Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/GTt-Aq_xhRDEsaNCmVy53yeRk_I.roa
File:                     GTt-Aq_xhRDEsaNCmVy53yeRk_I.roa (raw, json)
Hash identifier:          VG8KjfBeceGy27uCV1yGcY/mIdSvKKapv7c1C5nH6YU=
Subject key identifier:   19:3B:7E:02:AF:F1:85:10:C4:B1:A3:42:99:5C:B9:DF:27:91:93:F2
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E0E19E504C8965FB1BC9D889A04FA
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/GTt-Aq_xhRDEsaNCmVy53yeRk_I.roa
Signing time:             Mon 01 Jan 2024 14:29:33 +0000
ROA not before:           Mon 01 Jan 2024 14:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39639
IP address blocks:        2a01:7680::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 04:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0e:19:e5:04:c8:96:5f:b1:bc:9d:88:9a:04:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=193b7e02aff18510c4b1a342995cb9df279193f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:33:2e:c8:aa:23:bb:c8:91:b3:0a:d4:bc:14:
                    10:59:3d:bc:bf:da:77:83:55:dd:b0:fb:fb:3c:45:
                    39:93:a7:38:e8:2f:f1:19:04:46:86:37:c9:96:25:
                    e2:c3:9f:52:92:de:49:15:d6:22:cd:de:a5:3f:6a:
                    09:96:85:97:f2:89:1a:1a:e4:fa:62:42:33:14:fa:
                    09:68:dc:0b:23:bf:9e:3f:90:89:ad:7d:ef:4a:b6:
                    51:a2:7e:6f:09:4f:70:a7:b7:c5:5e:00:34:85:5b:
                    19:10:44:a7:01:f5:d1:fe:49:fc:1a:a5:95:30:fa:
                    bf:59:13:d2:fb:ab:fd:92:94:c6:7e:b0:a4:bf:64:
                    9a:7c:f3:b0:7f:ff:0f:c8:fc:aa:f9:eb:57:a1:15:
                    95:bd:71:5c:ec:a5:ee:92:1b:fd:02:9c:b1:bd:2b:
                    96:35:d6:03:d5:a9:74:db:4a:f5:1e:95:fd:b9:31:
                    0b:83:02:5a:ec:92:f8:cf:8b:a8:c4:fd:d8:a3:f7:
                    18:08:23:df:94:38:41:28:a8:7e:cd:72:cf:9d:91:
                    f8:24:d6:80:4a:1b:36:8f:bf:5a:7a:61:77:86:74:
                    7c:23:30:bc:ec:89:de:65:29:99:71:89:77:d5:6e:
                    95:3e:fe:56:45:33:28:ff:98:2e:d1:cb:53:d5:6a:
                    ab:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:3B:7E:02:AF:F1:85:10:C4:B1:A3:42:99:5C:B9:DF:27:91:93:F2
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/GTt-Aq_xhRDEsaNCmVy53yeRk_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:7680::/32

    Signature Algorithm: sha256WithRSAEncryption
         60:4a:04:53:a1:10:b2:41:9e:f6:a7:49:4e:ac:0e:79:47:c0:
         3e:36:7e:b4:35:b1:05:17:48:6b:90:e8:a9:ac:12:1c:43:48:
         2d:71:11:de:36:f4:41:6b:46:9a:32:6e:d8:dc:26:af:4c:a8:
         b5:4d:23:51:99:7d:f1:1e:29:35:f9:d4:9c:71:ad:c8:59:d8:
         23:7b:4c:2b:e9:78:e9:d2:72:55:0a:85:c1:bf:ba:b9:49:a5:
         c3:b9:dc:40:ee:cc:4a:e8:d2:f0:a4:9e:3d:2e:05:61:29:31:
         f3:0a:36:c4:2b:40:0c:57:69:c2:44:a3:48:b9:78:08:38:e2:
         9c:9e:cf:f2:c9:3b:54:6b:ca:8e:f3:69:45:06:47:b3:51:c0:
         cd:55:96:36:e6:39:22:39:58:b3:91:1d:a0:81:ac:99:7e:82:
         79:d0:63:be:1b:fd:96:3f:60:a6:b2:84:51:03:29:fa:b6:5a:
         fe:aa:2b:b6:bd:6c:28:15:62:61:af:4d:a5:1c:6a:50:35:f5:
         d0:8b:f3:0c:6e:7b:05:a8:ed:18:b5:39:0c:26:92:1d:13:7d:
         ea:54:01:71:16:d3:d5:9a:29:84:8f:2d:dc:1a:bf:ab:d7:37:
         95:e5:56:0a:ff:2e:f1:a2:94:59:b0:56:d0:11:b0:60:01:e7:
         36:d4:48:ea
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFbg4Z5QTIll+xvJ2ImgT6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTNiN2UwMmFmZjE4NTEwYzRiMWEzNDI5OTVjYjlkZjI3OTE5M2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzMuyKoju8iRswrUvBQQWT28v9p3
g1XdsPv7PEU5k6c46C/xGQRGhjfJliXiw59Skt5JFdYizd6lP2oJloWX8okaGuT6
YkIzFPoJaNwLI7+eP5CJrX3vSrZRon5vCU9wp7fFXgA0hVsZEESnAfXR/kn8GqWV
MPq/WRPS+6v9kpTGfrCkv2SafPOwf/8PyPyq+etXoRWVvXFc7KXukhv9ApyxvSuW
NdYD1al020r1HpX9uTELgwJa7JL4z4uoxP3Yo/cYCCPflDhBKKh+zXLPnZH4JNaA
Shs2j79aemF3hnR8IzC87IneZSmZcYl31W6VPv5WRTMo/5gu0ctT1WqreQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBk7fgKv8YUQxLGjQplcud8nkZPyMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvR1R0LUFxX3hoUkRFc2FOQ21WeTUzeWVSa19JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgF2gDAN
BgkqhkiG9w0BAQsFAAOCAQEAYEoEU6EQskGe9qdJTqwOeUfAPjZ+tDWxBRdIa5Do
qawSHENILXER3jb0QWtGmjJu2Nwmr0yotU0jUZl98R4pNfnUnHGtyFnYI3tMK+l4
6dJyVQqFwb+6uUmlw7ncQO7MSujS8KSePS4FYSkx8wo2xCtADFdpwkSjSLl4CDji
nJ7P8sk7VGvKjvNpRQZHs1HAzVWWNuY5IjlYs5EdoIGsmX6CedBjvhv9lj9gprKE
UQMp+rZa/qortr1sKBViYa9NpRxqUDX10IvzDG57BajtGLU5DCaSHRN96lQBcRbT
1ZophI8t3Bq/q9c3leVWCv8u8aKUWbBW0BGwYAHnNtRI6g==
-----END CERTIFICATE-----