Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/VTFmKW5oJe_aki7x1urblkP0Fyc.roa
File:                     VTFmKW5oJe_aki7x1urblkP0Fyc.roa (raw, json)
Hash identifier:          2MZuFdP6pQLocFIUqAzsdUT8olNA1CbFEwyUxslWUHU=
Subject key identifier:   55:31:66:29:6E:68:25:EF:DA:92:2E:F1:D6:EA:DB:96:43:F4:17:27
Certificate issuer:       /CN=dbe6ab8e0c46e841b44d2b9c6b03bb65f5621db1
Certificate serial:       019424B392605AF0937699A1CCFE8594E907
Authority key identifier: DB:E6:AB:8E:0C:46:E8:41:B4:4D:2B:9C:6B:03:BB:65:F5:62:1D:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/VTFmKW5oJe_aki7x1urblkP0Fyc.roa
Signing time:             Thu 02 Jan 2025 01:48:55 +0000
ROA not before:           Thu 02 Jan 2025 01:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     142418
IP address blocks:        2a0f:ca81:6960::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 12:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:92:60:5a:f0:93:76:99:a1:cc:fe:85:94:e9:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbe6ab8e0c46e841b44d2b9c6b03bb65f5621db1
        Validity
            Not Before: Jan  2 01:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=553166296e6825efda922ef1d6eadb9643f41727
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:8c:30:32:4e:c8:34:1c:ae:a4:f7:04:53:23:
                    b1:a9:cb:d8:eb:0b:76:45:70:88:76:a3:ca:c5:3b:
                    74:e8:73:ef:bc:22:e5:4e:ef:52:05:d6:a6:97:d3:
                    3f:da:b8:74:4b:ed:af:7d:fe:6f:23:c7:17:83:7b:
                    96:ad:c8:31:11:98:67:e6:aa:a1:81:5c:19:f6:52:
                    16:ca:c0:fc:37:2f:c1:31:18:7f:66:2f:10:da:99:
                    88:69:e9:e0:ea:26:14:23:8a:62:eb:fb:b8:a5:66:
                    46:eb:e2:7b:78:18:70:82:88:db:5a:0d:bc:3e:0b:
                    4f:43:17:aa:ea:4e:c4:af:44:af:75:55:bb:7a:75:
                    96:23:12:2e:78:b5:95:b1:e5:df:de:52:df:94:9b:
                    81:8c:cc:5b:08:6d:fa:45:31:de:06:ab:62:37:23:
                    a1:02:bc:e3:0a:fe:a6:ec:63:21:93:b8:84:c4:e2:
                    47:72:3c:35:fe:41:25:e9:db:ca:89:61:52:8b:26:
                    4b:05:16:81:14:ca:5a:d7:39:99:a0:41:ed:ae:17:
                    3b:b2:ca:d0:78:d5:f8:ca:cc:e6:81:c2:fd:be:20:
                    29:29:4e:71:33:46:d0:0b:57:8b:16:72:40:f4:0a:
                    72:e5:10:b4:df:e3:64:2b:b5:63:67:87:fc:34:d5:
                    f1:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:31:66:29:6E:68:25:EF:DA:92:2E:F1:D6:EA:DB:96:43:F4:17:27
            X509v3 Authority Key Identifier:
                keyid:DB:E6:AB:8E:0C:46:E8:41:B4:4D:2B:9C:6B:03:BB:65:F5:62:1D:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/VTFmKW5oJe_aki7x1urblkP0Fyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:ca81:6960::/44

