Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/f615b0-4d98-4a3d-8bd2-4c93bee27d54/1/Gp3k8iNCKBDzTxGnd4OrA1Nivns.roa
File:                     Gp3k8iNCKBDzTxGnd4OrA1Nivns.roa (raw, json)
Hash identifier:          /G4/Ux2Befme3uZEjl1Upznb7/XEehX2rp/+oEtG1E4=
Subject key identifier:   1A:9D:E4:F2:23:42:28:10:F3:4F:11:A7:77:83:AB:03:53:62:BE:7B
Certificate issuer:       /CN=8405c07192a8106fedb0760b8945032ca1d3054b
Certificate serial:       018CC4252D1DC8661F1DF0651D2CE644718D
Authority key identifier: 84:05:C0:71:92:A8:10:6F:ED:B0:76:0B:89:45:03:2C:A1:D3:05:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hAXAcZKoEG_tsHYLiUUDLKHTBUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/f615b0-4d98-4a3d-8bd2-4c93bee27d54/1/Gp3k8iNCKBDzTxGnd4OrA1Nivns.roa
Signing time:             Mon 01 Jan 2024 08:30:19 +0000
ROA not before:           Mon 01 Jan 2024 08:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41320
IP address blocks:        2a0c:3a81:100::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/f615b0-4d98-4a3d-8bd2-4c93bee27d54/1/hAXAcZKoEG_tsHYLiUUDLKHTBUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/f615b0-4d98-4a3d-8bd2-4c93bee27d54/1/hAXAcZKoEG_tsHYLiUUDLKHTBUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hAXAcZKoEG_tsHYLiUUDLKHTBUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:2d:1d:c8:66:1f:1d:f0:65:1d:2c:e6:44:71:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8405c07192a8106fedb0760b8945032ca1d3054b
        Validity
            Not Before: Jan  1 08:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a9de4f223422810f34f11a77783ab035362be7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:28:0b:4b:bd:59:a3:4a:b8:59:9a:70:2f:4c:
                    24:f2:29:be:7e:8c:2d:a0:c1:db:58:5b:cd:b0:93:
                    ea:49:a9:7f:af:a5:e4:67:b2:6a:c2:bc:a0:9d:da:
                    0e:2a:10:8f:61:c3:10:cb:9d:05:07:f5:0a:89:c8:
                    03:66:2b:51:69:4e:b1:a7:82:40:85:a8:67:e5:6c:
                    3c:7f:46:59:f9:28:e9:47:f8:c6:13:12:e3:43:96:
                    c5:dd:b0:06:e6:46:c8:71:07:fb:cd:35:ad:8d:60:
                    1c:ce:14:7e:ab:03:2c:74:5c:be:4c:90:e7:0a:fa:
                    16:41:87:67:23:c4:e9:28:31:5b:df:c6:7e:5b:00:
                    01:d5:ae:d5:2a:27:7f:a0:7d:0f:78:c3:3a:dc:a4:
                    7c:a5:10:f3:e9:3c:90:03:46:b8:48:2c:21:84:24:
                    22:b6:c6:06:36:a0:0d:20:75:e1:f0:07:af:7b:f5:
                    c3:05:a9:b0:78:67:8b:d8:70:0d:35:3a:0c:4a:26:
                    84:08:19:1d:8d:8d:85:82:c2:d9:8b:c8:8a:d4:fa:
                    f7:4e:00:03:bf:ac:c9:60:be:90:0f:5b:bf:70:37:
                    e9:09:5a:6c:e4:bf:d0:9d:06:36:e2:7d:ea:89:6f:
                    b0:33:72:e4:ac:56:1a:2d:38:2e:a5:28:ba:07:e3:
                    e6:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:9D:E4:F2:23:42:28:10:F3:4F:11:A7:77:83:AB:03:53:62:BE:7B
            X509v3 Authority Key Identifier:
