Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/uD2BNoEUFo8Zqs2piGNRNmvsiCw.roa
File:                     uD2BNoEUFo8Zqs2piGNRNmvsiCw.roa (raw, json)
Hash identifier:          8UHPHglR5u1SfVoLg9SM698CdCn1mJj97ywMXYEzWLw=
Subject key identifier:   B8:3D:81:36:81:14:16:8F:19:AA:CD:A9:88:63:51:36:6B:EC:88:2C
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0194236A01DCC461CEF51C70D16D4E72177D
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/uD2BNoEUFo8Zqs2piGNRNmvsiCw.roa
Signing time:             Wed 01 Jan 2025 19:48:57 +0000
ROA not before:           Wed 01 Jan 2025 19:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216420
IP address blocks:        2a0d:6f80:1f72::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:01:dc:c4:61:ce:f5:1c:70:d1:6d:4e:72:17:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  1 19:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b83d81368114168f19aacda9886351366bec882c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:68:4c:08:70:47:2f:5c:e0:13:4c:d4:40:5b:
                    6a:14:1c:b2:c7:a6:f2:12:76:e9:ff:d6:14:c0:40:
                    3b:d6:07:c9:45:63:42:01:3b:fc:b0:2c:37:a9:fe:
                    04:91:f0:8a:82:77:f2:e6:c0:95:45:13:d9:b9:a4:
                    2f:32:38:aa:dc:76:64:98:4b:83:42:3e:f6:23:78:
                    4c:25:07:d2:46:cc:57:84:02:b0:eb:9e:21:f7:88:
                    df:ab:9f:1d:c0:f5:89:35:2a:cf:97:42:f8:f3:98:
                    9c:21:23:42:3e:41:ff:c8:ef:a5:cb:de:2f:03:07:
                    89:ae:3f:a5:91:cd:7c:79:c3:54:4b:b6:01:3f:5f:
                    1c:5c:1e:36:2b:ff:74:a4:5d:0b:02:73:95:0b:84:
                    17:0f:78:c0:b5:85:07:d5:8c:3b:b7:2c:58:4f:db:
                    fa:ae:4a:ac:c1:ba:f6:f8:d1:81:07:51:ee:2e:1f:
                    dd:69:92:0e:4a:da:54:b8:63:34:ae:bb:3b:af:a3:
                    26:53:88:0f:6b:65:2a:7e:bf:59:e7:cf:93:65:f2:
                    6d:c0:61:23:de:07:1a:db:6e:8c:70:2d:5b:58:c8:
                    fb:19:c1:de:eb:8c:4b:6e:eb:a7:bf:ca:dd:a0:1e:
                    0f:c0:15:57:39:31:0f:71:c9:3b:4e:47:b8:18:70:
                    a7:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:3D:81:36:81:14:16:8F:19:AA:CD:A9:88:63:51:36:6B:EC:88:2C
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/uD2BNoEUFo8Zqs2piGNRNmvsiCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:6f80:1f72::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:51:67:21:a1:3a:f1:b9:4d:fb:d1:de:92:51:40:76:3f:3e:
         4f:ae:84:a0:1f:f1:1d:f8:94:33:43:7f:f4:35:80:78:97:47:
         21:f9:61:66:d0:54:e5:1f:c5:dd:37:a0:41:74:04:d3:63:80:
         7e:92:f2:3a:95:42:28:53:91:87:b1:66:08:91:14:3d:4b:2c:
         82:23:15:21:2e:d4:93:58:46:e7:42:d8:c1:d6:f8:db:87:e3:
         e6:62:ab:d5:7c:1f:ea:e5:43:69:64:6d:b7:8f:3f:4f:ed:8e:
         33:8d:d9:fd:3b:90:bd:ba:ae:56:92:70:22:a0:19:90:a9:9a:
         b8:89:98:b9:8d:30:7f:be:8c:e2:ad:4e:35:74:31:5c:70:77:
         a5:bc:e8:5d:7d:ed:2d:90:58:a5:1e:2f:c3:bb:57:75:60:6b:
         95:1b:0b:af:22:89:cc:cf:1c:15:ed:e9:15:b7:a9:5d:aa:ea:
         ca:ce:15:e8:86:76:0d:4f:cb:8d:66:0c:d1:3d:ea:05:be:35:
         c4:3a:ce:a0:cd:02:cb:e5:40:5a:8d:5e:f0:41:b8:d0:45:c7:
         b0:d9:d3:ac:80:df:b4:04:2c:9f:0b:8f:88:17:a6:3b:cc:98:
         55:a3:3d:81:e2:c4:9a:1d:7d:8d:5d:aa:07:32:1d:b2:58:0d:
         de:d2:87:00
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQjagHcxGHO9Rxw0W1Ochd9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMTAxMTk0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODNkODEzNjgxMTQxNjhmMTlhYWNkYTk4ODYzNTEzNjZiZWM4ODJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmhMCHBHL1zgE0zUQFtqFByyx6by
Enbp/9YUwEA71gfJRWNCATv8sCw3qf4EkfCKgnfy5sCVRRPZuaQvMjiq3HZkmEuD
Qj72I3hMJQfSRsxXhAKw654h94jfq58dwPWJNSrPl0L485icISNCPkH/yO+ly94v
AweJrj+lkc18ecNUS7YBP18cXB42K/90pF0LAnOVC4QXD3jAtYUH1Yw7tyxYT9v6
rkqswbr2+NGBB1HuLh/daZIOStpUuGM0rrs7r6MmU4gPa2Uqfr9Z58+TZfJtwGEj
3gca226McC1bWMj7GcHe64xLbuunv8rdoB4PwBVXOTEPcck7Tke4GHCn0QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLg9gTaBFBaPGarNqYhjUTZr7IgsMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvdUQyQk5vRVVGbzhacXMycGlHTlJObXZzaUN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg1vgB9y
MA0GCSqGSIb3DQEBCwUAA4IBAQBxUWchoTrxuU370d6SUUB2Pz5ProSgH/Ed+JQz
Q3/0NYB4l0ch+WFm0FTlH8XdN6BBdATTY4B+kvI6lUIoU5GHsWYIkRQ9SyyCIxUh
LtSTWEbnQtjB1vjbh+PmYqvVfB/q5UNpZG23jz9P7Y4zjdn9O5C9uq5WknAioBmQ
qZq4iZi5jTB/vozirU41dDFccHelvOhdfe0tkFilHi/Du1d1YGuVGwuvIonMzxwV
7ekVt6ldqurKzhXohnYNT8uNZgzRPeoFvjXEOs6gzQLL5UBajV7wQbjQRcew2dOs
gN+0BCyfC4+IF6Y7zJhVoz2B4sSaHX2NXaoHMh2yWA3e0ocA
-----END CERTIFICATE-----