    Signature Algorithm: sha256WithRSAEncryption
         33:49:6c:1d:e0:51:91:70:6b:0e:d3:19:a3:dc:b7:fc:71:86:
         84:03:b7:b3:07:ae:90:ff:76:91:f6:77:90:89:a0:e5:b6:81:
         c5:17:f7:f0:b3:08:ba:c5:12:7d:13:bf:a5:29:af:dd:61:50:
         6b:1b:27:6f:32:f0:13:8e:fa:56:a2:be:7f:3f:03:8a:14:d1:
         c1:03:8c:94:06:6e:69:bc:10:8a:f9:48:c2:c1:7e:73:40:66:
         68:45:50:01:92:30:1a:72:bb:98:e1:e0:be:13:53:0a:b6:86:
         53:78:22:5b:b6:b1:5e:4e:54:6f:9d:9e:f0:94:b8:64:93:3e:
         b9:fe:b5:11:1f:bc:78:d6:36:e6:2e:11:a4:3a:4c:e7:43:1f:
         cf:ea:e1:65:11:36:cb:ca:1e:45:89:7f:bc:f4:2c:d6:df:26:
         a7:d7:15:7b:89:24:ad:c9:dd:d0:0b:88:27:17:82:1d:d9:98:
         0f:e6:da:a1:87:54:a4:df:00:37:b8:b9:91:ff:c5:3f:9a:e1:
         b6:4b:2e:6a:6b:c6:3d:8d:21:bc:e5:57:7b:9e:b4:b0:b8:00:
         fe:6f:15:4b:19:c0:21:e2:72:46:2a:3a:1d:cf:76:e4:cc:7b:
         2b:9f:42:b3:8d:c4:ef:df:96:b6:8f:49:8d:82:b4:c0:77:da:
         c0:64:0e:84
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQks5JgWvCTdpmhzP6FlOkHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZTZhYjhlMGM0NmU4NDFiNDRkMmI5YzZiMDNiYjY1ZjU2
MjFkYjEwHhcNMjUwMTAyMDE0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTMxNjYyOTZlNjgyNWVmZGE5MjJlZjFkNmVhZGI5NjQzZjQxNzI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4wwMk7INByupPcEUyOxqcvY6wt2
RXCIdqPKxTt06HPvvCLlTu9SBdaml9M/2rh0S+2vff5vI8cXg3uWrcgxEZhn5qqh
gVwZ9lIWysD8Ny/BMRh/Zi8Q2pmIaeng6iYUI4pi6/u4pWZG6+J7eBhwgojbWg28
PgtPQxeq6k7Er0SvdVW7enWWIxIueLWVseXf3lLflJuBjMxbCG36RTHeBqtiNyOh
ArzjCv6m7GMhk7iExOJHcjw1/kEl6dvKiWFSiyZLBRaBFMpa1zmZoEHtrhc7ssrQ
eNX4yszmgcL9viApKU5xM0bQC1eLFnJA9Apy5RC03+NkK7VjZ4f8NNXxkQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFUxZiluaCXv2pIu8dbq25ZD9BcnMB8GA1UdIwQY
MBaAFNvmq44MRuhBtE0rnGsDu2X1Yh2xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMi1hcmpneEc2RUcwVFN1Y2F3TzdaZlZpSGJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS85NjQzNmMtZjZmYS00MGJhLWEyN2Mt
ZmIxMDMwNjUxMDY3LzEvVlRGbUtXNW9KZV9ha2k3eDF1cmJsa1AwRnljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS85NjQzNmMtZjZmYS00MGJhLWEyN2MtZmIxMDMwNjUxMDY3
LzEvMi1hcmpneEc2RUcwVFN1Y2F3TzdaZlZpSGJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg/KgWlg
MA0GCSqGSIb3DQEBCwUAA4IBAQAzSWwd4FGRcGsO0xmj3Lf8cYaEA7ezB66Q/3aR
9neQiaDltoHFF/fwswi6xRJ9E7+lKa/dYVBrGydvMvATjvpWor5/PwOKFNHBA4yU
Bm5pvBCK+UjCwX5zQGZoRVABkjAacruY4eC+E1MKtoZTeCJbtrFeTlRvnZ7wlLhk
kz65/rURH7x41jbmLhGkOkznQx/P6uFlETbLyh5FiX+89CzW3yan1xV7iSStyd3Q
C4gnF4Id2ZgP5tqhh1Sk3wA3uLmR/8U/muG2Sy5qa8Y9jSG85Vd7nrSwuAD+bxVL
GcAh4nJGKjodz3bkzHsrn0KzjcTv35a2j0mNgrTAd9rAZA6E
-----END CERTIFICATE-----