Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/811f21-125b-4d07-bac8-7546dd1716c8/1/GRwkpj3rDDEcWsBTpDYvXbvhFGU.roa
File:                     GRwkpj3rDDEcWsBTpDYvXbvhFGU.roa (raw, json)
Hash identifier:          Qovynai3lQ2MnZZOi3CI/dvjw5vzncgbCS+0ZH19mCM=
Subject key identifier:   19:1C:24:A6:3D:EB:0C:31:1C:5A:C0:53:A4:36:2F:5D:BB:E1:14:65
Certificate issuer:       /CN=c571d9580a8f01e49c61c5fcfdff2e5899534b8f
Certificate serial:       018F39C890CB2FB3FCC09A587B561C25E7B0
Authority key identifier: C5:71:D9:58:0A:8F:01:E4:9C:61:C5:FC:FD:FF:2E:58:99:53:4B:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xXHZWAqPAeScYcX8_f8uWJlTS48.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/811f21-125b-4d07-bac8-7546dd1716c8/1/GRwkpj3rDDEcWsBTpDYvXbvhFGU.roa
Signing time:             Thu 02 May 2024 14:49:56 +0000
ROA not before:           Thu 02 May 2024 14:49:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35327
IP address blocks:        2001:67c:e90::/48 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/811f21-125b-4d07-bac8-7546dd1716c8/1/xXHZWAqPAeScYcX8_f8uWJlTS48.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/811f21-125b-4d07-bac8-7546dd1716c8/1/xXHZWAqPAeScYcX8_f8uWJlTS48.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xXHZWAqPAeScYcX8_f8uWJlTS48.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 17:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:39:c8:90:cb:2f:b3:fc:c0:9a:58:7b:56:1c:25:e7:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c571d9580a8f01e49c61c5fcfdff2e5899534b8f
        Validity
            Not Before: May  2 14:49:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=191c24a63deb0c311c5ac053a4362f5dbbe11465
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:c1:4a:01:b3:be:b0:2c:31:50:d5:21:14:db:
                    ad:c6:d4:a3:17:36:87:92:2e:f2:c7:ea:75:f6:78:
                    ea:a1:5c:3e:fd:f8:da:22:7f:6c:8c:6b:47:7a:0a:
                    3d:86:fd:35:ff:3b:6d:12:72:d0:2c:b3:26:00:a5:
                    4a:9c:69:d3:f9:a2:4d:7c:b2:23:4a:c1:60:ed:9d:
                    9c:43:c2:ca:81:eb:5b:04:11:5e:64:8f:82:56:aa:
                    a4:8c:8b:b2:dc:69:c5:2e:4b:79:e6:4f:5c:64:ce:
                    21:f9:d5:dc:63:1f:26:5b:57:23:22:34:a9:88:ea:
                    56:51:5f:2c:f9:b8:29:b3:19:67:d4:16:54:58:5b:
                    3d:8d:e6:ff:a7:ac:dc:23:49:9d:4e:d9:99:08:4a:
                    05:20:ec:b9:4b:3d:59:e1:57:36:75:e8:8e:16:a2:
                    c2:85:ae:5a:44:11:27:db:ce:29:9b:5a:72:25:97:
                    b6:1a:cd:fd:4f:02:28:ba:9e:c1:de:a6:5c:9c:c8:
                    32:e1:22:8a:d8:e8:5d:01:7c:a4:95:19:3d:81:17:
                    ef:45:db:86:95:54:29:e2:c4:30:7a:06:27:73:1e:
                    9a:24:a5:cd:b4:8c:51:cc:b8:a5:13:a9:c5:8f:6a:
                    80:18:79:da:27:7c:01:42:43:47:28:44:d1:80:05:
                    d4:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:1C:24:A6:3D:EB:0C:31:1C:5A:C0:53:A4:36:2F:5D:BB:E1:14:65
            X509v3 Authority Key Identifier:
