Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/gvl9fg_U0pmX_206r8A3MmL05iU.roa
File:                     gvl9fg_U0pmX_206r8A3MmL05iU.roa (raw, json)
Hash identifier:          CgSTcSdF+G+//XTg1rAcWuMSW5u5QOQd5nZA8UWj+KY=
Subject key identifier:   82:F9:7D:7E:0F:D4:D2:99:97:FF:6D:3A:AF:C0:37:32:62:F4:E6:25
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       018EA0188479810B4AAD0029209FEBF24D04
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/gvl9fg_U0pmX_206r8A3MmL05iU.roa
Signing time:             Tue 02 Apr 2024 18:35:45 +0000
ROA not before:           Tue 02 Apr 2024 18:35:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215304
IP address blocks:        2a0f:7803:fb40::/44 maxlen: 48
                          2a0f:7803:ff90::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a0:18:84:79:81:0b:4a:ad:00:29:20:9f:eb:f2:4d:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Apr  2 18:35:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82f97d7e0fd4d29997ff6d3aafc0373262f4e625
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:97:52:dd:f8:1d:cf:6e:d9:cc:53:21:ca:aa:
                    2c:22:ad:cd:81:d3:f2:a6:21:af:c5:f8:9e:b6:cd:
                    25:41:63:d6:13:62:02:38:18:5b:7a:54:1e:f4:7e:
                    fa:ea:0a:19:92:f9:dc:10:13:79:55:95:b3:59:99:
                    7e:18:80:f9:84:1c:15:77:cf:2a:20:ac:01:40:f7:
                    9d:df:fc:a5:a9:0a:f4:23:ca:17:99:db:97:41:2c:
                    6e:39:fa:6a:43:f8:b9:0c:3d:87:c1:de:c2:8a:78:
                    03:a4:8f:54:4d:e9:31:b8:b2:12:e8:64:65:93:56:
                    2b:a9:19:4b:d2:06:0a:64:61:a4:71:96:78:ab:d7:
                    dd:59:f1:44:6b:21:94:35:20:3f:5e:6b:84:d4:f4:
                    96:5a:a8:14:2b:01:87:e2:fd:bd:57:99:2b:ac:47:
                    77:95:85:1c:88:07:b3:ff:3f:be:ef:5e:4d:24:9c:
                    6d:67:10:45:c7:35:67:58:12:69:7d:d8:1a:7c:ae:
                    fe:96:c0:18:42:47:57:4f:86:f7:03:44:04:ee:2a:
                    b6:75:62:45:5f:ad:5e:dd:04:7f:39:6f:f1:0e:67:
                    35:05:3c:84:9d:61:68:f1:8b:51:85:ec:c1:68:aa:
                    0c:89:60:c7:fc:b3:54:6c:cb:08:3c:7a:00:e8:33:
                    ed:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:F9:7D:7E:0F:D4:D2:99:97:FF:6D:3A:AF:C0:37:32:62:F4:E6:25
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/gvl9fg_U0pmX_206r8A3MmL05iU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:fb40::/44
                  2a0f:7803:ff90::/44

    Signature Algorithm: sha256WithRSAEncryption
         2a:ae:23:13:1d:ef:ba:db:d3:08:1a:c3:35:10:d0:c7:cd:f9:
         52:bc:fe:bf:4e:15:1d:b3:36:64:84:b5:b0:d0:f2:fb:e5:c5:
         37:a8:ee:af:47:b7:1c:d5:e4:2c:0e:e1:38:a1:bb:c9:83:69:
         e8:9e:51:10:39:6a:a3:b2:03:28:15:47:4a:b6:9f:27:71:cf:
         ab:c9:e0:77:c3:9e:61:f2:7f:26:97:1a:8d:aa:b3:e9:77:84:
         0c:c8:d9:56:5f:e6:92:51:ef:7f:e4:d5:dc:d2:76:52:b8:7c:
         26:6a:c7:21:55:c9:5b:f9:09:a8:d0:ef:de:3c:e2:98:d8:c1:
         96:11:83:9a:7c:60:42:d0:89:b3:86:bc:a2:05:2f:ab:03:0b:
         c0:48:fb:c3:5a:f9:0e:82:8d:51:0c:aa:59:e9:72:ff:36:ff:
         90:5c:a0:f0:c9:54:c1:c7:97:86:80:ae:85:49:b3:97:7d:b6:
         ad:ee:42:83:0a:06:22:87:83:97:b6:42:b4:ab:4e:d1:d4:13:
         79:34:43:8e:5c:1d:8c:0e:fd:07:b4:ed:bf:6e:7c:9f:dd:ca:
         6b:b4:89:c7:a4:6b:c4:28:48:8e:de:8e:6c:e1:c2:f6:a0:63:
         89:e9:74:b0:bc:96:2a:ec:6a:13:0a:ac:ee:33:98:dd:e2:dc:
         a8:dd:9b:d0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY6gGIR5gQtKrQApIJ/r8k0EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwNDAyMTgzNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmY5N2Q3ZTBmZDRkMjk5OTdmZjZkM2FhZmMwMzczMjYyZjRlNjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjZdS3fgdz27ZzFMhyqosIq3NgdPy
piGvxfiets0lQWPWE2ICOBhbelQe9H766goZkvncEBN5VZWzWZl+GID5hBwVd88q
IKwBQPed3/ylqQr0I8oXmduXQSxuOfpqQ/i5DD2Hwd7CingDpI9UTekxuLIS6GRl
k1YrqRlL0gYKZGGkcZZ4q9fdWfFEayGUNSA/XmuE1PSWWqgUKwGH4v29V5krrEd3
lYUciAez/z++715NJJxtZxBFxzVnWBJpfdgafK7+lsAYQkdXT4b3A0QE7iq2dWJF
X61e3QR/OW/xDmc1BTyEnWFo8YtRhezBaKoMiWDH/LNUbMsIPHoA6DPtfwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIL5fX4P1NKZl/9tOq/ANzJi9OYlMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvZ3ZsOWZnX1UwcG1YXzIwNnI4QTNNbUwwNWlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg94A/tA
AwcEKg94A/+QMA0GCSqGSIb3DQEBCwUAA4IBAQAqriMTHe+629MIGsM1ENDHzflS
vP6/ThUdszZkhLWw0PL75cU3qO6vR7cc1eQsDuE4obvJg2nonlEQOWqjsgMoFUdK
tp8ncc+ryeB3w55h8n8mlxqNqrPpd4QMyNlWX+aSUe9/5NXc0nZSuHwmaschVclb
+Qmo0O/ePOKY2MGWEYOafGBC0ImzhryiBS+rAwvASPvDWvkOgo1RDKpZ6XL/Nv+Q
XKDwyVTBx5eGgK6FSbOXfbat7kKDCgYih4OXtkK0q07R1BN5NEOOXB2MDv0HtO2/
bnyf3cprtInHpGvEKEiO3o5s4cL2oGOJ6XSwvJYq7GoTCqzuM5jd4tyo3ZvQ
-----END CERTIFICATE-----