Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/GVM0D6yLi7Ycxa_FE8s2T9v_hOU.roa
File:                     GVM0D6yLi7Ycxa_FE8s2T9v_hOU.roa (raw, json)
Hash identifier:          7HzvF6Ygm3QTSmWm11bqow3D55hteviFjtKW3tnR+aM=
Subject key identifier:   19:53:34:0F:AC:8B:8B:B6:1C:C5:AF:C5:13:CB:36:4F:DB:FF:84:E5
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018CC94D0E0BD32633402B13DF735B2EA7F0
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/GVM0D6yLi7Ycxa_FE8s2T9v_hOU.roa
Signing time:             Tue 02 Jan 2024 08:31:59 +0000
ROA not before:           Tue 02 Jan 2024 08:31:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210645
IP address blocks:        2a0a:280:1900::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:0e:0b:d3:26:33:40:2b:13:df:73:5b:2e:a7:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 08:31:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1953340fac8b8bb61cc5afc513cb364fdbff84e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b7:87:bf:c0:f1:92:92:4b:82:26:e6:89:fd:
                    1d:66:d9:3b:31:58:2b:a4:50:49:0c:86:89:73:f5:
                    db:ce:e6:d3:98:4a:77:12:5d:f6:45:8f:15:07:bc:
                    a3:94:2c:3f:00:b9:0c:d9:d3:7f:df:ca:7c:6c:c0:
                    36:ec:5f:b7:3a:b9:e1:47:b6:4c:19:46:1c:b0:a0:
                    7f:e7:66:9d:b6:71:18:35:06:ad:dc:00:e4:d1:41:
                    1a:a8:08:98:c8:d7:b9:f5:6a:39:a5:3a:5d:1c:ed:
                    79:ad:e0:98:eb:2f:f6:37:4c:7f:a7:47:0a:2d:c3:
                    b7:f2:a2:2c:75:dc:7b:b7:8e:60:2e:0b:f5:c0:66:
                    1e:6e:ea:c1:dd:b0:b4:8d:63:fb:3d:b5:8b:b1:bc:
                    af:f2:0d:40:76:fa:9e:e2:3a:8a:fd:17:28:33:d1:
                    97:64:b6:83:3f:6f:8f:78:f4:05:b6:35:2d:96:32:
                    d4:38:9c:ee:9f:6b:d2:e1:31:cd:6a:63:70:42:f2:
                    fc:8e:ff:6c:95:2d:d1:af:cf:c6:b3:c5:73:6f:fb:
                    de:50:2b:d4:6f:19:94:32:34:1e:a0:4e:52:ef:82:
                    ef:07:fe:36:b1:9b:99:d4:b4:ea:ef:f8:3d:ad:d5:
                    96:4a:46:2f:bf:77:ef:ba:d8:72:c4:ce:14:6e:8e:
                    61:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:53:34:0F:AC:8B:8B:B6:1C:C5:AF:C5:13:CB:36:4F:DB:FF:84:E5
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/GVM0D6yLi7Ycxa_FE8s2T9v_hOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:1900::/40

    Signature Algorithm: sha256WithRSAEncryption
         47:40:63:90:2e:8b:fe:f2:e8:20:f2:8f:6f:51:5c:c4:9e:2b:
         ae:af:c1:6d:47:ea:56:ad:bf:57:d6:a5:9e:86:b8:53:c7:d8:
         03:e6:8e:38:0e:07:12:86:18:04:db:40:0c:58:74:b6:b7:27:
         81:4b:a0:0f:f9:91:04:4e:01:a1:4d:27:2f:81:52:76:5c:fd:
         8d:30:8a:86:82:dd:1e:e1:0a:67:b0:2e:6e:9b:16:2b:71:3c:
         fe:6d:ac:da:58:aa:cf:f6:70:f0:b2:5c:65:1b:c5:c6:52:1c:
         12:f7:e1:af:ee:23:cc:2f:7a:7e:d2:c0:f0:a9:c4:1d:84:b4:
         58:ea:ea:63:3a:d6:2a:3f:57:9d:b5:c1:91:09:8f:c3:75:12:
         43:32:b3:c1:a8:4d:1b:63:d3:db:6d:f8:2b:74:f4:8d:76:33:
         04:0a:f2:d7:1e:bb:a5:2c:d7:9b:d1:89:69:0b:17:8d:e4:b6:
         5f:cc:ab:b5:6a:a5:69:26:07:ca:8b:f2:ef:b8:7d:c4:cf:51:
         f5:85:56:40:bd:ca:c5:95:04:f1:3a:71:f8:f8:0b:9b:cc:a0:
         51:77:6c:29:7a:56:ee:31:aa:22:5c:e9:be:2d:25:e2:be:fe:
         1f:18:2b:5f:9e:65:d7:66:52:71:00:07:9f:a6:66:50:0b:39:
         fd:32:0e:58
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTQ4L0yYzQCsT33NbLqfwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMTAyMDgzMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTUzMzQwZmFjOGI4YmI2MWNjNWFmYzUxM2NiMzY0ZmRiZmY4NGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7eHv8DxkpJLgibmif0dZtk7MVgr
pFBJDIaJc/XbzubTmEp3El32RY8VB7yjlCw/ALkM2dN/38p8bMA27F+3OrnhR7ZM
GUYcsKB/52adtnEYNQat3ADk0UEaqAiYyNe59Wo5pTpdHO15reCY6y/2N0x/p0cK
LcO38qIsddx7t45gLgv1wGYeburB3bC0jWP7PbWLsbyv8g1Advqe4jqK/RcoM9GX
ZLaDP2+PePQFtjUtljLUOJzun2vS4THNamNwQvL8jv9slS3Rr8/Gs8Vzb/veUCvU
bxmUMjQeoE5S74LvB/42sZuZ1LTq7/g9rdWWSkYvv3fvuthyxM4Ubo5h0wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBlTNA+si4u2HMWvxRPLNk/b/4TlMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvR1ZNMEQ2eUxpN1ljeGFfRkU4czJUOXZfaE9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgBkw
DQYJKoZIhvcNAQELBQADggEBAEdAY5Aui/7y6CDyj29RXMSeK66vwW1H6latv1fW
pZ6GuFPH2APmjjgOBxKGGATbQAxYdLa3J4FLoA/5kQROAaFNJy+BUnZc/Y0wioaC
3R7hCmewLm6bFitxPP5trNpYqs/2cPCyXGUbxcZSHBL34a/uI8wven7SwPCpxB2E
tFjq6mM61io/V521wZEJj8N1EkMys8GoTRtj09tt+Ct09I12MwQK8tceu6Us15vR
iWkLF43ktl/Mq7VqpWkmB8qL8u+4fcTPUfWFVkC9ysWVBPE6cfj4C5vMoFF3bCl6
Vu4xqiJc6b4tJeK+/h8YK1+eZddmUnEAB5+mZlALOf0yDlg=
-----END CERTIFICATE-----