Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/eb013f-5774-4e06-a5d4-ed5d6ce8d7e8/1/GqvVrTS1D1gVg90jZTPehWtQLRQ.roa
File:                     GqvVrTS1D1gVg90jZTPehWtQLRQ.roa (raw, json)
Hash identifier:          LxVTM1klAU4F47R5N8ESdhoMkw/tOTpHAKU8mCez65o=
Subject key identifier:   1A:AB:D5:AD:34:B5:0F:58:15:83:DD:23:65:33:DE:85:6B:50:2D:14
Certificate issuer:       /CN=c7c24de99101fafdf74bca293fd6d95060d50a63
Certificate serial:       018CC5DC4939A729C05A776BE12DF3E9CB1D
Authority key identifier: C7:C2:4D:E9:91:01:FA:FD:F7:4B:CA:29:3F:D6:D9:50:60:D5:0A:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x8JN6ZEB-v33S8opP9bZUGDVCmM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/eb013f-5774-4e06-a5d4-ed5d6ce8d7e8/1/GqvVrTS1D1gVg90jZTPehWtQLRQ.roa
Signing time:             Mon 01 Jan 2024 16:29:57 +0000
ROA not before:           Mon 01 Jan 2024 16:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25117
IP address blocks:        2a04:cec0:1380::/41 maxlen: 48
                          2a04:cec0:1300::/41 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/eb013f-5774-4e06-a5d4-ed5d6ce8d7e8/1/x8JN6ZEB-v33S8opP9bZUGDVCmM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/eb013f-5774-4e06-a5d4-ed5d6ce8d7e8/1/x8JN6ZEB-v33S8opP9bZUGDVCmM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x8JN6ZEB-v33S8opP9bZUGDVCmM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:49:39:a7:29:c0:5a:77:6b:e1:2d:f3:e9:cb:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7c24de99101fafdf74bca293fd6d95060d50a63
        Validity
            Not Before: Jan  1 16:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1aabd5ad34b50f581583dd236533de856b502d14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:2c:24:aa:dd:01:7a:81:15:d0:da:65:73:d8:
                    1c:77:04:c2:2d:fb:7d:a5:9e:01:5c:8e:20:ad:ad:
                    c5:74:1d:83:82:65:56:17:e6:84:29:f8:68:ff:5a:
                    96:78:21:d8:0e:40:bc:d3:0d:81:9d:13:5e:2f:51:
                    4f:4e:64:2c:f1:c0:83:ab:2e:7d:40:c4:6f:a8:55:
                    a8:f3:95:f9:7d:15:b3:77:2b:64:b5:61:e0:11:ef:
                    ab:ef:83:2e:40:4d:e2:a6:cb:77:88:b4:94:44:d1:
                    23:ce:95:ea:13:4c:be:e0:65:cc:eb:e6:55:1a:34:
                    fd:c3:20:dc:77:2e:77:f4:a7:e2:82:06:48:37:fc:
                    48:94:f2:b5:07:44:05:65:21:60:2a:82:ef:06:54:
                    d8:b2:07:5b:77:91:fb:f2:ef:19:94:b2:83:e9:06:
                    f9:ac:7b:e8:64:49:87:c8:5e:c0:08:9a:ed:e5:17:
                    b9:d5:b1:e9:5d:9e:b7:54:9f:d8:d0:f4:09:84:66:
                    da:c3:69:3f:5a:cc:1d:93:63:61:57:78:d5:e4:5e:
                    f2:7c:8b:4b:ee:61:27:37:b2:07:03:b2:5b:f9:44:
                    c9:a6:e2:fb:0b:de:94:0c:8d:3c:2c:65:db:52:7f:
                    f6:18:3b:ec:29:91:5d:9e:34:64:cd:5e:81:b2:b9:
                    a5:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:AB:D5:AD:34:B5:0F:58:15:83:DD:23:65:33:DE:85:6B:50:2D:14
            X509v3 Authority Key Identifier:
                keyid:C7:C2:4D:E9:91:01:FA:FD:F7:4B:CA:29:3F:D6:D9:50:60:D5:0A:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x8JN6ZEB-v33S8opP9bZUGDVCmM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/eb013f-5774-4e06-a5d4-ed5d6ce8d7e8/1/GqvVrTS1D1gVg90jZTPehWtQLRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/eb013f-5774-4e06-a5d4-ed5d6ce8d7e8/1/x8JN6ZEB-v33S8opP9bZUGDVCmM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:cec0:1300::/40

    Signature Algorithm: sha256WithRSAEncryption
         cd:c1:ed:f1:62:d0:49:bb:dd:56:82:50:79:b5:3a:5f:40:32:
         9d:c8:20:40:bd:c7:3f:a2:af:3f:f3:3f:3c:a4:70:63:18:48:
         f4:45:dc:1e:af:66:c8:e0:79:9b:a4:a2:71:5c:81:f0:b6:ac:
         44:4a:cd:55:ee:92:d3:75:30:71:e6:14:fa:d4:9b:7a:d5:b6:
         4a:9d:8e:eb:a2:83:9e:0f:2f:bf:2a:8a:76:a0:c4:f3:35:ae:
         6b:6e:85:e5:ee:06:04:17:d0:b3:56:cf:66:ba:49:9c:bc:43:
         d5:ad:0e:0b:ee:4d:b1:51:57:14:60:4c:5e:51:b8:3b:30:7a:
         d0:e6:a3:76:7d:d1:47:3e:2c:a7:07:83:49:c0:36:2c:e2:7e:
         b3:d8:c7:cb:98:95:b1:60:0b:19:ea:8e:98:59:1a:66:2c:df:
         92:d3:42:35:42:7d:1a:36:7e:fe:3b:8a:38:9b:fc:6d:ec:fc:
         b4:90:54:d3:ee:fb:e5:3c:2e:ae:60:0a:18:54:77:19:00:90:
         36:8a:b7:79:0e:1d:2e:20:70:23:17:6d:27:91:cf:78:c2:62:
         d6:3c:c3:c3:76:0c:b4:8a:a6:4e:37:61:d8:de:95:3e:ee:85:
         8e:85:b6:13:e0:55:20:9d:cd:61:cc:1e:19:98:6a:bb:a3:9f:
         04:09:4c:0c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzF3Ek5pynAWndr4S3z6csdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3YzI0ZGU5OTEwMWZhZmRmNzRiY2EyOTNmZDZkOTUwNjBk
NTBhNjMwHhcNMjQwMTAxMTYyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWFiZDVhZDM0YjUwZjU4MTU4M2RkMjM2NTMzZGU4NTZiNTAyZDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjSwkqt0BeoEV0Nplc9gcdwTCLft9
pZ4BXI4gra3FdB2DgmVWF+aEKfho/1qWeCHYDkC80w2BnRNeL1FPTmQs8cCDqy59
QMRvqFWo85X5fRWzdytktWHgEe+r74MuQE3ipst3iLSURNEjzpXqE0y+4GXM6+ZV
GjT9wyDcdy539KfiggZIN/xIlPK1B0QFZSFgKoLvBlTYsgdbd5H78u8ZlLKD6Qb5
rHvoZEmHyF7ACJrt5Re51bHpXZ63VJ/Y0PQJhGbaw2k/Wswdk2NhV3jV5F7yfItL
7mEnN7IHA7Jb+UTJpuL7C96UDI08LGXbUn/2GDvsKZFdnjRkzV6BsrmldwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBqr1a00tQ9YFYPdI2Uz3oVrUC0UMB8GA1UdIwQY
MBaAFMfCTemRAfr990vKKT/W2VBg1QpjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDhKTjZaRUItdjMzUzhvcFA5YlpVR0RWQ21NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9lYjAxM2YtNTc3NC00ZTA2LWE1ZDQt
ZWQ1ZDZjZThkN2U4LzEvR3F2VnJUUzFEMWdWZzkwalpUUGVoV3RRTFJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9lYjAxM2YtNTc3NC00ZTA2LWE1ZDQtZWQ1ZDZjZThkN2U4
LzEveDhKTjZaRUItdjMzUzhvcFA5YlpVR0RWQ21NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgTOwBMw
DQYJKoZIhvcNAQELBQADggEBAM3B7fFi0Em73VaCUHm1Ol9AMp3IIEC9xz+irz/z
PzykcGMYSPRF3B6vZsjgeZukonFcgfC2rERKzVXuktN1MHHmFPrUm3rVtkqdjuui
g54PL78qinagxPM1rmtuheXuBgQX0LNWz2a6SZy8Q9WtDgvuTbFRVxRgTF5RuDsw
etDmo3Z90Uc+LKcHg0nANizifrPYx8uYlbFgCxnqjphZGmYs35LTQjVCfRo2fv47
ijib/G3s/LSQVNPu++U8Lq5gChhUdxkAkDaKt3kOHS4gcCMXbSeRz3jCYtY8w8N2
DLSKpk43YdjelT7uhY6FthPgVSCdzWHMHhmYarujnwQJTAw=
-----END CERTIFICATE-----