Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/gloDldGV_yiqhByp2YZjaMEm5jo.roa
File:                     gloDldGV_yiqhByp2YZjaMEm5jo.roa (raw, json)
Hash identifier:          a9iqtqeZpEJMf9PD+xFUrpzPm3ZpiQVQ8tPSLcxqnI0=
Subject key identifier:   82:5A:03:95:D1:95:FF:28:AA:84:1C:A9:D9:86:63:68:C1:26:E6:3A
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       0193443AE45627CB6A9BBC1E97EDCDDD29F1
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/gloDldGV_yiqhByp2YZjaMEm5jo.roa
Signing time:             Tue 19 Nov 2024 11:42:10 +0000
ROA not before:           Tue 19 Nov 2024 11:42:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     11426
IP address blocks:        46.20.212.0/22 maxlen: 24
                          130.255.64.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:44:3a:e4:56:27:cb:6a:9b:bc:1e:97:ed:cd:dd:29:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Nov 19 11:42:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=825a0395d195ff28aa841ca9d9866368c126e63a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f6:f4:6f:4e:a7:77:62:21:66:66:e8:12:14:
                    52:81:58:04:44:17:0b:5c:07:59:3b:e8:c8:95:5b:
                    62:fb:e2:68:4d:11:3b:c2:59:ab:04:30:fb:84:51:
                    45:5a:05:5d:68:c5:ab:a6:0d:fe:43:51:a2:23:d1:
                    e0:e2:a6:ac:39:b8:f9:d0:2a:72:c3:99:93:a5:ab:
                    d6:e7:a3:ce:36:ee:54:72:5f:b8:f2:59:d3:89:94:
                    da:ca:db:ed:71:3a:f1:24:e6:e3:3b:df:29:6a:a0:
                    6c:b9:94:e9:02:48:fb:dd:da:1f:9e:c1:db:22:6b:
                    be:f8:2b:bb:fc:e3:5d:de:9a:b1:e6:dd:ac:a3:89:
                    33:24:54:fd:43:6d:f1:06:93:27:2a:e6:b7:51:e8:
                    df:a2:6b:c4:82:c2:70:e7:73:79:a1:83:8d:3b:8d:
                    2c:c8:1c:6a:60:f4:ad:da:29:b3:22:89:18:a0:e6:
                    5d:60:7a:27:bd:28:69:85:c1:59:ef:e3:0e:86:16:
                    91:a7:da:80:4d:46:c3:a3:14:cf:f6:54:be:b1:23:
                    dc:22:cf:2e:79:2a:61:a3:12:21:45:c5:d1:65:be:
                    be:4c:a9:f3:4a:ab:7f:b6:cd:d7:1d:f1:58:82:0d:
                    2c:ff:85:bf:bf:92:e8:18:58:e2:29:76:94:df:f3:
                    9b:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:5A:03:95:D1:95:FF:28:AA:84:1C:A9:D9:86:63:68:C1:26:E6:3A
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/gloDldGV_yiqhByp2YZjaMEm5jo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.212.0/22
                  130.255.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:fb:68:9a:5e:5b:09:95:24:d3:4c:43:ef:9a:81:5b:5b:44:
         7b:1c:2a:fd:f3:4c:ae:47:bb:0b:c0:f7:94:05:48:74:96:e8:
         71:61:ef:b5:5a:87:22:fa:3f:b9:23:64:0d:f2:68:14:a7:0c:
         3e:5b:32:a2:4b:2b:ea:ea:be:27:fe:43:2d:02:1a:24:65:19:
         59:5d:c6:c2:4e:3f:6e:42:84:f0:fa:df:b7:8d:fd:06:89:af:
         35:0d:30:64:96:17:be:0a:34:52:7d:38:e6:b7:52:c3:17:74:
         ba:90:77:72:20:5c:aa:d4:96:18:84:85:31:5f:b3:93:d8:8d:
         f5:a6:8f:f4:8a:7e:95:18:0e:04:47:bd:e1:10:8b:ad:4a:aa:
         c8:2d:e1:23:65:d4:5d:53:5e:1a:ba:e7:32:2c:29:86:cb:4c:
         f9:0e:bf:49:95:bc:c8:0d:6b:02:c8:31:98:5b:82:2d:af:f2:
         db:91:c2:8c:66:13:13:d2:b3:53:f5:42:37:88:ae:78:64:42:
         74:59:ff:26:d6:4d:af:db:75:89:09:df:f3:d4:79:9d:bf:c4:
         e0:c7:1e:66:d9:c3:8e:a7:5d:41:2f:de:b8:42:d5:ca:54:d1:
         df:41:ca:86:05:f2:cb:93:87:50:69:04:04:b2:99:44:a4:82:
         8d:ec:86:29
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZNEOuRWJ8tqm7wel+3N3SnxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjQxMTE5MTE0MjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjVhMDM5NWQxOTVmZjI4YWE4NDFjYTlkOTg2NjM2OGMxMjZlNjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvb0b06nd2IhZmboEhRSgVgERBcL
XAdZO+jIlVti++JoTRE7wlmrBDD7hFFFWgVdaMWrpg3+Q1GiI9Hg4qasObj50Cpy
w5mTpavW56PONu5Ucl+48lnTiZTaytvtcTrxJObjO98paqBsuZTpAkj73dofnsHb
Imu++Cu7/ONd3pqx5t2so4kzJFT9Q23xBpMnKua3UejfomvEgsJw53N5oYONO40s
yBxqYPSt2imzIokYoOZdYHonvShphcFZ7+MOhhaRp9qATUbDoxTP9lS+sSPcIs8u
eSphoxIhRcXRZb6+TKnzSqt/ts3XHfFYgg0s/4W/v5LoGFjiKXaU3/ObLwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIJaA5XRlf8oqoQcqdmGY2jBJuY6MB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvZ2xvRGxkR1ZfeWlxaEJ5cDJZWmphTUVtNWpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLhTUAwQC
gv9AMA0GCSqGSIb3DQEBCwUAA4IBAQAI+2iaXlsJlSTTTEPvmoFbW0R7HCr980yu
R7sLwPeUBUh0luhxYe+1Woci+j+5I2QN8mgUpww+WzKiSyvq6r4n/kMtAhokZRlZ
XcbCTj9uQoTw+t+3jf0Gia81DTBklhe+CjRSfTjmt1LDF3S6kHdyIFyq1JYYhIUx
X7OT2I31po/0in6VGA4ER73hEIutSqrILeEjZdRdU14auucyLCmGy0z5Dr9JlbzI
DWsCyDGYW4Itr/LbkcKMZhMT0rNT9UI3iK54ZEJ0Wf8m1k2v23WJCd/z1Hmdv8Tg
xx5m2cOOp11BL964QtXKVNHfQcqGBfLLk4dQaQQEsplEpIKN7IYp
-----END CERTIFICATE-----