Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/GSQib0qXNEtQAJ0dKBPw0MW4JGg.roa
File:                     GSQib0qXNEtQAJ0dKBPw0MW4JGg.roa (raw, json)
Hash identifier:          GBFbtlGCWl60Y+BeK3d3y29SnD4jd1rI0c3mZeGEcMs=
Subject key identifier:   19:24:22:6F:4A:97:34:4B:50:00:9D:1D:28:13:F0:D0:C5:B8:24:68
Certificate issuer:       /CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
Certificate serial:       018EE6CBEA1ABA72243642FE33B0184D0043
Authority key identifier: 21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/GSQib0qXNEtQAJ0dKBPw0MW4JGg.roa
Signing time:             Tue 16 Apr 2024 12:05:07 +0000
ROA not before:           Tue 16 Apr 2024 12:05:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215480
IP address blocks:        2a05:9080:6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e6:cb:ea:1a:ba:72:24:36:42:fe:33:b0:18:4d:00:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
        Validity
            Not Before: Apr 16 12:05:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1924226f4a97344b50009d1d2813f0d0c5b82468
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:97:66:7a:ea:50:7e:60:d9:53:41:aa:38:93:
                    96:a7:ec:c8:3c:60:1a:38:05:e7:43:f4:05:27:2d:
                    4e:d6:5e:c4:42:36:00:4f:fb:a7:55:59:c1:fb:c1:
                    8f:88:14:18:af:20:83:57:de:ad:01:83:d0:56:2f:
                    53:74:8e:e7:2c:e6:39:7f:bd:9a:27:74:51:c6:7f:
                    7d:57:42:7a:46:03:e0:32:65:e5:fe:d7:cc:8e:ff:
                    e5:83:56:0d:82:79:e7:64:e8:75:56:34:28:34:c7:
                    3c:af:b1:61:a6:e8:f8:b8:c8:6b:05:45:2c:bb:bf:
                    c0:01:b6:a7:d0:fc:34:37:c0:32:6c:0f:94:a7:24:
                    85:d5:81:75:f3:f8:45:76:22:19:74:2f:4d:27:d5:
                    0d:bc:60:94:b8:12:81:f2:96:77:7c:22:a0:5d:1b:
                    9e:5a:ec:5b:9c:a0:69:7a:42:ae:e0:d6:0b:5e:52:
                    84:d4:5f:96:11:16:ff:f3:66:a6:1d:10:b8:a0:f0:
                    a1:fc:ca:91:3d:33:04:09:a0:fe:eb:55:3b:54:85:
                    4a:fb:8d:10:8d:44:e6:17:c3:7d:88:56:df:3c:9a:
                    d6:a4:74:96:ef:59:fe:41:dc:19:2b:ab:c1:5c:2c:
                    50:11:cf:29:8a:dc:bb:7d:4d:01:e5:46:c0:62:5a:
                    44:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:24:22:6F:4A:97:34:4B:50:00:9D:1D:28:13:F0:D0:C5:B8:24:68
            X509v3 Authority Key Identifier:
                keyid:21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/GSQib0qXNEtQAJ0dKBPw0MW4JGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9080:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:2b:80:e9:2d:b5:33:ae:90:6a:0c:e7:bd:92:33:20:f9:e8:
         ca:4b:5a:05:77:16:7b:49:30:3e:1c:ae:0d:27:83:6a:d9:af:
         ed:22:25:94:07:05:2b:7f:54:81:56:51:8d:ca:b2:9f:6e:66:
         7e:12:65:b5:04:5d:95:91:c1:de:72:1d:18:68:5e:41:d0:35:
         b3:0e:0c:b8:51:ce:c0:e5:89:ea:dd:cd:5a:35:74:d9:89:22:
         84:b7:14:84:6d:fe:6e:ec:63:16:24:05:2f:a1:a4:e3:3d:0f:
         e2:ce:6f:8d:a0:a7:78:d9:75:5d:c9:b5:b4:15:24:3b:de:1d:
         78:f6:6d:9e:97:32:0b:f6:83:63:a8:7c:4c:6a:52:8d:fc:f9:
         d2:6b:ca:fd:15:de:fa:7e:bf:ff:75:33:4d:e7:d7:8e:41:f0:
         49:8a:17:1b:7a:43:5d:48:62:40:9b:67:86:fc:fb:2b:c2:a6:
         11:ba:34:b1:78:2d:60:f6:b3:aa:43:1f:26:85:03:7e:39:8e:
         78:78:f1:16:c0:d4:7f:06:2a:39:d9:95:04:0a:eb:e1:df:e1:
         67:dc:22:88:ce:bc:cf:48:29:30:6e:69:27:72:9c:13:ae:0f:
         cf:0c:df:b0:73:fb:2e:26:13:8a:c5:0e:87:c1:6b:77:c6:a8:
         94:5c:ab:5c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY7my+oaunIkNkL+M7AYTQBDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNTI2NjQzNTYxN2ZhMGYxZmQyODM3ZWM4MGM2ZDgzYjBi
OWQ2MDgwHhcNMjQwNDE2MTIwNTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTI0MjI2ZjRhOTczNDRiNTAwMDlkMWQyODEzZjBkMGM1YjgyNDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJdmeupQfmDZU0GqOJOWp+zIPGAa
OAXnQ/QFJy1O1l7EQjYAT/unVVnB+8GPiBQYryCDV96tAYPQVi9TdI7nLOY5f72a
J3RRxn99V0J6RgPgMmXl/tfMjv/lg1YNgnnnZOh1VjQoNMc8r7Fhpuj4uMhrBUUs
u7/AAban0Pw0N8AybA+UpySF1YF18/hFdiIZdC9NJ9UNvGCUuBKB8pZ3fCKgXRue
WuxbnKBpekKu4NYLXlKE1F+WERb/82amHRC4oPCh/MqRPTMECaD+61U7VIVK+40Q
jUTmF8N9iFbfPJrWpHSW71n+QdwZK6vBXCxQEc8pity7fU0B5UbAYlpEYwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBkkIm9KlzRLUACdHSgT8NDFuCRoMB8GA1UdIwQY
MBaAFCFSZkNWF/oPH9KDfsgMbYOwudYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzIt
YmM5M2NhNjc5ZTFmLzEvR1NRaWIwcVhORXRRQUowZEtCUHcwTVc0SkdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzItYmM5M2NhNjc5ZTFm
LzEvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgWQgAAG
MA0GCSqGSIb3DQEBCwUAA4IBAQCDK4DpLbUzrpBqDOe9kjMg+ejKS1oFdxZ7STA+
HK4NJ4Nq2a/tIiWUBwUrf1SBVlGNyrKfbmZ+EmW1BF2VkcHech0YaF5B0DWzDgy4
Uc7A5Ynq3c1aNXTZiSKEtxSEbf5u7GMWJAUvoaTjPQ/izm+NoKd42XVdybW0FSQ7
3h149m2elzIL9oNjqHxMalKN/PnSa8r9Fd76fr//dTNN59eOQfBJihcbekNdSGJA
m2eG/PsrwqYRujSxeC1g9rOqQx8mhQN+OY54ePEWwNR/Bio52ZUECuvh3+Fn3CKI
zrzPSCkwbmkncpwTrg/PDN+wc/suJhOKxQ6HwWt3xqiUXKtc
-----END CERTIFICATE-----