Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/GNFH72kLRnzJX3mTuO-v1wnUwYs.roa
File:                     GNFH72kLRnzJX3mTuO-v1wnUwYs.roa (raw, json)
Hash identifier:          5bw6+T+q4u/fsQSizUJRYVnkjcl8gotimDhwYwf/JqY=
Subject key identifier:   18:D1:47:EF:69:0B:46:7C:C9:5F:79:93:B8:EF:AF:D7:09:D4:C1:8B
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       018D7D3227F94571DEC523F79D26BE2B405E
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/GNFH72kLRnzJX3mTuO-v1wnUwYs.roa
Signing time:             Tue 06 Feb 2024 06:54:15 +0000
ROA not before:           Tue 06 Feb 2024 06:54:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34108
IP address blocks:        2a07:3500:1100::/48 maxlen: 48
                          2a07:3500:1460::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 19:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7d:32:27:f9:45:71:de:c5:23:f7:9d:26:be:2b:40:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Feb  6 06:54:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18d147ef690b467cc95f7993b8efafd709d4c18b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:7e:f7:22:fb:31:7b:2e:11:51:e0:23:c8:db:
                    0f:ba:a5:73:d0:16:e6:59:f8:11:a5:54:49:a0:d5:
                    23:3c:df:f6:8a:83:5d:9e:84:e5:04:67:79:54:88:
                    fe:1a:7e:0e:12:0f:44:8a:54:e7:de:01:15:ff:8c:
                    c1:be:28:b5:d4:7e:8f:a6:b2:22:cc:c9:ec:4e:35:
                    db:1f:9d:42:b4:bb:6c:1f:45:01:38:35:fb:9b:2c:
                    8e:3e:e4:2b:57:f0:b7:64:f8:3c:06:b5:a4:14:f1:
                    e0:45:0d:58:ce:8a:ae:3d:f1:67:83:dd:03:df:85:
                    5f:b1:9c:3e:b5:ae:9d:f3:1c:3b:86:5e:c2:b0:ba:
                    fb:45:02:aa:85:51:8e:6a:be:d5:f3:07:e3:0e:af:
                    44:16:52:06:05:ac:2a:c7:1c:77:1b:f9:6d:6e:3c:
                    dd:1a:fd:b6:6c:d4:5f:56:e8:3f:84:d1:f4:0f:2a:
                    12:25:25:aa:fd:e4:76:69:af:96:d1:96:89:12:e1:
                    11:60:09:27:59:1c:ce:96:f6:ea:04:48:2e:56:47:
                    56:b9:82:59:11:68:d8:41:29:bc:1e:a9:83:40:38:
                    8c:2c:45:d2:21:ca:4b:7b:40:11:e5:3b:ba:91:e6:
                    7a:cb:55:e5:5a:7b:75:eb:2a:75:3e:93:01:28:92:
                    0d:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:D1:47:EF:69:0B:46:7C:C9:5F:79:93:B8:EF:AF:D7:09:D4:C1:8B
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/GNFH72kLRnzJX3mTuO-v1wnUwYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:3500:1100::/48
                  2a07:3500:1460::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:dd:1a:dc:85:74:5b:19:68:5d:f5:f2:0a:6e:06:ba:38:ac:
         28:2e:0d:ee:56:51:ab:65:37:33:62:b8:df:1b:7a:05:a5:c6:
         bc:ba:8b:54:c4:c3:ff:cd:2c:64:c4:bd:c3:b9:3d:c9:46:8c:
         e3:10:29:6d:81:7b:b6:d8:4d:a8:ff:eb:3b:94:9a:52:38:bf:
         1a:38:c7:83:aa:1b:cb:16:7a:4f:10:eb:6d:a1:17:1b:c8:47:
         ce:fe:bd:7b:b9:fc:ec:10:15:e4:0f:c0:1b:21:17:22:cf:03:
         5d:64:64:8b:8d:c8:94:07:a7:0b:f5:2c:99:b0:a8:e2:5e:8d:
         44:19:d1:09:8a:6f:68:fd:c4:d8:6c:6d:da:8d:7f:9a:df:4c:
         da:34:44:bb:2e:07:5a:23:69:65:b4:0a:2b:ac:83:22:b5:4d:
         0d:be:66:41:1c:43:a4:cb:b6:b3:a3:5c:c8:8a:01:67:8c:13:
         a4:43:69:64:a7:36:99:98:f1:e5:3e:b8:b6:1d:2e:51:3a:2b:
         8d:3a:36:fc:f8:4a:e0:c0:27:ea:2e:71:f6:db:ec:d5:90:57:
         cf:1a:d5:2b:75:07:1a:c7:08:0b:01:c5:18:b5:5e:d6:82:75:
         13:b9:44:7b:ca:bd:43:c4:4f:85:f7:84:06:0f:d5:f4:9d:ce:
         6b:22:36:7d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY19Mif5RXHexSP3nSa+K0BeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjQwMjA2MDY1NDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGQxNDdlZjY5MGI0NjdjYzk1Zjc5OTNiOGVmYWZkNzA5ZDRjMThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArX73Ivsxey4RUeAjyNsPuqVz0Bbm
WfgRpVRJoNUjPN/2ioNdnoTlBGd5VIj+Gn4OEg9EilTn3gEV/4zBvii11H6PprIi
zMnsTjXbH51CtLtsH0UBODX7myyOPuQrV/C3ZPg8BrWkFPHgRQ1YzoquPfFng90D
34VfsZw+ta6d8xw7hl7CsLr7RQKqhVGOar7V8wfjDq9EFlIGBawqxxx3G/ltbjzd
Gv22bNRfVug/hNH0DyoSJSWq/eR2aa+W0ZaJEuERYAknWRzOlvbqBEguVkdWuYJZ
EWjYQSm8HqmDQDiMLEXSIcpLe0AR5Tu6keZ6y1XlWnt16yp1PpMBKJINkwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBjRR+9pC0Z8yV95k7jvr9cJ1MGLMB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEvR05GSDcya0xSbnpKWDNtVHVPLXYxd25Vd1lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgc1ABEA
AwcAKgc1ABRgMA0GCSqGSIb3DQEBCwUAA4IBAQAC3RrchXRbGWhd9fIKbga6OKwo
Lg3uVlGrZTczYrjfG3oFpca8uotUxMP/zSxkxL3DuT3JRozjECltgXu22E2o/+s7
lJpSOL8aOMeDqhvLFnpPEOttoRcbyEfO/r17ufzsEBXkD8AbIRcizwNdZGSLjciU
B6cL9SyZsKjiXo1EGdEJim9o/cTYbG3ajX+a30zaNES7LgdaI2lltAorrIMitU0N
vmZBHEOky7azo1zIigFnjBOkQ2lkpzaZmPHlPri2HS5ROiuNOjb8+ErgwCfqLnH2
2+zVkFfPGtUrdQcaxwgLAcUYtV7WgnUTuUR7yr1DxE+F94QGD9X0nc5rIjZ9
-----END CERTIFICATE-----