Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/6c4131-365c-4c14-9e0b-502a957fdaf8/1/1-i_f4gNCAnPwT26M-00faBCZ1ec.roa
File:                     1-i_f4gNCAnPwT26M-00faBCZ1ec.roa (raw, json)
Hash identifier:          rf9DtMiWGOZOoz1U+iRouParfUgOp6ltk1lTfbvhGLM=
Subject key identifier:   FA:2F:DF:E2:03:42:02:73:F0:4F:6E:8C:FB:4D:1F:68:10:99:D5:E7
Certificate issuer:       /CN=1deb3faa8388549b55cb3f3abd4c6c15106cf53b
Certificate serial:       01942522021313ECA02A14F39739B3BDDE6B
Authority key identifier: 1D:EB:3F:AA:83:88:54:9B:55:CB:3F:3A:BD:4C:6C:15:10:6C:F5:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hes_qoOIVJtVyz86vUxsFRBs9Ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/6c4131-365c-4c14-9e0b-502a957fdaf8/1/1-i_f4gNCAnPwT26M-00faBCZ1ec.roa
Signing time:             Thu 02 Jan 2025 03:49:33 +0000
ROA not before:           Thu 02 Jan 2025 03:49:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215389
IP address blocks:        2001:67c:280::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/6c4131-365c-4c14-9e0b-502a957fdaf8/1/Hes_qoOIVJtVyz86vUxsFRBs9Ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/6c4131-365c-4c14-9e0b-502a957fdaf8/1/Hes_qoOIVJtVyz86vUxsFRBs9Ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hes_qoOIVJtVyz86vUxsFRBs9Ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:02:13:13:ec:a0:2a:14:f3:97:39:b3:bd:de:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1deb3faa8388549b55cb3f3abd4c6c15106cf53b
        Validity
            Not Before: Jan  2 03:49:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa2fdfe203420273f04f6e8cfb4d1f681099d5e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:4a:5e:8c:7b:56:71:08:48:81:25:bb:0e:5f:
                    00:67:f3:87:01:11:3d:3c:5c:28:42:5e:c1:d3:62:
                    74:e9:b7:7a:72:13:27:2e:58:ea:33:31:c3:c0:08:
                    e5:8d:03:7f:1d:32:48:db:10:b0:63:14:79:64:72:
                    2c:9e:7e:2b:fb:35:17:cf:ce:63:e5:51:c6:ff:0f:
                    00:a5:da:75:36:89:21:32:70:17:38:30:b4:c9:04:
                    b3:83:d7:55:0b:09:1b:e1:ce:c5:0b:ff:26:f8:41:
                    38:9c:a0:49:73:bf:5e:fe:4a:64:e8:f6:6c:7f:f5:
                    4c:e4:52:3c:8a:1d:a4:50:7c:c4:0e:f1:05:b7:96:
                    90:99:b2:08:4c:75:13:02:85:de:21:3c:55:70:b0:
                    a3:c5:5d:7d:2f:54:f8:a4:d0:81:1b:fa:46:56:8a:
                    ee:1e:01:15:86:51:02:db:23:ac:21:8e:ee:1b:f4:
                    64:fb:21:8a:aa:6d:36:04:96:5d:22:a0:bd:bb:4b:
                    d8:c1:61:c0:83:21:4d:b2:63:19:a1:6e:32:b5:a4:
                    8e:db:ae:5d:09:c8:1f:a4:97:e1:9a:31:48:e1:df:
                    95:2d:5a:22:da:4a:33:c2:03:e5:48:f5:87:a8:cf:
                    6b:fc:90:87:9d:45:e6:25:4d:c0:ec:52:7a:99:a5:
                    91:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:2F:DF:E2:03:42:02:73:F0:4F:6E:8C:FB:4D:1F:68:10:99:D5:E7
