Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Gi54Bhv0-P18GzbUQKYTb3Z7UrE.roa
File:                     Gi54Bhv0-P18GzbUQKYTb3Z7UrE.roa (raw, json)
Hash identifier:          yacRTMb8Xic0ggjn49H6OGvE9OcH0X0NeLEYae1qY9E=
Subject key identifier:   1A:2E:78:06:1B:F4:F8:FD:7C:1B:36:D4:40:A6:13:6F:76:7B:52:B1
Certificate issuer:       /CN=370e5450d1486780aba54f045ec4802f19f0b4f7
Certificate serial:       01942827128A7C6FC0D2E9AD097989C0A308
Authority key identifier: 37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Gi54Bhv0-P18GzbUQKYTb3Z7UrE.roa
Signing time:             Thu 02 Jan 2025 17:53:56 +0000
ROA not before:           Thu 02 Jan 2025 17:53:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31898
IP address blocks:        2a0e:46c4:2300::/40 maxlen: 48
                          2a0e:46c4:24a1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:12:8a:7c:6f:c0:d2:e9:ad:09:79:89:c0:a3:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=370e5450d1486780aba54f045ec4802f19f0b4f7
        Validity
            Not Before: Jan  2 17:53:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a2e78061bf4f8fd7c1b36d440a6136f767b52b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:06:9b:ec:ec:de:f3:6a:42:c1:e8:6a:2a:39:
                    c6:d2:81:8b:3c:79:c7:23:b6:df:f6:35:3b:cb:98:
                    5f:44:bc:bd:6d:42:23:00:a0:c6:12:66:b4:df:8d:
                    0d:6f:e4:c6:2c:fe:0c:d9:f6:a8:fc:98:51:55:5e:
                    d5:bc:dc:b8:f1:af:ea:27:69:fb:25:8a:d6:33:7a:
                    84:21:37:80:bb:ee:69:0d:a1:a3:ba:3c:de:66:fd:
                    95:40:93:38:2d:53:bf:08:6c:c6:cb:ef:4a:1a:ff:
                    e8:de:37:bc:67:74:4b:ec:fc:b1:63:0f:02:30:a2:
                    ed:f0:28:32:3c:4b:53:2e:86:66:7f:d9:14:14:b1:
                    3f:e2:ea:1e:4d:79:6d:82:66:a3:f7:a8:3a:37:2d:
                    67:97:3a:bb:87:f9:bf:84:5d:8f:d7:10:7f:33:1d:
                    54:d7:50:50:1e:de:33:7a:65:6d:f2:e3:3d:ad:4e:
                    cc:b0:dc:14:09:42:c5:b9:54:ca:23:38:3b:f3:d2:
                    dd:07:39:9d:55:bc:22:be:90:bd:e3:1d:6c:81:a0:
                    59:19:93:93:bd:bc:3b:1f:bc:7e:3b:a5:e7:be:6d:
                    7e:a5:20:ad:c4:87:57:b0:94:53:e3:23:07:3a:b5:
                    9c:6c:75:d8:fb:b2:3c:b1:ad:f1:99:10:0e:8c:3c:
                    fe:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:2E:78:06:1B:F4:F8:FD:7C:1B:36:D4:40:A6:13:6F:76:7B:52:B1
            X509v3 Authority Key Identifier:
                keyid:37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Gi54Bhv0-P18GzbUQKYTb3Z7UrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:46c4:2300::/40
