Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/40526a-05bc-4ec7-b999-1ff630f1d841/1/GlERHStnJxWQurcUkrnzvUsZBvQ.roa
File:                     GlERHStnJxWQurcUkrnzvUsZBvQ.roa (raw, json)
Hash identifier:          2BqHZp4aDN03bLESoTVqSnJeyUSck+7eAGoy0G/N7ws=
Subject key identifier:   1A:51:11:1D:2B:67:27:15:90:BA:B7:14:92:B9:F3:BD:4B:19:06:F4
Certificate issuer:       /CN=7aec6d4f355b73869dfea1a79180c8a2178df1fd
Certificate serial:       019519DA6A8D577EC3DAA41D37DA9CD9EC67
Authority key identifier: 7A:EC:6D:4F:35:5B:73:86:9D:FE:A1:A7:91:80:C8:A2:17:8D:F1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/euxtTzVbc4ad_qGnkYDIoheN8f0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/40526a-05bc-4ec7-b999-1ff630f1d841/1/GlERHStnJxWQurcUkrnzvUsZBvQ.roa
Signing time:             Tue 18 Feb 2025 16:18:19 +0000
ROA not before:           Tue 18 Feb 2025 16:18:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     553
IP address blocks:        141.28.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/40526a-05bc-4ec7-b999-1ff630f1d841/1/euxtTzVbc4ad_qGnkYDIoheN8f0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/40526a-05bc-4ec7-b999-1ff630f1d841/1/euxtTzVbc4ad_qGnkYDIoheN8f0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/euxtTzVbc4ad_qGnkYDIoheN8f0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:19:da:6a:8d:57:7e:c3:da:a4:1d:37:da:9c:d9:ec:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aec6d4f355b73869dfea1a79180c8a2178df1fd
        Validity
            Not Before: Feb 18 16:18:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a51111d2b67271590bab71492b9f3bd4b1906f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:cb:1a:a6:d0:1b:22:28:1b:56:87:28:49:7b:
                    60:c7:91:83:14:e5:cb:04:c1:2d:d0:47:cc:d0:3e:
                    e9:48:d3:31:1f:32:6e:1c:34:54:d1:08:aa:63:40:
                    7a:28:33:7d:53:f4:22:bf:0c:fe:34:96:24:93:15:
                    e5:03:18:85:a1:70:ca:9b:4b:06:95:4b:4b:68:0e:
                    94:50:f2:41:ad:1f:1e:e1:47:a9:21:e7:cf:38:68:
                    b1:7a:c5:52:e0:88:80:30:95:a0:04:9f:5a:7f:89:
                    f5:ee:35:45:35:bd:3d:7b:7a:25:f8:4c:6f:9a:f3:
                    b5:96:c9:74:a3:63:67:2c:bb:17:18:7f:af:61:90:
                    da:01:e2:a6:8a:f4:ed:38:bb:62:5b:f6:b8:62:85:
                    40:20:40:32:09:99:ad:66:24:1f:88:30:dc:6f:e1:
                    f4:7e:17:7f:3b:86:9a:d3:09:fd:d7:42:52:67:ca:
                    96:05:36:3b:d8:0f:cf:ec:a9:50:50:14:82:90:f6:
                    64:a6:93:2b:5f:67:c1:6b:9f:bb:df:5b:47:e8:8c:
                    2c:98:a4:2d:ef:46:0a:73:be:19:f2:41:f6:79:61:
                    8f:25:a5:97:02:11:60:c0:96:cd:2b:19:f0:9b:4b:
                    3b:f2:ef:5f:ef:9b:34:c0:dd:ae:21:a3:28:40:1a:
                    c0:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:51:11:1D:2B:67:27:15:90:BA:B7:14:92:B9:F3:BD:4B:19:06:F4
            X509v3 Authority Key Identifier:
