Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/022606-4faa-4e99-be29-963480e9be79/1/gsZPxJtbKD0IIMzYdutsilDA-B0.roa
File:                     gsZPxJtbKD0IIMzYdutsilDA-B0.roa (raw, json)
Hash identifier:          pATU5dudFYCWedD9W5u8pGaJ7EnCIUhm46LgbjMkkqw=
Subject key identifier:   82:C6:4F:C4:9B:5B:28:3D:08:20:CC:D8:76:EB:6C:8A:50:C0:F8:1D
Certificate issuer:       /CN=57504a4efd51dc95847c156f4a36dbfe5583c2b0
Certificate serial:       018CC86F342B350C710AF0866E6C9359B00A
Authority key identifier: 57:50:4A:4E:FD:51:DC:95:84:7C:15:6F:4A:36:DB:FE:55:83:C2:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V1BKTv1R3JWEfBVvSjbb_lWDwrA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/022606-4faa-4e99-be29-963480e9be79/1/gsZPxJtbKD0IIMzYdutsilDA-B0.roa
Signing time:             Tue 02 Jan 2024 04:29:40 +0000
ROA not before:           Tue 02 Jan 2024 04:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2119
IP address blocks:        2001:67c:17e4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/022606-4faa-4e99-be29-963480e9be79/1/V1BKTv1R3JWEfBVvSjbb_lWDwrA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/022606-4faa-4e99-be29-963480e9be79/1/V1BKTv1R3JWEfBVvSjbb_lWDwrA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V1BKTv1R3JWEfBVvSjbb_lWDwrA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:02:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:34:2b:35:0c:71:0a:f0:86:6e:6c:93:59:b0:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57504a4efd51dc95847c156f4a36dbfe5583c2b0
        Validity
            Not Before: Jan  2 04:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82c64fc49b5b283d0820ccd876eb6c8a50c0f81d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:17:13:bc:d4:25:4b:17:79:12:6e:9a:83:95:
                    62:ec:8c:5b:39:65:90:53:85:af:ef:de:9e:3e:0a:
                    ba:4b:88:b7:16:d2:ea:a5:46:ac:91:1e:2b:2c:cc:
                    4d:b4:5c:10:66:4d:61:26:33:47:55:cb:47:52:a9:
                    fd:7a:3e:1e:5f:24:3d:37:be:27:1f:20:41:2d:7e:
                    e1:99:82:04:53:4c:47:c0:7f:70:56:59:e1:fc:34:
                    46:9e:11:0f:40:24:ff:2b:74:a2:25:77:a6:cd:7d:
                    df:23:23:b8:2d:cd:8a:ec:ee:fb:27:c7:53:79:c3:
                    9b:bf:9c:7b:19:83:6a:22:ae:75:d0:19:eb:89:71:
                    97:70:52:4b:01:5f:53:95:ea:86:a4:78:d6:02:b3:
                    0e:5e:f6:4b:54:c1:34:fe:98:1d:e7:cf:83:17:46:
                    18:08:e3:28:97:d1:54:db:17:76:17:04:35:9c:01:
                    6b:32:1f:c1:46:bd:f3:f7:22:17:0d:89:ce:7f:f4:
                    ac:1d:cd:5d:a7:ac:4e:1a:61:b8:fb:bc:e8:e9:92:
                    5d:a0:2f:60:0f:99:a5:af:8c:a3:4e:f7:74:57:e6:
                    49:30:8f:7c:e2:73:ae:86:9f:b4:59:73:58:8a:6e:
                    ec:d2:24:f6:18:c3:a4:82:dc:e8:b8:b3:b9:18:09:
                    e3:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:C6:4F:C4:9B:5B:28:3D:08:20:CC:D8:76:EB:6C:8A:50:C0:F8:1D
            X509v3 Authority Key Identifier:
