Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/g5kj0c5gIcfXvJMBxVW2-IvShUI.roa
File:                     g5kj0c5gIcfXvJMBxVW2-IvShUI.roa (raw, json)
Hash identifier:          CKgIE1v8ZknTa0F780Va3Q+BXidD3R6HaKXYmqUb3wg=
Subject key identifier:   83:99:23:D1:CE:60:21:C7:D7:BC:93:01:C5:55:B6:F8:8B:D2:85:42
Certificate issuer:       /CN=4776afb74fad5baf0a6180b49510d8b8497df8d3
Certificate serial:       0194221FF305870A0E30C8BD742E229A18FB
Authority key identifier: 47:76:AF:B7:4F:AD:5B:AF:0A:61:80:B4:95:10:D8:B8:49:7D:F8:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/g5kj0c5gIcfXvJMBxVW2-IvShUI.roa
Signing time:             Wed 01 Jan 2025 13:48:26 +0000
ROA not before:           Wed 01 Jan 2025 13:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207021
IP address blocks:        2a04:2b00:14cc::/48 maxlen: 48
                          2a04:2b00:14dd::/48 maxlen: 48
                          2a04:2b00:14ee::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:f3:05:87:0a:0e:30:c8:bd:74:2e:22:9a:18:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4776afb74fad5baf0a6180b49510d8b8497df8d3
        Validity
            Not Before: Jan  1 13:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=839923d1ce6021c7d7bc9301c555b6f88bd28542
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ce:cf:cd:05:97:b5:3b:83:57:c3:2b:ea:93:
                    1e:99:cb:00:44:70:fe:4d:95:a9:02:ef:df:02:fc:
                    9d:f2:af:af:da:3f:44:a2:60:74:a5:aa:af:97:42:
                    d9:5e:4e:eb:5d:18:15:74:96:98:56:06:dd:f2:67:
                    fd:02:d5:5e:05:a4:cd:6c:d7:aa:ff:62:e0:4e:71:
                    ab:35:1b:70:51:cc:24:3e:93:51:2c:29:5d:03:ac:
                    01:5e:14:3e:2d:ee:0c:4f:96:fc:96:79:ad:af:38:
                    9e:97:a9:7f:90:30:ef:60:d2:78:39:d3:ed:d0:71:
                    1c:8e:51:6c:32:ee:d4:b2:b1:e8:d2:9c:40:fb:21:
                    ec:5a:69:d0:9c:1f:b4:d6:a3:f4:2e:71:36:dc:21:
                    d2:5e:93:3c:24:e4:b8:24:93:9f:41:93:ba:11:02:
                    5a:ef:1a:a6:28:43:f2:65:91:b2:b9:7d:1c:03:4e:
                    c4:2b:30:4e:02:e3:42:8f:1f:1e:42:d9:53:81:93:
                    57:f6:d6:e6:83:1e:26:91:be:56:22:56:77:65:61:
                    29:d1:4d:4b:c6:66:7d:20:9a:dd:b8:65:12:e1:f6:
                    a4:c2:d5:80:e8:33:3d:95:09:91:0a:13:67:4a:15:
                    73:cf:91:43:01:03:7b:fa:ed:de:a2:f1:83:76:bc:
                    b1:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:99:23:D1:CE:60:21:C7:D7:BC:93:01:C5:55:B6:F8:8B:D2:85:42
            X509v3 Authority Key Identifier:
                keyid:47:76:AF:B7:4F:AD:5B:AF:0A:61:80:B4:95:10:D8:B8:49:7D:F8:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/g5kj0c5gIcfXvJMBxVW2-IvShUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:2b00:14cc::/48
