Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/GpzfAVbBj3j_bAEW6a-5GwQhe6w.roa
File:                     GpzfAVbBj3j_bAEW6a-5GwQhe6w.roa (raw, json)
Hash identifier:          70JOz1WvXMUra19NKXPsmSb/KZkbMXS64Tl+xPk1zuM=
Subject key identifier:   1A:9C:DF:01:56:C1:8F:78:FF:6C:01:16:E9:AF:B9:1B:04:21:7B:AC
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB09B5B7F3EA7DC27E633E3B5A038A
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/GpzfAVbBj3j_bAEW6a-5GwQhe6w.roa
Signing time:             Mon 01 Jan 2024 02:29:43 +0000
ROA not before:           Mon 01 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211579
IP address blocks:        2a0f:5707:24::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:09:b5:b7:f3:ea:7d:c2:7e:63:3e:3b:5a:03:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a9cdf0156c18f78ff6c0116e9afb91b04217bac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:f5:9e:8c:ed:6f:1f:58:48:b1:6c:16:67:a8:
                    c9:ec:e9:3e:76:2c:48:d3:1d:ef:8b:e3:84:2c:fc:
                    96:f7:b0:10:ef:a5:7e:ae:3d:28:e2:eb:16:d4:ba:
                    87:63:b9:9c:8d:6c:d2:2b:b7:c2:17:7a:49:a2:3c:
                    7f:f6:37:ef:0f:90:b8:55:ed:f1:8e:a3:b5:a6:25:
                    66:f8:05:8b:08:2e:45:9f:fd:9f:ca:99:ee:8c:80:
                    be:0b:17:1d:1f:52:c9:16:25:4e:f1:c2:04:94:dc:
                    34:4c:3b:62:82:d8:fa:32:4e:f1:e8:0a:f0:24:b2:
                    b4:46:c0:62:b3:f7:1f:63:11:95:a7:10:52:1d:e7:
                    34:42:9d:2b:43:a0:0f:02:71:a7:ea:e3:4f:ce:7a:
                    71:d1:6e:52:16:5f:f1:9b:ea:bc:a7:89:9e:3b:66:
                    0b:67:d5:02:d6:8f:a8:d8:49:01:03:e5:13:88:d4:
                    f0:24:e9:65:23:cb:4e:53:f9:dc:58:0d:be:77:46:
                    e9:3f:1e:cb:b9:d4:72:3a:18:a4:72:e7:e2:43:f4:
                    c6:a1:0e:fc:72:7c:83:fd:2f:9c:83:fc:ce:bb:ec:
                    09:07:f3:4d:8b:61:1d:06:12:63:40:11:54:49:79:
                    5e:29:fe:1d:b1:f9:df:e2:37:aa:ed:00:fb:06:64:
                    44:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:9C:DF:01:56:C1:8F:78:FF:6C:01:16:E9:AF:B9:1B:04:21:7B:AC
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/GpzfAVbBj3j_bAEW6a-5GwQhe6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:24::/48

    Signature Algorithm: sha256WithRSAEncryption
         64:bd:af:90:6c:33:17:15:96:59:41:28:10:61:8c:ec:7a:0c:
         b6:13:0b:12:ec:10:2f:e2:a5:7b:58:63:5d:c7:6c:dd:e0:d0:
         cb:91:87:cc:82:25:65:92:51:41:ae:bb:c6:bc:ca:60:74:c6:
         fa:57:49:16:e8:50:a8:c1:09:65:8f:fb:27:c7:43:1c:db:80:
         e5:30:c9:4b:41:79:03:96:c4:3c:b7:af:b1:56:ac:b3:36:1d:
         9a:5e:e6:87:60:48:ad:bd:9e:6e:7d:16:b4:96:be:0d:fa:bf:
         33:98:82:a3:a4:e4:f6:3d:47:19:93:5a:e4:2a:c2:19:bc:61:
         c5:d5:34:1a:ad:22:37:3e:42:6f:ad:9b:46:05:63:54:d4:f4:
         c2:d5:2f:8a:99:a0:be:81:bf:ce:89:81:71:bc:31:e4:94:ce:
         53:a6:95:0c:bb:5b:d1:df:37:8a:bd:fc:7e:93:e6:dd:47:16:
         5c:10:67:8b:f0:67:73:90:1c:d0:d4:7d:6d:ad:38:5c:fa:61:
         10:4e:de:5e:60:70:4b:3c:09:3a:88:10:dc:52:f2:63:80:a1:
         b4:c9:1d:1a:2c:29:61:de:a4:c8:81:e1:a5:29:45:a5:52:db:
         23:94:22:c4:8f:fd:a3:71:fb:47:94:c7:fb:4b:1d:fe:cd:fc:
         91:1b:2c:73
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2wm1t/PqfcJ+Yz47WgOKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTljZGYwMTU2YzE4Zjc4ZmY2YzAxMTZlOWFmYjkxYjA0MjE3YmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/WejO1vH1hIsWwWZ6jJ7Ok+dixI
0x3vi+OELPyW97AQ76V+rj0o4usW1LqHY7mcjWzSK7fCF3pJojx/9jfvD5C4Ve3x
jqO1piVm+AWLCC5Fn/2fypnujIC+CxcdH1LJFiVO8cIElNw0TDtigtj6Mk7x6Arw
JLK0RsBis/cfYxGVpxBSHec0Qp0rQ6APAnGn6uNPznpx0W5SFl/xm+q8p4meO2YL
Z9UC1o+o2EkBA+UTiNTwJOllI8tOU/ncWA2+d0bpPx7LudRyOhikcufiQ/TGoQ78
cnyD/S+cg/zOu+wJB/NNi2EdBhJjQBFUSXleKf4dsfnf4jeq7QD7BmREOwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBqc3wFWwY94/2wBFumvuRsEIXusMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvR3B6ZkFWYkJqM2pfYkFFVzZhLTVHd1FoZTZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9XBwAk
MA0GCSqGSIb3DQEBCwUAA4IBAQBkva+QbDMXFZZZQSgQYYzsegy2EwsS7BAv4qV7
WGNdx2zd4NDLkYfMgiVlklFBrrvGvMpgdMb6V0kW6FCowQllj/snx0Mc24DlMMlL
QXkDlsQ8t6+xVqyzNh2aXuaHYEitvZ5ufRa0lr4N+r8zmIKjpOT2PUcZk1rkKsIZ
vGHF1TQarSI3PkJvrZtGBWNU1PTC1S+KmaC+gb/OiYFxvDHklM5TppUMu1vR3zeK
vfx+k+bdRxZcEGeL8GdzkBzQ1H1trThc+mEQTt5eYHBLPAk6iBDcUvJjgKG0yR0a
LClh3qTIgeGlKUWlUtsjlCLEj/2jcftHlMf7Sx3+zfyRGyxz
-----END CERTIFICATE-----