Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/GdA1-Fu1yaXfmpH9w0RPIT3jp5w.roa
File:                     GdA1-Fu1yaXfmpH9w0RPIT3jp5w.roa (raw, json)
Hash identifier:          iVzftF4ZpU/z2Cj6rDAYlOw6Nm1z73LQxrOEvUQ3LCg=
Subject key identifier:   19:D0:35:F8:5B:B5:C9:A5:DF:9A:91:FD:C3:44:4F:21:3D:E3:A7:9C
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       0190312E9468EC4524BB2E711FA35D3722D6
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/GdA1-Fu1yaXfmpH9w0RPIT3jp5w.roa
Signing time:             Wed 19 Jun 2024 15:47:34 +0000
ROA not before:           Wed 19 Jun 2024 15:47:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38846
IP address blocks:        2a0f:5707:ab00::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jul 2024 11:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:31:2e:94:68:ec:45:24:bb:2e:71:1f:a3:5d:37:22:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jun 19 15:47:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19d035f85bb5c9a5df9a91fdc3444f213de3a79c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:5b:ca:30:56:a0:38:87:27:f5:66:ce:ae:4f:
                    e8:68:18:a4:06:57:05:78:dc:29:40:88:11:6f:ec:
                    0a:74:f8:11:3d:57:71:d8:ad:4e:08:31:cc:53:cd:
                    3c:d0:67:60:9c:93:29:bb:09:65:12:9b:9e:07:65:
                    35:d2:2f:a5:75:79:0c:38:9c:96:7c:b4:08:81:fb:
                    9b:59:fd:eb:23:fa:df:a6:e2:5b:05:fa:f2:06:8e:
                    d7:43:f9:61:64:b6:4e:80:7c:73:db:47:08:f1:ef:
                    59:72:0f:da:a5:0e:ec:9c:bf:9e:ca:1a:6a:71:e2:
                    89:f8:85:7f:f2:e7:50:5a:b9:7c:f2:05:aa:93:a8:
                    c3:2b:55:a6:e8:c3:5c:b9:08:45:75:c5:1c:d7:1d:
                    36:05:dd:9c:ae:02:f1:12:c7:d6:1b:9e:e4:4e:ae:
                    7e:0e:c5:e1:8b:41:35:79:83:15:f3:06:e8:34:e7:
                    28:00:f3:47:cf:39:5f:2d:0f:96:b3:a9:84:86:73:
                    79:3b:c8:d9:3f:9d:72:d3:8a:52:e0:a8:74:71:31:
                    f6:e8:c4:72:7b:04:3e:9a:5b:f9:97:48:94:6c:bf:
                    47:32:08:7b:4d:6e:1c:ad:14:5b:a1:8e:30:79:81:
                    64:bb:bb:05:29:6f:b8:49:2f:af:42:9d:f2:57:b2:
                    88:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:D0:35:F8:5B:B5:C9:A5:DF:9A:91:FD:C3:44:4F:21:3D:E3:A7:9C
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/GdA1-Fu1yaXfmpH9w0RPIT3jp5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:ab00::/44

    Signature Algorithm: sha256WithRSAEncryption
         a6:91:d2:a1:d2:6e:8a:ff:46:30:5e:21:88:f4:a1:bb:e9:80:
         43:69:92:63:48:79:c6:05:76:ec:52:15:6c:05:0c:f0:a4:0f:
         24:bf:df:9d:65:ee:92:10:5d:ca:7e:dc:9a:b5:5d:54:82:b6:
         bc:7c:67:8d:41:52:e6:36:e5:23:27:98:a3:0d:ae:2c:f1:e3:
         12:b2:46:88:e4:b4:e8:5b:80:9b:97:ef:7b:e6:d1:8f:9f:f2:
         d3:d9:cc:d7:92:34:b9:eb:c9:2c:de:20:c0:a9:23:73:ca:09:
         3a:02:6a:70:a7:97:bb:6d:6a:72:a9:8f:4c:59:09:bb:2f:19:
         3f:82:df:93:11:c8:6f:9b:98:2b:69:5c:70:90:32:ef:db:11:
         90:fc:84:6c:ac:01:40:1a:c8:9a:3c:b8:99:ff:26:80:d0:b6:
         bd:59:b0:1d:ee:92:af:a5:65:f6:65:c7:cf:38:08:8f:87:9b:
         bb:d5:0d:3e:7b:02:7c:a8:71:b5:3b:32:21:cb:38:6e:ed:ad:
         1d:7a:21:40:a1:8d:7e:5a:69:6b:a4:b7:1b:28:46:8d:21:44:
         87:6d:11:ca:78:8f:e8:5a:c4:e8:77:cf:43:55:9b:b2:03:c8:
         06:3b:16:c4:d2:d3:f0:09:02:f1:f0:5e:bd:2d:33:fb:b4:32:
         e1:3d:c1:51
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZAxLpRo7EUkuy5xH6NdNyLWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwNjE5MTU0NzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWQwMzVmODViYjVjOWE1ZGY5YTkxZmRjMzQ0NGYyMTNkZTNhNzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzFvKMFagOIcn9WbOrk/oaBikBlcF
eNwpQIgRb+wKdPgRPVdx2K1OCDHMU8080GdgnJMpuwllEpueB2U10i+ldXkMOJyW
fLQIgfubWf3rI/rfpuJbBfryBo7XQ/lhZLZOgHxz20cI8e9Zcg/apQ7snL+eyhpq
ceKJ+IV/8udQWrl88gWqk6jDK1Wm6MNcuQhFdcUc1x02Bd2crgLxEsfWG57kTq5+
DsXhi0E1eYMV8wboNOcoAPNHzzlfLQ+Ws6mEhnN5O8jZP51y04pS4Kh0cTH26MRy
ewQ+mlv5l0iUbL9HMgh7TW4crRRboY4weYFku7sFKW+4SS+vQp3yV7KIGQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBnQNfhbtcml35qR/cNETyE946ecMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvR2RBMS1GdTF5YVhmbXBIOXcwUlBJVDNqcDV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB6sA
MA0GCSqGSIb3DQEBCwUAA4IBAQCmkdKh0m6K/0YwXiGI9KG76YBDaZJjSHnGBXbs
UhVsBQzwpA8kv9+dZe6SEF3KftyatV1Ugra8fGeNQVLmNuUjJ5ijDa4s8eMSskaI
5LToW4Cbl+975tGPn/LT2czXkjS568ks3iDAqSNzygk6Ampwp5e7bWpyqY9MWQm7
Lxk/gt+TEchvm5graVxwkDLv2xGQ/IRsrAFAGsiaPLiZ/yaA0La9WbAd7pKvpWX2
ZcfPOAiPh5u71Q0+ewJ8qHG1OzIhyzhu7a0deiFAoY1+WmlrpLcbKEaNIUSHbRHK
eI/oWsTod89DVZuyA8gGOxbE0tPwCQLx8F69LTP7tDLhPcFR
-----END CERTIFICATE-----