Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/GycWu6YQQx-QfInsFCt_iUZbUiQ.roa
File:                     GycWu6YQQx-QfInsFCt_iUZbUiQ.roa (raw, json)
Hash identifier:          UuwgSQh0HxD+EGIaXCzhuMAcc74VUdHBYZPfB7dbRNs=
Subject key identifier:   1B:27:16:BB:A6:10:43:1F:90:7C:89:EC:14:2B:7F:89:46:5B:52:24
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       019426D988A7378580EAD04CE3E3E51945EC
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/GycWu6YQQx-QfInsFCt_iUZbUiQ.roa
Signing time:             Thu 02 Jan 2025 11:49:38 +0000
ROA not before:           Thu 02 Jan 2025 11:49:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210335
IP address blocks:        2a03:5840:170::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:88:a7:37:85:80:ea:d0:4c:e3:e3:e5:19:45:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jan  2 11:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b2716bba610431f907c89ec142b7f89465b5224
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:23:ab:3b:eb:52:5b:8d:eb:63:80:67:b4:4e:
                    b6:6a:58:b4:e9:08:5d:30:1c:91:9a:bf:6e:a1:96:
                    bf:d9:42:b2:29:a2:79:2e:eb:f9:30:89:18:1d:35:
                    d1:d2:15:12:88:16:fe:82:7b:df:ed:4a:79:e5:79:
                    aa:cb:e3:ce:31:48:72:60:df:53:5d:73:03:49:d6:
                    33:4c:ac:20:09:45:0e:fc:76:30:1b:c4:71:7c:6d:
                    49:31:3c:f2:6d:d5:30:4a:07:1e:b6:25:15:ae:5f:
                    69:bf:a7:61:e8:79:19:ec:c5:af:91:58:2e:6b:e6:
                    b2:d1:9d:69:14:35:99:7b:04:e0:c1:ae:bc:b3:5e:
                    a1:d0:d2:75:f6:ab:52:ee:65:f4:73:b1:31:c8:c0:
                    a6:5f:3a:18:72:45:3a:2e:14:ae:18:b7:27:50:f4:
                    43:52:23:c9:32:96:25:65:65:43:13:6c:92:00:2c:
                    26:12:64:62:b1:38:88:cf:48:64:ce:de:b0:e1:47:
                    1b:96:e1:52:52:ea:f1:78:61:0c:92:03:5c:b2:2b:
                    23:74:c0:d2:5e:bd:4f:b6:2a:b2:5c:74:30:87:aa:
                    c9:2c:62:da:fd:34:e7:b1:04:37:16:c0:07:5c:49:
                    21:f2:b9:f1:f7:a9:58:44:ef:fb:e2:4d:b4:48:2d:
                    75:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:27:16:BB:A6:10:43:1F:90:7C:89:EC:14:2B:7F:89:46:5B:52:24
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/GycWu6YQQx-QfInsFCt_iUZbUiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:170::/44

    Signature Algorithm: sha256WithRSAEncryption
         3e:dd:fa:d5:24:33:0d:df:fc:55:d3:0a:f2:ba:0e:53:fd:ca:
         c7:64:33:f9:8c:87:3a:f5:cc:7a:08:e2:11:51:2c:82:75:2d:
         ae:94:0c:30:37:34:ec:37:82:db:c5:bd:da:6b:7a:f9:df:9e:
         46:af:b2:8c:c6:ce:89:8d:9f:b7:b9:fc:4e:5a:16:58:f0:98:
         51:5f:83:ee:fe:4d:a1:a6:6a:41:ab:1a:66:87:e9:33:ca:f2:
         ba:fd:0a:c2:52:69:06:b0:b2:7a:85:d9:50:9d:3f:54:63:b4:
         25:b3:d3:c3:05:18:aa:e8:14:ca:78:f3:50:5d:e9:64:a1:f1:
         5c:76:ff:d8:02:5f:75:6c:f5:f1:8b:32:d4:06:d6:1f:16:02:
         22:86:b9:79:10:cd:a4:72:8e:30:87:1f:1a:cf:f5:49:52:2e:
         bc:c2:ac:44:f4:9f:a4:f5:43:93:8d:02:b7:da:99:74:a6:e0:
         61:dc:c8:d0:fe:df:75:48:b2:b1:61:b1:5c:02:8a:0d:14:20:
         ad:e7:64:3f:b8:10:4c:e2:67:48:24:16:42:6f:e1:f5:2f:d8:
         a6:fe:78:71:6a:a2:62:55:3e:09:e8:1f:aa:46:7b:78:df:81:
         27:92:1f:b9:d9:4e:1c:13:52:7a:78:09:01:ca:33:1b:40:93:
         30:f2:b5:03
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQm2YinN4WA6tBM4+PlGUXsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjUwMTAyMTE0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjI3MTZiYmE2MTA0MzFmOTA3Yzg5ZWMxNDJiN2Y4OTQ2NWI1MjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCOrO+tSW43rY4BntE62ali06Qhd
MByRmr9uoZa/2UKyKaJ5Luv5MIkYHTXR0hUSiBb+gnvf7Up55Xmqy+POMUhyYN9T
XXMDSdYzTKwgCUUO/HYwG8RxfG1JMTzybdUwSgcetiUVrl9pv6dh6HkZ7MWvkVgu
a+ay0Z1pFDWZewTgwa68s16h0NJ19qtS7mX0c7ExyMCmXzoYckU6LhSuGLcnUPRD
UiPJMpYlZWVDE2ySACwmEmRisTiIz0hkzt6w4UcbluFSUurxeGEMkgNcsisjdMDS
Xr1PtiqyXHQwh6rJLGLa/TTnsQQ3FsAHXEkh8rnx96lYRO/74k20SC11uwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBsnFrumEEMfkHyJ7BQrf4lGW1IkMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvR3ljV3U2WVFReC1RZkluc0ZDdF9pVVpiVWlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgNYQAFw
MA0GCSqGSIb3DQEBCwUAA4IBAQA+3frVJDMN3/xV0wryug5T/crHZDP5jIc69cx6
COIRUSyCdS2ulAwwNzTsN4Lbxb3aa3r5355Gr7KMxs6JjZ+3ufxOWhZY8JhRX4Pu
/k2hpmpBqxpmh+kzyvK6/QrCUmkGsLJ6hdlQnT9UY7Qls9PDBRiq6BTKePNQXelk
ofFcdv/YAl91bPXxizLUBtYfFgIihrl5EM2kco4whx8az/VJUi68wqxE9J+k9UOT
jQK32pl0puBh3MjQ/t91SLKxYbFcAooNFCCt52Q/uBBM4mdIJBZCb+H1L9im/nhx
aqJiVT4J6B+qRnt434Enkh+52U4cE1J6eAkByjMbQJMw8rUD
-----END CERTIFICATE-----