Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/g4GRCAwu2q3EL-X1WL9RVrJbAQI.roa
File:                     g4GRCAwu2q3EL-X1WL9RVrJbAQI.roa (raw, json)
Hash identifier:          slCTgIDY8YfOpbaBmeIbIqftrjDIQWNh6XUk0mKIj7o=
Subject key identifier:   83:81:91:08:0C:2E:DA:AD:C4:2F:E5:F5:58:BF:51:56:B2:5B:01:02
Certificate issuer:       /CN=f8a966664ec96edbd12e8e82e940bfb9faec105e
Certificate serial:       0194266BAA7F4BEFFF8EB721928A0F7898AB
Authority key identifier: F8:A9:66:66:4E:C9:6E:DB:D1:2E:8E:82:E9:40:BF:B9:FA:EC:10:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/g4GRCAwu2q3EL-X1WL9RVrJbAQI.roa
Signing time:             Thu 02 Jan 2025 09:49:37 +0000
ROA not before:           Thu 02 Jan 2025 09:49:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48777
IP address blocks:        2a0a:4587:2020::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:aa:7f:4b:ef:ff:8e:b7:21:92:8a:0f:78:98:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8a966664ec96edbd12e8e82e940bfb9faec105e
        Validity
            Not Before: Jan  2 09:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=838191080c2edaadc42fe5f558bf5156b25b0102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:10:17:e0:30:c2:bb:1a:7d:3b:ea:2d:d4:62:
                    0e:4e:65:5a:6d:87:2f:2d:ce:a4:0a:4f:b3:ea:27:
                    f1:f1:3c:dc:b1:dc:07:ab:84:a9:73:2d:c2:bf:99:
                    ff:e6:5b:58:f5:3b:97:27:20:1f:48:51:3e:e4:69:
                    f9:e1:ef:a9:74:5f:80:83:69:45:b7:0e:cc:10:5f:
                    c6:03:c9:13:6f:d1:3e:7f:a0:5c:a3:14:40:c3:40:
                    f2:75:47:a8:58:9a:38:29:d9:69:12:f0:ca:f2:4d:
                    29:39:32:6f:bb:85:cf:42:4a:b3:82:29:75:ad:87:
                    20:6f:10:e8:38:34:58:05:66:90:bc:de:40:ed:3f:
                    09:95:33:69:23:f2:4c:84:5a:3e:36:89:a0:75:c6:
                    80:fc:37:55:c0:6b:3b:e2:98:4a:70:f3:8b:6e:e5:
                    8c:86:c6:3d:ea:38:72:ce:91:70:79:fc:8e:b2:ce:
                    41:f6:d4:db:82:d4:10:38:25:63:fa:8f:9b:40:61:
                    f4:3a:62:40:da:ce:d4:c3:0c:4a:5e:26:9c:46:cd:
                    d6:c3:22:a5:a3:16:7f:bb:4a:ab:67:85:77:83:b8:
                    6f:04:5b:bd:d9:90:06:c0:03:58:05:53:4c:1d:cc:
                    6f:8a:dc:1f:32:ab:4c:81:df:98:0e:be:50:1f:91:
                    13:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:81:91:08:0C:2E:DA:AD:C4:2F:E5:F5:58:BF:51:56:B2:5B:01:02
            X509v3 Authority Key Identifier:
                keyid:F8:A9:66:66:4E:C9:6E:DB:D1:2E:8E:82:E9:40:BF:B9:FA:EC:10:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/g4GRCAwu2q3EL-X1WL9RVrJbAQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:4587:2020::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:82:ab:4d:ce:16:04:88:e0:3e:55:5e:2e:19:1d:6f:89:8a:
