Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/GW6-Jvlwjtx3rnuekpEEOJDcDfQ.roa
File:                     GW6-Jvlwjtx3rnuekpEEOJDcDfQ.roa (raw, json)
Hash identifier:          4PchxaO97M5ALVklaE9pgrQ30DiguvYbt4ODi/Jdq5o=
Subject key identifier:   19:6E:BE:26:F9:70:8E:DC:77:AE:7B:9E:92:91:04:38:90:DC:0D:F4
Certificate issuer:       /CN=015b6d1596ac0501a71a393447051a62ff1dda16
Certificate serial:       0194228D19742B4E911778D2AB931E91856A
Authority key identifier: 01:5B:6D:15:96:AC:05:01:A7:1A:39:34:47:05:1A:62:FF:1D:DA:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/GW6-Jvlwjtx3rnuekpEEOJDcDfQ.roa
Signing time:             Wed 01 Jan 2025 15:47:39 +0000
ROA not before:           Wed 01 Jan 2025 15:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202279
IP address blocks:        128.0.80.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:19:74:2b:4e:91:17:78:d2:ab:93:1e:91:85:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=015b6d1596ac0501a71a393447051a62ff1dda16
        Validity
            Not Before: Jan  1 15:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=196ebe26f9708edc77ae7b9e9291043890dc0df4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d0:ae:16:36:a9:5a:96:dc:89:d7:fb:73:d3:
                    1e:3b:99:95:25:57:69:8e:d1:37:e7:80:58:bf:d2:
                    52:92:5f:1f:67:fe:4f:60:b4:06:79:91:8e:57:9f:
                    3f:08:bd:6e:db:c3:41:0e:fa:4b:f9:e8:4d:b6:77:
                    de:98:f3:dd:5a:60:87:4a:d0:ef:59:14:0b:9f:b0:
                    26:58:47:f9:ec:8b:56:ca:8b:ac:af:80:be:62:5a:
                    3c:5f:6f:cd:78:07:e7:44:0c:96:b4:c2:6f:6e:f7:
                    b6:7e:b6:b4:84:bf:3d:9c:d2:d6:0e:eb:33:87:a1:
                    45:9f:d3:94:95:e6:d3:62:1a:bb:c3:8e:66:a0:37:
                    6b:ea:1e:b5:53:ff:49:6f:d5:15:e5:c6:af:b9:cc:
                    2f:3e:4c:3d:6d:f3:99:54:52:d1:0d:92:a8:be:ce:
                    e1:92:c4:08:e3:10:8d:23:d5:e7:6a:4e:2f:73:ea:
                    0d:87:2c:ba:8c:63:5b:6f:17:2f:e7:cc:d1:4f:97:
                    6a:d9:66:60:73:ef:43:9e:50:28:4c:99:5b:38:d2:
                    d5:d0:69:af:7e:19:d3:26:2b:0d:2a:d8:32:63:63:
                    9d:85:30:8b:f9:83:f1:d8:be:44:da:6a:9a:34:bd:
                    e1:24:c5:01:5d:0e:44:76:c8:44:46:b2:7c:8c:be:
                    ee:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:6E:BE:26:F9:70:8E:DC:77:AE:7B:9E:92:91:04:38:90:DC:0D:F4
            X509v3 Authority Key Identifier:
                keyid:01:5B:6D:15:96:AC:05:01:A7:1A:39:34:47:05:1A:62:FF:1D:DA:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/GW6-Jvlwjtx3rnuekpEEOJDcDfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.0.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         17:d3:06:15:2b:5d:5c:f7:a2:44:29:30:20:02:d5:fd:1d:0b:
