Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/4b06d3-a58b-4a29-b68d-764de3b7bf3d/1/gwm1RimCrVIbLLjX431A6MU6NZg.roa
File:                     gwm1RimCrVIbLLjX431A6MU6NZg.roa (raw, json)
Hash identifier:          LAfYNDQfcxWGrQgwVnzkI4z3kaxjmR9pZpXudCo59n0=
Subject key identifier:   83:09:B5:46:29:82:AD:52:1B:2C:B8:D7:E3:7D:40:E8:C5:3A:35:98
Certificate issuer:       /CN=220c904d430e4f999d147e214515e9cba7ac7e84
Certificate serial:       018CC8DCD406E00AED9BA005B52E00307603
Authority key identifier: 22:0C:90:4D:43:0E:4F:99:9D:14:7E:21:45:15:E9:CB:A7:AC:7E:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IgyQTUMOT5mdFH4hRRXpy6esfoQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/4b06d3-a58b-4a29-b68d-764de3b7bf3d/1/gwm1RimCrVIbLLjX431A6MU6NZg.roa
Signing time:             Tue 02 Jan 2024 06:29:24 +0000
ROA not before:           Tue 02 Jan 2024 06:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16074
IP address blocks:        2001:67c:2f04::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/4b06d3-a58b-4a29-b68d-764de3b7bf3d/1/IgyQTUMOT5mdFH4hRRXpy6esfoQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/4b06d3-a58b-4a29-b68d-764de3b7bf3d/1/IgyQTUMOT5mdFH4hRRXpy6esfoQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IgyQTUMOT5mdFH4hRRXpy6esfoQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:d4:06:e0:0a:ed:9b:a0:05:b5:2e:00:30:76:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=220c904d430e4f999d147e214515e9cba7ac7e84
        Validity
            Not Before: Jan  2 06:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8309b5462982ad521b2cb8d7e37d40e8c53a3598
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:db:57:26:35:aa:a6:2a:3b:2f:0f:e6:68:ba:
                    9d:09:15:60:0c:6f:d6:74:5b:fe:36:6e:1c:fc:06:
                    7f:65:95:cf:14:af:5d:4a:cf:81:56:00:59:f5:9f:
                    ed:a2:87:2e:8e:05:be:58:57:a8:03:23:8a:34:60:
                    48:62:c0:b5:d7:11:1f:ce:90:a4:f6:f8:8f:7f:48:
                    e1:f1:73:35:ef:7e:1f:a6:36:9a:54:5a:e3:bc:7b:
                    94:64:f9:fa:70:96:b0:fe:b2:51:57:0a:29:b0:0b:
                    38:75:3b:ab:d5:a1:b3:5f:72:bc:f4:94:bb:29:ce:
                    55:aa:b2:43:96:4d:ce:38:d6:ed:df:66:d0:21:1f:
                    97:b6:d1:96:04:24:7e:de:18:15:d6:9b:3e:02:e7:
                    1b:b0:89:a6:eb:44:fd:07:65:4b:ed:5f:1f:7a:57:
                    46:90:f0:e0:f1:44:04:4d:aa:fe:a9:f5:59:7c:b2:
                    08:22:a4:05:45:fd:05:c0:be:e2:16:e0:0d:06:b3:
                    1e:8d:89:eb:a1:f1:1e:f4:c2:5a:d2:3b:44:d5:96:
                    6c:09:6b:7a:22:e1:98:8e:af:6f:5b:1b:14:73:6a:
                    bf:78:a0:be:7a:29:fc:38:ce:75:e6:db:55:67:c1:
                    6e:30:7e:50:2b:eb:f4:3d:37:24:92:ea:88:3f:c2:
                    4f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:09:B5:46:29:82:AD:52:1B:2C:B8:D7:E3:7D:40:E8:C5:3A:35:98
            X509v3 Authority Key Identifier:
