Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/GChUTI2A2-sfYZUGet6Hj3Z3F5k.roa
File:                     GChUTI2A2-sfYZUGet6Hj3Z3F5k.roa (raw, json)
Hash identifier:          De+WaQ5MYPoR964wfzemC42HT2cuZu/ybnADNHxKZWY=
Subject key identifier:   18:28:54:4C:8D:80:DB:EB:1F:61:95:06:7A:DE:87:8F:76:77:17:99
Certificate issuer:       /CN=4dd1b2587490ad061cb207176bdeec81a531588c
Certificate serial:       018E2E3BF6A2B69FE64530CD3EC66F259370
Authority key identifier: 4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/GChUTI2A2-sfYZUGet6Hj3Z3F5k.roa
Signing time:             Mon 11 Mar 2024 15:57:45 +0000
ROA not before:           Mon 11 Mar 2024 15:57:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28716
IP address blocks:        2a01:3e0:2003::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2e:3b:f6:a2:b6:9f:e6:45:30:cd:3e:c6:6f:25:93:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd1b2587490ad061cb207176bdeec81a531588c
        Validity
            Not Before: Mar 11 15:57:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1828544c8d80dbeb1f6195067ade878f76771799
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:3f:7f:fb:56:27:80:f0:ae:9a:02:7d:2a:b4:
                    25:bf:27:b0:ea:d6:46:03:c4:31:65:b7:1a:c5:5d:
                    b6:22:92:d6:7d:ce:c7:46:f4:f6:4d:ac:3e:14:af:
                    9f:18:4f:53:d7:7d:93:9b:8f:0f:46:37:96:bd:e8:
                    84:ec:9d:f4:1b:46:98:f7:44:41:a2:97:43:68:af:
                    3e:d5:6a:47:a4:01:cf:bd:dc:35:a7:3d:12:76:9d:
                    7f:d1:2c:27:6e:88:9f:48:2d:e6:e8:11:ab:ab:5d:
                    54:da:1a:9e:cb:76:e9:52:28:bd:35:c8:bb:e9:7e:
                    d1:9c:82:99:63:05:18:38:70:ea:ce:e5:db:ae:9d:
                    af:b4:e1:ee:bc:e7:c2:ca:1e:60:a5:e3:42:4f:7e:
                    13:7c:b7:5f:42:5f:67:47:28:4a:91:f6:e1:58:c6:
                    36:09:0e:83:69:f7:76:ec:62:07:35:a8:f7:ca:7d:
                    16:49:aa:b3:5f:8e:18:da:a8:38:aa:64:3a:9d:70:
                    70:e2:93:c7:35:ce:8e:9b:90:f2:07:36:c8:14:d7:
                    b5:b1:0c:54:86:c5:5b:a7:9e:e9:1a:d1:76:14:13:
                    ab:e9:bd:c9:10:a2:41:d5:87:af:44:ea:15:f3:d7:
                    ef:3a:4c:ad:88:cd:01:f3:47:cb:c9:2a:4a:db:28:
                    83:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:28:54:4C:8D:80:DB:EB:1F:61:95:06:7A:DE:87:8F:76:77:17:99
            X509v3 Authority Key Identifier:
                keyid:4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/GChUTI2A2-sfYZUGet6Hj3Z3F5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:3e0:2003::/48

    Signature Algorithm: sha256WithRSAEncryption
         c3:4f:49:30:65:79:0f:0f:ba:81:3d:ce:69:55:a3:92:bb:ec:
         34:f2:d2:56:dc:67:e7:a5:05:3a:48:ee:7f:35:32:c2:8f:7d:
         c9:16:71:72:6e:15:09:8c:d6:f0:0a:04:e1:dd:d1:3d:7a:2a:
         64:a2:d8:4a:af:18:d0:68:97:9d:cc:86:23:7f:6c:9e:23:bb:
         c7:c5:a8:ef:ea:d8:85:2c:b6:64:51:7d:fd:c0:c2:f0:e0:5c:
         98:0d:6d:8e:e5:49:5e:74:7f:57:a2:f9:ef:dd:e5:5e:91:11:
         18:3f:3e:e8:ac:70:70:85:b5:ab:99:1c:2d:11:8b:46:6a:b0:
         63:39:58:41:e4:b9:0f:7c:cb:f6:d6:19:26:94:ad:7e:d8:a6:
         ce:cf:35:96:4d:52:cf:28:c6:f5:38:e2:1a:de:1a:f7:06:2f:
         aa:a1:ef:96:95:05:ea:e9:47:c7:4b:17:e7:cb:82:8d:49:df:
         78:97:e0:65:35:69:e1:a6:4d:58:cd:1b:4f:0b:63:1a:63:e2:
         ce:5f:09:47:5f:b0:60:df:c0:9f:40:dd:50:bb:b0:3b:1c:30:
         ab:aa:bd:22:43:a9:26:64:c1:a8:05:b6:4f:0e:b0:d5:66:ee:
         cf:ea:c7:81:6d:6c:d9:95:60:e9:92:cd:e8:c6:05:0f:a0:7a:
         bc:5d:a9:bf
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY4uO/aitp/mRTDNPsZvJZNwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDFiMjU4NzQ5MGFkMDYxY2IyMDcxNzZiZGVlYzgxYTUz
MTU4OGMwHhcNMjQwMzExMTU1NzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODI4NTQ0YzhkODBkYmViMWY2MTk1MDY3YWRlODc4Zjc2NzcxNzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsj9/+1YngPCumgJ9KrQlvyew6tZG
A8QxZbcaxV22IpLWfc7HRvT2Taw+FK+fGE9T132Tm48PRjeWveiE7J30G0aY90RB
opdDaK8+1WpHpAHPvdw1pz0Sdp1/0SwnboifSC3m6BGrq11U2hqey3bpUii9Nci7
6X7RnIKZYwUYOHDqzuXbrp2vtOHuvOfCyh5gpeNCT34TfLdfQl9nRyhKkfbhWMY2
CQ6Dafd27GIHNaj3yn0WSaqzX44Y2qg4qmQ6nXBw4pPHNc6Om5DyBzbIFNe1sQxU
hsVbp57pGtF2FBOr6b3JEKJB1YevROoV89fvOkytiM0B80fLySpK2yiDSQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBgoVEyNgNvrH2GVBnreh492dxeZMB8GA1UdIwQY
MBaAFE3Rslh0kK0GHLIHF2ve7IGlMViMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUt
ZGI0NjNjNWZiMGI0LzEvR0NoVVRJMkEyLXNmWVpVR2V0NkhqM1ozRjVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUtZGI0NjNjNWZiMGI0
LzEvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgED4CAD
MA0GCSqGSIb3DQEBCwUAA4IBAQDDT0kwZXkPD7qBPc5pVaOSu+w08tJW3GfnpQU6
SO5/NTLCj33JFnFybhUJjNbwCgTh3dE9eipkothKrxjQaJedzIYjf2yeI7vHxajv
6tiFLLZkUX39wMLw4FyYDW2O5UledH9Xovnv3eVekREYPz7orHBwhbWrmRwtEYtG
arBjOVhB5LkPfMv21hkmlK1+2KbOzzWWTVLPKMb1OOIa3hr3Bi+qoe+WlQXq6UfH
Sxfny4KNSd94l+BlNWnhpk1YzRtPC2MaY+LOXwlHX7Bg38CfQN1Qu7A7HDCrqr0i
Q6kmZMGoBbZPDrDVZu7P6seBbWzZlWDpks3oxgUPoHq8Xam/
-----END CERTIFICATE-----