Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/GpJsbUU7ynXwevk6zegWgWclf9Y.roa
File:                     GpJsbUU7ynXwevk6zegWgWclf9Y.roa (raw, json)
Hash identifier:          Gj5/c+xCgDWNgWsyAfXPaCh0mgF3UrEUlCabtiae4lk=
Subject key identifier:   1A:92:6C:6D:45:3B:CA:75:F0:7A:F9:3A:CD:E8:16:81:67:25:7F:D6
Certificate issuer:       /CN=8e3f1663996be1707611fdce1ddea8920dd398a3
Certificate serial:       01941FFAAAC794F7D4E512EA7D9255BD64EC
Authority key identifier: 8E:3F:16:63:99:6B:E1:70:76:11:FD:CE:1D:DE:A8:92:0D:D3:98:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jj8WY5lr4XB2Ef3OHd6okg3TmKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/GpJsbUU7ynXwevk6zegWgWclf9Y.roa
Signing time:             Wed 01 Jan 2025 03:48:28 +0000
ROA not before:           Wed 01 Jan 2025 03:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53107
IP address blocks:        45.139.208.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/jj8WY5lr4XB2Ef3OHd6okg3TmKM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/jj8WY5lr4XB2Ef3OHd6okg3TmKM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jj8WY5lr4XB2Ef3OHd6okg3TmKM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 15:18:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:aa:c7:94:f7:d4:e5:12:ea:7d:92:55:bd:64:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e3f1663996be1707611fdce1ddea8920dd398a3
        Validity
            Not Before: Jan  1 03:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a926c6d453bca75f07af93acde8168167257fd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:12:33:68:d3:44:00:9a:5c:bb:8a:6d:5b:4c:
                    e9:05:82:09:15:94:6e:89:7d:13:84:78:dd:c0:f4:
                    9d:5f:fa:68:97:e1:5d:8d:cd:d2:ea:7b:ab:5c:5c:
                    2d:d8:60:93:89:37:af:12:de:79:16:99:c3:9f:e6:
                    da:ac:80:1c:32:9c:d8:3e:cd:54:d0:a7:6a:70:61:
                    94:ee:37:ad:45:d3:3a:cf:24:4f:8d:30:d5:c0:da:
                    56:48:f5:68:18:67:39:55:26:f9:5a:af:81:69:ec:
                    d0:2b:d0:37:e9:07:25:57:25:91:e1:3a:6d:b0:94:
                    48:6f:b5:76:aa:30:f9:5b:87:f8:ee:89:63:35:4c:
                    fb:e6:12:c0:61:bd:8e:8c:ee:c0:98:90:46:29:d5:
                    7e:47:ab:f6:5a:b8:a2:37:bd:3e:f4:24:d5:ef:80:
                    56:98:f7:bc:13:4f:b7:eb:26:3e:da:9a:ab:7d:1f:
                    9e:43:cb:c9:9c:42:31:c2:24:27:76:b8:cf:dd:aa:
                    49:72:7c:2e:26:d2:1e:70:f2:64:1e:d9:f3:be:d1:
                    e6:cc:9e:14:97:59:2c:36:b5:29:71:e6:f9:9c:9b:
                    85:b3:74:26:ec:a6:51:d0:a3:1d:65:5b:9e:54:14:
                    12:a9:8e:5a:55:02:f3:eb:22:07:86:62:95:a2:3b:
                    f9:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:92:6C:6D:45:3B:CA:75:F0:7A:F9:3A:CD:E8:16:81:67:25:7F:D6
            X509v3 Authority Key Identifier:
