Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/GvjwQJC9DdP7_qbPkN-koM22ONc.roa
File:                     GvjwQJC9DdP7_qbPkN-koM22ONc.roa (raw, json)
Hash identifier:          V1Pprk+ac1UgNd3D2gH6NUqG9FbJK9dkkFlOqw7KkJ0=
Subject key identifier:   1A:F8:F0:40:90:BD:0D:D3:FB:FE:A6:CF:90:DF:A4:A0:CD:B6:38:D7
Certificate issuer:       /CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
Certificate serial:       0194228D63DB883C9939B62B74595A07C7A4
Authority key identifier: 0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/GvjwQJC9DdP7_qbPkN-koM22ONc.roa
Signing time:             Wed 01 Jan 2025 15:47:58 +0000
ROA not before:           Wed 01 Jan 2025 15:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44050
IP address blocks:        2a02:c6c1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:63:db:88:3c:99:39:b6:2b:74:59:5a:07:c7:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
        Validity
            Not Before: Jan  1 15:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1af8f04090bd0dd3fbfea6cf90dfa4a0cdb638d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:7f:97:f1:d0:c1:40:86:ca:36:a3:8b:37:09:
                    33:8b:60:dd:3d:49:ec:bc:c4:78:c3:8a:cb:67:81:
                    0f:23:90:92:0a:bc:5b:bb:aa:61:e6:b4:bc:fe:6d:
                    61:df:77:0f:a4:79:0f:77:9a:cf:97:3a:16:c0:be:
                    3b:9c:f9:be:67:13:7f:66:d1:1b:16:2c:65:8f:7d:
                    03:b1:29:65:6f:22:27:d6:f3:fc:eb:b0:df:30:0d:
                    ca:4f:cd:8f:44:a2:fd:d2:90:b3:54:f2:c5:06:99:
                    5c:b8:e3:41:67:c7:f0:e2:fc:57:1f:e3:7e:f8:3b:
                    70:b8:7d:76:61:4c:21:92:91:00:96:63:b5:27:66:
                    30:a7:a4:51:56:c3:53:91:1a:f2:6e:3c:89:1d:d8:
                    e1:f0:3c:c8:59:3f:fd:16:74:45:a9:3e:bc:b2:87:
                    50:4b:6c:6b:cf:02:84:ee:6d:00:68:70:d6:03:66:
                    d7:f0:82:c9:b5:37:64:ac:63:3e:55:2f:e9:ec:6c:
                    97:f7:6d:f7:87:d6:cb:2f:54:d0:14:4f:dd:6b:f1:
                    04:d8:e5:df:5f:f0:d4:c4:23:80:26:93:95:a3:1c:
                    0d:a4:cc:de:59:06:1e:1b:48:09:d1:de:f1:88:8a:
                    2f:bc:61:cc:df:67:7c:bc:d0:f9:c6:8a:97:99:87:
                    87:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:F8:F0:40:90:BD:0D:D3:FB:FE:A6:CF:90:DF:A4:A0:CD:B6:38:D7
            X509v3 Authority Key Identifier:
                keyid:0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/GvjwQJC9DdP7_qbPkN-koM22ONc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:c6c1::/48

    Signature Algorithm: sha256WithRSAEncryption
         d6:eb:59:cb:26:29:57:11:63:37:54:e6:47:74:29:f5:17:d6:
         d3:55:20:fb:27:82:aa:ef:34:36:c2:d0:cd:77:65:fc:dc:d4:
         41:84:d5:99:eb:ca:e4:87:c1:28:ed:6a:5f:fd:34:a3:b3:12:
         96:8a:86:51:c4:e9:7a:19:7e:c5:4b:b4:c5:01:f5:ac:a8:b9:
         d2:b9:fa:58:99:3b:9e:43:7b:35:c5:e0:33:a2:e1:c0:7b:e8:
         d8:cf:48:b1:88:b5:08:49:c5:4f:52:9a:82:2d:cf:99:06:78:
         b5:7e:ac:1c:0f:4d:c0:28:a6:0e:2d:d7:90:9b:c1:6f:a6:d4:
         c7:c0:c7:fe:ce:fb:35:4c:4a:6e:f2:71:c3:dd:7c:3a:76:1e:
         e5:ac:09:c8:8b:4d:a6:6d:f9:22:57:ee:93:53:b9:58:cc:8f:
         6a:28:3e:fe:21:04:a3:0e:9d:bd:e3:c9:1d:bc:7e:4d:98:8a:
         f8:5f:f4:8d:5b:b3:a8:9f:69:96:17:60:c9:70:10:e3:de:cb:
         40:f4:27:58:9f:20:b3:45:75:50:f3:19:2e:15:1b:7f:50:3e:
         6f:fb:0b:fc:99:49:b1:cf:f7:f4:18:47:ec:ce:de:32:2f:c3:
         ce:c6:cf:31:c4:f1:d8:60:f8:b8:33:1c:52:a5:58:36:bb:1a:
         3a:0b:35:13
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQijWPbiDyZObYrdFlaB8ekMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZjVjYjJmNTkwZDA0MTY1NGY0ZGZkYjYwYTI4ZjlhMTU0
NGY0NDQwHhcNMjUwMTAxMTU0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWY4ZjA0MDkwYmQwZGQzZmJmZWE2Y2Y5MGRmYTRhMGNkYjYzOGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH+X8dDBQIbKNqOLNwkzi2DdPUns
vMR4w4rLZ4EPI5CSCrxbu6ph5rS8/m1h33cPpHkPd5rPlzoWwL47nPm+ZxN/ZtEb
Fixlj30DsSllbyIn1vP867DfMA3KT82PRKL90pCzVPLFBplcuONBZ8fw4vxXH+N+
+DtwuH12YUwhkpEAlmO1J2Ywp6RRVsNTkRrybjyJHdjh8DzIWT/9FnRFqT68sodQ
S2xrzwKE7m0AaHDWA2bX8ILJtTdkrGM+VS/p7GyX9233h9bLL1TQFE/da/EE2OXf
X/DUxCOAJpOVoxwNpMzeWQYeG0gJ0d7xiIovvGHM32d8vND5xoqXmYeHuQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBr48ECQvQ3T+/6mz5DfpKDNtjjXMB8GA1UdIwQY
MBaAFA71yy9ZDQQWVPTf22Cij5oVRPREMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmIt
ZWU0MzVkM2NkNTg1LzEvR3Zqd1FKQzlEZFA3X3FiUGtOLWtvTTIyT05jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmItZWU0MzVkM2NkNTg1
LzEvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgLGwQAA
MA0GCSqGSIb3DQEBCwUAA4IBAQDW61nLJilXEWM3VOZHdCn1F9bTVSD7J4Kq7zQ2
wtDNd2X83NRBhNWZ68rkh8Eo7Wpf/TSjsxKWioZRxOl6GX7FS7TFAfWsqLnSufpY
mTueQ3s1xeAzouHAe+jYz0ixiLUIScVPUpqCLc+ZBni1fqwcD03AKKYOLdeQm8Fv
ptTHwMf+zvs1TEpu8nHD3Xw6dh7lrAnIi02mbfkiV+6TU7lYzI9qKD7+IQSjDp29
48kdvH5NmIr4X/SNW7Oon2mWF2DJcBDj3stA9CdYnyCzRXVQ8xkuFRt/UD5v+wv8
mUmxz/f0GEfszt4yL8POxs8xxPHYYPi4MxxSpVg2uxo6CzUT
-----END CERTIFICATE-----