Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/35c0b9-2855-4b20-8c80-7e280752da21/1/gsl-IpGyIm07XH5zWOchrUQ8ARU.roa
File:                     gsl-IpGyIm07XH5zWOchrUQ8ARU.roa (raw, json)
Hash identifier:          Xg2MIz9uYOnYjYqlucDdwqu8UaNslEqewYdz1eDwKs4=
Subject key identifier:   82:C9:7E:22:91:B2:22:6D:3B:5C:7E:73:58:E7:21:AD:44:3C:01:15
Certificate issuer:       /CN=4f672d39929731aed9e01bc5a9e6d680f4659a0b
Certificate serial:       018CC26D68E4CA6F388462255ED222E9CAA9
Authority key identifier: 4F:67:2D:39:92:97:31:AE:D9:E0:1B:C5:A9:E6:D6:80:F4:65:9A:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T2ctOZKXMa7Z4BvFqebWgPRlmgs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/35c0b9-2855-4b20-8c80-7e280752da21/1/gsl-IpGyIm07XH5zWOchrUQ8ARU.roa
Signing time:             Mon 01 Jan 2024 00:29:59 +0000
ROA not before:           Mon 01 Jan 2024 00:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1764
IP address blocks:        2001:4b60:100::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/35c0b9-2855-4b20-8c80-7e280752da21/1/T2ctOZKXMa7Z4BvFqebWgPRlmgs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/35c0b9-2855-4b20-8c80-7e280752da21/1/T2ctOZKXMa7Z4BvFqebWgPRlmgs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T2ctOZKXMa7Z4BvFqebWgPRlmgs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:68:e4:ca:6f:38:84:62:25:5e:d2:22:e9:ca:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f672d39929731aed9e01bc5a9e6d680f4659a0b
        Validity
            Not Before: Jan  1 00:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82c97e2291b2226d3b5c7e7358e721ad443c0115
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:57:04:2e:8f:cc:0f:d8:9f:0b:b8:bf:53:a8:
                    5a:4e:86:c2:cb:2e:9c:6b:76:65:29:e1:0f:97:02:
                    32:f2:06:43:d9:ae:33:21:05:21:35:4e:c7:7a:55:
                    a3:e0:4b:58:73:57:dc:47:70:22:66:31:5f:93:15:
                    19:16:0f:8a:5f:35:b0:a0:9b:63:88:45:6e:03:4c:
                    a0:e3:d3:a5:7f:e2:08:ab:e2:45:33:b4:d2:81:36:
                    b3:5b:6a:02:ac:10:19:10:01:ba:10:4d:4c:a3:d3:
                    f9:32:5c:de:9c:9a:01:a1:5a:9d:59:72:f5:74:6b:
                    18:12:1b:7e:4f:29:44:89:36:f4:2e:c0:72:51:6f:
                    9e:c1:8b:72:9a:94:0b:4c:eb:65:a4:06:ac:f9:13:
                    3f:2e:71:53:86:c7:ef:4c:67:ad:69:4a:5b:82:7a:
                    01:ef:fe:48:70:5f:b0:6a:72:dc:f5:29:27:53:fd:
                    ee:74:78:08:74:ac:6e:25:10:0e:79:5a:ab:99:f1:
                    6c:16:2e:48:ed:aa:57:e9:9a:dc:3e:05:ab:56:61:
                    f3:0a:0c:53:a1:53:db:bc:69:5e:b8:78:63:b3:d2:
                    62:5c:d4:eb:a1:a4:fc:b2:90:3c:cc:07:14:c0:8b:
                    c4:4c:db:51:b4:d5:c5:db:71:88:b1:b3:ec:b0:86:
                    83:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:C9:7E:22:91:B2:22:6D:3B:5C:7E:73:58:E7:21:AD:44:3C:01:15
            X509v3 Authority Key Identifier:
