Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/1-G8JDSsdZAGNPInN-NaD69-aeuM.roa
File:                     1-G8JDSsdZAGNPInN-NaD69-aeuM.roa (raw, json)
Hash identifier:          k6twGBPyo7C0mcJ+t+jvBJDPgFYoJwIGnqVBMF/hHsQ=
Subject key identifier:   F8:6F:09:0D:2B:1D:64:01:8D:3C:89:CD:F8:D6:83:EB:DF:9A:7A:E3
Certificate issuer:       /CN=dbe6ab8e0c46e841b44d2b9c6b03bb65f5621db1
Certificate serial:       018CC94DA576105C77F113E2C783DEAEB29A
Authority key identifier: DB:E6:AB:8E:0C:46:E8:41:B4:4D:2B:9C:6B:03:BB:65:F5:62:1D:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/1-G8JDSsdZAGNPInN-NaD69-aeuM.roa
Signing time:             Tue 02 Jan 2024 08:32:38 +0000
ROA not before:           Tue 02 Jan 2024 08:32:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211481
IP address blocks:        2a0f:ca81:6960::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 10:03:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:a5:76:10:5c:77:f1:13:e2:c7:83:de:ae:b2:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbe6ab8e0c46e841b44d2b9c6b03bb65f5621db1
        Validity
            Not Before: Jan  2 08:32:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f86f090d2b1d64018d3c89cdf8d683ebdf9a7ae3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:48:b1:84:1f:48:73:0f:e0:0d:b3:1d:c6:36:
                    52:bb:34:3a:31:fb:34:aa:77:3c:bd:57:68:7b:c1:
                    78:96:d4:e0:ab:b1:6e:2b:d8:3a:5a:b5:cf:8a:b8:
                    14:d4:d4:e4:ff:d8:f0:0a:8a:10:b1:09:b6:df:fb:
                    2f:a0:fe:9f:a9:18:70:c9:0f:4b:f4:62:cb:2f:85:
                    97:fb:24:32:69:84:a3:09:af:c4:62:6d:50:24:d4:
                    84:c2:f4:e9:d2:b5:2b:aa:97:83:71:84:7e:8b:09:
                    a9:70:98:c2:de:fa:9a:3d:3d:81:6d:41:b3:b6:d7:
                    88:57:dc:40:97:e8:3f:45:7e:8b:39:72:27:b8:b2:
                    7c:61:bd:ff:88:1c:e1:0a:75:f7:ac:26:99:50:e7:
                    98:cf:07:1d:52:a3:60:d3:80:7c:6e:78:a2:e8:33:
                    7b:d4:e9:cc:74:ed:59:71:6a:97:f2:b0:1c:cd:b5:
                    0c:55:f0:b5:24:9c:a9:c2:7e:4f:ab:bf:11:8f:ec:
                    2c:69:60:df:6b:0d:77:d9:f9:5a:cb:70:ed:d2:91:
                    7d:4e:89:92:50:88:75:de:ed:da:c5:ac:45:d2:31:
                    d6:65:a1:b4:51:36:e4:90:aa:64:14:30:52:47:13:
                    5e:32:47:8b:42:03:0f:7b:5f:5d:6a:cb:6c:20:9a:
                    53:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:6F:09:0D:2B:1D:64:01:8D:3C:89:CD:F8:D6:83:EB:DF:9A:7A:E3
            X509v3 Authority Key Identifier:
                keyid:DB:E6:AB:8E:0C:46:E8:41:B4:4D:2B:9C:6B:03:BB:65:F5:62:1D:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/1-G8JDSsdZAGNPInN-NaD69-aeuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:ca81:6960::/44

