Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/GKFLBdfbzUwXXKEXur1XnaCAIEU.roa
File:                     GKFLBdfbzUwXXKEXur1XnaCAIEU.roa (raw, json)
Hash identifier:          6NiPlh1IhddwKveMy+BPuwERRweYy1VmxRyVpvh5H9c=
Subject key identifier:   18:A1:4B:05:D7:DB:CD:4C:17:5C:A1:17:BA:BD:57:9D:A0:80:20:45
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018CC3B73B7C137495A2D427AE681BD64DEA
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/GKFLBdfbzUwXXKEXur1XnaCAIEU.roa
Signing time:             Mon 01 Jan 2024 06:30:14 +0000
ROA not before:           Mon 01 Jan 2024 06:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51964
IP address blocks:        2a01:ce80::/26 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 20:41:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3b:7c:13:74:95:a2:d4:27:ae:68:1b:d6:4d:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 06:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18a14b05d7dbcd4c175ca117babd579da0802045
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c0:b3:e8:2e:bd:59:31:1d:9a:c5:bf:e5:e5:
                    0b:33:7a:b8:c7:43:27:ee:33:04:28:2b:08:75:94:
                    e9:02:09:70:61:5a:7a:e4:b5:c6:7a:1d:28:4d:7e:
                    7f:e5:ea:34:bf:76:c0:85:a3:ca:7d:1a:1d:0f:19:
                    30:b0:a6:46:32:d3:ed:86:2b:a0:47:7c:66:dc:2a:
                    93:a3:fb:32:60:0d:6d:d5:4f:c6:9e:df:45:04:42:
                    f4:15:60:de:ee:b5:0d:64:8b:98:58:2a:3e:d3:e1:
                    71:94:88:1e:5b:65:53:54:c5:31:0d:ea:24:ab:06:
                    27:9c:fe:34:bc:ed:5b:14:31:e8:44:7e:3d:31:7e:
                    a5:68:89:81:f1:70:e4:a3:5c:11:c7:e7:7c:e7:36:
                    2b:85:b6:53:b6:ba:2b:0f:ad:c2:6d:c3:79:24:0c:
                    35:69:6a:37:85:cf:06:a6:44:54:a1:a6:00:42:e9:
                    6c:43:88:33:67:56:d4:01:99:2f:00:fa:00:af:ea:
                    53:60:5e:10:38:12:9f:64:40:1f:54:35:d4:68:2a:
                    84:0b:48:dc:ac:5c:4e:d6:6d:9c:d3:57:33:ca:b9:
                    71:b0:e1:2f:a0:1e:dc:f0:70:7c:ac:65:27:4f:a4:
                    c9:7a:82:95:08:07:0c:4d:ec:b4:73:99:36:53:0c:
                    80:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:A1:4B:05:D7:DB:CD:4C:17:5C:A1:17:BA:BD:57:9D:A0:80:20:45
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/GKFLBdfbzUwXXKEXur1XnaCAIEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ce80::/26

    Signature Algorithm: sha256WithRSAEncryption
         0e:e5:0a:68:45:0f:e9:3d:f1:4d:d7:26:4d:9c:0a:0a:11:70:
         f4:53:a6:23:24:61:4d:21:65:6d:2a:ba:dd:ea:b3:a6:50:4e:
         90:a2:75:be:2b:5b:23:56:d6:da:b6:f2:21:77:b2:23:e4:09:
         be:7b:69:25:f9:ec:27:1d:e7:47:17:a7:6d:c5:4f:eb:ff:da:
         ab:38:b5:63:ab:38:8e:f8:f4:4c:f7:64:68:f0:cf:4e:9f:50:
         b2:00:f4:dc:9b:f1:79:08:7e:6e:c4:7d:1e:50:41:6e:2c:d3:
         1a:02:2b:a5:ef:9f:df:9b:f4:d5:d1:fa:01:c6:a4:c6:7d:9c:
         8a:4b:f2:25:6a:44:ef:60:a5:7c:8d:cc:22:41:c4:0e:7d:bc:
         24:ba:2b:2a:ce:b7:43:f4:bf:46:47:e3:3b:c1:15:7d:89:42:
         6a:70:1c:e8:5e:a4:94:0d:ce:28:fb:92:dd:26:85:f1:f7:fb:
         12:4a:c7:46:9d:b3:1a:0a:86:f5:5b:22:57:f0:6b:7a:eb:ec:
         33:b7:e3:9d:8e:f6:9f:54:3a:8e:b3:ee:00:1b:cc:4e:32:72:
         9c:64:61:e2:dd:04:95:0c:0e:4f:54:3b:6a:74:d0:5e:08:14:
         45:8e:7c:e8:df:76:72:79:71:a1:1f:1c:b3:e5:45:1d:90:d6:
         64:6b:cc:2a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDtzt8E3SVotQnrmgb1k3qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwMTAxMDYzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGExNGIwNWQ3ZGJjZDRjMTc1Y2ExMTdiYWJkNTc5ZGEwODAyMDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8Cz6C69WTEdmsW/5eULM3q4x0Mn
7jMEKCsIdZTpAglwYVp65LXGeh0oTX5/5eo0v3bAhaPKfRodDxkwsKZGMtPthiug
R3xm3CqTo/syYA1t1U/Gnt9FBEL0FWDe7rUNZIuYWCo+0+FxlIgeW2VTVMUxDeok
qwYnnP40vO1bFDHoRH49MX6laImB8XDko1wRx+d85zYrhbZTtrorD63CbcN5JAw1
aWo3hc8GpkRUoaYAQulsQ4gzZ1bUAZkvAPoAr+pTYF4QOBKfZEAfVDXUaCqEC0jc
rFxO1m2c01czyrlxsOEvoB7c8HB8rGUnT6TJeoKVCAcMTey0c5k2UwyAawIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBihSwXX281MF1yhF7q9V52ggCBFMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvR0tGTEJkZmJ6VXdYWEtFWHVyMVhuYUNBSUVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUGKgHOgDAN
BgkqhkiG9w0BAQsFAAOCAQEADuUKaEUP6T3xTdcmTZwKChFw9FOmIyRhTSFlbSq6
3eqzplBOkKJ1vitbI1bW2rbyIXeyI+QJvntpJfnsJx3nRxenbcVP6//aqzi1Y6s4
jvj0TPdkaPDPTp9QsgD03JvxeQh+bsR9HlBBbizTGgIrpe+f35v01dH6Acakxn2c
ikvyJWpE72ClfI3MIkHEDn28JLorKs63Q/S/RkfjO8EVfYlCanAc6F6klA3OKPuS
3SaF8ff7EkrHRp2zGgqG9VsiV/BreuvsM7fjnY72n1Q6jrPuABvMTjJynGRh4t0E
lQwOT1Q7anTQXggURY586N92cnlxoR8cs+VFHZDWZGvMKg==
-----END CERTIFICATE-----