                  2a04:2b00:14dd::/48
                  2a04:2b00:14ee::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:7c:d7:61:01:73:46:c1:26:17:cd:fa:c6:ce:f0:c3:4a:77:
         07:66:79:64:30:54:17:29:10:fa:55:80:e2:d3:50:cc:df:f8:
         9b:32:42:7d:5c:70:02:cd:ef:ef:d7:f6:42:9a:d0:c7:fc:c8:
         6f:fa:48:73:a8:0a:64:d0:59:69:01:e7:0a:13:ec:e0:13:9a:
         a2:e8:3e:be:85:bf:0b:50:09:d0:da:57:5e:65:be:ec:9f:0b:
         a9:b2:0f:f3:65:2c:ee:40:28:92:1e:0b:4d:07:18:d7:56:86:
         c5:24:41:65:57:5d:3c:ef:ff:c4:92:75:2e:a5:a8:46:70:4e:
         60:08:73:31:3b:8e:7f:ef:01:db:65:10:1a:a8:bf:e7:e6:d3:
         de:92:4c:67:ea:70:58:8e:2f:35:d5:ab:c6:be:54:dc:dd:a5:
         ff:04:c5:10:7c:c7:e9:bc:33:a0:c7:fc:10:74:67:46:6d:3c:
         51:a4:de:e8:26:d0:cd:b6:78:40:94:30:01:e7:9f:cc:d5:d5:
         47:20:d0:5f:e0:60:c7:7c:20:f8:d4:6c:96:7d:eb:27:d8:23:
         f5:4c:4a:95:e5:07:7a:d8:97:42:a5:da:fc:ac:0a:d8:79:63:
         c9:d8:72:90:e7:2a:94:e4:7c:84:9a:b1:0f:4a:ad:cd:db:2b:
         45:6a:47:0b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQiH/MFhwoOMMi9dC4imhj7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NzZhZmI3NGZhZDViYWYwYTYxODBiNDk1MTBkOGI4NDk3
ZGY4ZDMwHhcNMjUwMTAxMTM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mzk5MjNkMWNlNjAyMWM3ZDdiYzkzMDFjNTU1YjZmODhiZDI4NTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs87PzQWXtTuDV8Mr6pMemcsARHD+
TZWpAu/fAvyd8q+v2j9EomB0paqvl0LZXk7rXRgVdJaYVgbd8mf9AtVeBaTNbNeq
/2LgTnGrNRtwUcwkPpNRLCldA6wBXhQ+Le4MT5b8lnmtrziel6l/kDDvYNJ4OdPt
0HEcjlFsMu7UsrHo0pxA+yHsWmnQnB+01qP0LnE23CHSXpM8JOS4JJOfQZO6EQJa
7xqmKEPyZZGyuX0cA07EKzBOAuNCjx8eQtlTgZNX9tbmgx4mkb5WIlZ3ZWEp0U1L
xmZ9IJrduGUS4fakwtWA6DM9lQmRChNnShVzz5FDAQN7+u3eovGDdryxoQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIOZI9HOYCHH17yTAcVVtviL0oVCMB8GA1UdIwQY
MBaAFEd2r7dPrVuvCmGAtJUQ2LhJffjTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjNhdnQwLXRXNjhLWVlDMGxSRFl1RWw5LU5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9mNzFjYzItYjcxZC00NjY4LTg2NjEt
MDUzOGU5NWYzZjEyLzEvZzVrajBjNWdJY2ZYdkpNQnhWVzItSXZTaFVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9mNzFjYzItYjcxZC00NjY4LTg2NjEtMDUzOGU5NWYzZjEy
LzEvUjNhdnQwLXRXNjhLWVlDMGxSRFl1RWw5LU5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKgQrABTM
AwcAKgQrABTdAwcAKgQrABTuMA0GCSqGSIb3DQEBCwUAA4IBAQAgfNdhAXNGwSYX
zfrGzvDDSncHZnlkMFQXKRD6VYDi01DM3/ibMkJ9XHACze/v1/ZCmtDH/Mhv+khz
qApk0FlpAecKE+zgE5qi6D6+hb8LUAnQ2ldeZb7snwupsg/zZSzuQCiSHgtNBxjX
VobFJEFlV1087//EknUupahGcE5gCHMxO45/7wHbZRAaqL/n5tPekkxn6nBYji81
1avGvlTc3aX/BMUQfMfpvDOgx/wQdGdGbTxRpN7oJtDNtnhAlDAB55/M1dVHINBf
4GDHfCD41GyWfesn2CP1TEqV5Qd62JdCpdr8rArYeWPJ2HKQ5yqU5HyEmrEPSq3N
2ytFakcL
-----END CERTIFICATE-----