Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/GISiwDWwkN55w-OPn4qwRSweA84.roa
File:                     GISiwDWwkN55w-OPn4qwRSweA84.roa (raw, json)
Hash identifier:          HIcUUP5vEFNT3gS3RcoPzA6F9bPL2QzZ521VNaxnhks=
Subject key identifier:   18:84:A2:C0:35:B0:90:DE:79:C3:E3:8F:9F:8A:B0:45:2C:1E:03:CE
Certificate issuer:       /CN=a499903dab85f6a59772b3edfd4bf0e491af57c4
Certificate serial:       0194258FBCEF4690E07A4DA1EF785CA832A8
Authority key identifier: A4:99:90:3D:AB:85:F6:A5:97:72:B3:ED:FD:4B:F0:E4:91:AF:57:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/GISiwDWwkN55w-OPn4qwRSweA84.roa
Signing time:             Thu 02 Jan 2025 05:49:24 +0000
ROA not before:           Thu 02 Jan 2025 05:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8519
IP address blocks:        2001:638:30d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:bc:ef:46:90:e0:7a:4d:a1:ef:78:5c:a8:32:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a499903dab85f6a59772b3edfd4bf0e491af57c4
        Validity
            Not Before: Jan  2 05:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1884a2c035b090de79c3e38f9f8ab0452c1e03ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:5a:c6:bf:cc:7c:7f:23:d6:35:92:5d:63:16:
                    48:c1:56:c7:50:bb:cd:f7:a3:1b:e4:cf:0d:77:37:
                    da:11:3d:0c:d3:39:27:fc:46:e8:b9:b3:a4:23:f1:
                    bd:3b:8b:a5:19:b7:fc:10:14:22:87:b4:5f:1c:3c:
                    01:c0:4d:4b:9e:21:96:3c:bf:90:c4:e0:3b:8e:d6:
                    e5:9e:71:12:5b:6b:80:cd:3a:a4:62:2d:1b:6f:0c:
                    60:6f:3b:2f:5b:4c:b1:51:85:75:c9:6a:e2:79:b9:
                    a8:7c:75:e3:6b:87:a1:25:bd:92:6d:30:f9:86:7b:
                    b8:ed:bf:5a:25:bc:c5:ef:a1:ff:d3:7c:5f:1a:5b:
                    23:78:b8:3b:16:6c:bb:6c:3c:ae:14:c6:1c:fd:33:
                    00:88:48:72:b4:bf:7a:64:8b:65:cd:ff:42:ad:8c:
                    a4:7c:53:b5:04:a7:6e:d4:30:e7:8a:ad:a1:de:54:
                    64:c1:d3:7a:e7:7e:63:a0:c6:33:1b:94:0c:07:83:
                    f1:15:10:ff:b5:96:c5:01:72:e1:ec:34:78:5c:04:
                    9f:cf:1a:96:2c:13:0b:03:cf:d8:46:f6:9f:06:db:
                    3c:b2:68:1c:58:db:52:ee:db:c0:45:20:48:6b:a0:
                    a1:c9:6c:20:f8:08:e7:49:89:f2:80:f4:ac:41:b8:
                    80:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:84:A2:C0:35:B0:90:DE:79:C3:E3:8F:9F:8A:B0:45:2C:1E:03:CE
            X509v3 Authority Key Identifier:
                keyid:A4:99:90:3D:AB:85:F6:A5:97:72:B3:ED:FD:4B:F0:E4:91:AF:57:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/GISiwDWwkN55w-OPn4qwRSweA84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:638:30d::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:41:83:90:2e:4c:30:45:7c:68:c2:b2:76:d2:55:6f:e6:b7:
