Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/GvTErtLo_WfrJ6x7EsDJx-wBiNk.roa
File:                     GvTErtLo_WfrJ6x7EsDJx-wBiNk.roa (raw, json)
Hash identifier:          Xxn6ETTke0mxUzjteWzKhhoZOZSgNE6yTG/DoNoMlpo=
Subject key identifier:   1A:F4:C4:AE:D2:E8:FD:67:EB:27:AC:7B:12:C0:C9:C7:EC:01:88:D9
Certificate issuer:       /CN=c1bf8f3e609072889e74dd0fb4e27f9bac47b3b0
Certificate serial:       018CC2DAE3671C0D93BAE90E68593C8EEEE8
Authority key identifier: C1:BF:8F:3E:60:90:72:88:9E:74:DD:0F:B4:E2:7F:9B:AC:47:B3:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wb-PPmCQcoiedN0PtOJ_m6xHs7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/GvTErtLo_WfrJ6x7EsDJx-wBiNk.roa
Signing time:             Mon 01 Jan 2024 02:29:34 +0000
ROA not before:           Mon 01 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48082
IP address blocks:        46.33.60.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/wb-PPmCQcoiedN0PtOJ_m6xHs7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/wb-PPmCQcoiedN0PtOJ_m6xHs7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wb-PPmCQcoiedN0PtOJ_m6xHs7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 01:03:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e3:67:1c:0d:93:ba:e9:0e:68:59:3c:8e:ee:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1bf8f3e609072889e74dd0fb4e27f9bac47b3b0
        Validity
            Not Before: Jan  1 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1af4c4aed2e8fd67eb27ac7b12c0c9c7ec0188d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:a4:aa:05:87:b8:fd:6b:f5:41:45:d9:32:de:
                    d5:0c:d8:c8:5d:9c:18:32:b3:fd:fe:79:ff:59:6b:
                    8e:f8:97:8c:c1:68:57:a1:ef:d0:f5:6f:c5:2e:4a:
                    b0:0b:c7:b8:a3:24:81:dc:81:ad:24:88:44:f6:16:
                    df:aa:19:3d:ad:54:15:9f:78:35:96:04:42:70:29:
                    1a:d2:b2:c4:6a:7b:df:d6:56:64:3b:21:f1:25:ff:
                    e0:29:ba:56:d8:8b:85:59:58:e0:fc:10:a2:12:1f:
                    33:e6:4b:16:e4:7d:2c:42:52:9e:e7:9e:e3:4e:42:
                    63:fa:e3:f3:d9:d7:e8:95:6b:82:bf:73:b2:da:91:
                    76:9c:e8:81:71:78:ef:a9:db:9d:b7:c3:46:89:7c:
                    d6:a5:da:3e:34:0b:cb:e2:f4:b1:31:8d:da:84:3f:
                    7f:7f:6d:1d:2f:85:8f:63:a5:ea:0e:02:b4:6a:6b:
                    0b:b4:5b:f5:96:f5:c2:2b:8f:33:f8:99:b1:d4:27:
                    de:71:09:36:1c:bb:a9:e6:57:cb:b4:28:3b:54:cc:
                    e5:62:bb:49:d7:cf:20:03:86:37:d3:31:07:fb:d1:
                    3e:01:c6:a3:ec:7a:c0:35:45:71:53:db:dd:a9:ed:
                    7b:1b:ba:82:af:9b:ae:3b:15:0f:ae:3c:30:2b:d3:
                    e2:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:F4:C4:AE:D2:E8:FD:67:EB:27:AC:7B:12:C0:C9:C7:EC:01:88:D9
            X509v3 Authority Key Identifier:
                keyid:C1:BF:8F:3E:60:90:72:88:9E:74:DD:0F:B4:E2:7F:9B:AC:47:B3:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wb-PPmCQcoiedN0PtOJ_m6xHs7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/GvTErtLo_WfrJ6x7EsDJx-wBiNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/wb-PPmCQcoiedN0PtOJ_m6xHs7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.33.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9f:6f:c5:61:31:fd:6d:19:0a:e9:32:8f:b0:7b:c7:7a:cc:36:
         fa:39:8a:08:d3:03:4f:62:26:c8:00:e2:49:23:a9:37:68:1f:
         b8:39:60:c2:f8:0d:3d:13:32:f0:c2:69:d8:3f:cd:7d:ef:5f:
         d3:92:15:ff:58:b9:e4:4d:0e:07:9c:d5:c2:27:9c:7c:2e:71:
         fb:a7:fb:28:23:21:d8:81:fb:4a:48:fa:6a:11:40:14:88:d2:
         d2:66:c4:23:1e:47:bb:0f:10:5f:27:ab:d0:6d:4f:d4:53:51:
         ed:04:0a:13:fb:03:12:b2:da:3d:7e:99:39:f6:23:13:f9:8d:
         2a:d1:95:cd:cb:f8:79:81:b7:85:70:29:d8:fc:90:0b:aa:72:
         0a:22:57:08:ac:21:27:52:b1:cc:96:c9:d8:4c:92:6f:a9:ca:
         2b:5a:70:72:ee:94:c6:ef:c1:c2:b1:7c:e5:d3:4c:27:9e:2a:
         be:89:16:95:99:89:4d:35:94:24:03:9b:59:bf:1c:47:50:de:
         67:81:9d:fc:fd:73:10:aa:2a:d6:fb:3c:16:a5:c8:76:70:f2:
         95:3e:f3:6d:7d:8d:05:23:0d:c4:a6:35:2f:1a:6e:07:ee:70:
         62:92:31:6c:86:7b:6c:9e:17:e3:67:aa:d6:8b:e9:cf:9d:09:
         05:63:33:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2uNnHA2TuukOaFk8ju7oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYmY4ZjNlNjA5MDcyODg5ZTc0ZGQwZmI0ZTI3ZjliYWM0
N2IzYjAwHhcNMjQwMTAxMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWY0YzRhZWQyZThmZDY3ZWIyN2FjN2IxMmMwYzljN2VjMDE4OGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6SqBYe4/Wv1QUXZMt7VDNjIXZwY
MrP9/nn/WWuO+JeMwWhXoe/Q9W/FLkqwC8e4oySB3IGtJIhE9hbfqhk9rVQVn3g1
lgRCcCka0rLEanvf1lZkOyHxJf/gKbpW2IuFWVjg/BCiEh8z5ksW5H0sQlKe557j
TkJj+uPz2dfolWuCv3Oy2pF2nOiBcXjvqdudt8NGiXzWpdo+NAvL4vSxMY3ahD9/
f20dL4WPY6XqDgK0amsLtFv1lvXCK48z+Jmx1CfecQk2HLup5lfLtCg7VMzlYrtJ
188gA4Y30zEH+9E+Acaj7HrANUVxU9vdqe17G7qCr5uuOxUPrjwwK9PiwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBr0xK7S6P1n6yesexLAycfsAYjZMB8GA1UdIwQY
MBaAFMG/jz5gkHKInnTdD7Tif5usR7OwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2ItUFBtQ1Fjb2llZE4wUHRPSl9tNnhIczdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9hMWM2YzAtZTc1NC00NzllLTg1MWQt
MGQwZGEwZDEwNDMyLzEvR3ZURXJ0TG9fV2ZySjZ4N0VzREp4LXdCaU5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9hMWM2YzAtZTc1NC00NzllLTg1MWQtMGQwZGEwZDEwNDMy
LzEvd2ItUFBtQ1Fjb2llZE4wUHRPSl9tNnhIczdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLiE8MA0G
CSqGSIb3DQEBCwUAA4IBAQCfb8VhMf1tGQrpMo+we8d6zDb6OYoI0wNPYibIAOJJ
I6k3aB+4OWDC+A09EzLwwmnYP81971/TkhX/WLnkTQ4HnNXCJ5x8LnH7p/soIyHY
gftKSPpqEUAUiNLSZsQjHke7DxBfJ6vQbU/UU1HtBAoT+wMSsto9fpk59iMT+Y0q
0ZXNy/h5gbeFcCnY/JALqnIKIlcIrCEnUrHMlsnYTJJvqcorWnBy7pTG78HCsXzl
00wnniq+iRaVmYlNNZQkA5tZvxxHUN5ngZ38/XMQqirW+zwWpch2cPKVPvNtfY0F
Iw3EpjUvGm4H7nBikjFshntsnhfjZ6rWi+nPnQkFYzPq
-----END CERTIFICATE-----