         70:0e:74:f6:be:2a:d1:a1:e4:bb:83:51:38:fd:18:ac:9d:3e:
         af:ed:ca:1a:2c:13:10:75:85:21:e1:42:f7:89:4b:4e:44:e4:
         00:40:39:6d:07:6b:2b:62:04:8f:aa:a8:f1:6e:61:a9:8b:95:
         2a:d0:f3:0e:95:7d:0f:9e:a0:ba:e8:6c:95:4f:99:8c:f3:a2:
         95:f7:d1:35:80:53:7b:bd:2c:29:bb:e8:be:b4:58:ba:b5:d7:
         77:2f:01:5a:8e:16:2a:3c:c3:57:b0:a2:87:dd:69:80:24:46:
         81:75:d3:ca:a8:f6:93:77:1b:4d:c0:6b:0c:90:6d:4f:5f:4e:
         66:9f:81:eb:2c:2c:c1:dd:9a:a6:de:08:5f:68:98:31:f3:06:
         af:e9:53:ff:d0:11:45:9a:8f:a5:17:55:f2:40:23:7b:6e:b5:
         06:dd:e1:90:09:24:d1:80:71:c4:b4:03:aa:6e:9d:84:e5:18:
         79:28:c3:57:27:71:f6:26:ba:fe:e8:01:50:9c:2b:ce:3b:bc:
         99:2a:5e:79:48:d5:d0:c4:1c:1d:1d:56:57:2d:4b:53:39:7d:
         7e:99:c4:36:26:74:fe:37:27:da:44:13:9f:bf:2b:f1:7a:11:
         3c:6b:e6:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijRl0K06RF3jSq5MekYVqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNWI2ZDE1OTZhYzA1MDFhNzFhMzkzNDQ3MDUxYTYyZmYx
ZGRhMTYwHhcNMjUwMTAxMTU0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTZlYmUyNmY5NzA4ZWRjNzdhZTdiOWU5MjkxMDQzODkwZGMwZGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdCuFjapWpbcidf7c9MeO5mVJVdp
jtE354BYv9JSkl8fZ/5PYLQGeZGOV58/CL1u28NBDvpL+ehNtnfemPPdWmCHStDv
WRQLn7AmWEf57ItWyousr4C+Ylo8X2/NeAfnRAyWtMJvbve2fra0hL89nNLWDusz
h6FFn9OUlebTYhq7w45moDdr6h61U/9Jb9UV5cavucwvPkw9bfOZVFLRDZKovs7h
ksQI4xCNI9Xnak4vc+oNhyy6jGNbbxcv58zRT5dq2WZgc+9DnlAoTJlbONLV0Gmv
fhnTJisNKtgyY2OdhTCL+YPx2L5E2mqaNL3hJMUBXQ5EdshERrJ8jL7uiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBluvib5cI7cd657npKRBDiQ3A30MB8GA1UdIwQY
MBaAFAFbbRWWrAUBpxo5NEcFGmL/HdoWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVZ0dEZaYXNCUUduR2prMFJ3VWFZdjhkMmhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81MmE4OGYtZTlhMi00ODUxLTkxNDgt
ZmVlOGYzNzkwNTY3LzEvR1c2LUp2bHdqdHgzcm51ZWtwRUVPSkRjRGZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81MmE4OGYtZTlhMi00ODUxLTkxNDgtZmVlOGYzNzkwNTY3
LzEvQVZ0dEZaYXNCUUduR2prMFJ3VWFZdjhkMmhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCgABQMA0G
CSqGSIb3DQEBCwUAA4IBAQAX0wYVK11c96JEKTAgAtX9HQtwDnT2virRoeS7g1E4
/RisnT6v7coaLBMQdYUh4UL3iUtOROQAQDltB2srYgSPqqjxbmGpi5Uq0PMOlX0P
nqC66GyVT5mM86KV99E1gFN7vSwpu+i+tFi6tdd3LwFajhYqPMNXsKKH3WmAJEaB
ddPKqPaTdxtNwGsMkG1PX05mn4HrLCzB3Zqm3ghfaJgx8wav6VP/0BFFmo+lF1Xy
QCN7brUG3eGQCSTRgHHEtAOqbp2E5Rh5KMNXJ3H2Jrr+6AFQnCvOO7yZKl55SNXQ
xBwdHVZXLUtTOX1+mcQ2JnT+NyfaRBOfvyvxehE8a+b/
-----END CERTIFICATE-----