Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/cHkRc5kwNXyuG2IbB9oR1Mm89T0.roa
File:                     cHkRc5kwNXyuG2IbB9oR1Mm89T0.roa (raw, json)
Hash identifier:          hANc7YiJTuzN38SxNoxkCR1RuBnuyTlF1FnhKg50cT4=
Subject key identifier:   70:79:11:73:99:30:35:7C:AE:1B:62:1B:07:DA:11:D4:C9:BC:F5:3D
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       018CFF90FC5FE42B7D8B68E3CEC5D97A6F82
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/cHkRc5kwNXyuG2IbB9oR1Mm89T0.roa
Signing time:             Fri 12 Jan 2024 21:25:41 +0000
ROA not before:           Fri 12 Jan 2024 21:25:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216419
IP address blocks:        2a0d:6f80:23f1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ff:90:fc:5f:e4:2b:7d:8b:68:e3:ce:c5:d9:7a:6f:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan 12 21:25:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=707911739930357cae1b621b07da11d4c9bcf53d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:11:db:b3:ce:36:d6:3f:26:4a:d3:17:18:f6:
                    c5:3f:ac:af:90:cd:9e:7f:40:ad:f2:d6:ce:fe:bf:
                    1a:b0:78:2d:24:bc:c9:33:33:fd:12:39:91:a1:c4:
                    cf:1f:43:56:33:cf:7d:53:b9:db:b7:c1:51:ed:5d:
                    1d:ad:3c:92:58:b0:bc:d4:ae:1d:90:67:a7:92:0b:
                    f7:48:f0:c8:6f:1b:c5:f8:77:17:d9:88:14:28:a1:
                    52:67:f0:75:7d:1f:2b:c2:47:1c:47:41:5b:f3:00:
                    ad:19:d6:d3:2a:41:4d:09:99:26:38:71:58:d4:d4:
                    24:81:bb:7a:32:d2:f6:8c:bf:50:18:7e:22:1d:13:
                    f3:9b:3d:26:45:83:8b:5f:c0:2c:6b:c1:6c:20:40:
                    f0:73:21:f0:8a:fc:fa:8a:fb:e6:70:4e:07:46:dd:
                    c8:4b:5e:f2:ed:c8:bf:ba:4c:6f:85:ec:42:4d:ac:
                    68:61:24:77:70:8d:c8:ba:3d:d1:fd:43:c1:89:b0:
                    5f:6e:79:dd:a7:f2:b1:e3:26:ff:ee:4b:f8:37:fc:
                    73:37:57:b3:66:1a:73:ca:ed:8a:2a:6f:5d:66:d5:
                    f9:48:34:b9:7b:2d:b2:53:f9:86:54:9d:74:de:f5:
                    ae:f0:8f:77:04:65:2a:be:66:11:c6:fa:ec:12:17:
                    91:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:79:11:73:99:30:35:7C:AE:1B:62:1B:07:DA:11:D4:C9:BC:F5:3D
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/cHkRc5kwNXyuG2IbB9oR1Mm89T0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:6f80:23f1::/48

    Signature Algorithm: sha256WithRSAEncryption
         be:d8:8b:cd:44:16:89:62:19:ba:4a:17:7c:f9:dc:12:31:16:
         ff:93:45:7a:0c:ef:7e:75:dc:48:64:b5:9b:39:7f:29:9f:db:
         65:3a:36:a5:3a:c2:40:5e:2b:d9:7b:7f:db:0b:1d:b2:20:5f:
         d0:32:58:b6:0c:59:33:a4:ff:cb:ff:81:eb:e0:2f:88:71:4a:
         36:ac:10:1c:3b:b4:a9:6f:52:97:b6:89:68:79:34:90:a8:44:
         37:ea:2e:86:bd:fb:92:d6:4f:38:12:15:b8:7d:f6:05:4d:cc:
         26:8c:c6:ee:65:f9:f2:2c:6f:e1:44:08:54:62:83:b2:21:48:
         3a:15:c3:9e:84:78:e2:e9:33:b2:18:fa:58:ed:29:c8:09:1c:
         14:92:d6:ad:72:06:c4:06:d3:dc:12:35:f8:27:b5:0f:c5:84:
         e4:aa:92:37:72:19:72:9d:e6:64:ff:f2:92:c5:11:dc:e3:4b:
         00:bc:75:d4:6d:d7:3e:19:31:2b:3b:c6:39:63:0d:c2:7d:2b:
         d3:17:ab:8a:3c:0b:dd:21:3c:e7:8d:ba:80:eb:d2:9e:74:3c:
         33:4e:8e:b8:34:0c:95:f5:88:4a:f6:dd:34:f5:df:e8:98:ce:
         75:aa:a3:47:79:fd:91:f9:28:d1:bb:f1:f5:ef:ad:d1:ee:d7:
         14:93:65:7e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYz/kPxf5Ct9i2jjzsXZem+CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwMTEyMjEyNTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDc5MTE3Mzk5MzAzNTdjYWUxYjYyMWIwN2RhMTFkNGM5YmNmNTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBHbs8421j8mStMXGPbFP6yvkM2e
f0Ct8tbO/r8asHgtJLzJMzP9EjmRocTPH0NWM899U7nbt8FR7V0drTySWLC81K4d
kGenkgv3SPDIbxvF+HcX2YgUKKFSZ/B1fR8rwkccR0Fb8wCtGdbTKkFNCZkmOHFY
1NQkgbt6MtL2jL9QGH4iHRPzmz0mRYOLX8Asa8FsIEDwcyHwivz6ivvmcE4HRt3I
S17y7ci/ukxvhexCTaxoYSR3cI3Iuj3R/UPBibBfbnndp/Kx4yb/7kv4N/xzN1ez
Zhpzyu2KKm9dZtX5SDS5ey2yU/mGVJ103vWu8I93BGUqvmYRxvrsEheRCQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHB5EXOZMDV8rhtiGwfaEdTJvPU9MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvY0hrUmM1a3dOWHl1RzJJYkI5b1IxTW04OVQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg1vgCPx
MA0GCSqGSIb3DQEBCwUAA4IBAQC+2IvNRBaJYhm6Shd8+dwSMRb/k0V6DO9+ddxI
ZLWbOX8pn9tlOjalOsJAXivZe3/bCx2yIF/QMli2DFkzpP/L/4Hr4C+IcUo2rBAc
O7Spb1KXtoloeTSQqEQ36i6GvfuS1k84EhW4ffYFTcwmjMbuZfnyLG/hRAhUYoOy
IUg6FcOehHji6TOyGPpY7SnICRwUktatcgbEBtPcEjX4J7UPxYTkqpI3chlyneZk
//KSxRHc40sAvHXUbdc+GTErO8Y5Yw3CfSvTF6uKPAvdITznjbqA69KedDwzTo64
NAyV9YhK9t009d/omM51qqNHef2R+SjRu/H1763R7tcUk2V+
-----END CERTIFICATE-----