                keyid:7A:EC:6D:4F:35:5B:73:86:9D:FE:A1:A7:91:80:C8:A2:17:8D:F1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/euxtTzVbc4ad_qGnkYDIoheN8f0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/40526a-05bc-4ec7-b999-1ff630f1d841/1/GlERHStnJxWQurcUkrnzvUsZBvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/40526a-05bc-4ec7-b999-1ff630f1d841/1/euxtTzVbc4ad_qGnkYDIoheN8f0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.28.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9c:39:bf:a6:8d:b9:60:ca:78:e2:8f:00:fa:8c:66:56:01:fd:
         f6:d1:01:a5:b7:cb:63:fe:6c:85:f2:0f:31:68:4d:0e:e6:2b:
         74:48:da:aa:f0:0c:8a:33:f5:2a:ec:d2:23:a6:e3:66:36:24:
         41:e7:ee:2b:05:be:70:59:97:9f:42:aa:cb:47:15:78:3e:2f:
         68:9e:cb:4c:c0:04:42:38:8a:6e:8c:5d:18:5e:ac:e2:03:06:
         e6:a3:06:3a:30:35:d4:18:a2:63:0c:7c:35:ed:8c:bb:4c:cb:
         79:43:00:11:d8:25:b9:e7:82:db:11:c2:37:9b:69:f9:98:8c:
         c7:ad:cb:9c:d7:84:17:69:49:4a:31:f0:c6:09:dd:8c:f1:38:
         ce:f3:b8:55:78:47:dc:90:30:b4:ed:0e:10:3e:45:20:db:63:
         f0:3e:e9:85:a2:d9:43:ed:85:4d:b7:32:0d:e4:48:34:ae:a7:
         b0:58:13:78:34:4c:ee:9a:c2:2d:fa:f1:1a:ed:84:38:c0:33:
         1d:c5:12:98:f7:80:14:2f:b4:24:02:e4:42:94:51:c9:26:92:
         f8:64:94:35:e0:65:bf:97:10:4f:92:7e:59:90:06:83:a9:9b:
         d1:17:66:90:91:65:9e:2d:24:4e:c7:53:9b:9d:8e:73:28:e8:
         80:28:5f:74
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZUZ2mqNV37D2qQdN9qc2exnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZWM2ZDRmMzU1YjczODY5ZGZlYTFhNzkxODBjOGEyMTc4
ZGYxZmQwHhcNMjUwMjE4MTYxODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTUxMTExZDJiNjcyNzE1OTBiYWI3MTQ5MmI5ZjNiZDRiMTkwNmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjssaptAbIigbVocoSXtgx5GDFOXL
BMEt0EfM0D7pSNMxHzJuHDRU0QiqY0B6KDN9U/Qivwz+NJYkkxXlAxiFoXDKm0sG
lUtLaA6UUPJBrR8e4UepIefPOGixesVS4IiAMJWgBJ9af4n17jVFNb09e3ol+Exv
mvO1lsl0o2NnLLsXGH+vYZDaAeKmivTtOLtiW/a4YoVAIEAyCZmtZiQfiDDcb+H0
fhd/O4aa0wn910JSZ8qWBTY72A/P7KlQUBSCkPZkppMrX2fBa5+731tH6IwsmKQt
70YKc74Z8kH2eWGPJaWXAhFgwJbNKxnwm0s78u9f75s0wN2uIaMoQBrAGQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFBpRER0rZycVkLq3FJK5871LGQb0MB8GA1UdIwQY
MBaAFHrsbU81W3OGnf6hp5GAyKIXjfH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXV4dFR6VmJjNGFkX3FHbmtZRElvaGVOOGYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My80MDUyNmEtMDViYy00ZWM3LWI5OTkt
MWZmNjMwZjFkODQxLzEvR2xFUkhTdG5KeFdRdXJjVWtybnp2VXNaQnZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My80MDUyNmEtMDViYy00ZWM3LWI5OTktMWZmNjMwZjFkODQx
LzEvZXV4dFR6VmJjNGFkX3FHbmtZRElvaGVOOGYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjRwwDQYJ
KoZIhvcNAQELBQADggEBAJw5v6aNuWDKeOKPAPqMZlYB/fbRAaW3y2P+bIXyDzFo
TQ7mK3RI2qrwDIoz9Srs0iOm42Y2JEHn7isFvnBZl59CqstHFXg+L2iey0zABEI4
im6MXRherOIDBuajBjowNdQYomMMfDXtjLtMy3lDABHYJbnngtsRwjebafmYjMet
y5zXhBdpSUox8MYJ3YzxOM7zuFV4R9yQMLTtDhA+RSDbY/A+6YWi2UPthU23Mg3k
SDSup7BYE3g0TO6awi368RrthDjAMx3FEpj3gBQvtCQC5EKUUckmkvhklDXgZb+X
EE+SflmQBoOpm9EXZpCRZZ4tJE7HU5udjnMo6IAoX3Q=
-----END CERTIFICATE-----