Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/GL3biAgwLybBwj0cGljZT84rGSk.roa
File:                     GL3biAgwLybBwj0cGljZT84rGSk.roa (raw, json)
Hash identifier:          2UqyhpQ2LSGy0Q0IgdwD63Tg/XcYUtP0s6gCJ/Up4I8=
Subject key identifier:   18:BD:DB:88:08:30:2F:26:C1:C2:3D:1C:1A:58:D9:4F:CE:2B:19:29
Certificate issuer:       /CN=e15808f3f921bc8c3eea87c7584c584c1000b051
Certificate serial:       018CC801374CEBD875FDB232AE19C683AB72
Authority key identifier: E1:58:08:F3:F9:21:BC:8C:3E:EA:87:C7:58:4C:58:4C:10:00:B0:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/GL3biAgwLybBwj0cGljZT84rGSk.roa
Signing time:             Tue 02 Jan 2024 02:29:31 +0000
ROA not before:           Tue 02 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213395
IP address blocks:        2a10:2e41::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 21:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:37:4c:eb:d8:75:fd:b2:32:ae:19:c6:83:ab:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e15808f3f921bc8c3eea87c7584c584c1000b051
        Validity
            Not Before: Jan  2 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18bddb8808302f26c1c23d1c1a58d94fce2b1929
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:44:d4:de:10:f6:1c:0f:c9:d7:25:04:83:5d:
                    2a:e7:40:d6:f8:cd:b1:ec:91:44:61:cb:d8:1a:0c:
                    8b:b4:81:d3:9d:16:da:fe:47:c6:4a:93:76:7a:f9:
                    b9:a6:41:20:c3:a9:cc:d1:3b:77:34:45:28:fe:10:
                    e9:46:2b:87:96:5a:1b:21:22:e8:35:33:77:27:53:
                    96:1c:ab:e3:e1:5a:fd:5a:b7:58:b4:8e:1c:bf:0e:
                    23:20:7e:f7:3d:1d:6d:90:93:a0:74:9e:df:42:e2:
                    fe:97:e8:bc:6f:0d:e2:88:b5:d0:a9:2c:42:75:20:
                    8d:2f:8b:10:de:70:87:1f:bd:67:82:4c:b2:29:78:
                    89:b6:97:0c:d8:50:28:30:b9:45:35:1d:e2:bb:82:
                    ad:76:04:a9:9b:f7:1d:04:34:b3:22:08:e5:9e:5f:
                    09:55:86:bd:99:63:27:95:32:99:5d:ec:3c:ba:2b:
                    a8:be:91:82:66:3f:25:60:99:bd:d6:62:94:fa:a2:
                    6f:cd:bb:3e:18:c0:9b:bc:c7:a6:39:99:9f:07:21:
                    92:ad:97:83:95:e5:c0:18:b0:d7:d2:16:3a:41:cc:
                    22:c3:f2:14:33:54:93:ec:97:0d:6c:f4:1f:35:a8:
                    e6:e9:99:d2:62:3f:a7:5c:49:39:34:31:e0:2e:62:
                    86:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:BD:DB:88:08:30:2F:26:C1:C2:3D:1C:1A:58:D9:4F:CE:2B:19:29
            X509v3 Authority Key Identifier:
                keyid:E1:58:08:F3:F9:21:BC:8C:3E:EA:87:C7:58:4C:58:4C:10:00:B0:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/GL3biAgwLybBwj0cGljZT84rGSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2e41::/32

