Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/7ca61a-ce3d-4bac-9110-c0f3bad99a40/1/GwGyiWi1lJtGUOMwLS1LhYnGjds.roa
File:                     GwGyiWi1lJtGUOMwLS1LhYnGjds.roa (raw, json)
Hash identifier:          PO1ZB8DGEc/8PvDomdUaHeQnJxhE2WK1GZQI2WZvJS8=
Subject key identifier:   1B:01:B2:89:68:B5:94:9B:46:50:E3:30:2D:2D:4B:85:89:C6:8D:DB
Certificate issuer:       /CN=b689299bc49584a645940c1dd87df0afc8aaa0fd
Certificate serial:       018CC3B70D167FBA7F0A6EAB9326A8278B18
Authority key identifier: B6:89:29:9B:C4:95:84:A6:45:94:0C:1D:D8:7D:F0:AF:C8:AA:A0:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tokpm8SVhKZFlAwd2H3wr8iqoP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/7ca61a-ce3d-4bac-9110-c0f3bad99a40/1/GwGyiWi1lJtGUOMwLS1LhYnGjds.roa
Signing time:             Mon 01 Jan 2024 06:30:02 +0000
ROA not before:           Mon 01 Jan 2024 06:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5607
IP address blocks:        2a0c:93c0:8002::/48 maxlen: 48
                          2a0c:93c0:c002::/48 maxlen: 48
                          2a0c:93c0:8000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/7ca61a-ce3d-4bac-9110-c0f3bad99a40/1/tokpm8SVhKZFlAwd2H3wr8iqoP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/7ca61a-ce3d-4bac-9110-c0f3bad99a40/1/tokpm8SVhKZFlAwd2H3wr8iqoP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tokpm8SVhKZFlAwd2H3wr8iqoP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:0d:16:7f:ba:7f:0a:6e:ab:93:26:a8:27:8b:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b689299bc49584a645940c1dd87df0afc8aaa0fd
        Validity
            Not Before: Jan  1 06:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b01b28968b5949b4650e3302d2d4b8589c68ddb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:47:f5:15:d8:9e:c7:29:a4:ba:c0:27:66:ee:
                    a2:6d:3c:56:1c:f0:6c:1a:89:be:da:19:72:74:0a:
                    33:3a:3e:00:c9:a8:39:1f:27:9c:20:10:5d:be:c7:
                    6d:e8:5d:5c:fa:b6:c0:c3:98:b3:0e:51:04:0f:15:
                    bb:e5:16:e6:81:7c:99:de:19:cc:a7:a7:b2:eb:8c:
                    9a:19:b4:60:ef:9e:c2:54:3e:61:1c:9c:b9:2d:ed:
                    ba:be:b6:8b:d4:41:67:b9:d7:c3:06:2d:b1:0b:e1:
                    10:8b:7e:ba:cf:1e:04:de:89:c1:2c:d6:fa:09:9f:
                    19:4f:29:49:58:d7:24:06:e4:80:52:35:13:bc:d6:
                    89:84:67:b8:62:f6:27:6c:fb:e0:30:55:5f:bc:7c:
                    bd:0a:0d:a5:e4:02:5c:59:d7:7b:35:48:7e:d0:4f:
                    2e:99:aa:dc:39:25:64:c0:e4:a6:ec:6c:5b:a7:df:
                    05:7d:63:94:3e:44:dc:7f:83:2f:2f:e5:70:00:64:
                    e8:1b:58:4c:d4:5a:6d:f9:60:ca:e1:0e:7f:e3:de:
                    69:35:4c:26:14:0e:dd:d7:07:71:b9:1c:c6:b6:12:
                    53:d5:ee:37:20:e2:56:5b:40:a1:b6:a1:b6:97:c1:
                    2a:a1:1e:49:2c:21:9c:c5:c1:5c:69:cc:95:12:4a:
                    84:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:01:B2:89:68:B5:94:9B:46:50:E3:30:2D:2D:4B:85:89:C6:8D:DB
            X509v3 Authority Key Identifier:
