg4eZS2C+Xy
Kdeyc8w2F+Qk35qcJlLJd3MuUzSARG6MYBODUJXh+ZbOUpxynBQx2UUHVckz9zVo
NZ7n/lN4FLk5l7FiesUlBg0v9PGYUvhxIxURak/rHDAbvrHA4RO7BjpS3+g2D3X+
K1Twc8GbJ5QpOL8E0WRvt0IomySfaLr7747ob6PGtLXfxw==
-----END CERTIFICATE-----