Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/CFH3tDV6CjVHTRuE0yBcRo2-IaQ.roa
File:                     CFH3tDV6CjVHTRuE0yBcRo2-IaQ.roa (raw, json)
Hash identifier:          ac5Eyl+9TSmSCBTLI0o39IsF1z2SYP3dsWgJcZrSzGQ=
Subject key identifier:   08:51:F7:B4:35:7A:0A:35:47:4D:1B:84:D3:20:5C:46:8D:BE:21:A4
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0194236A00B05E4C919D2ECF1A6C4C3F2B15
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/CFH3tDV6CjVHTRuE0yBcRo2-IaQ.roa
Signing time:             Wed 01 Jan 2025 19:48:56 +0000
ROA not before:           Wed 01 Jan 2025 19:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216387
IP address blocks:        2a0d:6f80:587a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:00:b0:5e:4c:91:9d:2e:cf:1a:6c:4c:3f:2b:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  1 19:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0851f7b4357a0a35474d1b84d3205c468dbe21a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:0e:0f:79:c5:9f:0f:71:b6:96:00:e9:f7:e6:
                    8b:3a:ef:4b:68:a7:ec:98:fc:89:65:d2:e7:85:23:
                    f4:ec:8c:f6:0b:5f:b3:c8:d2:67:03:b8:bb:5c:bf:
                    9c:dc:1d:39:dc:b4:8b:1d:2f:18:2f:b3:db:4b:e4:
                    b4:0b:83:3f:e5:6f:61:3c:c7:70:c3:38:5b:89:8c:
                    f4:9b:d3:66:81:aa:30:ec:b1:de:94:50:3e:69:70:
                    4d:95:f7:a7:9f:99:44:5f:d0:a7:9e:41:01:82:68:
                    40:93:0f:33:fe:bd:e9:8e:8d:cf:5c:e2:dc:bc:aa:
                    df:8c:0e:32:d8:94:7d:9c:b0:69:75:06:2f:2c:b3:
                    a6:a5:f6:ea:49:f4:df:60:08:2b:fb:ce:81:77:e1:
                    a5:9e:d0:e7:b1:8e:82:fe:54:19:ad:fd:b0:14:f1:
                    fc:0a:ca:0c:b2:41:ae:81:37:32:ec:03:eb:f2:14:
                    1d:bf:32:c3:14:97:3a:d0:26:94:63:ca:5e:41:61:
                    93:7f:10:a0:90:e5:38:c5:63:e7:c2:b6:80:c4:2c:
                    2c:05:d8:9b:ea:02:86:77:d8:3c:28:23:e4:79:58:
                    23:c7:98:f8:dd:c1:f5:4f:33:25:c5:b6:31:f3:3f:
                    f5:dd:4d:2b:eb:8a:bd:46:34:24:9f:a6:15:5e:53:
                    fc:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:51:F7:B4:35:7A:0A:35:47:4D:1B:84:D3:20:5C:46:8D:BE:21:A4
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/CFH3tDV6CjVHTRuE0yBcRo2-IaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:6f80:587a::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:e9:14:42:ab:1c:f8:d9:ea:07:61:77:20:b2:11:08:ad:f0:
         bc:66:99:6e:20:30:b0:05:4f:19:84:0c:d9:02:51:89:3b:1d:
         85:89:be:fd:92:16:c1:9f:e9:d7:56:51:a1:d0:c7:79:c8:32:
         43:9a:ca:88:b9:16:c6:93:08:73:3b:1e:61:13:22:83:8d:9f:
         25:01:a2:ab:b5:67:68:f0:a1:79:c0:cc:b3:ed:22:26:de:03:
         c5:68:0c:50:3f:fd:b6:e0:76:4d:d4:51:64:0f:94:f9:f1:0e:
         ea:05:53:7c:ef:b5:b5:73:f6:b3:aa:4b:a8:39:33:77:2f:ca:
         ed:8b:c9:5e:a0:21:97:e2:be:f3:28:64:34:d2:05:87:b0:dd:
         c1:78:59:4b:27:67:4f:e5:db:9e:46:8a:54:e9:ef:1c:3b:5c:
         d0:b4:a2:88:8c:58:b8:90:17:6b:21:58:af:02:94:1d:82:c6:
         b2:c1:45:fb:2d:e1:2b:dd:60:0f:64:9c:59:21:cc:c9:d2:2f:
         9a:8e:ef:45:ea:a9:c5:da:6d:e4:d5:6a:61:aa:af:69:9e:bd:
         4e:53:63:b0:56:e2:3c:58:52:7f:10:dd:d4:61:2d:89:21:b2:
         4a:c9:4c:50:82:af:ec:20:ac:e5:27:3f:56:46:55:22:17:28:
         a1:0a:47:71
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQjagCwXkyRnS7PGmxMPysVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMTAxMTk0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODUxZjdiNDM1N2EwYTM1NDc0ZDFiODRkMzIwNWM0NjhkYmUyMWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtA4PecWfD3G2lgDp9+aLOu9LaKfs
mPyJZdLnhSP07Iz2C1+zyNJnA7i7XL+c3B053LSLHS8YL7PbS+S0C4M/5W9hPMdw
wzhbiYz0m9Nmgaow7LHelFA+aXBNlfenn5lEX9CnnkEBgmhAkw8z/r3pjo3PXOLc
vKrfjA4y2JR9nLBpdQYvLLOmpfbqSfTfYAgr+86Bd+GlntDnsY6C/lQZrf2wFPH8
CsoMskGugTcy7APr8hQdvzLDFJc60CaUY8peQWGTfxCgkOU4xWPnwraAxCwsBdib
6gKGd9g8KCPkeVgjx5j43cH1TzMlxbYx8z/13U0r64q9RjQkn6YVXlP8ZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAhR97Q1ego1R00bhNMgXEaNviGkMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvQ0ZIM3REVjZDalZIVFJ1RTB5QmNSbzItSWFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg1vgFh6
MA0GCSqGSIb3DQEBCwUAA4IBAQAu6RRCqxz42eoHYXcgshEIrfC8ZpluIDCwBU8Z
hAzZAlGJOx2Fib79khbBn+nXVlGh0Md5yDJDmsqIuRbGkwhzOx5hEyKDjZ8lAaKr
tWdo8KF5wMyz7SIm3gPFaAxQP/224HZN1FFkD5T58Q7qBVN877W1c/azqkuoOTN3
L8rti8leoCGX4r7zKGQ00gWHsN3BeFlLJ2dP5dueRopU6e8cO1zQtKKIjFi4kBdr
IVivApQdgsaywUX7LeEr3WAPZJxZIczJ0i+aju9F6qnF2m3k1Wphqq9pnr1OU2Ow
VuI8WFJ/EN3UYS2JIbJKyUxQgq/sIKzlJz9WRlUiFyihCkdx
-----END CERTIFICATE-----