                keyid:84:05:C0:71:92:A8:10:6F:ED:B0:76:0B:89:45:03:2C:A1:D3:05:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hAXAcZKoEG_tsHYLiUUDLKHTBUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/f615b0-4d98-4a3d-8bd2-4c93bee27d54/1/Gp3k8iNCKBDzTxGnd4OrA1Nivns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/f615b0-4d98-4a3d-8bd2-4c93bee27d54/1/hAXAcZKoEG_tsHYLiUUDLKHTBUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:3a81:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         51:1c:40:2e:af:d9:60:03:df:12:26:8b:42:32:39:f3:8c:cb:
         86:50:85:4d:8e:55:ba:14:7e:4d:37:b2:66:6a:94:97:82:2e:
         da:3d:c7:75:a3:ce:3a:a2:70:10:8e:5d:ba:8f:bd:5d:33:04:
         df:a1:fd:f6:6a:af:f1:ce:56:a7:66:8a:ca:02:dd:f7:98:b5:
         fa:22:96:e4:35:99:e0:5f:61:b2:01:b9:ff:39:66:9b:be:29:
         9d:69:ff:b1:db:8c:6f:03:82:14:fd:0a:ed:b3:a4:2d:e7:c2:
         af:a1:0c:e0:20:d2:cf:8a:16:4e:e1:99:f7:05:72:19:e2:cd:
         ae:ca:f3:6f:ab:ec:70:3d:bc:47:d9:43:d3:a7:6f:55:ca:d8:
         b1:11:94:7e:2a:5d:ec:12:3e:a1:e1:0e:89:8c:c8:7a:16:7d:
         8e:16:ca:0a:9f:89:23:8b:81:45:09:53:fa:38:42:c1:e4:6b:
         6a:27:aa:73:ac:62:88:36:f1:50:96:1b:3f:59:99:91:b6:38:
         41:8e:45:03:90:fe:0e:05:f2:52:09:97:d6:4f:a9:91:bb:57:
         1c:26:f4:fd:91:55:44:5d:d3:75:c3:b3:f3:c2:d3:f0:9e:45:
         6e:72:88:7d:ea:55:dc:1d:c1:95:0d:d2:82:bd:c8:d7:d3:60:
         78:c3:5d:b1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzEJS0dyGYfHfBlHSzmRHGNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0MDVjMDcxOTJhODEwNmZlZGIwNzYwYjg5NDUwMzJjYTFk
MzA1NGIwHhcNMjQwMTAxMDgzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTlkZTRmMjIzNDIyODEwZjM0ZjExYTc3NzgzYWIwMzUzNjJiZTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCgLS71Zo0q4WZpwL0wk8im+fowt
oMHbWFvNsJPqSal/r6XkZ7JqwrygndoOKhCPYcMQy50FB/UKicgDZitRaU6xp4JA
hahn5Ww8f0ZZ+SjpR/jGExLjQ5bF3bAG5kbIcQf7zTWtjWAczhR+qwMsdFy+TJDn
CvoWQYdnI8TpKDFb38Z+WwAB1a7VKid/oH0PeMM63KR8pRDz6TyQA0a4SCwhhCQi
tsYGNqANIHXh8Aeve/XDBamweGeL2HANNToMSiaECBkdjY2FgsLZi8iK1Pr3TgAD
v6zJYL6QD1u/cDfpCVps5L/QnQY24n3qiW+wM3LkrFYaLTgupSi6B+PmswIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBqd5PIjQigQ808Rp3eDqwNTYr57MB8GA1UdIwQY
MBaAFIQFwHGSqBBv7bB2C4lFAyyh0wVLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEFYQWNaS29FR190c0hZTGlVVURMS0hUQlVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9mNjE1YjAtNGQ5OC00YTNkLThiZDIt
NGM5M2JlZTI3ZDU0LzEvR3AzazhpTkNLQkR6VHhHbmQ0T3JBMU5pdm5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9mNjE1YjAtNGQ5OC00YTNkLThiZDItNGM5M2JlZTI3ZDU0
LzEvaEFYQWNaS29FR190c0hZTGlVVURMS0hUQlVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgw6gQEw
DQYJKoZIhvcNAQELBQADggEBAFEcQC6v2WAD3xImi0IyOfOMy4ZQhU2OVboUfk03
smZqlJeCLto9x3WjzjqicBCOXbqPvV0zBN+h/fZqr/HOVqdmisoC3feYtfoiluQ1
meBfYbIBuf85Zpu+KZ1p/7HbjG8DghT9Cu2zpC3nwq+hDOAg0s+KFk7hmfcFchni
za7K82+r7HA9vEfZQ9Onb1XK2LERlH4qXewSPqHhDomMyHoWfY4WygqfiSOLgUUJ
U/o4QsHka2onqnOsYog28VCWGz9ZmZG2OEGORQOQ/g4F8lIJl9ZPqZG7Vxwm9P2R
VURd03XDs/PC0/CeRW5yiH3qVdwdwZUN0oK9yNfTYHjDXbE=
-----END CERTIFICATE-----