Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/11a9ba-9d0e-4c44-ada4-4be127fa3118/1/GBMA-Y7Cxj9sD_7D8A0gnnfSSxI.roa
File:                     GBMA-Y7Cxj9sD_7D8A0gnnfSSxI.roa (raw, json)
Hash identifier:          K/AZmHYm2K+yY2RwT+f2yL8eUPn7mXpnSjchIqjh6Xw=
Subject key identifier:   18:13:00:F9:8E:C2:C6:3F:6C:0F:FE:C3:F0:0D:20:9E:77:D2:4B:12
Certificate issuer:       /CN=6f0c9a1117abd52ec8036b4f378644fa77a4b8a7
Certificate serial:       018CCA2A3B3B4CF4B4D3DA507267B301E58E
Authority key identifier: 6F:0C:9A:11:17:AB:D5:2E:C8:03:6B:4F:37:86:44:FA:77:A4:B8:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bwyaERer1S7IA2tPN4ZE-nekuKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/11a9ba-9d0e-4c44-ada4-4be127fa3118/1/GBMA-Y7Cxj9sD_7D8A0gnnfSSxI.roa
Signing time:             Tue 02 Jan 2024 12:33:34 +0000
ROA not before:           Tue 02 Jan 2024 12:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216235
IP address blocks:        2a13:f3c0:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/11a9ba-9d0e-4c44-ada4-4be127fa3118/1/bwyaERer1S7IA2tPN4ZE-nekuKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/11a9ba-9d0e-4c44-ada4-4be127fa3118/1/bwyaERer1S7IA2tPN4ZE-nekuKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bwyaERer1S7IA2tPN4ZE-nekuKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:3b:3b:4c:f4:b4:d3:da:50:72:67:b3:01:e5:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f0c9a1117abd52ec8036b4f378644fa77a4b8a7
        Validity
            Not Before: Jan  2 12:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=181300f98ec2c63f6c0ffec3f00d209e77d24b12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d5:00:e7:1e:8b:ba:e9:b1:ed:cb:86:1c:2b:
                    77:94:5f:a1:f9:61:e8:d1:a2:03:b1:51:cd:f1:1a:
                    ae:ba:87:0b:38:ce:eb:e3:6b:a9:3b:62:29:99:05:
                    34:18:6b:5d:5e:e1:3b:03:1b:84:85:0e:8d:f0:f3:
                    e9:87:4f:95:cc:ba:0a:62:82:ac:47:94:27:e6:6d:
                    18:d4:a2:e6:5d:f5:2d:6d:10:f4:d8:e9:2d:31:ae:
                    90:42:f8:c5:68:68:e6:ad:25:02:16:68:80:cf:66:
                    5c:e2:39:d9:64:64:67:08:9a:84:87:e0:de:ac:77:
                    5a:af:09:e5:fe:bb:be:0c:45:e2:05:1d:e8:c4:86:
                    25:bd:fb:45:a7:fe:a0:1f:4b:01:73:cd:6f:d0:8a:
                    b7:49:46:ac:44:e8:ff:32:6c:35:a4:98:35:6a:14:
                    cb:8d:47:b3:8d:66:8d:28:60:c2:57:78:90:93:42:
                    4b:64:e1:c5:c2:c3:8e:3c:39:d0:de:bc:0d:a0:90:
                    33:28:2c:d0:92:4e:2b:04:2c:59:cf:ef:9c:c5:5e:
                    ac:1c:bc:ca:ef:11:05:40:87:01:79:ed:b3:c2:4a:
                    2a:70:4b:98:a0:5d:d4:cd:ef:96:ef:bf:bf:c8:ee:
                    46:e0:f9:2b:81:8b:f6:1b:77:9c:6e:d2:ba:a0:ce:
                    13:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:13:00:F9:8E:C2:C6:3F:6C:0F:FE:C3:F0:0D:20:9E:77:D2:4B:12
            X509v3 Authority Key Identifier:
