Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/GEGxo7x5arOrDEswEY0lvBywzpA.roa
File:                     GEGxo7x5arOrDEswEY0lvBywzpA.roa (raw, json)
Hash identifier:          XEGE+UmJTmdEEW+Z+x2hcBUw0HYtS4KzsDOd8UpQZWk=
Subject key identifier:   18:41:B1:A3:BC:79:6A:B3:AB:0C:4B:30:11:8D:25:BC:1C:B0:CE:90
Certificate issuer:       /CN=7bab6c11d41162db0306858f83e5e65121132a6b
Certificate serial:       018CC2DB5D9F2C76667763E040258E9D0596
Authority key identifier: 7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/GEGxo7x5arOrDEswEY0lvBywzpA.roa
Signing time:             Mon 01 Jan 2024 02:30:05 +0000
ROA not before:           Mon 01 Jan 2024 02:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207740
IP address blocks:        2a07:22c1:ffe5::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5d:9f:2c:76:66:77:63:e0:40:25:8e:9d:05:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bab6c11d41162db0306858f83e5e65121132a6b
        Validity
            Not Before: Jan  1 02:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1841b1a3bc796ab3ab0c4b30118d25bc1cb0ce90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:d2:60:3f:df:77:91:b5:6f:41:ab:88:e1:ba:
                    41:26:1b:a9:dd:36:7e:82:a5:68:28:6c:41:32:af:
                    8d:a7:0b:07:4a:c6:87:55:9b:49:8b:0b:0b:50:2a:
                    54:a2:9a:d8:37:3a:8b:76:08:e3:7e:24:f4:00:c4:
                    19:16:03:51:28:9d:88:5f:d5:ab:d8:c0:f6:63:29:
                    da:f1:12:fb:81:75:5e:48:74:af:6d:7e:95:9b:23:
                    80:e2:ce:80:99:89:29:43:e4:e5:e5:bf:38:83:5a:
                    97:15:c6:5a:7d:58:de:53:dd:28:05:2f:5e:a0:e6:
                    1a:4f:b4:36:6e:5c:85:06:3e:f8:ee:46:b6:68:70:
                    ca:5b:34:e6:22:4f:60:51:a3:36:26:b0:3e:3b:a2:
                    f5:60:2d:c1:46:1d:f1:ba:37:07:8d:17:08:aa:64:
                    44:07:66:cc:d9:7f:76:8d:59:69:6c:72:56:e1:bf:
                    1a:44:c6:0c:85:a3:a9:70:2e:97:9e:cc:3f:aa:22:
                    6b:2c:c8:1b:fa:f0:b2:f6:58:36:d8:4e:07:e8:d2:
                    1e:35:75:f7:9f:f8:ab:9d:ec:68:36:47:41:65:c8:
                    48:8a:33:fc:01:19:5a:04:7d:ab:fa:57:b8:24:00:
                    5d:0e:4e:70:41:0c:04:28:4b:36:a7:a1:9d:fb:e2:
                    27:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:41:B1:A3:BC:79:6A:B3:AB:0C:4B:30:11:8D:25:BC:1C:B0:CE:90
            X509v3 Authority Key Identifier:
                keyid:7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/GEGxo7x5arOrDEswEY0lvBywzpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:22c1:ffe5::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:4e:a6:7e:e9:0b:60:d4:f5:91:89:0c:4c:64:33:8f:de:76:
         18:0b:83:16:a0:68:45:7c:b2:dc:09:dd:be:33:06:1a:ad:b1:
         93:3f:c0:04:aa:b2:5f:32:69:29:ce:fc:ca:db:40:c6:d1:6e:
         28:82:8b:b5:84:fa:a5:d2:b3:9f:33:38:c6:00:71:40:99:4a:
         5b:e3:28:4f:f3:ce:19:f2:85:fd:06:ae:10:38:cc:64:52:1c:
         81:31:30:e0:5e:18:b6:5f:85:4d:66:6c:4f:fd:8d:11:47:da:
         85:1a:96:c6:d6:c3:43:4c:36:9e:5e:c1:39:26:bc:83:53:cb:
         e8:1e:66:48:91:b8:dd:7a:91:f0:04:42:64:04:f2:1f:23:8f:
         75:e6:29:8c:9c:5a:7f:31:19:93:d7:a4:46:84:1c:c4:1c:7e:
         8e:c6:1c:e1:cd:fc:a1:51:40:99:bc:a3:b0:1a:36:69:03:1e:
         aa:e6:be:0a:45:b7:60:25:40:45:15:b5:7b:7d:ba:b9:0e:57:
         f1:d2:62:23:e5:6e:c7:5b:06:81:19:c4:9b:a9:4a:d0:bd:8d:
         55:66:a4:38:b7:19:7b:85:f9:92:37:f6:7c:f2:ce:7c:ad:b7:
         48:af:c6:4c:c1:a9:91:3d:19:3a:a0:27:ba:13:74:ea:41:82:
         39:43:0c:af
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC212fLHZmd2PgQCWOnQWWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYWI2YzExZDQxMTYyZGIwMzA2ODU4ZjgzZTVlNjUxMjEx
MzJhNmIwHhcNMjQwMTAxMDIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODQxYjFhM2JjNzk2YWIzYWIwYzRiMzAxMThkMjViYzFjYjBjZTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgdJgP993kbVvQauI4bpBJhup3TZ+
gqVoKGxBMq+NpwsHSsaHVZtJiwsLUCpUoprYNzqLdgjjfiT0AMQZFgNRKJ2IX9Wr
2MD2Yyna8RL7gXVeSHSvbX6VmyOA4s6AmYkpQ+Tl5b84g1qXFcZafVjeU90oBS9e
oOYaT7Q2blyFBj747ka2aHDKWzTmIk9gUaM2JrA+O6L1YC3BRh3xujcHjRcIqmRE
B2bM2X92jVlpbHJW4b8aRMYMhaOpcC6Xnsw/qiJrLMgb+vCy9lg22E4H6NIeNXX3
n/irnexoNkdBZchIijP8ARlaBH2r+le4JABdDk5wQQwEKEs2p6Gd++IngQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBhBsaO8eWqzqwxLMBGNJbwcsM6QMB8GA1UdIwQY
MBaAFHurbBHUEWLbAwaFj4Pl5lEhEyprMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAt
OWY1YmY3MzY3MjBlLzEvR0VHeG83eDVhck9yREVzd0VZMGx2Qnl3enBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAtOWY1YmY3MzY3MjBl
LzEvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgciwf/l
MA0GCSqGSIb3DQEBCwUAA4IBAQAZTqZ+6Qtg1PWRiQxMZDOP3nYYC4MWoGhFfLLc
Cd2+MwYarbGTP8AEqrJfMmkpzvzK20DG0W4ogou1hPql0rOfMzjGAHFAmUpb4yhP
884Z8oX9Bq4QOMxkUhyBMTDgXhi2X4VNZmxP/Y0RR9qFGpbG1sNDTDaeXsE5JryD
U8voHmZIkbjdepHwBEJkBPIfI4915imMnFp/MRmT16RGhBzEHH6OxhzhzfyhUUCZ
vKOwGjZpAx6q5r4KRbdgJUBFFbV7fbq5Dlfx0mIj5W7HWwaBGcSbqUrQvY1VZqQ4
txl7hfmSN/Z88s58rbdIr8ZMwamRPRk6oCe6E3TqQYI5Qwyv
-----END CERTIFICATE-----