         0c:75:62:da:0a:53:1b:b0:5c:23:4c:85:b9:53:0e:51:df:34:
         d1:c5:e9:f4:0f:48:49:9b:76:2d:5c:6c:2e:c8:e0:e5:d6:01:
         d7:44:25:36:aa:d3:56:c4:89:cc:3c:46:6e:1c:3b:5a:8c:a7:
         7b:43:47:74:7e:86:7b:c3:29:5f:21:11:4b:e6:46:fd:68:2b:
         6d:13:22:cd:c1:78:87:54:a9:5b:d6:75:75:2d:4d:7b:37:ca:
         fc:07:e8:b5:4d:0f:ed:a6:85:c5:7b:8e:19:e1:a1:02:12:e3:
         b7:48:39:20:1f:7e:f5:8f:0b:41:3e:b5:4c:37:0c:08:3d:d5:
         e4:b4:53:17:a6:72:0e:c1:b5:dc:a1:21:a0:c7:0b:48:e3:d0:
         ea:29:95:a9:fa:45:12:63:f6:f5:2d:63:f6:49:a2:95:db:7e:
         10:11:94:61:40:08:cf:36:9a:47:fa:a2:32:69:ac:a7:58:21:
         ad:0a:f4:39:dc:39:f8:fe:eb:9d:47:a9:13:4c:73:b2:c0:87:
         93:c9:bb:84:d8:df:91:ad:76:61:d3:0e:ea:4e:4c:03:02:04:
         59:37:70:37:8d:1e:76:40:7c:dd:52:25:73:9c:72:5d:f4:e4:
         a6:a7:bf:db
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZQma6p/S+//jrchkooPeJirMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4YTk2NjY2NGVjOTZlZGJkMTJlOGU4MmU5NDBiZmI5ZmFl
YzEwNWUwHhcNMjUwMTAyMDk0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzgxOTEwODBjMmVkYWFkYzQyZmU1ZjU1OGJmNTE1NmIyNWIwMTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hAX4DDCuxp9O+ot1GIOTmVabYcv
Lc6kCk+z6ifx8TzcsdwHq4Spcy3Cv5n/5ltY9TuXJyAfSFE+5Gn54e+pdF+Ag2lF
tw7MEF/GA8kTb9E+f6BcoxRAw0DydUeoWJo4KdlpEvDK8k0pOTJvu4XPQkqzgil1
rYcgbxDoODRYBWaQvN5A7T8JlTNpI/JMhFo+NomgdcaA/DdVwGs74phKcPOLbuWM
hsY96jhyzpFwefyOss5B9tTbgtQQOCVj+o+bQGH0OmJA2s7UwwxKXiacRs3WwyKl
oxZ/u0qrZ4V3g7hvBFu92ZAGwANYBVNMHcxvitwfMqtMgd+YDr5QH5ETtQIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFIOBkQgMLtqtxC/l9Vi/UVayWwECMB8GA1UdIwQY
MBaAFPipZmZOyW7b0S6OgulAv7n67BBeMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1LbG1aazdKYnR2UkxvNkM2VUNfdWZyc0VGNC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDUvNjRhYjk5LTQ5YWEtNGFhZS04ZGQ1
LTM4MjM1NWZjMmZmMS8xL2c0R1JDQXd1MnEzRUwtWDFXTDlSVnJKYkFRSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDUvNjRhYjk5LTQ5YWEtNGFhZS04ZGQ1LTM4MjM1NWZjMmZm
MS8xLzEtS2xtWms3SmJ0dlJMbzZDNlVDX3VmcnNFRjQuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqCkWH
ICAwDQYJKoZIhvcNAQELBQADggEBAA+Cq03OFgSI4D5VXi4ZHW+Jigx1YtoKUxuw
XCNMhblTDlHfNNHF6fQPSEmbdi1cbC7I4OXWAddEJTaq01bEicw8Rm4cO1qMp3tD
R3R+hnvDKV8hEUvmRv1oK20TIs3BeIdUqVvWdXUtTXs3yvwH6LVND+2mhcV7jhnh
oQIS47dIOSAffvWPC0E+tUw3DAg91eS0Uxemcg7BtdyhIaDHC0jj0Ooplan6RRJj
9vUtY/ZJopXbfhARlGFACM82mkf6ojJprKdYIa0K9DncOfj+651HqRNMc7LAh5PJ
u4TY35GtdmHTDupOTAMCBFk3cDeNHnZAfN1SJXOccl305Kanv9s=
-----END CERTIFICATE-----