                keyid:8E:3F:16:63:99:6B:E1:70:76:11:FD:CE:1D:DE:A8:92:0D:D3:98:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jj8WY5lr4XB2Ef3OHd6okg3TmKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/GpJsbUU7ynXwevk6zegWgWclf9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/jj8WY5lr4XB2Ef3OHd6okg3TmKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a2:5c:7f:c2:97:39:fe:16:dc:ed:2e:0f:ab:f1:1d:8a:14:0a:
         17:9e:76:88:63:c9:73:1e:fd:ea:74:19:29:95:ea:fd:2e:28:
         4d:44:f3:73:c5:0e:30:96:82:b9:d8:17:43:dc:ae:b4:13:ba:
         f7:2f:fa:83:5f:14:fd:6e:e0:a1:f5:f3:86:5f:bb:a6:6f:5e:
         ae:c0:cf:7a:6c:55:ad:94:b2:c2:c7:e0:2f:04:75:bb:1d:18:
         ef:67:88:97:28:e5:ef:46:0d:6c:a7:27:7f:09:25:48:f6:df:
         05:14:c0:65:38:8c:f1:b2:08:77:76:72:f7:af:0f:4e:13:24:
         41:8c:8e:95:8e:63:a7:24:1c:55:ff:41:09:51:d0:5a:09:de:
         29:a9:dc:6d:ad:09:36:3c:a4:4f:6b:14:55:f2:dd:9a:f5:bc:
         a8:80:7b:5f:c9:61:2f:6d:26:54:3a:06:41:9c:86:a7:1e:cc:
         69:bf:0c:8b:2b:f8:98:54:28:8c:fe:c3:ab:e4:46:93:b7:ed:
         74:19:dc:50:46:9f:8d:0b:0b:c2:40:34:ce:52:2f:ad:aa:9a:
         f3:94:4a:f7:29:08:39:84:12:c0:6e:c1:2d:44:ab:d1:dc:d5:
         91:02:f4:ba:28:95:10:68:f3:e7:e9:68:08:a0:8c:87:d8:24:
         bf:35:b5:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+qrHlPfU5RLqfZJVvWTsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlM2YxNjYzOTk2YmUxNzA3NjExZmRjZTFkZGVhODkyMGRk
Mzk4YTMwHhcNMjUwMTAxMDM0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTkyNmM2ZDQ1M2JjYTc1ZjA3YWY5M2FjZGU4MTY4MTY3MjU3ZmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxIzaNNEAJpcu4ptW0zpBYIJFZRu
iX0ThHjdwPSdX/pol+Fdjc3S6nurXFwt2GCTiTevEt55FpnDn+barIAcMpzYPs1U
0KdqcGGU7jetRdM6zyRPjTDVwNpWSPVoGGc5VSb5Wq+BaezQK9A36QclVyWR4Tpt
sJRIb7V2qjD5W4f47oljNUz75hLAYb2OjO7AmJBGKdV+R6v2WriiN70+9CTV74BW
mPe8E0+36yY+2pqrfR+eQ8vJnEIxwiQndrjP3apJcnwuJtIecPJkHtnzvtHmzJ4U
l1ksNrUpceb5nJuFs3Qm7KZR0KMdZVueVBQSqY5aVQLz6yIHhmKVojv52QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBqSbG1FO8p18Hr5Os3oFoFnJX/WMB8GA1UdIwQY
MBaAFI4/FmOZa+FwdhH9zh3eqJIN05ijMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamo4V1k1bHI0WEIyRWYzT0hkNm9rZzNUbUtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9jZDk3Y2MtY2UyYi00MjY0LTllNzkt
YzhmOWJlN2QxOWRmLzEvR3BKc2JVVTd5blh3ZXZrNnplZ1dnV2NsZjlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9jZDk3Y2MtY2UyYi00MjY0LTllNzktYzhmOWJlN2QxOWRm
LzEvamo4V1k1bHI0WEIyRWYzT0hkNm9rZzNUbUtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYvQMA0G
CSqGSIb3DQEBCwUAA4IBAQCiXH/Clzn+FtztLg+r8R2KFAoXnnaIY8lzHv3qdBkp
ler9LihNRPNzxQ4wloK52BdD3K60E7r3L/qDXxT9buCh9fOGX7umb16uwM96bFWt
lLLCx+AvBHW7HRjvZ4iXKOXvRg1spyd/CSVI9t8FFMBlOIzxsgh3dnL3rw9OEyRB
jI6VjmOnJBxV/0EJUdBaCd4pqdxtrQk2PKRPaxRV8t2a9byogHtfyWEvbSZUOgZB
nIanHsxpvwyLK/iYVCiM/sOr5EaTt+10GdxQRp+NCwvCQDTOUi+tqprzlEr3KQg5
hBLAbsEtRKvR3NWRAvS6KJUQaPPn6WgIoIyH2CS/NbUj
-----END CERTIFICATE-----