                keyid:57:50:4A:4E:FD:51:DC:95:84:7C:15:6F:4A:36:DB:FE:55:83:C2:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V1BKTv1R3JWEfBVvSjbb_lWDwrA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/022606-4faa-4e99-be29-963480e9be79/1/gsZPxJtbKD0IIMzYdutsilDA-B0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/022606-4faa-4e99-be29-963480e9be79/1/V1BKTv1R3JWEfBVvSjbb_lWDwrA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:17e4::/48

    Signature Algorithm: sha256WithRSAEncryption
         c4:65:02:2e:37:25:1a:77:59:7f:87:1f:85:01:02:03:20:c5:
         cf:33:bb:37:37:46:ce:cd:9c:86:d1:98:f7:60:fa:ac:0c:95:
         c8:9c:0a:7b:05:18:cc:cb:c6:53:0c:b3:8a:4f:56:c4:dc:b2:
         72:db:14:37:57:6d:cc:34:a9:96:8a:42:ba:4e:79:25:a3:2e:
         df:43:36:fa:04:5d:2f:01:73:d9:57:07:a0:c3:9f:07:6f:73:
         89:be:2b:05:85:5e:8c:01:82:c3:7d:91:46:8f:ea:fd:24:8a:
         4f:84:5d:e1:b0:42:81:96:78:d7:f1:4e:7d:f3:2a:d1:d7:ee:
         72:76:ec:dd:6b:fc:66:82:ad:37:f6:19:e6:e4:47:10:a4:fd:
         6a:ee:d9:37:65:9d:b1:f5:ed:1b:3a:c9:a2:68:4b:5a:48:19:
         eb:01:23:a2:9a:ab:b5:80:ac:d5:df:ce:81:87:8a:12:c5:30:
         f9:98:6b:33:c3:b3:f1:39:fd:72:67:c6:ea:ac:2e:69:43:a6:
         22:07:43:37:e4:ab:31:c4:95:66:5e:6c:c2:6c:8c:f5:a3:b8:
         d6:56:34:da:68:43:64:75:22:a5:ed:96:49:6c:a2:4a:e0:f0:
         33:40:d4:b8:4d:d2:e8:7a:bb:db:16:65:c1:c4:11:44:2a:34:
         17:82:ee:21
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIbzQrNQxxCvCGbmyTWbAKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NTA0YTRlZmQ1MWRjOTU4NDdjMTU2ZjRhMzZkYmZlNTU4
M2MyYjAwHhcNMjQwMTAyMDQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmM2NGZjNDliNWIyODNkMDgyMGNjZDg3NmViNmM4YTUwYzBmODFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBcTvNQlSxd5Em6ag5Vi7IxbOWWQ
U4Wv796ePgq6S4i3FtLqpUaskR4rLMxNtFwQZk1hJjNHVctHUqn9ej4eXyQ9N74n
HyBBLX7hmYIEU0xHwH9wVlnh/DRGnhEPQCT/K3SiJXemzX3fIyO4Lc2K7O77J8dT
ecObv5x7GYNqIq510BnriXGXcFJLAV9TleqGpHjWArMOXvZLVME0/pgd58+DF0YY
COMol9FU2xd2FwQ1nAFrMh/BRr3z9yIXDYnOf/SsHc1dp6xOGmG4+7zo6ZJdoC9g
D5mlr4yjTvd0V+ZJMI984nOuhp+0WXNYim7s0iT2GMOkgtzouLO5GAnj3wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFILGT8SbWyg9CCDM2HbrbIpQwPgdMB8GA1UdIwQY
MBaAFFdQSk79UdyVhHwVb0o22/5Vg8KwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjFCS1R2MVIzSldFZkJWdlNqYmJfbFdEd3JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8wMjI2MDYtNGZhYS00ZTk5LWJlMjkt
OTYzNDgwZTliZTc5LzEvZ3NaUHhKdGJLRDBJSU16WWR1dHNpbERBLUIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8wMjI2MDYtNGZhYS00ZTk5LWJlMjktOTYzNDgwZTliZTc5
LzEvVjFCS1R2MVIzSldFZkJWdlNqYmJfbFdEd3JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBfk
MA0GCSqGSIb3DQEBCwUAA4IBAQDEZQIuNyUad1l/hx+FAQIDIMXPM7s3N0bOzZyG
0Zj3YPqsDJXInAp7BRjMy8ZTDLOKT1bE3LJy2xQ3V23MNKmWikK6Tnkloy7fQzb6
BF0vAXPZVwegw58Hb3OJvisFhV6MAYLDfZFGj+r9JIpPhF3hsEKBlnjX8U598yrR
1+5yduzda/xmgq039hnm5EcQpP1q7tk3ZZ2x9e0bOsmiaEtaSBnrASOimqu1gKzV
386Bh4oSxTD5mGszw7PxOf1yZ8bqrC5pQ6YiB0M35KsxxJVmXmzCbIz1o7jWVjTa
aENkdSKl7ZZJbKJK4PAzQNS4TdLoervbFmXBxBFEKjQXgu4h
-----END CERTIFICATE-----