    Signature Algorithm: sha256WithRSAEncryption
         a7:dc:4c:90:e5:ab:27:39:31:43:0a:e8:9b:9c:98:17:be:fe:
         c2:36:74:a8:d3:2c:71:9b:68:cb:85:d1:ed:d7:98:61:f8:f4:
         72:61:1a:bc:6b:ef:70:91:ac:c7:7b:6a:4b:ba:b6:05:08:7c:
         ea:a5:64:fa:9f:08:29:4a:42:c5:52:92:60:a0:ed:e7:4c:7d:
         e4:80:c9:ba:4a:c2:9a:1e:2c:ab:74:e0:18:18:75:c7:78:d2:
         a6:e0:b9:b1:c5:59:ad:59:74:8b:c9:31:32:1f:3d:67:66:38:
         a9:69:2c:a1:a7:f1:ba:d9:6b:bf:ed:af:b6:00:19:7b:d4:4d:
         01:76:96:f8:9e:ec:97:81:35:ec:49:50:0a:ed:81:fc:c4:3c:
         b2:7b:4a:1b:18:0d:3d:24:15:f4:ce:1e:f0:09:e6:d6:bf:0c:
         77:ef:0a:9a:8b:fd:1b:bd:f2:ca:1b:06:bf:b0:5a:e0:df:fa:
         e7:5e:6b:53:79:05:a5:4b:4e:a4:95:36:0c:74:6e:be:1e:6f:
         62:17:6c:6a:40:b0:25:83:54:18:1f:19:62:62:69:6e:bd:fb:
         fc:75:75:1b:13:ab:2b:25:0b:be:e4:a6:6d:34:6f:00:81:c6:
         52:6c:b1:ce:04:dd:32:a9:00:1c:74:4f:bc:68:59:e4:ce:c8:
         31:4a:1e:b6
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzJTaV2EFx38RPix4PerrKaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZTZhYjhlMGM0NmU4NDFiNDRkMmI5YzZiMDNiYjY1ZjU2
MjFkYjEwHhcNMjQwMTAyMDgzMjM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODZmMDkwZDJiMWQ2NDAxOGQzYzg5Y2RmOGQ2ODNlYmRmOWE3YWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkixhB9Icw/gDbMdxjZSuzQ6Mfs0
qnc8vVdoe8F4ltTgq7FuK9g6WrXPirgU1NTk/9jwCooQsQm23/svoP6fqRhwyQ9L
9GLLL4WX+yQyaYSjCa/EYm1QJNSEwvTp0rUrqpeDcYR+iwmpcJjC3vqaPT2BbUGz
tteIV9xAl+g/RX6LOXInuLJ8Yb3/iBzhCnX3rCaZUOeYzwcdUqNg04B8bnii6DN7
1OnMdO1ZcWqX8rAczbUMVfC1JJypwn5Pq78Rj+wsaWDfaw132flay3Dt0pF9TomS
UIh13u3axaxF0jHWZaG0UTbkkKpkFDBSRxNeMkeLQgMPe19dastsIJpTSwIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPhvCQ0rHWQBjTyJzfjWg+vfmnrjMB8GA1UdIwQY
MBaAFNvmq44MRuhBtE0rnGsDu2X1Yh2xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMi1hcmpneEc2RUcwVFN1Y2F3TzdaZlZpSGJFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS85NjQzNmMtZjZmYS00MGJhLWEyN2Mt
ZmIxMDMwNjUxMDY3LzEvMS1HOEpEU3NkWkFHTlBJbk4tTmFENjktYWV1TS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDEvOTY0MzZjLWY2ZmEtNDBiYS1hMjdjLWZiMTAzMDY1MTA2
Ny8xLzItYXJqZ3hHNkVHMFRTdWNhd083WmZWaUhiRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoPyoFp
YDANBgkqhkiG9w0BAQsFAAOCAQEAp9xMkOWrJzkxQwrom5yYF77+wjZ0qNMscZto
y4XR7deYYfj0cmEavGvvcJGsx3tqS7q2BQh86qVk+p8IKUpCxVKSYKDt50x95IDJ
ukrCmh4sq3TgGBh1x3jSpuC5scVZrVl0i8kxMh89Z2Y4qWksoafxutlrv+2vtgAZ
e9RNAXaW+J7sl4E17ElQCu2B/MQ8sntKGxgNPSQV9M4e8Anm1r8Md+8Kmov9G73y
yhsGv7Ba4N/6515rU3kFpUtOpJU2DHRuvh5vYhdsakCwJYNUGB8ZYmJpbr37/HV1
GxOrKyULvuSmbTRvAIHGUmyxzgTdMqkAHHRPvGhZ5M7IMUoetg==
-----END CERTIFICATE-----