Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/998296-9464-4fb2-98e6-ca8af4f5356c/1/GmWwrSp8WCsjuWV7s3ElvcyPeMA.roa
File:                     GmWwrSp8WCsjuWV7s3ElvcyPeMA.roa (raw, json)
Hash identifier:          KXk2JXj/N+1XyaZhXNs8mmnkai7rE39HRXy5klXDYWw=
Subject key identifier:   1A:65:B0:AD:2A:7C:58:2B:23:B9:65:7B:B3:71:25:BD:CC:8F:78:C0
Certificate issuer:       /CN=83c6ca86519b56d4d1873af6e257de7e97f3c8ac
Certificate serial:       018D82ADA8ECD5343FE0F5637584727DE192
Authority key identifier: 83:C6:CA:86:51:9B:56:D4:D1:87:3A:F6:E2:57:DE:7E:97:F3:C8:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g8bKhlGbVtTRhzr24lfefpfzyKw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/998296-9464-4fb2-98e6-ca8af4f5356c/1/GmWwrSp8WCsjuWV7s3ElvcyPeMA.roa
Signing time:             Wed 07 Feb 2024 08:27:15 +0000
ROA not before:           Wed 07 Feb 2024 08:27:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15699
IP address blocks:        46.226.40.0/21 maxlen: 32
                          2a0b:9d80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/998296-9464-4fb2-98e6-ca8af4f5356c/1/g8bKhlGbVtTRhzr24lfefpfzyKw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/998296-9464-4fb2-98e6-ca8af4f5356c/1/g8bKhlGbVtTRhzr24lfefpfzyKw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g8bKhlGbVtTRhzr24lfefpfzyKw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 11:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:82:ad:a8:ec:d5:34:3f:e0:f5:63:75:84:72:7d:e1:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83c6ca86519b56d4d1873af6e257de7e97f3c8ac
        Validity
            Not Before: Feb  7 08:27:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a65b0ad2a7c582b23b9657bb37125bdcc8f78c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:9a:d3:8b:b3:5c:8e:10:e5:6e:60:9b:05:00:
                    66:5d:91:3b:0b:b5:ef:c4:11:2b:a4:e8:19:52:11:
                    3b:d6:11:59:1a:eb:f0:8d:52:29:34:7a:0e:d4:6c:
                    c4:4a:4e:7b:2c:8f:4b:6e:83:4b:2a:04:b3:ae:9d:
                    88:3e:da:23:ba:33:ea:1e:60:03:8d:45:49:04:5d:
                    20:bc:71:d2:fc:4a:7f:a1:18:94:7b:63:f9:9f:28:
                    98:58:9d:8e:d5:65:98:69:d6:69:04:6a:33:7b:ca:
                    5d:4a:5c:d7:fe:7c:bb:58:1c:34:f1:34:6b:a5:a3:
                    3d:86:19:e9:99:ee:92:eb:7b:ae:bb:ed:8b:2f:18:
                    c1:d5:c3:b1:54:68:1d:10:4e:4c:d2:df:af:5f:8e:
                    13:a0:68:52:79:bf:02:70:a7:f2:4a:bc:67:83:14:
                    9f:70:9f:67:96:4f:4e:15:70:8c:27:40:f3:dd:c2:
                    61:f2:da:0c:f5:16:c1:e9:b1:6b:f7:e7:46:e7:28:
                    3b:a9:67:43:68:cf:b1:80:5a:e5:92:68:fa:7c:5b:
                    6d:d9:37:94:e4:76:9a:a0:4f:e2:65:99:12:00:b2:
                    80:c8:a4:37:4f:cc:dc:d3:d0:9c:fb:57:8d:42:47:
                    57:1d:d4:74:63:bf:47:de:d5:b1:78:09:d5:dc:13:
                    20:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:65:B0:AD:2A:7C:58:2B:23:B9:65:7B:B3:71:25:BD:CC:8F:78:C0
            X509v3 Authority Key Identifier:
