Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/4a757c-adde-485c-9171-f603538412c8/1/GPDxV9g8UGCK0ihIUpOJyKjISuY.roa
File:                     GPDxV9g8UGCK0ihIUpOJyKjISuY.roa (raw, json)
Hash identifier:          3QuiXdkCmgeU3cARvZveITWWqJYY3LWOJAJxBlPTcJU=
Subject key identifier:   18:F0:F1:57:D8:3C:50:60:8A:D2:28:48:52:93:89:C8:A8:C8:4A:E6
Certificate issuer:       /CN=cd1242e6c7ebd82a23fa1a08f396ebe5ab34cf6b
Certificate serial:       018CCA2A4FF751D1242289AFD127E059C9AE
Authority key identifier: CD:12:42:E6:C7:EB:D8:2A:23:FA:1A:08:F3:96:EB:E5:AB:34:CF:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zRJC5sfr2Coj-hoI85br5as0z2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/4a757c-adde-485c-9171-f603538412c8/1/GPDxV9g8UGCK0ihIUpOJyKjISuY.roa
Signing time:             Tue 02 Jan 2024 12:33:39 +0000
ROA not before:           Tue 02 Jan 2024 12:33:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48882
IP address blocks:        2a0e:2100::/47 maxlen: 47

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/4a757c-adde-485c-9171-f603538412c8/1/zRJC5sfr2Coj-hoI85br5as0z2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/4a757c-adde-485c-9171-f603538412c8/1/zRJC5sfr2Coj-hoI85br5as0z2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zRJC5sfr2Coj-hoI85br5as0z2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:4f:f7:51:d1:24:22:89:af:d1:27:e0:59:c9:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd1242e6c7ebd82a23fa1a08f396ebe5ab34cf6b
        Validity
            Not Before: Jan  2 12:33:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18f0f157d83c50608ad22848529389c8a8c84ae6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:8c:84:b0:84:1c:2e:66:a5:cb:77:d1:1c:a4:
                    18:2d:8e:a8:9d:48:e3:cc:2a:94:d9:2d:dc:74:30:
                    7c:2f:a3:1e:01:9b:11:f3:ba:33:d3:1b:ae:16:9e:
                    4f:56:34:98:3a:d9:52:13:f6:1b:c5:0b:ab:5f:34:
                    0b:04:69:cd:b2:bf:65:f7:32:6d:fd:64:e5:b7:d8:
                    64:c0:c5:9a:53:dc:83:f7:8e:b3:fd:fa:d4:71:ae:
                    5b:ad:6c:c7:6b:6a:e5:d0:c0:da:8f:2c:63:0b:c5:
                    6d:f0:12:ca:66:06:6c:7d:77:97:4d:a6:d5:7d:70:
                    88:b2:4e:71:30:5f:f7:05:16:9c:16:aa:dc:87:93:
                    0c:be:98:56:bf:e6:a7:58:b2:f4:7e:89:5b:4c:43:
                    66:e2:fe:88:72:6f:6f:53:42:a1:0f:d7:62:49:56:
                    bc:a3:a3:84:c9:f8:80:fa:ea:ed:9e:ec:db:3f:3e:
                    c6:e1:e0:2f:d5:fd:f4:7d:ab:fc:b8:0f:23:f7:21:
                    34:b7:64:eb:17:6f:e7:54:24:9f:7e:ad:92:f2:a5:
                    85:19:44:a2:0c:fd:bd:61:62:2e:70:61:42:6d:d6:
                    37:1d:d9:61:8c:24:4b:4b:4f:38:40:88:30:37:7e:
                    93:21:70:9d:0c:2d:b8:19:2c:ac:b6:9a:2f:c7:12:
                    8a:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:F0:F1:57:D8:3C:50:60:8A:D2:28:48:52:93:89:C8:A8:C8:4A:E6
            X509v3 Authority Key Identifier:
