Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/GIL1gcl0sSHqHY8XRGqFIveSXcs.roa
File:                     GIL1gcl0sSHqHY8XRGqFIveSXcs.roa (raw, json)
Hash identifier:          4E3tIs9etwgCI3f6a7acJoQvxEMMWI3GY7BXTR5THNg=
Subject key identifier:   18:82:F5:81:C9:74:B1:21:EA:1D:8F:17:44:6A:85:22:F7:92:5D:CB
Certificate issuer:       /CN=ec6b42021886d8eedbae90d9e6ab1de533c50d20
Certificate serial:       018CC94E5C3FC95279AB2F18E6CB30BECE39
Authority key identifier: EC:6B:42:02:18:86:D8:EE:DB:AE:90:D9:E6:AB:1D:E5:33:C5:0D:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/GIL1gcl0sSHqHY8XRGqFIveSXcs.roa
Signing time:             Tue 02 Jan 2024 08:33:24 +0000
ROA not before:           Tue 02 Jan 2024 08:33:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34936
IP address blocks:        2001:4ba7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 11:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:5c:3f:c9:52:79:ab:2f:18:e6:cb:30:be:ce:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec6b42021886d8eedbae90d9e6ab1de533c50d20
        Validity
            Not Before: Jan  2 08:33:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1882f581c974b121ea1d8f17446a8522f7925dcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:9e:1f:11:84:39:72:d3:fd:c9:cb:d8:9e:63:
                    66:de:2a:5d:fc:e5:40:b3:22:ba:32:2f:5a:f5:37:
                    74:06:c3:82:89:df:d3:75:01:0c:04:c4:85:1b:db:
                    1c:0d:e8:83:37:2f:c4:9c:41:39:44:7c:0a:97:3d:
                    df:f4:72:4b:55:6d:16:e1:00:09:75:43:f6:62:2d:
                    30:8f:45:0c:ac:da:a9:7e:d9:93:07:d1:5e:0e:52:
                    c6:0c:69:73:ef:c4:75:f7:47:88:9c:a2:1c:e9:6b:
                    50:01:39:66:fe:0d:3b:9d:d2:78:e7:a8:99:b1:0a:
                    ff:9c:bb:e1:51:81:19:ed:58:d5:a5:e4:5f:64:cc:
                    63:88:c0:b2:e7:02:64:4b:95:06:98:8b:a6:5a:87:
                    52:2e:e7:eb:16:7d:6f:8b:fe:e3:2d:5a:95:12:35:
                    5e:54:63:69:ed:8d:94:3c:5b:39:83:a5:4e:c5:61:
                    e9:13:4d:92:7c:c1:ab:ed:7e:30:10:1d:b4:f2:f6:
                    8e:53:72:e8:55:c3:91:c1:1d:82:9f:fa:c5:7d:f1:
                    c7:1e:e6:05:b0:f3:8e:b9:de:42:56:95:c0:b9:77:
                    59:f4:97:4e:3c:92:ee:79:17:6b:cc:69:a2:dc:96:
                    2d:74:9f:f0:0a:90:4b:3f:06:38:fa:13:d4:e1:95:
                    4e:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:82:F5:81:C9:74:B1:21:EA:1D:8F:17:44:6A:85:22:F7:92:5D:CB
            X509v3 Authority Key Identifier:
                keyid:EC:6B:42:02:18:86:D8:EE:DB:AE:90:D9:E6:AB:1D:E5:33:C5:0D:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/GIL1gcl0sSHqHY8XRGqFIveSXcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:4ba7::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:ef:eb:2f:47:fc:ed:45:fa:9c:80:18:f3:04:fd:60:31:b4:
         3d:15:b4:97:29:d9:fe:5c:a9:05:9b:c5:08:f9:4f:05:e1:22:
         59:e7:77:ad:7b:23:45:48:91:3e:f4:fa:84:2d:58:e6:09:b1:
         af:26:b9:0c:5a:c4:68:09:bd:fe:95:35:0d:ff:82:10:ca:93:
         11:9a:cb:18:4a:92:9a:58:36:b7:e8:7a:53:56:5a:a4:ce:fa:
         47:27:c4:b1:4e:1f:39:4a:b4:71:04:b9:e9:07:38:14:46:27:
         f6:87:60:78:c0:c6:da:6f:11:b1:fa:4f:36:f7:56:80:18:99:
         c2:b4:b5:88:6a:cd:44:b2:e4:e2:0a:52:d4:6c:2c:4a:fe:54:
         66:89:43:c0:cc:e9:e0:49:3f:04:e1:7f:da:95:0e:07:22:9a:
         f0:a5:ab:0d:4a:ec:39:bd:6f:5e:fc:58:93:aa:13:32:b3:89:
         58:d1:35:7f:44:68:f2:ca:bf:5b:63:e3:37:c6:71:f7:70:19:
         86:c5:8a:bd:cb:a8:7f:ef:b4:01:58:12:54:24:97:95:ea:b2:
         da:0b:80:5b:12:db:11:48:96:3b:ae:b9:20:cd:ab:c9:2a:48:
         b5:bc:48:ca:0b:57:c3:48:e3:a9:36:4b:b4:9a:86:f8:9f:87:
         14:f3:1d:4a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTlw/yVJ5qy8Y5sswvs45MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNmI0MjAyMTg4NmQ4ZWVkYmFlOTBkOWU2YWIxZGU1MzNj
NTBkMjAwHhcNMjQwMTAyMDgzMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODgyZjU4MWM5NzRiMTIxZWExZDhmMTc0NDZhODUyMmY3OTI1ZGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo54fEYQ5ctP9ycvYnmNm3ipd/OVA
syK6Mi9a9Td0BsOCid/TdQEMBMSFG9scDeiDNy/EnEE5RHwKlz3f9HJLVW0W4QAJ
dUP2Yi0wj0UMrNqpftmTB9FeDlLGDGlz78R190eInKIc6WtQATlm/g07ndJ456iZ
sQr/nLvhUYEZ7VjVpeRfZMxjiMCy5wJkS5UGmIumWodSLufrFn1vi/7jLVqVEjVe
VGNp7Y2UPFs5g6VOxWHpE02SfMGr7X4wEB208vaOU3LoVcORwR2Cn/rFffHHHuYF
sPOOud5CVpXAuXdZ9JdOPJLueRdrzGmi3JYtdJ/wCpBLPwY4+hPU4ZVOXwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBiC9YHJdLEh6h2PF0RqhSL3kl3LMB8GA1UdIwQY
MBaAFOxrQgIYhtju266Q2earHeUzxQ0gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0d0Q0FoaUcyTzdicnBEWjVxc2Q1VFBGRFNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8yNmMzZTEtNjQ4Ni00ZTA5LTk5YTQt
YTY4NzNiMzc0ZTI2LzEvR0lMMWdjbDBzU0hxSFk4WFJHcUZJdmVTWGNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8yNmMzZTEtNjQ4Ni00ZTA5LTk5YTQtYTY4NzNiMzc0ZTI2
LzEvN0d0Q0FoaUcyTzdicnBEWjVxc2Q1VFBGRFNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAFLpwAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCy7+svR/ztRfqcgBjzBP1gMbQ9FbSXKdn+XKkF
m8UI+U8F4SJZ53eteyNFSJE+9PqELVjmCbGvJrkMWsRoCb3+lTUN/4IQypMRmssY
SpKaWDa36HpTVlqkzvpHJ8SxTh85SrRxBLnpBzgURif2h2B4wMbabxGx+k8291aA
GJnCtLWIas1EsuTiClLUbCxK/lRmiUPAzOngST8E4X/alQ4HIprwpasNSuw5vW9e
/FiTqhMys4lY0TV/RGjyyr9bY+M3xnH3cBmGxYq9y6h/77QBWBJUJJeV6rLaC4Bb
EtsRSJY7rrkgzavJKki1vEjKC1fDSOOpNku0mob4n4cU8x1K
-----END CERTIFICATE-----