Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/GfAQmwlhHVmp712zmswVeZFoZco.roa
File:                     GfAQmwlhHVmp712zmswVeZFoZco.roa (raw, json)
Hash identifier:          uAiutJPqB6ra1P2ab9h6bf2KBIU014minMggMENeI24=
Subject key identifier:   19:F0:10:9B:09:61:1D:59:A9:EF:5D:B3:9A:CC:15:79:91:68:65:CA
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       019422204F173DC1AB5A0157969865864B60
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/GfAQmwlhHVmp712zmswVeZFoZco.roa
Signing time:             Wed 01 Jan 2025 13:48:50 +0000
ROA not before:           Wed 01 Jan 2025 13:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214901
IP address blocks:        2a0e:8f02:f070::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:4f:17:3d:c1:ab:5a:01:57:96:98:65:86:4b:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  1 13:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19f0109b09611d59a9ef5db39acc1579916865ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:ab:ef:9d:04:41:6a:c2:0d:bc:5d:d0:98:3b:
                    f1:ee:63:0a:02:fe:3d:94:6d:59:9b:d7:7d:8f:21:
                    a4:46:24:e2:00:0f:20:33:ff:c2:b8:ed:4c:e5:c5:
                    d1:93:28:50:21:79:2b:ea:31:1d:9e:b8:de:da:45:
                    04:bb:15:36:ec:95:88:3d:5c:0f:b3:5e:10:a2:29:
                    8c:2f:f0:86:31:7b:38:72:ff:bf:93:75:43:25:29:
                    69:70:03:84:84:3b:1b:6f:9d:ef:ff:09:d5:f0:e0:
                    dd:1d:5e:e6:5d:3a:2b:4c:19:c0:db:12:df:04:85:
                    09:60:1d:4d:9e:16:97:f8:b2:cc:69:59:62:db:f1:
                    32:22:3a:1d:02:fe:ec:26:b8:a1:9b:fc:e0:89:6a:
                    7e:a8:06:ed:13:1b:ac:7a:04:8b:71:b4:f1:4c:10:
                    68:64:b7:c2:47:e0:34:a2:00:ea:f1:ae:d6:e6:24:
                    91:9e:66:f1:9b:ac:5c:04:a6:33:57:5e:da:0c:74:
                    43:a0:2a:36:c7:49:3e:3e:33:a1:a6:87:df:5b:42:
                    7d:2a:75:64:3a:2b:c1:82:86:dc:86:7e:02:f1:db:
                    e8:c9:0c:c6:c6:36:bb:77:ea:24:de:2f:78:47:a5:
                    aa:8f:4c:d2:75:4f:a7:71:5e:fa:88:45:a7:3f:59:
                    0c:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:F0:10:9B:09:61:1D:59:A9:EF:5D:B3:9A:CC:15:79:91:68:65:CA
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/GfAQmwlhHVmp712zmswVeZFoZco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f070::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:ea:5f:69:05:4a:e8:6d:36:18:ad:ae:63:f4:ac:16:c9:1d:
         91:90:65:51:15:52:86:69:70:fb:42:34:1d:1c:ad:4a:b4:85:
         3d:2a:bc:1f:e0:32:77:d3:0c:8d:6c:f0:b2:39:65:98:b5:d2:
         f4:66:72:52:d9:f4:31:4f:36:30:e2:38:71:b6:e2:1c:38:1a:
         5d:27:ad:d1:91:f8:f3:ab:2c:8e:3a:75:71:e7:3c:1a:cc:4c:
         a3:54:ff:b4:f4:94:81:2b:cb:cc:56:80:87:5c:5c:b5:04:11:
         eb:3e:08:5b:38:20:c3:66:63:ba:cc:26:f6:db:bd:90:1c:0e:
         50:fd:93:3a:34:33:9b:cb:13:92:78:29:79:cd:a3:96:5f:8a:
         00:81:fd:39:17:86:da:a1:73:0a:73:3b:f5:ba:1b:35:67:33:
         de:f3:8b:0f:34:4d:cd:63:87:e2:21:9e:c2:be:ef:66:f3:b8:
         e9:c2:ac:9f:3b:94:b0:7c:7a:82:33:ff:84:b4:ec:5c:91:b6:
         13:82:d7:ba:21:06:c8:49:30:71:17:6a:0d:e4:0b:6a:7c:b8:
         9c:00:e4:e0:bb:16:d3:05:8e:d0:3c:b1:e1:93:bd:16:e5:bd:
         ef:b0:ad:5f:d6:24:52:0e:0d:71:84:6e:7e:c6:79:bc:03:72:
         28:71:79:bb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiIE8XPcGrWgFXlphlhktgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjUwMTAxMTM0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWYwMTA5YjA5NjExZDU5YTllZjVkYjM5YWNjMTU3OTkxNjg2NWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzKvvnQRBasINvF3QmDvx7mMKAv49
lG1Zm9d9jyGkRiTiAA8gM//CuO1M5cXRkyhQIXkr6jEdnrje2kUEuxU27JWIPVwP
s14QoimML/CGMXs4cv+/k3VDJSlpcAOEhDsbb53v/wnV8ODdHV7mXTorTBnA2xLf
BIUJYB1NnhaX+LLMaVli2/EyIjodAv7sJrihm/zgiWp+qAbtExusegSLcbTxTBBo
ZLfCR+A0ogDq8a7W5iSRnmbxm6xcBKYzV17aDHRDoCo2x0k+PjOhpoffW0J9KnVk
OivBgobchn4C8dvoyQzGxja7d+ok3i94R6Wqj0zSdU+ncV76iEWnP1kMswIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBnwEJsJYR1Zqe9ds5rMFXmRaGXKMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvR2ZBUW13bGhIVm1wNzEyem1zd1ZlWkZvWmNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvBw
MA0GCSqGSIb3DQEBCwUAA4IBAQAb6l9pBUrobTYYra5j9KwWyR2RkGVRFVKGaXD7
QjQdHK1KtIU9Krwf4DJ30wyNbPCyOWWYtdL0ZnJS2fQxTzYw4jhxtuIcOBpdJ63R
kfjzqyyOOnVx5zwazEyjVP+09JSBK8vMVoCHXFy1BBHrPghbOCDDZmO6zCb2272Q
HA5Q/ZM6NDObyxOSeCl5zaOWX4oAgf05F4baoXMKczv1uhs1ZzPe84sPNE3NY4fi
IZ7Cvu9m87jpwqyfO5SwfHqCM/+EtOxckbYTgte6IQbISTBxF2oN5AtqfLicAOTg
uxbTBY7QPLHhk70W5b3vsK1f1iRSDg1xhG5+xnm8A3IocXm7
-----END CERTIFICATE-----