                keyid:CD:12:42:E6:C7:EB:D8:2A:23:FA:1A:08:F3:96:EB:E5:AB:34:CF:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zRJC5sfr2Coj-hoI85br5as0z2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/4a757c-adde-485c-9171-f603538412c8/1/GPDxV9g8UGCK0ihIUpOJyKjISuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/4a757c-adde-485c-9171-f603538412c8/1/zRJC5sfr2Coj-hoI85br5as0z2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:2100::/47

    Signature Algorithm: sha256WithRSAEncryption
         47:06:26:96:be:2b:dd:26:87:21:56:12:f6:b8:4d:2d:c7:00:
         32:26:f7:d4:5b:00:63:e9:26:77:19:70:32:dc:67:49:55:a9:
         1e:b2:3a:7b:2e:3a:a4:d4:ed:26:37:11:fa:b8:35:59:e0:0f:
         06:e4:30:22:b5:7d:07:1e:18:b2:29:0a:66:b1:4b:4b:00:90:
         b2:85:d4:25:db:05:52:61:dd:e0:0c:8b:af:6a:d1:de:0b:d9:
         93:cb:df:8b:b5:d7:0e:df:2a:c6:6d:4b:a3:7c:1c:8c:c2:dd:
         b9:3d:0d:a2:d4:1b:bc:24:80:d7:4d:64:31:83:0c:db:2a:7e:
         a2:3b:18:17:37:a2:e5:5c:96:f0:3d:0b:ef:8c:f8:8e:c3:67:
         28:6d:af:ae:23:52:80:0b:1f:2a:f0:0f:32:33:84:77:80:ae:
         e3:39:87:8e:a0:9b:32:c0:1b:8e:6e:f3:b1:02:11:e1:b5:83:
         14:34:2d:18:3a:bb:30:07:c4:6f:eb:20:73:30:71:75:04:8e:
         6b:d3:24:1e:98:6c:98:d4:0f:dc:d4:9f:bd:18:21:04:96:b3:
         86:41:f9:29:65:2a:b4:7f:e3:a2:b5:b8:57:57:ba:06:78:45:
         a1:df:da:31:88:61:db:3a:2c:88:c2:ee:ec:73:c0:fa:fa:dc:
         47:ae:00:0f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKk/3UdEkIomv0SfgWcmuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMTI0MmU2YzdlYmQ4MmEyM2ZhMWEwOGYzOTZlYmU1YWIz
NGNmNmIwHhcNMjQwMTAyMTIzMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGYwZjE1N2Q4M2M1MDYwOGFkMjI4NDg1MjkzODljOGE4Yzg0YWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwoyEsIQcLmaly3fRHKQYLY6onUjj
zCqU2S3cdDB8L6MeAZsR87oz0xuuFp5PVjSYOtlSE/YbxQurXzQLBGnNsr9l9zJt
/WTlt9hkwMWaU9yD946z/frUca5brWzHa2rl0MDajyxjC8Vt8BLKZgZsfXeXTabV
fXCIsk5xMF/3BRacFqrch5MMvphWv+anWLL0folbTENm4v6Icm9vU0KhD9diSVa8
o6OEyfiA+urtnuzbPz7G4eAv1f30fav8uA8j9yE0t2TrF2/nVCSffq2S8qWFGUSi
DP29YWIucGFCbdY3HdlhjCRLS084QIgwN36TIXCdDC24GSystpovxxKKBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBjw8VfYPFBgitIoSFKTicioyErmMB8GA1UdIwQY
MBaAFM0SQubH69gqI/oaCPOW6+WrNM9rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelJKQzVzZnIyQ29qLWhvSTg1YnI1YXMwejJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC80YTc1N2MtYWRkZS00ODVjLTkxNzEt
ZjYwMzUzODQxMmM4LzEvR1BEeFY5ZzhVR0NLMGloSVVwT0p5S2pJU3VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC80YTc1N2MtYWRkZS00ODVjLTkxNzEtZjYwMzUzODQxMmM4
LzEvelJKQzVzZnIyQ29qLWhvSTg1YnI1YXMwejJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKg4hAAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBHBiaWvivdJochVhL2uE0txwAyJvfUWwBj6SZ3
GXAy3GdJVakesjp7Ljqk1O0mNxH6uDVZ4A8G5DAitX0HHhiyKQpmsUtLAJCyhdQl
2wVSYd3gDIuvatHeC9mTy9+LtdcO3yrGbUujfByMwt25PQ2i1Bu8JIDXTWQxgwzb
Kn6iOxgXN6LlXJbwPQvvjPiOw2coba+uI1KACx8q8A8yM4R3gK7jOYeOoJsywBuO
bvOxAhHhtYMUNC0YOrswB8Rv6yBzMHF1BI5r0yQemGyY1A/c1J+9GCEElrOGQfkp
ZSq0f+OitbhXV7oGeEWh39oxiGHbOiyIwu7sc8D6+txHrgAP
-----END CERTIFICATE-----