Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/Gu-VxjT05ndmrS5-mKliAsGc-RY.roa
File:                     Gu-VxjT05ndmrS5-mKliAsGc-RY.roa (raw, json)
Hash identifier:          hxSWxbUYRwbqgh9dcymk6VW3hT8/kAUKHrkjPR0pyzM=
Subject key identifier:   1A:EF:95:C6:34:F4:E6:77:66:AD:2E:7E:98:A9:62:02:C1:9C:F9:16
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       018CC86FDE5CB3627F48F1D7F5888DB7D1D1
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/Gu-VxjT05ndmrS5-mKliAsGc-RY.roa
Signing time:             Tue 02 Jan 2024 04:30:23 +0000
ROA not before:           Tue 02 Jan 2024 04:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216009
IP address blocks:        2a03:5840:111::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 03:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:de:5c:b3:62:7f:48:f1:d7:f5:88:8d:b7:d1:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jan  2 04:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1aef95c634f4e67766ad2e7e98a96202c19cf916
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:57:cd:63:e4:6d:e4:be:42:8f:76:5a:fd:23:
                    6c:04:b7:bb:02:b1:81:26:23:79:00:ce:c3:ca:eb:
                    ad:cd:c9:69:12:7f:ce:09:69:3e:3d:b7:89:00:b3:
                    72:0e:53:08:db:7d:35:78:98:d0:0f:86:40:f1:17:
                    c3:83:8a:98:ac:ce:82:3f:0f:dd:13:05:c2:4f:15:
                    51:4f:da:ac:de:63:f2:37:a4:9a:97:45:78:48:a8:
                    cd:af:44:54:dc:72:95:7e:36:e1:a5:ac:b9:54:83:
                    56:c0:4d:32:c8:ef:78:fd:c2:25:75:2c:f2:d6:bd:
                    d0:fc:2e:d6:f2:62:94:d2:35:88:7c:69:51:38:07:
                    f7:fb:26:66:1e:1d:a3:b9:b6:1c:15:ae:61:f1:6e:
                    1e:81:91:7b:59:26:41:a9:0a:72:bd:17:14:c4:2b:
                    74:03:6b:f4:4e:47:a1:06:5b:0f:c1:bd:c9:bf:d2:
                    00:4c:85:42:3f:4d:3a:ff:3b:38:a6:79:c5:39:9a:
                    e7:61:e3:1f:a8:34:cf:30:92:87:f5:27:4b:b7:df:
                    f2:16:85:93:20:d6:ae:a0:4b:55:8e:a5:a2:22:59:
                    ce:6b:44:e5:f4:f6:ea:09:1f:0c:de:15:55:5f:10:
                    45:b4:be:be:10:a6:26:da:4c:ad:ed:63:cf:5a:be:
                    6a:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:EF:95:C6:34:F4:E6:77:66:AD:2E:7E:98:A9:62:02:C1:9C:F9:16
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/Gu-VxjT05ndmrS5-mKliAsGc-RY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:111::/48

    Signature Algorithm: sha256WithRSAEncryption
         5f:bc:bd:2e:41:74:89:51:0a:5c:3c:39:f3:25:f1:39:a3:e1:
         aa:af:d2:78:c3:4b:79:fb:16:f3:e5:91:5a:c1:3d:58:ce:0e:
         eb:1e:c0:df:1e:e0:43:c2:07:92:1a:5b:c6:79:17:f3:ae:37:
         90:5f:19:9d:b1:8d:56:7d:c8:22:79:82:51:21:2c:f8:b8:0e:
         2a:f5:d6:3f:17:7b:aa:ab:d9:ad:55:52:f8:cc:e1:7e:a9:08:
         38:01:de:59:21:bc:a2:5d:2b:a7:ec:db:8f:7a:9d:5a:71:b3:
         3a:d6:ec:3a:b8:7d:3d:f7:1c:51:22:d2:a8:f1:a8:03:e3:55:
         27:13:f4:16:6a:4b:0f:fe:30:49:63:0b:f6:33:0e:ab:fc:11:
         ec:cd:fb:75:d4:75:1b:fd:9a:41:5c:fb:3a:40:fb:96:e1:dd:
         94:15:03:4f:41:e7:6c:8f:fd:af:95:ff:8d:98:49:19:e4:bf:
         74:7f:8f:75:1f:e7:15:d3:a2:b9:14:1c:f7:b6:9f:d1:4b:bc:
         05:46:27:ea:c2:2a:8e:ca:17:3f:fd:7a:ee:f4:1d:e3:50:f5:
         85:de:50:1c:21:11:ae:90:19:94:3e:b3:88:5e:b1:da:97:de:
         8d:8d:b3:09:11:3d:ca:f6:6d:4d:eb:28:64:22:1c:aa:63:9d:
         61:c5:9b:93
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb95cs2J/SPHX9YiNt9HRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjQwMTAyMDQzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWVmOTVjNjM0ZjRlNjc3NjZhZDJlN2U5OGE5NjIwMmMxOWNmOTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1fNY+Rt5L5Cj3Za/SNsBLe7ArGB
JiN5AM7DyuutzclpEn/OCWk+PbeJALNyDlMI2301eJjQD4ZA8RfDg4qYrM6CPw/d
EwXCTxVRT9qs3mPyN6Sal0V4SKjNr0RU3HKVfjbhpay5VINWwE0yyO94/cIldSzy
1r3Q/C7W8mKU0jWIfGlROAf3+yZmHh2jubYcFa5h8W4egZF7WSZBqQpyvRcUxCt0
A2v0TkehBlsPwb3Jv9IATIVCP006/zs4pnnFOZrnYeMfqDTPMJKH9SdLt9/yFoWT
INauoEtVjqWiIlnOa0Tl9PbqCR8M3hVVXxBFtL6+EKYm2kyt7WPPWr5qNQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBrvlcY09OZ3Zq0ufpipYgLBnPkWMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvR3UtVnhqVDA1bmRtclM1LW1LbGlBc0djLVJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAER
MA0GCSqGSIb3DQEBCwUAA4IBAQBfvL0uQXSJUQpcPDnzJfE5o+Gqr9J4w0t5+xbz
5ZFawT1Yzg7rHsDfHuBDwgeSGlvGeRfzrjeQXxmdsY1WfcgieYJRISz4uA4q9dY/
F3uqq9mtVVL4zOF+qQg4Ad5ZIbyiXSun7NuPep1acbM61uw6uH099xxRItKo8agD
41UnE/QWaksP/jBJYwv2Mw6r/BHszft11HUb/ZpBXPs6QPuW4d2UFQNPQedsj/2v
lf+NmEkZ5L90f491H+cV06K5FBz3tp/RS7wFRifqwiqOyhc//Xru9B3jUPWF3lAc
IRGukBmUPrOIXrHal96NjbMJET3K9m1N6yhkIhyqY51hxZuT
-----END CERTIFICATE-----