                keyid:4F:67:2D:39:92:97:31:AE:D9:E0:1B:C5:A9:E6:D6:80:F4:65:9A:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T2ctOZKXMa7Z4BvFqebWgPRlmgs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/35c0b9-2855-4b20-8c80-7e280752da21/1/gsl-IpGyIm07XH5zWOchrUQ8ARU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/35c0b9-2855-4b20-8c80-7e280752da21/1/T2ctOZKXMa7Z4BvFqebWgPRlmgs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:4b60:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:06:7c:e5:24:b1:55:01:f0:fe:dc:dc:77:40:97:ab:64:88:
         f1:4d:48:ae:f0:5e:c6:11:14:c9:2f:eb:d1:cf:6c:6a:40:30:
         f3:5e:a9:3c:d8:f0:1b:6f:dd:c1:c2:e2:d1:ce:02:46:32:90:
         a3:c9:55:bc:40:61:2d:a4:de:3c:d2:da:65:49:f1:aa:fd:57:
         d9:de:c0:12:03:21:85:9f:3d:0e:d5:ec:4a:7d:a6:f4:4f:e3:
         e5:3d:02:7d:bb:1f:60:de:39:df:06:89:31:ae:b4:4d:e3:fd:
         a6:9a:77:53:a5:97:dc:01:1f:bf:0c:33:2f:61:3b:12:ee:e4:
         68:92:bd:cd:d7:52:cd:a7:70:f1:c8:21:3c:72:23:99:16:1f:
         78:20:9f:b9:bd:c8:9f:75:f6:c8:76:e1:7d:a1:92:38:75:40:
         07:09:67:7c:c7:a2:cc:87:cc:62:57:8a:8b:fb:d0:63:65:06:
         8c:5e:7a:1c:96:90:aa:73:f4:78:5c:c5:f6:c6:83:ea:b1:71:
         2b:59:30:97:be:47:6d:f9:f3:f9:7d:48:2f:bf:da:25:18:24:
         8c:48:d5:9d:bb:48:f1:9e:67:97:11:ad:4a:7f:f9:2b:1c:59:
         57:e2:b1:16:3a:ab:5f:27:fa:90:41:68:bc:37:49:b5:97:57:
         4b:b0:8e:93
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbWjkym84hGIlXtIi6cqpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmNjcyZDM5OTI5NzMxYWVkOWUwMWJjNWE5ZTZkNjgwZjQ2
NTlhMGIwHhcNMjQwMTAxMDAyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmM5N2UyMjkxYjIyMjZkM2I1YzdlNzM1OGU3MjFhZDQ0M2MwMTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFcELo/MD9ifC7i/U6haTobCyy6c
a3ZlKeEPlwIy8gZD2a4zIQUhNU7HelWj4EtYc1fcR3AiZjFfkxUZFg+KXzWwoJtj
iEVuA0yg49Olf+IIq+JFM7TSgTazW2oCrBAZEAG6EE1Mo9P5MlzenJoBoVqdWXL1
dGsYEht+TylEiTb0LsByUW+ewYtympQLTOtlpAas+RM/LnFThsfvTGetaUpbgnoB
7/5IcF+wanLc9SknU/3udHgIdKxuJRAOeVqrmfFsFi5I7apX6ZrcPgWrVmHzCgxT
oVPbvGleuHhjs9JiXNTroaT8spA8zAcUwIvETNtRtNXF23GIsbPssIaDVQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFILJfiKRsiJtO1x+c1jnIa1EPAEVMB8GA1UdIwQY
MBaAFE9nLTmSlzGu2eAbxanm1oD0ZZoLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDJjdE9aS1hNYTdaNEJ2RnFlYldnUFJsbWdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8zNWMwYjktMjg1NS00YjIwLThjODAt
N2UyODA3NTJkYTIxLzEvZ3NsLUlwR3lJbTA3WEg1eldPY2hyVVE4QVJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8zNWMwYjktMjg1NS00YjIwLThjODAtN2UyODA3NTJkYTIx
LzEvVDJjdE9aS1hNYTdaNEJ2RnFlYldnUFJsbWdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAFLYAEA
MA0GCSqGSIb3DQEBCwUAA4IBAQBLBnzlJLFVAfD+3Nx3QJerZIjxTUiu8F7GERTJ
L+vRz2xqQDDzXqk82PAbb93BwuLRzgJGMpCjyVW8QGEtpN480tplSfGq/VfZ3sAS
AyGFnz0O1exKfab0T+PlPQJ9ux9g3jnfBokxrrRN4/2mmndTpZfcAR+/DDMvYTsS
7uRokr3N11LNp3DxyCE8ciOZFh94IJ+5vcifdfbIduF9oZI4dUAHCWd8x6LMh8xi
V4qL+9BjZQaMXnoclpCqc/R4XMX2xoPqsXErWTCXvkdt+fP5fUgvv9olGCSMSNWd
u0jxnmeXEa1Kf/krHFlX4rEWOqtfJ/qQQWi8N0m1l1dLsI6T
-----END CERTIFICATE-----