Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/GbNjA0u4LTGo9TpkOSKtWC1n_q8.roa
File:                     GbNjA0u4LTGo9TpkOSKtWC1n_q8.roa (raw, json)
Hash identifier:          WyAfLfQQ5UiJ33gbz0ra750pAYV6TxSwmrlHqd6QFdQ=
Subject key identifier:   19:B3:63:03:4B:B8:2D:31:A8:F5:3A:64:39:22:AD:58:2D:67:FE:AF
Certificate issuer:       /CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
Certificate serial:       019422FAEA9F4366000DC32CCAA68DC08234
Authority key identifier: 1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/GbNjA0u4LTGo9TpkOSKtWC1n_q8.roa
Signing time:             Wed 01 Jan 2025 17:47:36 +0000
ROA not before:           Wed 01 Jan 2025 17:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213702
IP address blocks:        2a01:ecc0:80::/42 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fa:ea:9f:43:66:00:0d:c3:2c:ca:a6:8d:c0:82:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
        Validity
            Not Before: Jan  1 17:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19b363034bb82d31a8f53a643922ad582d67feaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:8d:5d:4f:0b:98:74:69:39:a5:95:a5:20:1e:
                    aa:27:5b:65:9f:98:89:17:3d:f1:b0:38:8b:77:b9:
                    3a:fd:7b:cc:33:92:51:68:b1:37:62:85:d8:ca:19:
                    bb:33:3d:16:f6:86:0a:c5:1d:20:59:06:65:ec:f2:
                    30:84:ba:f3:87:9c:e1:77:78:07:30:b4:4b:51:7c:
                    d7:a5:d9:0e:74:0c:5f:7e:83:aa:16:c1:29:e4:35:
                    f9:d7:30:e2:01:98:86:d1:cc:81:bc:8d:ee:a1:24:
                    a5:5a:58:78:34:c8:04:19:df:95:18:2d:5c:a3:27:
                    e2:88:90:1b:4b:00:f6:e8:eb:96:4b:c8:c5:8b:c5:
                    80:75:8e:f2:65:97:72:00:86:10:2d:db:1b:6d:f9:
                    ee:e0:9e:98:d3:5d:95:51:a7:12:bc:4a:0c:d4:62:
                    95:b5:be:d1:ba:6d:b1:05:2f:8c:2d:6d:ad:14:25:
                    92:96:7a:73:42:57:2e:ef:1d:e4:9f:02:c6:20:b5:
                    c9:77:db:d0:2d:48:1c:38:19:a2:82:d6:55:03:db:
                    a5:cd:a9:14:d0:cc:6e:e4:12:cc:78:f4:28:35:85:
                    07:4f:11:92:33:72:96:b9:65:3c:a7:e7:de:b6:66:
                    09:af:01:65:72:b6:de:aa:1a:3c:80:7d:9c:38:0f:
                    1a:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:B3:63:03:4B:B8:2D:31:A8:F5:3A:64:39:22:AD:58:2D:67:FE:AF
            X509v3 Authority Key Identifier:
                keyid:1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/GbNjA0u4LTGo9TpkOSKtWC1n_q8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ecc0:80::/42

    Signature Algorithm: sha256WithRSAEncryption
         a0:a2:13:4d:93:c7:40:c2:49:91:c8:38:27:1f:3b:cc:ec:f3:
         66:93:6b:39:fb:1e:df:ea:38:fc:8d:10:dc:dc:f5:67:b8:49:
         b9:aa:1c:bc:12:9c:4d:e5:87:e4:ca:51:96:db:20:7f:20:c6:
         68:d8:5c:ab:76:61:cd:23:7c:98:ee:3d:d1:e0:67:60:96:b3:
         f0:2a:a5:9c:a0:c3:6f:5c:3b:61:1a:25:78:8d:80:f6:b4:b2:
         9d:75:89:12:37:e8:4d:31:10:41:c1:a9:02:48:92:51:3a:d6:
         52:c1:26:7a:fb:7a:a5:17:34:98:1f:07:b7:13:3b:7b:e6:8d:
         da:7b:88:60:1e:9a:6d:ba:63:0c:6e:8c:fd:c7:71:58:92:a9:
         b7:99:fc:5e:7c:21:f9:3f:53:b1:7b:dd:b0:bd:77:75:42:ac:
         a5:5f:c1:c2:b9:41:0c:95:f4:6e:15:85:64:2a:c0:a9:a1:9a:
         d7:a4:a8:d4:87:31:d9:38:8e:22:19:f5:60:3e:88:89:0c:d4:
         cf:e2:df:86:29:80:7a:f1:da:77:8b:93:38:af:10:a7:0d:7e:
         78:5d:a2:a6:79:2d:e6:c9:c6:80:ba:da:fb:16:8a:d7:19:89:
         90:db:6b:a3:0d:f7:c3:b5:8c:f1:4a:35:cb:6b:23:47:5d:ac:
         32:e4:6a:c9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi+uqfQ2YADcMsyqaNwII0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNDNhMjQ4NDU2OWQyMGUzZjUzYzE3YmU3YjlmYjI5YzM0
ZWU1YmUwHhcNMjUwMTAxMTc0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWIzNjMwMzRiYjgyZDMxYThmNTNhNjQzOTIyYWQ1ODJkNjdmZWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs41dTwuYdGk5pZWlIB6qJ1tln5iJ
Fz3xsDiLd7k6/XvMM5JRaLE3YoXYyhm7Mz0W9oYKxR0gWQZl7PIwhLrzh5zhd3gH
MLRLUXzXpdkOdAxffoOqFsEp5DX51zDiAZiG0cyBvI3uoSSlWlh4NMgEGd+VGC1c
oyfiiJAbSwD26OuWS8jFi8WAdY7yZZdyAIYQLdsbbfnu4J6Y012VUacSvEoM1GKV
tb7Rum2xBS+MLW2tFCWSlnpzQlcu7x3knwLGILXJd9vQLUgcOBmigtZVA9ulzakU
0Mxu5BLMePQoNYUHTxGSM3KWuWU8p+fetmYJrwFlcrbeqho8gH2cOA8aIQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBmzYwNLuC0xqPU6ZDkirVgtZ/6vMB8GA1UdIwQY
MBaAFB1DokhFadIOP1PBe+e5+ynDTuW+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjkt
NjM0NTE1NDg5NzlkLzEvR2JOakEwdTRMVEdvOVRwa09TS3RXQzFuX3E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjktNjM0NTE1NDg5Nzlk
LzEvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcGKgHswACA
MA0GCSqGSIb3DQEBCwUAA4IBAQCgohNNk8dAwkmRyDgnHzvM7PNmk2s5+x7f6jj8
jRDc3PVnuEm5qhy8EpxN5YfkylGW2yB/IMZo2FyrdmHNI3yY7j3R4GdglrPwKqWc
oMNvXDthGiV4jYD2tLKddYkSN+hNMRBBwakCSJJROtZSwSZ6+3qlFzSYHwe3Ezt7
5o3ae4hgHpptumMMboz9x3FYkqm3mfxefCH5P1Oxe92wvXd1QqylX8HCuUEMlfRu
FYVkKsCpoZrXpKjUhzHZOI4iGfVgPoiJDNTP4t+GKYB68dp3i5M4rxCnDX54XaKm
eS3mycaAutr7ForXGYmQ22ujDffDtYzxSjXLayNHXawy5GrJ
-----END CERTIFICATE-----