Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/6679f4-9165-4a8b-8892-7dea8fff2e08/1/GebsWPCLvbRRI0Vb9n7nCV8gl8M.roa
File:                     GebsWPCLvbRRI0Vb9n7nCV8gl8M.roa (raw, json)
Hash identifier:          D3fMC1A09id9h5q/CETFr9FbCI7O2eiKyq6Ih6dWDVU=
Subject key identifier:   19:E6:EC:58:F0:8B:BD:B4:51:23:45:5B:F6:7E:E7:09:5F:20:97:C3
Certificate issuer:       /CN=b86ddabfc48952bee26d6d5f828831f596a154e9
Certificate serial:       018FEDC3DF3A51AF7B1E2C0A98C96EA50D85
Authority key identifier: B8:6D:DA:BF:C4:89:52:BE:E2:6D:6D:5F:82:88:31:F5:96:A1:54:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uG3av8SJUr7ibW1fgogx9ZahVOk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/6679f4-9165-4a8b-8892-7dea8fff2e08/1/GebsWPCLvbRRI0Vb9n7nCV8gl8M.roa
Signing time:             Thu 06 Jun 2024 13:36:27 +0000
ROA not before:           Thu 06 Jun 2024 13:36:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214829
IP address blocks:        2a14:59c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/6679f4-9165-4a8b-8892-7dea8fff2e08/1/uG3av8SJUr7ibW1fgogx9ZahVOk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/6679f4-9165-4a8b-8892-7dea8fff2e08/1/uG3av8SJUr7ibW1fgogx9ZahVOk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uG3av8SJUr7ibW1fgogx9ZahVOk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ed:c3:df:3a:51:af:7b:1e:2c:0a:98:c9:6e:a5:0d:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b86ddabfc48952bee26d6d5f828831f596a154e9
        Validity
            Not Before: Jun  6 13:36:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19e6ec58f08bbdb45123455bf67ee7095f2097c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:db:35:70:27:9f:4d:ea:17:4a:bb:16:1c:e2:
                    ad:9a:09:78:cf:c1:5b:c7:9c:eb:c5:c0:f9:25:f0:
                    78:96:5a:0f:d3:e3:c6:b6:d9:f2:56:1d:23:3f:ed:
                    87:2a:72:0b:48:0f:63:5f:21:d9:a9:44:25:b6:c9:
                    94:c4:00:d9:84:bd:6b:86:f6:71:0b:fe:74:e9:89:
                    98:71:e4:94:5c:03:9f:bc:7e:b5:6d:30:19:f5:cf:
                    ce:6a:82:10:a9:e4:72:87:68:24:8f:60:de:4a:91:
                    e2:54:ba:4d:7f:bf:68:d1:e8:82:94:b5:c9:40:68:
                    dc:4f:e7:13:cb:61:62:1a:ce:77:5d:11:65:73:78:
                    e2:88:bd:8f:d0:db:e3:b0:49:ec:bf:bb:29:12:b2:
                    ff:03:b1:e8:76:49:08:bb:8c:ba:8e:d1:9b:47:1e:
                    e1:da:c4:78:c6:2d:f8:84:30:e9:50:4d:74:dd:7a:
                    09:8b:05:89:b9:31:92:1f:c8:34:34:cf:b9:67:8a:
                    31:bd:79:02:50:09:e4:e6:a3:72:95:38:1b:8f:87:
                    5a:4f:16:23:50:7a:84:d2:49:0b:c5:05:24:9d:68:
                    27:c3:d9:97:16:12:d4:b5:8f:f2:7e:c8:55:e7:03:
                    23:f4:36:f3:d4:b4:95:bd:0d:a7:e9:14:9a:77:08:
                    d3:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:E6:EC:58:F0:8B:BD:B4:51:23:45:5B:F6:7E:E7:09:5F:20:97:C3
            X509v3 Authority Key Identifier:
