Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/2adc39-3630-425f-af29-fbb0d3c10423/1/gbma0zCcoMPi16meHVVHvJ9PzbY.roa
File:                     gbma0zCcoMPi16meHVVHvJ9PzbY.roa (raw, json)
Hash identifier:          jZhcRhNWNnm2ZaHjBQqccrXMwv9PWlV2cSEWnUJtSpE=
Subject key identifier:   81:B9:9A:D3:30:9C:A0:C3:E2:D7:A9:9E:1D:55:47:BC:9F:4F:CD:B6
Certificate issuer:       /CN=b16abdd9420f04ba9c1cd2c34dc7b352988af8d9
Certificate serial:       018CC94E4B557D2414F5179090D155319418
Authority key identifier: B1:6A:BD:D9:42:0F:04:BA:9C:1C:D2:C3:4D:C7:B3:52:98:8A:F8:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sWq92UIPBLqcHNLDTcezUpiK-Nk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/2adc39-3630-425f-af29-fbb0d3c10423/1/gbma0zCcoMPi16meHVVHvJ9PzbY.roa
Signing time:             Tue 02 Jan 2024 08:33:20 +0000
ROA not before:           Tue 02 Jan 2024 08:33:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8315
IP address blocks:        2.56.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/2adc39-3630-425f-af29-fbb0d3c10423/1/sWq92UIPBLqcHNLDTcezUpiK-Nk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/2adc39-3630-425f-af29-fbb0d3c10423/1/sWq92UIPBLqcHNLDTcezUpiK-Nk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sWq92UIPBLqcHNLDTcezUpiK-Nk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:4b:55:7d:24:14:f5:17:90:90:d1:55:31:94:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b16abdd9420f04ba9c1cd2c34dc7b352988af8d9
        Validity
            Not Before: Jan  2 08:33:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81b99ad3309ca0c3e2d7a99e1d5547bc9f4fcdb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:e4:19:73:73:f2:84:2e:cc:97:f9:b4:9b:50:
                    a6:37:07:dc:78:55:08:75:e6:18:e1:f8:4e:bd:b6:
                    72:a6:21:e5:01:f2:58:a7:db:33:78:6a:00:3f:8f:
                    30:c7:38:90:8c:27:f4:66:74:c7:4b:12:9e:c4:e5:
                    52:58:a2:c8:28:4a:ac:6c:31:0a:61:9b:43:cb:42:
                    91:83:f8:b6:cb:c1:8e:3b:b3:f3:a0:ca:48:d4:94:
                    7d:58:b4:81:ac:ed:67:f1:a9:14:2d:6b:38:1d:3e:
                    c9:ac:6e:9a:89:5f:96:de:dc:49:93:24:db:4f:8c:
                    67:9b:46:30:ad:2c:30:f7:bd:09:fd:81:01:b5:32:
                    33:d2:41:6c:b9:93:71:4a:a5:13:4a:b8:7b:5f:e1:
                    74:3c:0e:45:33:68:87:5f:3c:01:ba:05:5d:46:f6:
                    c2:2f:14:29:ba:b2:47:0b:3a:e7:f5:be:7b:d6:41:
                    24:44:26:74:c5:43:cf:3c:31:c0:9d:1b:af:68:db:
                    4a:28:f5:b8:18:d4:35:40:61:54:5d:c3:99:a7:09:
                    2b:00:89:c9:7f:51:da:c5:d1:e7:ed:ab:cc:b1:4c:
                    4d:a1:42:1d:d0:90:f6:ee:84:bc:9a:bc:64:cb:11:
                    27:22:40:fe:de:0f:23:c0:04:77:f1:de:3e:82:45:
                    bb:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:B9:9A:D3:30:9C:A0:C3:E2:D7:A9:9E:1D:55:47:BC:9F:4F:CD:B6
            X509v3 Authority Key Identifier:
