Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/a204a5-1950-4b44-ac90-81a2b347da84/1/GStcCmUshC1-CqS1WD6FQVzI-qU.roa
File:                     GStcCmUshC1-CqS1WD6FQVzI-qU.roa (raw, json)
Hash identifier:          McbmHqCJKyTbbLFQLRcyn9DY/YUeCaZvVfCPa94lrV4=
Subject key identifier:   19:2B:5C:0A:65:2C:84:2D:7E:0A:A4:B5:58:3E:85:41:5C:C8:FA:A5
Certificate issuer:       /CN=be84ae7c0503ac450934c9f6cff39a1537a5126d
Certificate serial:       018CC5DC582E3114D250CB3F60FC3DD99984
Authority key identifier: BE:84:AE:7C:05:03:AC:45:09:34:C9:F6:CF:F3:9A:15:37:A5:12:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/voSufAUDrEUJNMn2z_OaFTelEm0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/a204a5-1950-4b44-ac90-81a2b347da84/1/GStcCmUshC1-CqS1WD6FQVzI-qU.roa
Signing time:             Mon 01 Jan 2024 16:30:01 +0000
ROA not before:           Mon 01 Jan 2024 16:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42275
IP address blocks:        2a12:8e40:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/a204a5-1950-4b44-ac90-81a2b347da84/1/voSufAUDrEUJNMn2z_OaFTelEm0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/a204a5-1950-4b44-ac90-81a2b347da84/1/voSufAUDrEUJNMn2z_OaFTelEm0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/voSufAUDrEUJNMn2z_OaFTelEm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:58:2e:31:14:d2:50:cb:3f:60:fc:3d:d9:99:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be84ae7c0503ac450934c9f6cff39a1537a5126d
        Validity
            Not Before: Jan  1 16:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=192b5c0a652c842d7e0aa4b5583e85415cc8faa5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:05:ad:5e:56:14:49:84:cb:df:7d:2c:ca:e3:
                    d4:b3:a4:46:50:1a:4e:6d:f3:9f:72:b1:80:ed:b1:
                    a4:50:3b:76:2e:1e:c7:c5:b1:01:34:88:53:6c:3c:
                    9b:34:6d:56:49:01:0b:8b:10:fc:ff:5b:0b:66:27:
                    88:1a:d6:fd:c7:05:10:76:b4:ad:b4:19:16:af:21:
                    04:b6:70:01:1e:fa:99:d1:5b:4b:9b:82:3c:0f:d9:
                    b2:a9:5b:66:cd:21:44:f2:d6:3d:0d:ff:6f:7b:72:
                    ba:07:d8:66:f6:69:43:7c:6d:7d:ac:81:04:d8:13:
                    fc:d1:cc:d9:ba:3b:0a:ca:4a:bd:5d:e8:45:72:5b:
                    35:89:7d:fd:c6:10:de:25:45:5e:ee:53:89:92:9d:
                    4d:b7:00:c2:fd:d4:23:d6:8f:ef:53:68:9f:8b:ac:
                    bf:8f:82:b5:bc:a0:a0:dd:82:de:8e:95:a1:f2:ec:
                    84:9d:3e:d5:11:df:1d:58:a9:72:46:c8:23:7e:8b:
                    8e:1f:60:50:70:0e:64:73:30:1d:e2:dd:41:36:44:
                    c2:a5:41:82:24:38:e8:24:f2:6a:7d:35:ac:8b:9d:
                    53:32:f2:0c:91:37:a9:cb:60:45:8e:75:56:c6:bc:
                    99:30:aa:24:5e:3d:66:86:04:6b:a3:ae:3b:e0:89:
                    64:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:2B:5C:0A:65:2C:84:2D:7E:0A:A4:B5:58:3E:85:41:5C:C8:FA:A5
            X509v3 Authority Key Identifier:
                keyid:BE:84:AE:7C:05:03:AC:45:09:34:C9:F6:CF:F3:9A:15:37:A5:12:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/voSufAUDrEUJNMn2z_OaFTelEm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/a204a5-1950-4b44-ac90-81a2b347da84/1/GStcCmUshC1-CqS1WD6FQVzI-qU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/a204a5-1950-4b44-ac90-81a2b347da84/1/voSufAUDrEUJNMn2z_OaFTelEm0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:8e40:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:cf:bf:aa:6f:ae:4b:34:79:e6:5e:d5:76:03:fd:35:fd:7c:
         34:3f:ed:f6:98:3b:bd:96:2f:97:39:0c:a3:bd:96:bc:76:c8:
         ed:99:82:96:4e:d4:14:44:23:78:78:e9:b0:19:03:31:bf:39:
         04:1d:23:a5:41:88:28:52:28:a0:49:44:fe:bc:b4:18:83:70:
         f7:8f:f0:90:c3:dc:dc:ed:4f:35:28:0f:f8:84:d6:c7:d9:3e:
         79:30:a9:55:59:65:37:da:40:b9:bc:b3:cd:39:b0:d3:e6:e4:
         9f:c1:c6:68:c4:6d:b1:04:d9:3f:c9:b3:a7:4d:59:14:d6:91:
         30:84:f9:9f:e2:b4:3f:3d:0a:4c:de:7c:81:40:d1:ab:b1:0d:
         1b:e8:8a:e7:61:87:40:e0:1a:a8:ee:c0:49:d7:31:13:e1:53:
         1b:f9:d5:3c:73:a3:c2:91:8c:e6:10:c9:51:3b:2e:f9:aa:af:
         82:11:a3:3b:97:99:fa:d1:fc:ed:d0:a1:95:06:7b:42:81:af:
         eb:da:71:e0:4e:f4:07:56:df:fe:77:aa:85:d7:81:9c:58:f1:
         0e:6d:a7:11:17:4b:15:99:a1:87:86:03:75:54:3f:bc:6d:54:
         53:2e:26:e2:bb:88:1f:1e:f3:6f:74:b7:32:5a:0a:27:00:01:
         8f:09:5e:ed
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3FguMRTSUMs/YPw92ZmEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlODRhZTdjMDUwM2FjNDUwOTM0YzlmNmNmZjM5YTE1Mzdh
NTEyNmQwHhcNMjQwMTAxMTYzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTJiNWMwYTY1MmM4NDJkN2UwYWE0YjU1ODNlODU0MTVjYzhmYWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQWtXlYUSYTL330syuPUs6RGUBpO
bfOfcrGA7bGkUDt2Lh7HxbEBNIhTbDybNG1WSQELixD8/1sLZieIGtb9xwUQdrSt
tBkWryEEtnABHvqZ0VtLm4I8D9myqVtmzSFE8tY9Df9ve3K6B9hm9mlDfG19rIEE
2BP80czZujsKykq9XehFcls1iX39xhDeJUVe7lOJkp1NtwDC/dQj1o/vU2ifi6y/
j4K1vKCg3YLejpWh8uyEnT7VEd8dWKlyRsgjfouOH2BQcA5kczAd4t1BNkTCpUGC
JDjoJPJqfTWsi51TMvIMkTepy2BFjnVWxryZMKokXj1mhgRro6474IlkCwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBkrXAplLIQtfgqktVg+hUFcyPqlMB8GA1UdIwQY
MBaAFL6ErnwFA6xFCTTJ9s/zmhU3pRJtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdm9TdWZBVURyRVVKTk1uMnpfT2FGVGVsRW0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9hMjA0YTUtMTk1MC00YjQ0LWFjOTAt
ODFhMmIzNDdkYTg0LzEvR1N0Y0NtVXNoQzEtQ3FTMVdENkZRVnpJLXFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9hMjA0YTUtMTk1MC00YjQ0LWFjOTAtODFhMmIzNDdkYTg0
LzEvdm9TdWZBVURyRVVKTk1uMnpfT2FGVGVsRW0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhKOQAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQBtz7+qb65LNHnmXtV2A/01/Xw0P+32mDu9li+X
OQyjvZa8dsjtmYKWTtQURCN4eOmwGQMxvzkEHSOlQYgoUiigSUT+vLQYg3D3j/CQ
w9zc7U81KA/4hNbH2T55MKlVWWU32kC5vLPNObDT5uSfwcZoxG2xBNk/ybOnTVkU
1pEwhPmf4rQ/PQpM3nyBQNGrsQ0b6IrnYYdA4Bqo7sBJ1zET4VMb+dU8c6PCkYzm
EMlROy75qq+CEaM7l5n60fzt0KGVBntCga/r2nHgTvQHVt/+d6qF14GcWPEObacR
F0sVmaGHhgN1VD+8bVRTLibiu4gfHvNvdLcyWgonAAGPCV7t
-----END CERTIFICATE-----