                keyid:B6:89:29:9B:C4:95:84:A6:45:94:0C:1D:D8:7D:F0:AF:C8:AA:A0:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tokpm8SVhKZFlAwd2H3wr8iqoP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/7ca61a-ce3d-4bac-9110-c0f3bad99a40/1/GwGyiWi1lJtGUOMwLS1LhYnGjds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/7ca61a-ce3d-4bac-9110-c0f3bad99a40/1/tokpm8SVhKZFlAwd2H3wr8iqoP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:93c0:8000::/48
                  2a0c:93c0:8002::/48
                  2a0c:93c0:c002::/48

    Signature Algorithm: sha256WithRSAEncryption
         86:d0:a5:59:c3:32:53:4b:2f:c6:4b:be:5f:e7:6d:47:11:6a:
         d5:8e:59:d7:0a:5c:72:a1:b4:23:c0:11:01:02:34:64:bb:10:
         43:11:e5:5c:39:0f:02:88:16:06:6e:7a:c3:88:0a:1e:04:65:
         1d:7d:06:c3:27:c4:cc:0e:69:fd:0b:56:78:de:0d:3a:d7:1a:
         67:5b:50:ac:47:42:34:ed:cf:fe:4d:7d:90:ca:6a:77:07:58:
         71:6b:7e:21:21:03:6f:9d:89:ce:45:df:da:b7:43:97:19:d0:
         93:3f:d7:11:c3:a9:59:8a:d3:0d:80:c4:9c:ca:9f:2b:6a:22:
         35:a5:ac:e5:f4:e2:64:56:d2:b4:9e:80:6d:9c:5f:33:87:c9:
         7f:40:0e:6e:80:a8:19:1f:07:6f:88:52:b6:62:ea:8e:d1:a0:
         7d:f7:0d:71:8b:8d:32:cd:ba:31:e9:dd:58:c8:bf:29:16:dd:
         88:37:ae:d4:d5:56:c9:e8:de:34:8a:a9:c0:e0:94:c5:6d:7c:
         03:19:d3:e9:30:cc:95:c0:c0:03:1c:2b:3d:b7:08:5f:22:02:
         62:f6:c9:e5:36:f3:26:b2:3b:d1:8a:71:50:f6:00:38:3a:e2:
         15:d9:c5:8d:96:41:ae:73:d1:cc:c6:14:9c:bb:96:0f:4e:30:
         42:6c:ba:25
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzDtw0Wf7p/Cm6rkyaoJ4sYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ODkyOTliYzQ5NTg0YTY0NTk0MGMxZGQ4N2RmMGFmYzhh
YWEwZmQwHhcNMjQwMTAxMDYzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjAxYjI4OTY4YjU5NDliNDY1MGUzMzAyZDJkNGI4NTg5YzY4ZGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUf1FdiexymkusAnZu6ibTxWHPBs
Gom+2hlydAozOj4Ayag5HyecIBBdvsdt6F1c+rbAw5izDlEEDxW75RbmgXyZ3hnM
p6ey64yaGbRg757CVD5hHJy5Le26vraL1EFnudfDBi2xC+EQi366zx4E3onBLNb6
CZ8ZTylJWNckBuSAUjUTvNaJhGe4YvYnbPvgMFVfvHy9Cg2l5AJcWdd7NUh+0E8u
marcOSVkwOSm7Gxbp98FfWOUPkTcf4MvL+VwAGToG1hM1Fpt+WDK4Q5/495pNUwm
FA7d1wdxuRzGthJT1e43IOJWW0ChtqG2l8EqoR5JLCGcxcFcacyVEkqENQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBsBsolotZSbRlDjMC0tS4WJxo3bMB8GA1UdIwQY
MBaAFLaJKZvElYSmRZQMHdh98K/IqqD9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdG9rcG04U1ZoS1pGbEF3ZDJIM3dyOGlxb1AwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy83Y2E2MWEtY2UzZC00YmFjLTkxMTAt
YzBmM2JhZDk5YTQwLzEvR3dHeWlXaTFsSnRHVU9Nd0xTMUxoWW5HamRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy83Y2E2MWEtY2UzZC00YmFjLTkxMTAtYzBmM2JhZDk5YTQw
LzEvdG9rcG04U1ZoS1pGbEF3ZDJIM3dyOGlxb1AwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKgyTwIAA
AwcAKgyTwIACAwcAKgyTwMACMA0GCSqGSIb3DQEBCwUAA4IBAQCG0KVZwzJTSy/G
S75f521HEWrVjlnXClxyobQjwBEBAjRkuxBDEeVcOQ8CiBYGbnrDiAoeBGUdfQbD
J8TMDmn9C1Z43g061xpnW1CsR0I07c/+TX2Qymp3B1hxa34hIQNvnYnORd/at0OX
GdCTP9cRw6lZitMNgMScyp8raiI1pazl9OJkVtK0noBtnF8zh8l/QA5ugKgZHwdv
iFK2YuqO0aB99w1xi40yzbox6d1YyL8pFt2IN67U1VbJ6N40iqnA4JTFbXwDGdPp
MMyVwMADHCs9twhfIgJi9snlNvMmsjvRinFQ9gA4OuIV2cWNlkGuc9HMxhScu5YP
TjBCbLol
-----END CERTIFICATE-----