                keyid:83:C6:CA:86:51:9B:56:D4:D1:87:3A:F6:E2:57:DE:7E:97:F3:C8:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g8bKhlGbVtTRhzr24lfefpfzyKw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/998296-9464-4fb2-98e6-ca8af4f5356c/1/GmWwrSp8WCsjuWV7s3ElvcyPeMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/998296-9464-4fb2-98e6-ca8af4f5356c/1/g8bKhlGbVtTRhzr24lfefpfzyKw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.226.40.0/21
                IPv6:
                  2a0b:9d80::/32

    Signature Algorithm: sha256WithRSAEncryption
         4e:30:3a:c2:19:ac:63:33:cc:90:a5:72:e4:1a:c6:bd:2d:3f:
         03:1f:8d:e7:a6:9e:68:5d:fb:36:33:f0:f4:ad:f6:70:78:ca:
         9e:47:63:db:5b:d1:74:d1:37:e3:82:4d:2c:3a:fa:cf:9b:50:
         fc:70:3a:91:7c:b8:54:54:4b:f9:cc:fa:17:59:6c:5f:18:b0:
         2c:e5:a9:37:37:3c:4e:32:9b:1c:bb:59:bd:49:25:3a:25:fe:
         c6:1c:7b:4d:6c:a1:2e:79:4e:ba:dc:c4:52:c2:93:e7:30:87:
         27:8a:d4:42:7f:83:dd:52:1f:2b:89:07:af:77:cc:9c:2b:2d:
         41:aa:2c:f8:92:ba:3e:54:4c:89:b4:b5:3a:9c:26:17:6f:84:
         b9:bc:ab:2f:0f:0b:79:25:4a:67:31:b4:7a:83:69:fb:42:35:
         96:e1:a2:d4:32:aa:ab:a7:64:5c:9f:ce:8e:94:3a:be:ae:ac:
         c9:2c:98:6c:ee:79:14:8a:6c:01:9f:6c:02:41:61:5b:b5:28:
         37:e0:7d:c4:71:fa:12:4a:10:53:7b:17:f0:20:2f:49:76:67:
         e7:9b:c6:84:f5:fe:f8:eb:14:b1:89:0f:d4:e3:70:b1:c8:99:
         93:a1:ea:e8:ad:24:01:dd:21:c4:74:af:df:fa:85:fd:6b:28:
         70:8e:e2:7e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY2Crajs1TQ/4PVjdYRyfeGSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzYzZjYTg2NTE5YjU2ZDRkMTg3M2FmNmUyNTdkZTdlOTdm
M2M4YWMwHhcNMjQwMjA3MDgyNzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTY1YjBhZDJhN2M1ODJiMjNiOTY1N2JiMzcxMjViZGNjOGY3OGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJrTi7NcjhDlbmCbBQBmXZE7C7Xv
xBErpOgZUhE71hFZGuvwjVIpNHoO1GzESk57LI9LboNLKgSzrp2IPtojujPqHmAD
jUVJBF0gvHHS/Ep/oRiUe2P5nyiYWJ2O1WWYadZpBGoze8pdSlzX/ny7WBw08TRr
paM9hhnpme6S63uuu+2LLxjB1cOxVGgdEE5M0t+vX44ToGhSeb8CcKfySrxngxSf
cJ9nlk9OFXCMJ0Dz3cJh8toM9RbB6bFr9+dG5yg7qWdDaM+xgFrlkmj6fFtt2TeU
5HaaoE/iZZkSALKAyKQ3T8zc09Cc+1eNQkdXHdR0Y79H3tWxeAnV3BMgSQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBplsK0qfFgrI7lle7NxJb3Mj3jAMB8GA1UdIwQY
MBaAFIPGyoZRm1bU0Yc69uJX3n6X88isMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzhiS2hsR2JWdFRSaHpyMjRsZmVmcGZ6eUt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni85OTgyOTYtOTQ2NC00ZmIyLTk4ZTYt
Y2E4YWY0ZjUzNTZjLzEvR21Xd3JTcDhXQ3NqdVdWN3MzRWx2Y3lQZU1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni85OTgyOTYtOTQ2NC00ZmIyLTk4ZTYtY2E4YWY0ZjUzNTZj
LzEvZzhiS2hsR2JWdFRSaHpyMjRsZmVmcGZ6eUt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDLuIoMA0E
AgACMAcDBQAqC52AMA0GCSqGSIb3DQEBCwUAA4IBAQBOMDrCGaxjM8yQpXLkGsa9
LT8DH43npp5oXfs2M/D0rfZweMqeR2PbW9F00Tfjgk0sOvrPm1D8cDqRfLhUVEv5
zPoXWWxfGLAs5ak3NzxOMpscu1m9SSU6Jf7GHHtNbKEueU663MRSwpPnMIcnitRC
f4PdUh8riQevd8ycKy1Bqiz4kro+VEyJtLU6nCYXb4S5vKsvDwt5JUpnMbR6g2n7
QjWW4aLUMqqrp2Rcn86OlDq+rqzJLJhs7nkUimwBn2wCQWFbtSg34H3EcfoSShBT
exfwIC9Jdmfnm8aE9f746xSxiQ/U43CxyJmToerorSQB3SHEdK/f+oX9ayhwjuJ+
-----END CERTIFICATE-----