Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/gGefMQFbua79Zg2mNiZYMSAvsYc.roa
File:                     gGefMQFbua79Zg2mNiZYMSAvsYc.roa (raw, json)
Hash identifier:          grUu2o7YUSqkhRQkBUsyXyQ6BqrMpqLheGS0+ySiBts=
Subject key identifier:   80:67:9F:31:01:5B:B9:AE:FD:66:0D:A6:36:26:58:31:20:2F:B1:87
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018CC94D065A7A49C40865B527E6DC903029
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/gGefMQFbua79Zg2mNiZYMSAvsYc.roa
Signing time:             Tue 02 Jan 2024 08:31:57 +0000
ROA not before:           Tue 02 Jan 2024 08:31:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200240
IP address blocks:        2a0a:280:3200::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:06:5a:7a:49:c4:08:65:b5:27:e6:dc:90:30:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 08:31:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80679f31015bb9aefd660da636265831202fb187
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:4a:af:54:bf:88:9a:a4:b7:8b:c5:ac:a4:b3:
                    f6:a3:31:50:88:05:b1:e7:04:0f:5c:95:72:92:e2:
                    b0:0b:f2:c7:7c:98:e8:d6:3e:32:d9:7d:db:a7:fa:
                    f3:97:fe:25:7a:e4:2c:c6:8f:02:88:3d:3d:33:61:
                    9d:ec:84:52:12:3a:0f:b1:ec:5d:c0:f8:12:e7:f2:
                    0b:59:22:f8:46:47:f6:b6:d6:95:57:ff:a1:dd:20:
                    dc:78:0c:c9:b5:4f:22:03:d8:72:c1:b8:48:eb:86:
                    6e:22:4e:02:39:15:d4:32:66:03:61:f6:d2:ae:a3:
                    0f:f1:08:37:8f:bf:51:3e:69:f5:f1:b2:fc:d0:46:
                    9e:f2:d3:07:d7:96:9f:9f:03:62:93:06:67:ae:b2:
                    db:04:fc:ac:ad:3e:8e:10:3b:ee:e7:2e:7e:d4:b4:
                    ea:21:d5:52:95:79:79:77:ba:fe:ef:d0:22:ac:21:
                    80:98:11:96:c9:e9:5c:36:ba:b0:15:4d:8e:35:89:
                    3a:4b:5f:47:8b:a6:52:38:0e:81:99:36:0b:1f:c0:
                    5e:6a:5f:0d:03:26:19:9e:7e:c0:6d:78:b2:ea:b6:
                    31:c1:05:94:25:85:1e:f1:69:3e:b3:05:53:37:bb:
                    f0:38:2e:80:87:1d:56:72:3a:81:45:ed:02:48:2e:
                    bc:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:67:9F:31:01:5B:B9:AE:FD:66:0D:A6:36:26:58:31:20:2F:B1:87
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/gGefMQFbua79Zg2mNiZYMSAvsYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:3200::/40

    Signature Algorithm: sha256WithRSAEncryption
         86:d2:af:c0:f1:5a:0c:17:6a:3e:0e:02:45:2e:83:e7:eb:8c:
         1c:6e:bb:ec:48:8a:03:d3:25:f0:37:6c:36:db:93:0c:4d:06:
         aa:6e:87:be:02:de:c4:e7:cc:08:c3:cb:49:ec:84:1b:40:fc:
         8c:66:5b:b9:dc:a3:d6:65:8c:a1:75:a6:84:bd:f6:ae:66:15:
         80:aa:0b:b8:4d:e1:c5:df:74:c8:ad:2c:d9:9e:bc:70:0f:26:
         39:23:cb:39:d6:d1:c4:15:e6:3f:8a:a2:0b:0e:e7:ed:4f:bf:
         4e:22:d6:50:85:a4:eb:bd:5c:51:d0:f3:db:8d:15:1d:ee:ec:
         2f:ef:84:83:a0:70:ea:06:f7:7e:50:27:24:dc:1d:d0:cc:78:
         d5:c6:4f:33:d1:e5:21:3c:0a:60:eb:06:0b:a2:ce:66:0d:c2:
         c4:c3:43:2f:6c:ee:83:ad:83:1c:53:af:1a:90:5f:04:d4:cb:
         f5:45:5e:99:e6:3e:07:a3:c3:2f:c7:3c:76:58:e1:95:32:1f:
         ff:d2:0c:8a:da:43:2e:d0:85:db:ff:8a:af:6c:5a:55:57:a0:
         ae:6a:f6:bf:d2:68:c6:ff:01:33:99:3b:2c:b4:a8:f2:31:bb:
         9d:c2:87:65:f2:3a:dc:c5:a7:cd:10:c1:20:51:85:7b:3d:9e:
         eb:c6:91:85
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTQZaeknECGW1J+bckDApMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMTAyMDgzMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDY3OWYzMTAxNWJiOWFlZmQ2NjBkYTYzNjI2NTgzMTIwMmZiMTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUqvVL+ImqS3i8WspLP2ozFQiAWx
5wQPXJVykuKwC/LHfJjo1j4y2X3bp/rzl/4leuQsxo8CiD09M2Gd7IRSEjoPsexd
wPgS5/ILWSL4Rkf2ttaVV/+h3SDceAzJtU8iA9hywbhI64ZuIk4CORXUMmYDYfbS
rqMP8Qg3j79RPmn18bL80Eae8tMH15afnwNikwZnrrLbBPysrT6OEDvu5y5+1LTq
IdVSlXl5d7r+79AirCGAmBGWyelcNrqwFU2ONYk6S19Hi6ZSOA6BmTYLH8Beal8N
AyYZnn7AbXiy6rYxwQWUJYUe8Wk+swVTN7vwOC6Ahx1WcjqBRe0CSC68BQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIBnnzEBW7mu/WYNpjYmWDEgL7GHMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvZ0dlZk1RRmJ1YTc5WmcybU5pWllNU0F2c1ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgDIw
DQYJKoZIhvcNAQELBQADggEBAIbSr8DxWgwXaj4OAkUug+frjBxuu+xIigPTJfA3
bDbbkwxNBqpuh74C3sTnzAjDy0nshBtA/IxmW7nco9ZljKF1poS99q5mFYCqC7hN
4cXfdMitLNmevHAPJjkjyznW0cQV5j+KogsO5+1Pv04i1lCFpOu9XFHQ89uNFR3u
7C/vhIOgcOoG935QJyTcHdDMeNXGTzPR5SE8CmDrBguizmYNwsTDQy9s7oOtgxxT
rxqQXwTUy/VFXpnmPgejwy/HPHZY4ZUyH//SDIraQy7Qhdv/iq9sWlVXoK5q9r/S
aMb/ATOZOyy0qPIxu53Ch2XyOtzFp80QwSBRhXs9nuvGkYU=
-----END CERTIFICATE-----