                keyid:B1:6A:BD:D9:42:0F:04:BA:9C:1C:D2:C3:4D:C7:B3:52:98:8A:F8:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sWq92UIPBLqcHNLDTcezUpiK-Nk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/2adc39-3630-425f-af29-fbb0d3c10423/1/gbma0zCcoMPi16meHVVHvJ9PzbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/2adc39-3630-425f-af29-fbb0d3c10423/1/sWq92UIPBLqcHNLDTcezUpiK-Nk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:ee:f0:86:68:56:46:17:59:3b:27:29:7c:e6:af:27:43:4b:
         b1:cd:c4:0b:64:73:ed:4c:5a:f4:8c:74:04:f1:31:2d:25:54:
         58:2c:31:e5:10:86:2a:d0:c9:79:2a:34:61:e9:88:ed:11:df:
         de:de:00:bd:5a:67:d3:4c:f2:02:8d:f9:dc:a7:cf:a4:d7:db:
         b1:ea:54:a4:58:89:16:6d:dd:b8:d3:b1:16:2d:5f:48:08:80:
         bd:33:c3:31:56:d5:f6:0e:f5:77:0c:26:a5:5c:d5:25:46:d6:
         d7:c6:4c:b8:8d:27:1f:79:39:71:16:00:af:23:88:c8:c6:56:
         9e:3d:b4:8b:dd:6c:54:ef:0f:e3:2d:79:7e:10:d7:c1:30:7b:
         20:74:78:84:e0:33:a8:ff:85:a2:e2:b1:db:ce:87:35:67:d2:
         78:cf:c8:b5:5e:f6:6f:ca:0f:f0:0b:e4:f4:4f:01:1c:f8:15:
         7f:fa:d6:f9:eb:a3:37:bf:79:df:12:b4:70:37:ed:7d:93:2a:
         be:ab:49:35:40:12:11:67:da:2d:e8:27:12:39:93:7a:2c:8c:
         19:61:7a:bc:67:29:e8:12:e7:e5:17:5f:c2:93:a1:89:92:93:
         01:28:55:f5:3f:bf:5b:50:a0:5d:97:7a:fe:42:76:42:43:0b:
         80:9a:18:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTktVfSQU9ReQkNFVMZQYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNmFiZGQ5NDIwZjA0YmE5YzFjZDJjMzRkYzdiMzUyOTg4
YWY4ZDkwHhcNMjQwMTAyMDgzMzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWI5OWFkMzMwOWNhMGMzZTJkN2E5OWUxZDU1NDdiYzlmNGZjZGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0eQZc3PyhC7Ml/m0m1CmNwfceFUI
deYY4fhOvbZypiHlAfJYp9szeGoAP48wxziQjCf0ZnTHSxKexOVSWKLIKEqsbDEK
YZtDy0KRg/i2y8GOO7PzoMpI1JR9WLSBrO1n8akULWs4HT7JrG6aiV+W3txJkyTb
T4xnm0YwrSww970J/YEBtTIz0kFsuZNxSqUTSrh7X+F0PA5FM2iHXzwBugVdRvbC
LxQpurJHCzrn9b571kEkRCZ0xUPPPDHAnRuvaNtKKPW4GNQ1QGFUXcOZpwkrAInJ
f1HaxdHn7avMsUxNoUId0JD27oS8mrxkyxEnIkD+3g8jwAR38d4+gkW7xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIG5mtMwnKDD4tepnh1VR7yfT822MB8GA1UdIwQY
MBaAFLFqvdlCDwS6nBzSw03Hs1KYivjZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1dxOTJVSVBCTHFjSE5MRFRjZXpVcGlLLU5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8yYWRjMzktMzYzMC00MjVmLWFmMjkt
ZmJiMGQzYzEwNDIzLzEvZ2JtYTB6Q2NvTVBpMTZtZUhWVkh2SjlQemJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8yYWRjMzktMzYzMC00MjVmLWFmMjktZmJiMGQzYzEwNDIz
LzEvc1dxOTJVSVBCTHFjSE5MRFRjZXpVcGlLLU5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjirMA0G
CSqGSIb3DQEBCwUAA4IBAQAE7vCGaFZGF1k7Jyl85q8nQ0uxzcQLZHPtTFr0jHQE
8TEtJVRYLDHlEIYq0Ml5KjRh6YjtEd/e3gC9WmfTTPICjfncp8+k19ux6lSkWIkW
bd2407EWLV9ICIC9M8MxVtX2DvV3DCalXNUlRtbXxky4jScfeTlxFgCvI4jIxlae
PbSL3WxU7w/jLXl+ENfBMHsgdHiE4DOo/4Wi4rHbzoc1Z9J4z8i1XvZvyg/wC+T0
TwEc+BV/+tb566M3v3nfErRwN+19kyq+q0k1QBIRZ9ot6CcSOZN6LIwZYXq8Zyno
EuflF1/Ck6GJkpMBKFX1P79bUKBdl3r+QnZCQwuAmhjV
-----END CERTIFICATE-----