Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/9f58f2-7919-4bfc-8f73-e7073cfe134f/1/GdtEMs92bf3QYKPZXbx5IQ4pecI.roa
File:                     GdtEMs92bf3QYKPZXbx5IQ4pecI.roa (raw, json)
Hash identifier:          0i2GcC+PF/tDkIli9lmmKKI9w/IYKubA6m3LbNj307M=
Subject key identifier:   19:DB:44:32:CF:76:6D:FD:D0:60:A3:D9:5D:BC:79:21:0E:29:79:C2
Certificate issuer:       /CN=4eaefc49e6cd67e25996a2c0fc57b80cc23dba44
Certificate serial:       018CC64AC40C34FF17F3FA7674642D974D55
Authority key identifier: 4E:AE:FC:49:E6:CD:67:E2:59:96:A2:C0:FC:57:B8:0C:C2:3D:BA:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tq78SebNZ-JZlqLA_Fe4DMI9ukQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/9f58f2-7919-4bfc-8f73-e7073cfe134f/1/GdtEMs92bf3QYKPZXbx5IQ4pecI.roa
Signing time:             Mon 01 Jan 2024 18:30:37 +0000
ROA not before:           Mon 01 Jan 2024 18:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        141.41.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/9f58f2-7919-4bfc-8f73-e7073cfe134f/1/Tq78SebNZ-JZlqLA_Fe4DMI9ukQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/9f58f2-7919-4bfc-8f73-e7073cfe134f/1/Tq78SebNZ-JZlqLA_Fe4DMI9ukQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tq78SebNZ-JZlqLA_Fe4DMI9ukQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:c4:0c:34:ff:17:f3:fa:76:74:64:2d:97:4d:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4eaefc49e6cd67e25996a2c0fc57b80cc23dba44
        Validity
            Not Before: Jan  1 18:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19db4432cf766dfdd060a3d95dbc79210e2979c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:69:18:50:65:1a:4e:6c:d9:60:61:eb:15:28:
                    f3:93:74:a5:28:fd:8f:d2:2f:de:02:a7:74:8d:2c:
                    c6:9d:26:1b:fd:86:c0:b0:3f:ef:b9:76:3f:db:15:
                    82:05:0f:9d:9a:23:e0:86:d2:ba:6c:24:f3:38:a5:
                    7b:1f:27:32:13:f0:2d:80:23:17:aa:20:2e:30:43:
                    89:00:e2:48:5f:19:c9:e9:9a:36:38:2b:f3:73:34:
                    d9:03:a6:d8:f0:a3:59:c5:da:ca:60:85:23:72:07:
                    0f:a6:c6:ee:23:4d:54:17:d1:66:c2:23:65:1e:ed:
                    c5:e3:3e:0e:e4:bb:dc:52:08:ab:76:2e:f7:57:4e:
                    99:15:e4:c4:bf:b4:a3:a4:32:e5:74:cf:ee:11:82:
                    82:0c:b5:60:de:06:89:9d:95:80:2c:cf:d6:0b:42:
                    8b:8e:f2:26:a0:1f:3b:ab:7a:88:b2:d0:ae:1b:5d:
                    b9:95:0f:43:0b:ed:9e:6e:94:f8:ee:48:87:a7:ff:
                    b2:f6:92:ce:25:75:3f:ec:71:d7:d3:76:44:24:63:
                    b7:00:dc:50:e4:67:9f:ec:d8:0a:87:9f:ce:68:81:
                    25:9b:57:2e:65:e4:a4:3f:1e:a5:8e:df:a0:56:ac:
                    02:3c:b7:02:85:62:82:87:95:a0:e4:16:80:37:1a:
                    6f:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:DB:44:32:CF:76:6D:FD:D0:60:A3:D9:5D:BC:79:21:0E:29:79:C2
            X509v3 Authority Key Identifier:
                keyid:4E:AE:FC:49:E6:CD:67:E2:59:96:A2:C0:FC:57:B8:0C:C2:3D:BA:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tq78SebNZ-JZlqLA_Fe4DMI9ukQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/9f58f2-7919-4bfc-8f73-e7073cfe134f/1/GdtEMs92bf3QYKPZXbx5IQ4pecI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/9f58f2-7919-4bfc-8f73-e7073cfe134f/1/Tq78SebNZ-JZlqLA_Fe4DMI9ukQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.41.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         19:2d:2f:06:61:30:be:a7:6c:d8:b0:b6:80:2d:ad:c2:17:9f:
         33:a4:ec:bd:94:25:a5:44:ca:38:fd:1d:36:a0:6a:4e:be:1d:
         13:fc:00:d5:fb:ee:e4:fe:d4:08:7b:e8:88:c5:fd:fd:3b:5e:
         47:26:94:4e:b6:77:8a:70:fc:52:74:a0:1b:4d:e9:11:bb:5a:
         8f:5f:28:06:34:0e:f7:fd:cd:93:05:fd:e9:41:f4:92:2d:23:
         f4:e9:56:1c:22:6e:8e:dc:33:42:14:e9:d6:92:88:5e:2e:3b:
         5c:98:8d:ed:2a:f7:3b:02:56:85:cb:7e:ef:2a:ce:d6:50:d7:
         64:95:9a:2b:83:bf:f8:8f:ce:84:a4:ad:e1:22:ab:66:31:c2:
         16:43:10:a9:ab:ee:b3:88:4b:4e:03:12:63:2b:f9:18:fb:73:
         c6:66:d9:63:91:a0:27:0e:36:c9:05:9a:ee:7a:5f:39:49:9c:
         9e:53:ed:7f:bf:16:23:cf:60:12:0f:a7:0a:8c:8a:af:db:dc:
         dc:f7:bc:20:9a:f5:72:2e:ff:bf:bb:a7:0f:bd:40:5e:e5:29:
         a0:a0:e4:69:d7:60:a4:a8:40:f4:88:26:41:fe:08:9e:f1:91:
         ea:64:68:e8:8c:eb:3c:fe:03:1b:e2:48:38:55:99:c6:73:b7:
         62:fe:71:11
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzGSsQMNP8X8/p2dGQtl01VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlYWVmYzQ5ZTZjZDY3ZTI1OTk2YTJjMGZjNTdiODBjYzIz
ZGJhNDQwHhcNMjQwMTAxMTgzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWRiNDQzMmNmNzY2ZGZkZDA2MGEzZDk1ZGJjNzkyMTBlMjk3OWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGkYUGUaTmzZYGHrFSjzk3SlKP2P
0i/eAqd0jSzGnSYb/YbAsD/vuXY/2xWCBQ+dmiPghtK6bCTzOKV7HycyE/AtgCMX
qiAuMEOJAOJIXxnJ6Zo2OCvzczTZA6bY8KNZxdrKYIUjcgcPpsbuI01UF9FmwiNl
Hu3F4z4O5LvcUgirdi73V06ZFeTEv7SjpDLldM/uEYKCDLVg3gaJnZWALM/WC0KL
jvImoB87q3qIstCuG125lQ9DC+2ebpT47kiHp/+y9pLOJXU/7HHX03ZEJGO3ANxQ
5Gef7NgKh5/OaIElm1cuZeSkPx6ljt+gVqwCPLcChWKCh5Wg5BaANxpvLwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFBnbRDLPdm390GCj2V28eSEOKXnCMB8GA1UdIwQY
MBaAFE6u/EnmzWfiWZaiwPxXuAzCPbpEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHE3OFNlYk5aLUpabHFMQV9GZTRETUk5dWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi85ZjU4ZjItNzkxOS00YmZjLThmNzMt
ZTcwNzNjZmUxMzRmLzEvR2R0RU1zOTJiZjNRWUtQWlhieDVJUTRwZWNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi85ZjU4ZjItNzkxOS00YmZjLThmNzMtZTcwNzNjZmUxMzRm
LzEvVHE3OFNlYk5aLUpabHFMQV9GZTRETUk5dWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjSkwDQYJ
KoZIhvcNAQELBQADggEBABktLwZhML6nbNiwtoAtrcIXnzOk7L2UJaVEyjj9HTag
ak6+HRP8ANX77uT+1Ah76IjF/f07XkcmlE62d4pw/FJ0oBtN6RG7Wo9fKAY0Dvf9
zZMF/elB9JItI/TpVhwibo7cM0IU6daSiF4uO1yYje0q9zsCVoXLfu8qztZQ12SV
miuDv/iPzoSkreEiq2YxwhZDEKmr7rOIS04DEmMr+Rj7c8Zm2WORoCcONskFmu56
XzlJnJ5T7X+/FiPPYBIPpwqMiq/b3Nz3vCCa9XIu/7+7pw+9QF7lKaCg5GnXYKSo
QPSIJkH+CJ7xkepkaOiM6zz+AxviSDhVmcZzt2L+cRE=
-----END CERTIFICATE-----