    Signature Algorithm: sha256WithRSAEncryption
         ad:b6:e5:d5:45:0b:80:bd:66:5c:c5:5e:d5:1e:13:6c:5b:88:
         ee:d9:bc:66:f0:f8:38:b4:7d:3f:9c:01:7e:23:cb:58:71:c7:
         c1:a8:f8:c5:00:2f:f2:56:24:0f:37:3c:78:c7:44:d9:64:b3:
         39:c2:08:50:d1:b5:0f:5a:34:fa:5f:d2:bd:c8:a2:03:4b:69:
         ec:c2:26:48:c0:e5:af:8c:ee:06:34:ff:21:57:1f:ce:c6:95:
         a7:ac:ff:06:32:3a:6e:25:46:a3:b2:21:c8:15:98:f1:50:82:
         99:e4:bf:40:1e:42:07:8f:2c:af:70:b3:18:06:ee:47:26:c0:
         52:64:81:59:20:34:5e:ec:4b:53:32:5f:92:3c:91:d5:d7:0e:
         89:88:8a:9d:3d:ef:c3:03:27:3b:a8:2d:b2:f5:7a:32:94:01:
         5a:dd:a4:ba:8c:46:d3:19:55:06:c5:89:e4:40:74:4b:10:59:
         67:e2:a1:ac:eb:55:88:22:de:d7:9f:ac:55:fb:20:70:90:96:
         f4:34:d3:eb:bd:e9:dc:43:1f:9d:e2:44:79:59:a7:59:61:ad:
         32:7f:42:d9:37:3f:78:0e:e3:b0:49:dd:fa:ad:ae:66:79:22:
         e0:28:f4:65:eb:8d:6c:5a:b4:d4:17:dc:de:56:5f:c2:1b:53:
         5c:6c:6a:e0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIATdM69h1/bIyrhnGg6tyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNTgwOGYzZjkyMWJjOGMzZWVhODdjNzU4NGM1ODRjMTAw
MGIwNTEwHhcNMjQwMTAyMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGJkZGI4ODA4MzAyZjI2YzFjMjNkMWMxYTU4ZDk0ZmNlMmIxOTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgUTU3hD2HA/J1yUEg10q50DW+M2x
7JFEYcvYGgyLtIHTnRba/kfGSpN2evm5pkEgw6nM0Tt3NEUo/hDpRiuHllobISLo
NTN3J1OWHKvj4Vr9WrdYtI4cvw4jIH73PR1tkJOgdJ7fQuL+l+i8bw3iiLXQqSxC
dSCNL4sQ3nCHH71ngkyyKXiJtpcM2FAoMLlFNR3iu4KtdgSpm/cdBDSzIgjlnl8J
VYa9mWMnlTKZXew8uiuovpGCZj8lYJm91mKU+qJvzbs+GMCbvMemOZmfByGSrZeD
leXAGLDX0hY6Qcwiw/IUM1ST7JcNbPQfNajm6ZnSYj+nXEk5NDHgLmKGywIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBi924gIMC8mwcI9HBpY2U/OKxkpMB8GA1UdIwQY
MBaAFOFYCPP5IbyMPuqHx1hMWEwQALBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFZnSThfa2h2SXctNm9mSFdFeFlUQkFBc0ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC84ZThlODItNTI3NC00ZDJmLThjYTAt
YWIxOWZjYjBjZTY0LzEvR0wzYmlBZ3dMeWJCd2owY0dsalpUODRyR1NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC84ZThlODItNTI3NC00ZDJmLThjYTAtYWIxOWZjYjBjZTY0
LzEvNFZnSThfa2h2SXctNm9mSFdFeFlUQkFBc0ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhAuQTAN
BgkqhkiG9w0BAQsFAAOCAQEArbbl1UULgL1mXMVe1R4TbFuI7tm8ZvD4OLR9P5wB
fiPLWHHHwaj4xQAv8lYkDzc8eMdE2WSzOcIIUNG1D1o0+l/SvciiA0tp7MImSMDl
r4zuBjT/IVcfzsaVp6z/BjI6biVGo7IhyBWY8VCCmeS/QB5CB48sr3CzGAbuRybA
UmSBWSA0XuxLUzJfkjyR1dcOiYiKnT3vwwMnO6gtsvV6MpQBWt2kuoxG0xlVBsWJ
5EB0SxBZZ+KhrOtViCLe15+sVfsgcJCW9DTT673p3EMfneJEeVmnWWGtMn9C2Tc/
eA7jsEnd+q2uZnki4Cj0ZeuNbFq01Bfc3lZfwhtTXGxq4A==
-----END CERTIFICATE-----