Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/GRoTqbzlgb7LL4qGT9vOrU_aI7M.roa
File:                     GRoTqbzlgb7LL4qGT9vOrU_aI7M.roa (raw, json)
Hash identifier:          bQIg/nd1fvR/UyqcjO6aYkXwwfFBucsHdfsZFyoF3Os=
Subject key identifier:   19:1A:13:A9:BC:E5:81:BE:CB:2F:8A:86:4F:DB:CE:AD:4F:DA:23:B3
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       018CC6B94858E47578ADCD117F19E6A7C444
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/GRoTqbzlgb7LL4qGT9vOrU_aI7M.roa
Signing time:             Mon 01 Jan 2024 20:31:20 +0000
ROA not before:           Mon 01 Jan 2024 20:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33891
IP address blocks:        2a03:f85:4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:48:58:e4:75:78:ad:cd:11:7f:19:e6:a7:c4:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 20:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=191a13a9bce581becb2f8a864fdbcead4fda23b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:07:2a:64:fc:58:26:72:17:17:d8:d6:0e:25:
                    16:28:b1:a2:fb:64:42:70:96:46:60:df:3c:b6:33:
                    bc:2a:be:7b:f0:1f:c1:7d:49:fa:8e:52:58:2d:d5:
                    ca:04:3c:43:fd:b9:8e:15:03:ed:65:13:a2:0c:9a:
                    4e:87:e4:da:f7:18:9e:9f:25:ea:d7:40:45:36:80:
                    e1:b4:a4:27:b8:1e:fd:5d:e4:c5:90:48:5c:89:8a:
                    a2:c1:d4:99:4e:03:f2:31:fe:6a:0b:d4:9d:97:9e:
                    31:6d:6a:24:77:25:91:c9:ea:99:9c:bb:ec:92:38:
                    c3:71:26:37:ce:ff:35:98:bf:10:81:20:70:5a:a8:
                    73:b7:7f:27:1d:08:0f:2a:37:ae:0c:84:ed:c3:f9:
                    a1:9e:9c:87:1d:ed:4f:80:4d:b4:18:9c:29:8c:93:
                    bb:f0:8e:cd:54:3b:69:07:2f:4e:9b:32:2c:42:c1:
                    03:07:08:7c:cd:62:bb:05:6b:97:f5:7f:8d:0c:7c:
                    0d:37:12:70:11:01:78:dd:55:7e:d2:f1:0f:1b:14:
                    cb:5e:eb:6d:3a:82:b5:11:83:24:29:d1:d3:2c:7c:
                    3e:6d:a5:28:42:aa:0c:f5:f6:80:df:5d:67:0e:c5:
                    ef:e6:03:94:10:a2:1a:41:61:ec:bb:10:5d:df:3f:
                    78:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:1A:13:A9:BC:E5:81:BE:CB:2F:8A:86:4F:DB:CE:AD:4F:DA:23:B3
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/GRoTqbzlgb7LL4qGT9vOrU_aI7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:f85:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:4f:56:0c:e3:07:09:32:22:b6:7c:c8:1d:61:55:22:97:0c:
         97:74:1f:e1:ec:b8:06:c7:47:04:8c:a3:68:c5:ce:5e:17:14:
         46:ed:13:fb:fe:3d:41:4f:4e:83:46:99:2f:81:5c:c8:fe:7d:
         49:da:4c:e2:7c:de:c1:b6:87:8d:8a:14:40:7e:2d:95:f4:2d:
         0e:f6:a3:88:bc:6a:e9:09:6e:29:4b:20:92:d3:3a:bc:43:1c:
         11:b6:aa:11:8b:36:29:bd:5d:6e:a2:c7:5a:10:98:76:12:ec:
         bf:54:de:f8:57:1b:ef:6a:07:5a:14:08:cb:96:de:f2:2a:4d:
         21:8f:eb:2c:fe:fe:a6:71:8d:49:35:de:51:e5:f1:1b:98:60:
         34:b2:67:b2:42:57:c2:24:28:56:00:77:08:7c:8e:23:ed:41:
         9e:6b:ca:7e:07:a0:13:55:14:35:70:52:9d:ec:88:56:4a:85:
         87:ef:21:4c:ba:86:eb:40:ec:e8:63:ab:dd:d6:dc:68:c1:26:
         e5:65:6f:18:d3:fb:43:d6:8b:f7:d8:71:fd:ae:a7:04:49:1b:
         2f:14:ab:23:1f:43:58:04:2c:aa:22:58:4e:f7:55:7c:f4:17:
         72:4a:eb:02:14:08:f6:75:0f:98:dd:d6:c7:51:81:f7:54:2b:
         58:c7:d3:ca
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuUhY5HV4rc0Rfxnmp8REMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjQwMTAxMjAzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTFhMTNhOWJjZTU4MWJlY2IyZjhhODY0ZmRiY2VhZDRmZGEyM2IzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhgcqZPxYJnIXF9jWDiUWKLGi+2RC
cJZGYN88tjO8Kr578B/BfUn6jlJYLdXKBDxD/bmOFQPtZROiDJpOh+Ta9xienyXq
10BFNoDhtKQnuB79XeTFkEhciYqiwdSZTgPyMf5qC9Sdl54xbWokdyWRyeqZnLvs
kjjDcSY3zv81mL8QgSBwWqhzt38nHQgPKjeuDITtw/mhnpyHHe1PgE20GJwpjJO7
8I7NVDtpBy9OmzIsQsEDBwh8zWK7BWuX9X+NDHwNNxJwEQF43VV+0vEPGxTLXutt
OoK1EYMkKdHTLHw+baUoQqoM9faA311nDsXv5gOUEKIaQWHsuxBd3z94eQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBkaE6m85YG+yy+Khk/bzq1P2iOzMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvR1JvVHFiemxnYjdMTDRxR1Q5dk9yVV9hSTdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgMPhQAE
MA0GCSqGSIb3DQEBCwUAA4IBAQAET1YM4wcJMiK2fMgdYVUilwyXdB/h7LgGx0cE
jKNoxc5eFxRG7RP7/j1BT06DRpkvgVzI/n1J2kzifN7BtoeNihRAfi2V9C0O9qOI
vGrpCW4pSyCS0zq8QxwRtqoRizYpvV1uosdaEJh2Euy/VN74VxvvagdaFAjLlt7y
Kk0hj+ss/v6mcY1JNd5R5fEbmGA0smeyQlfCJChWAHcIfI4j7UGea8p+B6ATVRQ1
cFKd7IhWSoWH7yFMuobrQOzoY6vd1txowSblZW8Y0/tD1ov32HH9rqcESRsvFKsj
H0NYBCyqIlhO91V89BdySusCFAj2dQ+Y3dbHUYH3VCtYx9PK
-----END CERTIFICATE-----