Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/GqPP9DtRhUGgXAk7hsEvkcyVmEc.roa
File:                     GqPP9DtRhUGgXAk7hsEvkcyVmEc.roa (raw, json)
Hash identifier:          WrurkfcPE2eTIVBUFTr0kj4B+tcH7SrpH7PEAyhmUz4=
Subject key identifier:   1A:A3:CF:F4:3B:51:85:41:A0:5C:09:3B:86:C1:2F:91:CC:95:98:47
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019033F8B212EE7A24861CBFCA9D7720A913
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/GqPP9DtRhUGgXAk7hsEvkcyVmEc.roa
Signing time:             Thu 20 Jun 2024 04:47:34 +0000
ROA not before:           Thu 20 Jun 2024 04:47:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213016
IP address blocks:        2a0d:6f80:2a44::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:33:f8:b2:12:ee:7a:24:86:1c:bf:ca:9d:77:20:a9:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jun 20 04:47:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1aa3cff43b518541a05c093b86c12f91cc959847
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:05:44:14:70:95:51:63:be:3d:8b:7b:44:9c:
                    59:c1:5c:3a:e4:59:d6:6c:dd:a1:37:66:5d:65:ae:
                    6c:c8:0c:98:3b:14:d8:c6:2b:fd:45:90:0a:1d:14:
                    1f:7f:46:14:5f:b6:9a:8d:77:da:eb:98:0b:1d:8f:
                    8b:e1:ee:be:ad:3f:56:c9:60:46:06:21:9d:ff:af:
                    1f:d3:f9:b4:b7:13:c0:51:1c:c8:c9:17:4a:d0:93:
                    61:20:51:c3:43:f5:45:34:0d:19:8b:b5:be:56:53:
                    1d:59:b8:65:95:ee:ac:f5:36:d1:b4:08:1f:69:37:
                    e5:ad:7f:08:ab:e0:5e:9a:02:f7:b5:2e:99:ec:02:
                    0f:ed:e8:79:ca:a6:c9:d1:1f:bf:e7:46:59:8f:ac:
                    d2:c7:01:b5:ca:41:c8:87:70:67:56:e0:38:a2:c2:
                    c0:6d:6a:90:00:49:25:46:4f:66:38:f6:1e:5d:7a:
                    d1:76:14:b7:2c:74:66:17:b9:57:12:d6:11:2a:79:
                    cf:df:cc:d8:31:8a:60:f4:83:70:45:f4:42:ae:ee:
                    12:10:25:96:63:66:82:3f:d8:4b:fe:c6:cf:63:f4:
                    55:98:c7:20:87:07:7b:78:d5:6f:d0:5f:d0:12:f1:
                    59:13:47:ca:d6:7a:74:7c:53:23:a4:e4:4e:26:51:
                    27:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:A3:CF:F4:3B:51:85:41:A0:5C:09:3B:86:C1:2F:91:CC:95:98:47
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/GqPP9DtRhUGgXAk7hsEvkcyVmEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:6f80:2a44::/48

    Signature Algorithm: sha256WithRSAEncryption
         c7:c3:d1:c3:4c:d9:6c:2b:34:dd:cd:0c:7d:b5:ca:70:bd:74:
         1a:e5:96:28:c9:a1:ad:83:fb:ca:c8:33:1a:e2:f4:40:fe:b4:
         4a:ab:4b:06:13:27:02:ca:68:9f:f7:d6:67:ec:1b:bc:28:7a:
         cb:bd:c8:33:75:3a:77:00:17:c5:14:86:f2:b1:4e:32:f1:be:
         9e:a9:ad:8f:ce:10:b6:7c:74:91:74:32:c4:ae:6c:64:dd:43:
         83:e9:1b:a8:22:ab:6c:31:a2:36:fe:29:f1:49:7e:ec:93:61:
         6d:a0:85:ee:14:7c:03:05:0e:b0:94:c2:19:9e:6a:ca:82:a7:
         3d:da:22:6e:18:ac:cf:a3:70:17:23:01:6d:84:dd:65:c5:0b:
         9d:00:af:a1:69:19:6e:4f:5d:91:7f:15:40:df:e6:e6:45:32:
         ef:86:54:3d:da:09:63:6d:5e:1b:fa:de:27:6e:e7:0e:59:14:
         c5:82:41:67:b3:62:3d:b3:ab:7f:bd:bc:45:8b:af:02:ae:38:
         d5:db:bd:e4:74:9f:5f:57:2a:97:6d:04:c3:04:7a:5b:fd:b0:
         4c:f8:04:bb:96:f1:f0:17:d2:38:19:8b:14:37:73:ec:9d:e9:
         b4:a8:b0:ce:e0:a2:7b:a0:3d:cf:9b:1e:71:02:43:c4:e3:05:
         8e:08:fb:97
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZAz+LIS7nokhhy/yp13IKkTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwNjIwMDQ0NzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWEzY2ZmNDNiNTE4NTQxYTA1YzA5M2I4NmMxMmY5MWNjOTU5ODQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0wVEFHCVUWO+PYt7RJxZwVw65FnW
bN2hN2ZdZa5syAyYOxTYxiv9RZAKHRQff0YUX7aajXfa65gLHY+L4e6+rT9WyWBG
BiGd/68f0/m0txPAURzIyRdK0JNhIFHDQ/VFNA0Zi7W+VlMdWbhlle6s9TbRtAgf
aTflrX8Iq+BemgL3tS6Z7AIP7eh5yqbJ0R+/50ZZj6zSxwG1ykHIh3BnVuA4osLA
bWqQAEklRk9mOPYeXXrRdhS3LHRmF7lXEtYRKnnP38zYMYpg9INwRfRCru4SECWW
Y2aCP9hL/sbPY/RVmMcghwd7eNVv0F/QEvFZE0fK1np0fFMjpOROJlEneQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBqjz/Q7UYVBoFwJO4bBL5HMlZhHMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvR3FQUDlEdFJoVUdnWEFrN2hzRXZrY3lWbUVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg1vgCpE
MA0GCSqGSIb3DQEBCwUAA4IBAQDHw9HDTNlsKzTdzQx9tcpwvXQa5ZYoyaGtg/vK
yDMa4vRA/rRKq0sGEycCymif99Zn7Bu8KHrLvcgzdTp3ABfFFIbysU4y8b6eqa2P
zhC2fHSRdDLErmxk3UOD6RuoIqtsMaI2/inxSX7sk2FtoIXuFHwDBQ6wlMIZnmrK
gqc92iJuGKzPo3AXIwFthN1lxQudAK+haRluT12RfxVA3+bmRTLvhlQ92gljbV4b
+t4nbucOWRTFgkFns2I9s6t/vbxFi68CrjjV273kdJ9fVyqXbQTDBHpb/bBM+AS7
lvHwF9I4GYsUN3Psnem0qLDO4KJ7oD3Pmx5xAkPE4wWOCPuX
-----END CERTIFICATE-----