Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/2xyfwpZuyS8FfcxbjFGzpEC1S80.roa
File:                     2xyfwpZuyS8FfcxbjFGzpEC1S80.roa (raw, json)
Hash identifier:          ph5pFid7hQN2/J8cBKGByUr3gkDLCxIRBEgEgJazIvY=
Subject key identifier:   DB:1C:9F:C2:96:6E:C9:2F:05:7D:CC:5B:8C:51:B3:A4:40:B5:4B:CD
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01942369F6D70384C789E28C7051CD1BEEB7
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/2xyfwpZuyS8FfcxbjFGzpEC1S80.roa
Signing time:             Wed 01 Jan 2025 19:48:54 +0000
ROA not before:           Wed 01 Jan 2025 19:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208682
IP address blocks:        2a0d:6f80:3309::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:f6:d7:03:84:c7:89:e2:8c:70:51:cd:1b:ee:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  1 19:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db1c9fc2966ec92f057dcc5b8c51b3a440b54bcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d3:a8:d0:ec:30:4e:8b:6e:6b:10:2b:ea:1b:
                    39:c5:c9:bd:ac:50:9e:71:c7:c1:1c:cb:96:ba:bf:
                    ba:2c:da:94:af:53:1e:60:f5:fe:fe:07:8d:ea:9a:
                    b0:ed:ad:b9:75:0b:0c:27:82:3c:d0:eb:f3:91:65:
                    46:2a:1f:d0:f2:a2:eb:aa:82:1e:15:50:9e:87:4b:
                    a5:70:1e:64:34:39:02:56:70:ee:5f:ad:df:e1:4a:
                    c0:8a:94:be:a7:77:fe:0d:99:3a:78:5e:87:eb:20:
                    6f:3d:44:67:bf:5f:b9:a0:4f:c5:f0:ff:1b:57:7b:
                    f5:82:d9:20:ab:fa:62:34:d9:bd:7d:3c:0d:c2:69:
                    25:8a:1a:f4:f6:47:68:37:26:b5:20:64:d0:7b:9c:
                    89:64:c5:5a:4f:eb:b6:5a:77:99:e1:09:90:f9:70:
                    60:d4:c1:54:dd:45:30:80:2c:04:2f:b7:a7:c1:c9:
                    95:f6:7e:b5:6d:b6:fa:6f:11:8d:89:10:e7:5c:36:
                    fe:0b:bd:01:1d:1d:58:ee:5b:31:52:f4:b9:e9:38:
                    6b:18:04:84:43:96:af:91:05:b5:c5:fe:ef:50:60:
                    1d:62:f2:d3:de:d4:79:9c:d3:ed:f8:08:7b:4b:55:
                    a5:c1:e3:68:ad:a7:fb:a0:cf:5b:73:83:0b:68:e8:
                    5b:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:1C:9F:C2:96:6E:C9:2F:05:7D:CC:5B:8C:51:B3:A4:40:B5:4B:CD
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/2xyfwpZuyS8FfcxbjFGzpEC1S80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:6f80:3309::/48

    Signature Algorithm: sha256WithRSAEncryption
         88:99:0a:d0:d7:12:7d:2c:15:8d:9b:b2:1a:84:14:10:97:28:
         e7:57:01:5c:ca:40:8f:8d:7f:9f:23:f6:1e:04:db:78:f4:91:
         56:56:2c:47:53:7e:62:c2:7d:e2:b5:14:c3:9b:a9:ad:e3:54:
         6f:78:f7:b7:1f:1b:11:e0:b3:1d:49:07:71:07:6c:b5:27:52:
         7d:ca:26:0c:93:30:c4:a1:4e:d9:51:cd:48:4d:1a:0b:4a:da:
         e5:df:82:5c:7c:62:f8:2f:5f:db:ec:1b:47:6d:b8:0e:9f:06:
         19:0e:9a:17:8d:e3:7e:9c:63:c7:a6:b6:2d:6c:3b:44:44:c5:
         4b:80:4d:28:b6:9f:c2:f7:04:37:12:3f:9f:49:a3:80:75:7c:
         39:c9:37:7d:96:91:bc:6d:63:b9:20:4d:f7:33:b6:f9:e4:24:
         ba:0a:a4:02:62:f5:27:08:0d:1b:dd:30:4e:a7:bd:9b:21:4f:
         38:f3:b4:7f:13:14:58:4a:ab:51:8f:5f:3a:34:2d:e7:66:de:
         4c:52:a9:d4:00:cd:35:66:c6:2c:bc:bd:b4:d4:56:37:93:be:
         77:73:13:6e:53:33:c3:55:a9:23:d1:92:e4:51:9f:7e:ff:73:
         4a:56:19:69:a7:9c:0d:2d:ba:f1:76:97:8c:c0:e8:17:0f:5b:
         64:bd:d1:50
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQjafbXA4THieKMcFHNG+63MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMTAxMTk0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjFjOWZjMjk2NmVjOTJmMDU3ZGNjNWI4YzUxYjNhNDQwYjU0YmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdOo0OwwTotuaxAr6hs5xcm9rFCe
ccfBHMuWur+6LNqUr1MeYPX+/geN6pqw7a25dQsMJ4I80OvzkWVGKh/Q8qLrqoIe
FVCeh0ulcB5kNDkCVnDuX63f4UrAipS+p3f+DZk6eF6H6yBvPURnv1+5oE/F8P8b
V3v1gtkgq/piNNm9fTwNwmklihr09kdoNya1IGTQe5yJZMVaT+u2WneZ4QmQ+XBg
1MFU3UUwgCwEL7enwcmV9n61bbb6bxGNiRDnXDb+C70BHR1Y7lsxUvS56ThrGASE
Q5avkQW1xf7vUGAdYvLT3tR5nNPt+Ah7S1WlweNoraf7oM9bc4MLaOhbkQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNscn8KWbskvBX3MW4xRs6RAtUvNMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvMnh5ZndwWnV5UzhGZmN4YmpGR3pwRUMxUzgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg1vgDMJ
MA0GCSqGSIb3DQEBCwUAA4IBAQCImQrQ1xJ9LBWNm7IahBQQlyjnVwFcykCPjX+f
I/YeBNt49JFWVixHU35iwn3itRTDm6mt41RvePe3HxsR4LMdSQdxB2y1J1J9yiYM
kzDEoU7ZUc1ITRoLStrl34JcfGL4L1/b7BtHbbgOnwYZDpoXjeN+nGPHprYtbDtE
RMVLgE0otp/C9wQ3Ej+fSaOAdXw5yTd9lpG8bWO5IE33M7b55CS6CqQCYvUnCA0b
3TBOp72bIU8487R/ExRYSqtRj186NC3nZt5MUqnUAM01ZsYsvL201FY3k753cxNu
UzPDVakj0ZLkUZ9+/3NKVhlpp5wNLbrxdpeMwOgXD1tkvdFQ
-----END CERTIFICATE-----