                keyid:C5:71:D9:58:0A:8F:01:E4:9C:61:C5:FC:FD:FF:2E:58:99:53:4B:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xXHZWAqPAeScYcX8_f8uWJlTS48.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/811f21-125b-4d07-bac8-7546dd1716c8/1/GRwkpj3rDDEcWsBTpDYvXbvhFGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/811f21-125b-4d07-bac8-7546dd1716c8/1/xXHZWAqPAeScYcX8_f8uWJlTS48.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:e90::/48

    Signature Algorithm: sha256WithRSAEncryption
         b7:d8:44:3b:c8:69:98:cd:4b:5d:7e:b5:8c:ff:2c:cd:4f:97:
         51:f2:bd:3d:1c:19:db:5c:fa:92:0a:1c:03:c2:64:2d:1f:73:
         31:b0:49:0f:08:a2:ef:41:ce:43:9c:bb:8d:78:08:20:62:1d:
         69:c5:10:14:3f:81:7a:ad:d2:47:52:f9:cd:d5:56:74:18:79:
         2b:3f:26:91:35:2e:3f:ee:df:75:25:9a:ab:ce:91:5c:4f:76:
         55:15:89:6a:2e:18:d9:7f:aa:02:a4:30:8d:81:d0:75:58:93:
         0d:64:94:de:53:87:70:b9:dd:2e:2e:3c:39:b6:ad:a1:e9:97:
         6a:5a:9c:61:34:58:2a:99:90:f9:de:25:49:18:54:6b:c2:d6:
         3f:b1:32:3a:52:b6:18:36:48:75:85:1b:e8:ff:f2:ed:78:34:
         f4:62:c2:a4:69:17:3f:5e:80:40:6f:e3:8a:c4:94:18:a3:8a:
         bc:38:62:21:b0:6c:84:58:4f:b3:eb:41:90:40:2d:4f:d8:a9:
         b0:9f:eb:15:42:82:c0:a9:79:56:9c:a3:ec:c3:12:c6:49:1f:
         a8:f4:27:3b:8f:be:8f:aa:06:72:34:c7:f5:00:8e:11:a7:e7:
         9e:20:cb:1f:a1:e2:f0:f3:c2:ff:3a:72:1b:e6:f5:52:0e:41:
         3f:3c:06:86
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY85yJDLL7P8wJpYe1YcJeewMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1NzFkOTU4MGE4ZjAxZTQ5YzYxYzVmY2ZkZmYyZTU4OTk1
MzRiOGYwHhcNMjQwNTAyMTQ0OTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTFjMjRhNjNkZWIwYzMxMWM1YWMwNTNhNDM2MmY1ZGJiZTExNDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3cFKAbO+sCwxUNUhFNutxtSjFzaH
ki7yx+p19njqoVw+/fjaIn9sjGtHego9hv01/zttEnLQLLMmAKVKnGnT+aJNfLIj
SsFg7Z2cQ8LKgetbBBFeZI+CVqqkjIuy3GnFLkt55k9cZM4h+dXcYx8mW1cjIjSp
iOpWUV8s+bgpsxln1BZUWFs9jeb/p6zcI0mdTtmZCEoFIOy5Sz1Z4Vc2deiOFqLC
ha5aRBEn284pm1pyJZe2Gs39TwIoup7B3qZcnMgy4SKK2OhdAXyklRk9gRfvRduG
lVQp4sQwegYncx6aJKXNtIxRzLilE6nFj2qAGHnaJ3wBQkNHKETRgAXU4QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBkcJKY96wwxHFrAU6Q2L1274RRlMB8GA1UdIwQY
MBaAFMVx2VgKjwHknGHF/P3/LliZU0uPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFhIWldBcVBBZVNjWWNYOF9mOHVXSmxUUzQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni84MTFmMjEtMTI1Yi00ZDA3LWJhYzgt
NzU0NmRkMTcxNmM4LzEvR1J3a3BqM3JEREVjV3NCVHBEWXZYYnZoRkdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni84MTFmMjEtMTI1Yi00ZDA3LWJhYzgtNzU0NmRkMTcxNmM4
LzEveFhIWldBcVBBZVNjWWNYOF9mOHVXSmxUUzQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA6Q
MA0GCSqGSIb3DQEBCwUAA4IBAQC32EQ7yGmYzUtdfrWM/yzNT5dR8r09HBnbXPqS
ChwDwmQtH3MxsEkPCKLvQc5DnLuNeAggYh1pxRAUP4F6rdJHUvnN1VZ0GHkrPyaR
NS4/7t91JZqrzpFcT3ZVFYlqLhjZf6oCpDCNgdB1WJMNZJTeU4dwud0uLjw5tq2h
6ZdqWpxhNFgqmZD53iVJGFRrwtY/sTI6UrYYNkh1hRvo//LteDT0YsKkaRc/XoBA
b+OKxJQYo4q8OGIhsGyEWE+z60GQQC1P2Kmwn+sVQoLAqXlWnKPswxLGSR+o9Cc7
j76PqgZyNMf1AI4Rp+eeIMsfoeLw88L/OnIb5vVSDkE/PAaG
-----END CERTIFICATE-----