         9c:9e:8c:8b:2c:7f:b0:34:3f:f3:e8:d5:d6:50:a8:ff:f3:fc:
         2c:04:de:10:31:bd:a7:b9:1e:9b:28:6b:1c:4a:5d:a9:99:8b:
         0e:93:ce:78:78:5c:85:3b:b3:56:7d:fa:27:75:9a:79:18:b9:
         21:e2:df:3b:7e:9b:89:16:0a:d8:43:b9:1a:34:e8:b4:24:bd:
         df:e9:58:f5:77:8b:ab:05:6f:c5:70:08:d5:2a:20:59:21:bc:
         74:72:46:70:2e:f7:94:1d:ee:6d:7a:03:2e:36:64:82:32:57:
         48:a5:da:99:e9:54:89:d9:f4:8b:72:74:9b:45:78:05:cd:9f:
         ad:82:f3:cd:71:b9:22:ad:db:ad:27:b8:14:df:30:62:c8:8f:
         d7:2d:d8:2f:e1:06:a2:49:fe:35:44:3c:b1:38:9e:e1:7e:ab:
         d2:ee:92:e1:4a:0e:cd:87:ce:0b:a0:0c:1a:37:a2:3f:36:8a:
         bd:e3:56:54:7a:ab:47:d8:14:30:2a:53:6e:8f:dd:5f:a0:c1:
         67:1e:a7:35:59:9a:f0:cd:b3:9a:ff:55:fe:45:93:c3:33:86:
         67:60:4a:62:3c:6c:09:f1:dd:6e:36:68:84:e2:39:1a:a3:b8:
         ac:0b:e9:c8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlj7zvRpDgek2h73hcqDKoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0OTk5MDNkYWI4NWY2YTU5NzcyYjNlZGZkNGJmMGU0OTFh
ZjU3YzQwHhcNMjUwMTAyMDU0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODg0YTJjMDM1YjA5MGRlNzljM2UzOGY5ZjhhYjA0NTJjMWUwM2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxVrGv8x8fyPWNZJdYxZIwVbHULvN
96Mb5M8NdzfaET0M0zkn/EboubOkI/G9O4ulGbf8EBQih7RfHDwBwE1LniGWPL+Q
xOA7jtblnnESW2uAzTqkYi0bbwxgbzsvW0yxUYV1yWriebmofHXja4ehJb2SbTD5
hnu47b9aJbzF76H/03xfGlsjeLg7Fmy7bDyuFMYc/TMAiEhytL96ZItlzf9CrYyk
fFO1BKdu1DDniq2h3lRkwdN6535joMYzG5QMB4PxFRD/tZbFAXLh7DR4XASfzxqW
LBMLA8/YRvafBts8smgcWNtS7tvARSBIa6ChyWwg+AjnSYnygPSsQbiAzwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBiEosA1sJDeecPjj5+KsEUsHgPOMB8GA1UdIwQY
MBaAFKSZkD2rhfall3Kz7f1L8OSRr1fEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEptUVBhdUY5cVdYY3JQdF9Vdnc1Skd2VjhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC84ZWRhOWEtZDEzYy00NDMwLThjZjQt
NTdlYzEyZTg2NDFlLzEvR0lTaXdEV3drTjU1dy1PUG40cXdSU3dlQTg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC84ZWRhOWEtZDEzYy00NDMwLThjZjQtNTdlYzEyZTg2NDFl
LzEvcEptUVBhdUY5cVdYY3JQdF9Vdnc1Skd2VjhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGOAMN
MA0GCSqGSIb3DQEBCwUAA4IBAQCLQYOQLkwwRXxowrJ20lVv5recnoyLLH+wND/z
6NXWUKj/8/wsBN4QMb2nuR6bKGscSl2pmYsOk854eFyFO7NWffondZp5GLkh4t87
fpuJFgrYQ7kaNOi0JL3f6Vj1d4urBW/FcAjVKiBZIbx0ckZwLveUHe5tegMuNmSC
MldIpdqZ6VSJ2fSLcnSbRXgFzZ+tgvPNcbkirdutJ7gU3zBiyI/XLdgv4QaiSf41
RDyxOJ7hfqvS7pLhSg7Nh84LoAwaN6I/Noq941ZUeqtH2BQwKlNuj91foMFnHqc1
WZrwzbOa/1X+RZPDM4ZnYEpiPGwJ8d1uNmiE4jkao7isC+nI
-----END CERTIFICATE-----