                keyid:B8:6D:DA:BF:C4:89:52:BE:E2:6D:6D:5F:82:88:31:F5:96:A1:54:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uG3av8SJUr7ibW1fgogx9ZahVOk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/6679f4-9165-4a8b-8892-7dea8fff2e08/1/GebsWPCLvbRRI0Vb9n7nCV8gl8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/6679f4-9165-4a8b-8892-7dea8fff2e08/1/uG3av8SJUr7ibW1fgogx9ZahVOk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:59c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6a:49:8a:a0:11:84:4c:d5:1d:0d:2e:96:88:88:26:3a:37:92:
         d4:04:d7:92:a7:e3:23:55:10:49:ba:35:eb:cd:af:f2:57:a2:
         c7:e8:16:0f:fc:af:de:a6:b9:40:3c:3d:2c:dc:9e:0c:71:07:
         10:7f:97:7c:cc:68:c7:8a:00:f1:05:b5:e1:78:cd:d2:b0:e1:
         11:74:52:b2:83:ce:b2:be:51:02:6b:67:36:3b:e9:47:9e:74:
         a6:c9:f2:bd:d8:29:12:e5:6a:30:83:91:22:94:69:29:a1:9e:
         4a:c5:73:4a:01:67:6c:2e:9e:ed:05:87:7f:85:3a:d4:0d:16:
         5b:b6:14:20:ea:9c:90:94:fd:1f:09:7f:62:54:5b:2e:e6:02:
         fc:1f:41:63:af:80:58:7c:4a:41:64:cd:f9:c4:a9:2a:00:b7:
         20:3e:d0:c2:9c:3c:81:ac:92:e3:96:60:4d:7d:d3:2a:a7:13:
         db:de:80:a8:43:bc:e6:9a:87:85:f6:c4:30:5e:c0:e4:0a:c2:
         dd:dc:cd:db:c3:ea:e4:03:49:ff:52:09:0c:fb:72:e0:1f:5a:
         5b:55:55:62:fc:f7:f4:7d:5c:60:ac:61:7e:5c:21:e1:ef:80:
         e4:5e:11:ec:fa:62:54:93:39:46:34:39:ce:2c:e4:07:19:6e:
         75:04:d2:f4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY/tw986Ua97HiwKmMlupQ2FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NmRkYWJmYzQ4OTUyYmVlMjZkNmQ1ZjgyODgzMWY1OTZh
MTU0ZTkwHhcNMjQwNjA2MTMzNjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWU2ZWM1OGYwOGJiZGI0NTEyMzQ1NWJmNjdlZTcwOTVmMjA5N2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNs1cCefTeoXSrsWHOKtmgl4z8Fb
x5zrxcD5JfB4lloP0+PGttnyVh0jP+2HKnILSA9jXyHZqUQltsmUxADZhL1rhvZx
C/506YmYceSUXAOfvH61bTAZ9c/OaoIQqeRyh2gkj2DeSpHiVLpNf79o0eiClLXJ
QGjcT+cTy2FiGs53XRFlc3jiiL2P0NvjsEnsv7spErL/A7HodkkIu4y6jtGbRx7h
2sR4xi34hDDpUE103XoJiwWJuTGSH8g0NM+5Z4oxvXkCUAnk5qNylTgbj4daTxYj
UHqE0kkLxQUknWgnw9mXFhLUtY/yfshV5wMj9Dbz1LSVvQ2n6RSadwjTPwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBnm7Fjwi720USNFW/Z+5wlfIJfDMB8GA1UdIwQY
MBaAFLht2r/EiVK+4m1tX4KIMfWWoVTpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUczYXY4U0pVcjdpYlcxZmdvZ3g5WmFoVk9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy82Njc5ZjQtOTE2NS00YThiLTg4OTIt
N2RlYThmZmYyZTA4LzEvR2Vic1dQQ0x2YlJSSTBWYjluN25DVjhnbDhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy82Njc5ZjQtOTE2NS00YThiLTg4OTItN2RlYThmZmYyZTA4
LzEvdUczYXY4U0pVcjdpYlcxZmdvZ3g5WmFoVk9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRZwDAN
BgkqhkiG9w0BAQsFAAOCAQEAakmKoBGETNUdDS6WiIgmOjeS1ATXkqfjI1UQSbo1
682v8leix+gWD/yv3qa5QDw9LNyeDHEHEH+XfMxox4oA8QW14XjN0rDhEXRSsoPO
sr5RAmtnNjvpR550psnyvdgpEuVqMIORIpRpKaGeSsVzSgFnbC6e7QWHf4U61A0W
W7YUIOqckJT9Hwl/YlRbLuYC/B9BY6+AWHxKQWTN+cSpKgC3ID7Qwpw8gayS45Zg
TX3TKqcT296AqEO85pqHhfbEMF7A5ArC3dzN28Pq5ANJ/1IJDPty4B9aW1VVYvz3
9H1cYKxhflwh4e+A5F4R7PpiVJM5RjQ5zizkBxludQTS9A==
-----END CERTIFICATE-----