                keyid:6F:0C:9A:11:17:AB:D5:2E:C8:03:6B:4F:37:86:44:FA:77:A4:B8:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bwyaERer1S7IA2tPN4ZE-nekuKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/11a9ba-9d0e-4c44-ada4-4be127fa3118/1/GBMA-Y7Cxj9sD_7D8A0gnnfSSxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/11a9ba-9d0e-4c44-ada4-4be127fa3118/1/bwyaERer1S7IA2tPN4ZE-nekuKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:f3c0:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:08:fb:02:9d:3b:52:2f:d4:30:45:f3:9c:f3:6d:87:48:ee:
         0a:b3:7d:26:6a:8e:71:7c:bf:2b:09:d7:c5:4d:fe:b4:91:a8:
         74:08:8d:2f:03:3b:f9:e3:a3:ad:e3:3a:ca:ae:c7:35:b8:da:
         72:1e:50:a3:d1:47:f8:75:67:e7:ea:6e:76:26:83:80:53:1e:
         ed:48:89:58:ec:2d:e4:59:51:aa:0b:b1:18:31:82:f2:34:8b:
         ab:9b:58:3d:29:fa:ee:a7:74:b1:e2:9c:88:93:61:b2:31:44:
         83:ac:70:2b:15:dd:2c:6a:21:b8:b4:18:a6:2a:1e:f8:dc:b8:
         98:db:93:a5:d2:d5:78:03:3a:a4:3d:aa:be:c6:70:ca:38:9e:
         b6:58:68:6b:39:35:e7:0d:44:64:38:48:2d:42:81:7d:1d:ed:
         eb:fb:8f:04:c8:a6:3b:2e:76:65:6c:82:52:d1:c5:8b:52:78:
         de:53:71:4f:b8:50:03:32:bd:15:6b:37:9b:09:07:98:74:3e:
         0d:3d:5e:cc:fb:ad:30:5b:5c:9b:e9:4e:30:4f:56:3a:89:f8:
         60:bb:55:51:6d:a0:bf:8b:f7:31:a2:b6:b4:b0:b3:ed:fd:6e:
         dc:e9:35:86:44:1e:97:70:72:68:61:25:17:15:e1:1b:65:51:
         8b:c8:48:e2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKjs7TPS009pQcmezAeWOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMGM5YTExMTdhYmQ1MmVjODAzNmI0ZjM3ODY0NGZhNzdh
NGI4YTcwHhcNMjQwMTAyMTIzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODEzMDBmOThlYzJjNjNmNmMwZmZlYzNmMDBkMjA5ZTc3ZDI0YjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtUA5x6Luumx7cuGHCt3lF+h+WHo
0aIDsVHN8RquuocLOM7r42upO2IpmQU0GGtdXuE7AxuEhQ6N8PPph0+VzLoKYoKs
R5Qn5m0Y1KLmXfUtbRD02OktMa6QQvjFaGjmrSUCFmiAz2Zc4jnZZGRnCJqEh+De
rHdarwnl/ru+DEXiBR3oxIYlvftFp/6gH0sBc81v0Iq3SUasROj/Mmw1pJg1ahTL
jUezjWaNKGDCV3iQk0JLZOHFwsOOPDnQ3rwNoJAzKCzQkk4rBCxZz++cxV6sHLzK
7xEFQIcBee2zwkoqcEuYoF3Uze+W77+/yO5G4PkrgYv2G3ecbtK6oM4TYwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBgTAPmOwsY/bA/+w/ANIJ530ksSMB8GA1UdIwQY
MBaAFG8MmhEXq9UuyANrTzeGRPp3pLinMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnd5YUVSZXIxUzdJQTJ0UE40WkUtbmVrdUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS8xMWE5YmEtOWQwZS00YzQ0LWFkYTQt
NGJlMTI3ZmEzMTE4LzEvR0JNQS1ZN0N4ajlzRF83RDhBMGdubmZTU3hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS8xMWE5YmEtOWQwZS00YzQ0LWFkYTQtNGJlMTI3ZmEzMTE4
LzEvYnd5YUVSZXIxUzdJQTJ0UE40WkUtbmVrdUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhPzwAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQBdCPsCnTtSL9QwRfOc822HSO4Ks30mao5xfL8r
CdfFTf60kah0CI0vAzv546Ot4zrKrsc1uNpyHlCj0Uf4dWfn6m52JoOAUx7tSIlY
7C3kWVGqC7EYMYLyNIurm1g9Kfrup3Sx4pyIk2GyMUSDrHArFd0saiG4tBimKh74
3LiY25Ol0tV4AzqkPaq+xnDKOJ62WGhrOTXnDURkOEgtQoF9He3r+48EyKY7LnZl
bIJS0cWLUnjeU3FPuFADMr0VazebCQeYdD4NPV7M+60wW1yb6U4wT1Y6ifhgu1VR
baC/i/cxora0sLPt/W7c6TWGRB6XcHJoYSUXFeEbZVGLyEji
-----END CERTIFICATE-----