                keyid:22:0C:90:4D:43:0E:4F:99:9D:14:7E:21:45:15:E9:CB:A7:AC:7E:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IgyQTUMOT5mdFH4hRRXpy6esfoQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/4b06d3-a58b-4a29-b68d-764de3b7bf3d/1/gwm1RimCrVIbLLjX431A6MU6NZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/4b06d3-a58b-4a29-b68d-764de3b7bf3d/1/IgyQTUMOT5mdFH4hRRXpy6esfoQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2f04::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:e8:a1:1c:23:d8:24:47:09:12:27:65:eb:0f:60:fd:18:7c:
         68:49:90:3e:ed:4a:db:bf:f9:3e:8a:d0:da:e0:94:99:51:39:
         2f:1b:22:b0:29:c0:3d:12:8b:f9:a8:ed:f7:f3:44:86:bb:b3:
         67:0c:09:2f:a8:6c:d4:a4:d4:a3:3a:29:79:f2:8b:66:03:65:
         04:b6:f8:a2:1f:82:47:96:d6:fc:c9:9b:e0:65:5e:77:11:90:
         d1:7a:7f:6a:26:0e:2f:08:cf:a7:79:a0:6e:ba:ba:4a:0f:cc:
         74:71:c3:1c:a3:99:f4:5f:d1:6d:ac:99:5e:ef:40:6b:44:72:
         99:d0:d6:d0:0f:54:91:de:3e:fb:d3:8e:bb:e2:36:c8:d6:0c:
         73:d0:6c:63:44:3a:77:7c:8b:6e:cf:9b:05:5e:7b:60:7f:d3:
         5f:b9:e5:34:f3:43:ce:23:d1:00:d1:92:91:d6:63:d8:e9:83:
         db:9f:3d:8e:8f:9f:ab:2a:3f:1e:87:02:55:fe:a7:6e:17:6c:
         8d:51:81:8f:17:00:b8:83:a1:86:70:1a:b6:eb:51:e1:35:00:
         28:4d:1b:2f:ec:55:8c:cf:34:dd:33:6f:bb:6a:76:20:96:1b:
         f6:fe:db:32:9f:cb:48:27:30:81:b5:c4:18:aa:97:b6:7f:48:
         52:04:2c:67
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzI3NQG4Artm6AFtS4AMHYDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMGM5MDRkNDMwZTRmOTk5ZDE0N2UyMTQ1MTVlOWNiYTdh
YzdlODQwHhcNMjQwMTAyMDYyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzA5YjU0NjI5ODJhZDUyMWIyY2I4ZDdlMzdkNDBlOGM1M2EzNTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdtXJjWqpio7Lw/maLqdCRVgDG/W
dFv+Nm4c/AZ/ZZXPFK9dSs+BVgBZ9Z/toocujgW+WFeoAyOKNGBIYsC11xEfzpCk
9viPf0jh8XM1734fpjaaVFrjvHuUZPn6cJaw/rJRVwopsAs4dTur1aGzX3K89JS7
Kc5VqrJDlk3OONbt32bQIR+XttGWBCR+3hgV1ps+AucbsImm60T9B2VL7V8feldG
kPDg8UQETar+qfVZfLIIIqQFRf0FwL7iFuANBrMejYnrofEe9MJa0jtE1ZZsCWt6
IuGYjq9vWxsUc2q/eKC+ein8OM515ttVZ8FuMH5QK+v0PTckkuqIP8JPBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIMJtUYpgq1SGyy41+N9QOjFOjWYMB8GA1UdIwQY
MBaAFCIMkE1DDk+ZnRR+IUUV6cunrH6EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWd5UVRVTU9UNW1kRkg0aFJSWHB5NmVzZm9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy80YjA2ZDMtYTU4Yi00YTI5LWI2OGQt
NzY0ZGUzYjdiZjNkLzEvZ3dtMVJpbUNyVkliTExqWDQzMUE2TVU2TlpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy80YjA2ZDMtYTU4Yi00YTI5LWI2OGQtNzY0ZGUzYjdiZjNk
LzEvSWd5UVRVTU9UNW1kRkg0aFJSWHB5NmVzZm9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC8E
MA0GCSqGSIb3DQEBCwUAA4IBAQAb6KEcI9gkRwkSJ2XrD2D9GHxoSZA+7Urbv/k+
itDa4JSZUTkvGyKwKcA9Eov5qO3380SGu7NnDAkvqGzUpNSjOil58otmA2UEtvii
H4JHltb8yZvgZV53EZDRen9qJg4vCM+neaBuurpKD8x0ccMco5n0X9FtrJle70Br
RHKZ0NbQD1SR3j7704674jbI1gxz0GxjRDp3fItuz5sFXntgf9NfueU080POI9EA
0ZKR1mPY6YPbnz2Oj5+rKj8ehwJV/qduF2yNUYGPFwC4g6GGcBq261HhNQAoTRsv
7FWMzzTdM2+7anYglhv2/tsyn8tIJzCBtcQYqpe2f0hSBCxn
-----END CERTIFICATE-----