Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/GFONIU5V-VS5aJA8RfQwyrEcbdg.roa
File:                     GFONIU5V-VS5aJA8RfQwyrEcbdg.roa (raw, json)
Hash identifier:          DxyhDrznGWw6e3Ni8ooX1uy5V63rBn5gnFekyL5meA8=
Subject key identifier:   18:53:8D:21:4E:55:F9:54:B9:68:90:3C:45:F4:30:CA:B1:1C:6D:D8
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01965A35637A9C46CFD301439B5E907C5B50
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/GFONIU5V-VS5aJA8RfQwyrEcbdg.roa
Signing time:             Mon 21 Apr 2025 21:16:10 +0000
ROA not before:           Mon 21 Apr 2025 21:16:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200216
IP address blocks:        2a13:c244:8000::/33 maxlen: 33
                          2a14:1107:8000::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5a:35:63:7a:9c:46:cf:d3:01:43:9b:5e:90:7c:5b:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Apr 21 21:16:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18538d214e55f954b968903c45f430cab11c6dd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a2:e9:f0:76:af:c1:e1:e0:1c:c1:54:fb:45:
                    89:d6:00:2b:86:82:91:65:f9:6a:6b:43:fc:ee:89:
                    d8:a7:38:e0:a7:db:b7:a1:9e:71:43:00:08:96:b0:
                    73:6a:d4:48:5c:ef:01:fe:98:1d:40:ee:6a:f7:08:
                    2a:8b:39:3b:1b:29:fc:00:01:75:c2:28:5f:de:ff:
                    63:58:76:56:13:cd:52:29:a6:4a:ad:48:de:d5:df:
                    0f:30:24:90:26:7d:67:a9:74:5f:95:50:33:0a:70:
                    bf:4b:f1:95:3c:64:21:f0:9c:b2:1b:17:3d:14:b1:
                    f5:04:af:bf:78:b9:b2:1c:d6:6b:09:89:22:4e:e2:
                    1d:95:ec:0b:83:c5:71:8d:d3:a7:f2:48:7b:c1:67:
                    60:1f:aa:c3:f7:be:94:57:1c:c8:cc:06:c6:29:88:
                    c7:67:77:97:44:95:dd:94:33:23:79:b5:84:ba:a7:
                    52:80:f8:75:14:b7:ea:11:87:53:91:5f:ea:78:d1:
                    24:a0:fd:f2:17:c5:f0:ca:d8:6d:e8:dc:68:4c:f8:
                    7e:97:db:75:a6:ad:52:75:a4:cb:eb:c0:dc:a7:3e:
                    ac:61:dd:3c:e8:64:a3:fd:41:14:e0:e2:85:57:b2:
                    2c:e2:ec:f6:24:41:d6:cb:44:75:0a:59:cb:9b:bb:
                    bf:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:53:8D:21:4E:55:F9:54:B9:68:90:3C:45:F4:30:CA:B1:1C:6D:D8
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/GFONIU5V-VS5aJA8RfQwyrEcbdg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c244:8000::/33
                  2a14:1107:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         c7:91:5d:dd:6f:38:65:05:a2:ba:59:8f:76:63:7e:18:29:c9:
         19:44:aa:ae:da:65:b8:81:11:38:84:f1:9b:fc:b6:72:7f:56:
         80:75:9f:7a:54:d3:84:75:32:48:b3:82:c2:e0:0d:d5:dc:d7:
         5f:f6:d5:71:64:a1:60:33:0c:9d:5f:bf:92:32:c0:3f:1e:66:
         e4:8a:d5:d0:c1:f9:6c:bb:8b:51:32:59:a2:c7:49:dc:dc:8a:
         15:f6:b7:9d:b3:26:9b:85:44:cf:05:a4:39:e2:bd:c1:7d:0c:
         88:15:e1:84:78:63:94:4a:2b:c8:57:2e:c2:e3:ed:5b:f4:24:
         08:50:9c:79:31:06:4a:a9:73:83:b7:0e:bb:db:82:40:80:05:
         ad:82:36:62:3a:8e:39:4f:6f:d1:77:f5:0f:64:d4:b0:47:2f:
         03:76:ca:4e:78:11:11:71:79:07:a9:47:bb:bf:5c:32:d7:75:
         45:07:d3:ae:07:e0:d3:1c:47:ab:ce:9f:af:89:9a:aa:6c:04:
         59:99:e3:98:0b:e9:24:b6:f4:15:78:19:d8:83:6d:7c:1e:e7:
         f8:d4:0c:60:ef:5f:56:64:02:8a:a6:74:3a:58:9c:14:be:07:
         f0:7b:0e:5f:4b:2d:a4:d4:7e:61:38:45:b4:30:74:8e:62:0c:
         54:87:3b:23
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZZaNWN6nEbP0wFDm16QfFtQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNDIxMjExNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODUzOGQyMTRlNTVmOTU0Yjk2ODkwM2M0NWY0MzBjYWIxMWM2ZGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaLp8HavweHgHMFU+0WJ1gArhoKR
Zflqa0P87onYpzjgp9u3oZ5xQwAIlrBzatRIXO8B/pgdQO5q9wgqizk7Gyn8AAF1
wihf3v9jWHZWE81SKaZKrUje1d8PMCSQJn1nqXRflVAzCnC/S/GVPGQh8JyyGxc9
FLH1BK+/eLmyHNZrCYkiTuIdlewLg8VxjdOn8kh7wWdgH6rD976UVxzIzAbGKYjH
Z3eXRJXdlDMjebWEuqdSgPh1FLfqEYdTkV/qeNEkoP3yF8Xwytht6NxoTPh+l9t1
pq1SdaTL68Dcpz6sYd086GSj/UEU4OKFV7Is4uz2JEHWy0R1ClnLm7u/wQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFBhTjSFOVflUuWiQPEX0MMqxHG3YMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvR0ZPTklVNVYtVlM1YUpBOFJmUXd5ckVjYmRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYHKhPCRIAD
BgcqFBEHgDANBgkqhkiG9w0BAQsFAAOCAQEAx5Fd3W84ZQWiulmPdmN+GCnJGUSq
rtpluIEROITxm/y2cn9WgHWfelTThHUySLOCwuAN1dzXX/bVcWShYDMMnV+/kjLA
Px5m5IrV0MH5bLuLUTJZosdJ3NyKFfa3nbMmm4VEzwWkOeK9wX0MiBXhhHhjlEor
yFcuwuPtW/QkCFCceTEGSqlzg7cOu9uCQIAFrYI2YjqOOU9v0Xf1D2TUsEcvA3bK
TngREXF5B6lHu79cMtd1RQfTrgfg0xxHq86fr4maqmwEWZnjmAvpJLb0FXgZ2INt
fB7n+NQMYO9fVmQCiqZ0OlicFL4H8HsOX0stpNR+YThFtDB0jmIMVIc7Iw==
-----END CERTIFICATE-----