                  2a0e:46c4:24a1::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:a2:2d:5a:3e:c8:4f:a3:53:df:9e:2c:e2:cd:6b:d0:7c:e4:
         5d:05:82:7a:85:70:75:9d:e3:c0:33:5e:3e:9d:57:25:6b:23:
         f2:0b:05:67:dd:f3:03:5c:4f:85:66:69:40:66:48:08:8c:d2:
         4c:18:85:ea:f0:2b:58:15:57:4a:d9:ce:56:d2:90:4f:c8:fa:
         f3:26:dd:79:10:cd:62:02:db:74:f5:48:12:10:5b:4f:3e:ae:
         b4:fa:c8:d6:0c:e0:92:fc:7b:b9:1e:ea:a5:45:42:43:96:df:
         c5:e4:67:d7:7e:6d:06:bf:f7:bd:b0:85:eb:90:bc:ef:6e:d6:
         25:68:87:14:d0:ba:50:22:4f:37:b8:c4:a7:c6:a1:cd:11:5d:
         41:e7:0e:fa:c1:09:23:76:dc:c9:db:28:6e:7c:d4:e1:b5:4c:
         99:a1:3d:bf:f2:61:df:48:2f:7e:20:6c:8b:d3:70:5f:d6:87:
         f8:dd:43:1b:2a:4d:f4:03:60:33:a9:b1:ab:e8:9d:47:af:d2:
         60:03:32:9b:4f:da:a2:8f:31:58:d6:c2:e8:ac:e8:ab:e1:60:
         1c:9e:b5:2d:53:82:8c:88:bc:eb:7b:f2:b4:4d:2d:b3:0e:87:
         d8:1d:8c:45:1c:e0:ce:65:3f:c0:74:94:fe:06:20:aa:70:5e:
         51:be:0a:e4
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZQoJxKKfG/A0umtCXmJwKMIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MGU1NDUwZDE0ODY3ODBhYmE1NGYwNDVlYzQ4MDJmMTlm
MGI0ZjcwHhcNMjUwMTAyMTc1MzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTJlNzgwNjFiZjRmOGZkN2MxYjM2ZDQ0MGE2MTM2Zjc2N2I1MmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgab7Oze82pCwehqKjnG0oGLPHnH
I7bf9jU7y5hfRLy9bUIjAKDGEma0340Nb+TGLP4M2fao/JhRVV7VvNy48a/qJ2n7
JYrWM3qEITeAu+5pDaGjujzeZv2VQJM4LVO/CGzGy+9KGv/o3je8Z3RL7PyxYw8C
MKLt8CgyPEtTLoZmf9kUFLE/4uoeTXltgmaj96g6Ny1nlzq7h/m/hF2P1xB/Mx1U
11BQHt4zemVt8uM9rU7MsNwUCULFuVTKIzg789LdBzmdVbwivpC94x1sgaBZGZOT
vbw7H7x+O6Xnvm1+pSCtxIdXsJRT4yMHOrWcbHXY+7I8sa3xmRAOjDz+rwIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFBoueAYb9Pj9fBs21ECmE292e1KxMB8GA1UdIwQY
MBaAFDcOVFDRSGeAq6VPBF7EgC8Z8LT3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgt
ODU4ZGNlNTdmY2RiLzEvR2k1NEJodjAtUDE4R3piVVFLWVRiM1o3VXJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgtODU4ZGNlNTdmY2Ri
LzEvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYAKg5GxCMD
BwAqDkbEJKEwDQYJKoZIhvcNAQELBQADggEBADyiLVo+yE+jU9+eLOLNa9B85F0F
gnqFcHWd48AzXj6dVyVrI/ILBWfd8wNcT4VmaUBmSAiM0kwYherwK1gVV0rZzlbS
kE/I+vMm3XkQzWIC23T1SBIQW08+rrT6yNYM4JL8e7ke6qVFQkOW38XkZ9d+bQa/
972wheuQvO9u1iVohxTQulAiTze4xKfGoc0RXUHnDvrBCSN23MnbKG581OG1TJmh
Pb/yYd9IL34gbIvTcF/Wh/jdQxsqTfQDYDOpsavonUev0mADMptP2qKPMVjWwuis
6KvhYByetS1TgoyIvOt78rRNLbMOh9gdjEUc4M5lP8B0lP4GIKpwXlG+CuQ=
-----END CERTIFICATE-----