            X509v3 Authority Key Identifier:
                keyid:1D:EB:3F:AA:83:88:54:9B:55:CB:3F:3A:BD:4C:6C:15:10:6C:F5:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hes_qoOIVJtVyz86vUxsFRBs9Ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/6c4131-365c-4c14-9e0b-502a957fdaf8/1/1-i_f4gNCAnPwT26M-00faBCZ1ec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/6c4131-365c-4c14-9e0b-502a957fdaf8/1/Hes_qoOIVJtVyz86vUxsFRBs9Ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:280::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:87:44:9c:28:a5:2a:fd:08:2d:4b:96:1c:a3:a2:45:73:f1:
         19:fe:cb:0c:40:62:98:9b:de:19:d9:32:11:39:96:f8:17:0f:
         88:ce:6f:6a:88:46:2a:6d:38:08:f9:2a:c1:87:f6:28:de:9f:
         f9:88:7b:97:19:1b:08:dd:d0:21:85:86:6d:79:93:8a:5b:46:
         3a:94:d6:a0:c3:4d:dc:1b:ed:0c:2e:4f:1a:81:7f:90:40:6a:
         d0:93:8b:63:4b:3d:e6:31:4a:17:08:f5:55:45:a7:22:e2:fa:
         eb:1d:fa:e6:00:85:1b:e9:f9:47:e5:60:5a:16:fc:e1:5b:52:
         ef:d8:10:b0:0f:41:51:db:88:8e:b3:15:af:41:7c:e8:fa:4b:
         b0:0a:69:12:da:bc:cf:71:27:71:d9:5c:66:3c:c7:b9:3c:a2:
         8a:a3:c0:a5:80:56:22:a1:8b:a0:49:ec:71:07:03:aa:10:45:
         ee:c8:00:fd:eb:ca:83:a2:eb:4c:7c:57:71:ca:d9:e4:b6:45:
         9b:c5:b0:f2:4d:4f:3d:98:eb:91:a2:15:8b:04:a2:fc:1b:78:
         a0:38:2c:89:ec:14:2d:4a:a4:5f:89:6e:3e:10:65:59:39:f9:
         3f:6c:5c:6c:a4:98:a9:02:8c:d9:de:bf:00:80:d3:68:04:f5:
         b5:39:39:93
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAZQlIgITE+ygKhTzlzmzvd5rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkZWIzZmFhODM4ODU0OWI1NWNiM2YzYWJkNGM2YzE1MTA2
Y2Y1M2IwHhcNMjUwMTAyMDM0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTJmZGZlMjAzNDIwMjczZjA0ZjZlOGNmYjRkMWY2ODEwOTlkNWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA20pejHtWcQhIgSW7Dl8AZ/OHARE9
PFwoQl7B02J06bd6chMnLljqMzHDwAjljQN/HTJI2xCwYxR5ZHIsnn4r+zUXz85j
5VHG/w8Apdp1NokhMnAXODC0yQSzg9dVCwkb4c7FC/8m+EE4nKBJc79e/kpk6PZs
f/VM5FI8ih2kUHzEDvEFt5aQmbIITHUTAoXeITxVcLCjxV19L1T4pNCBG/pGVoru
HgEVhlEC2yOsIY7uG/Rk+yGKqm02BJZdIqC9u0vYwWHAgyFNsmMZoW4ytaSO265d
CcgfpJfhmjFI4d+VLVoi2kozwgPlSPWHqM9r/JCHnUXmJU3A7FJ6maWR/QIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPov3+IDQgJz8E9ujPtNH2gQmdXnMB8GA1UdIwQY
MBaAFB3rP6qDiFSbVcs/Or1MbBUQbPU7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGVzX3FvT0lWSnRWeXo4NnZVeHNGUkJzOVRzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS82YzQxMzEtMzY1Yy00YzE0LTllMGIt
NTAyYTk1N2ZkYWY4LzEvMS1pX2Y0Z05DQW5Qd1QyNk0tMDBmYUJDWjFlYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDEvNmM0MTMxLTM2NWMtNGMxNC05ZTBiLTUwMmE5NTdmZGFm
OC8xL0hlc19xb09JVkp0Vnl6ODZ2VXhzRlJCczlUcy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABBnwC
gDANBgkqhkiG9w0BAQsFAAOCAQEAM4dEnCilKv0ILUuWHKOiRXPxGf7LDEBimJve
GdkyETmW+BcPiM5vaohGKm04CPkqwYf2KN6f+Yh7lxkbCN3QIYWGbXmTiltGOpTW
oMNN3BvtDC5PGoF/kEBq0JOLY0s95jFKFwj1VUWnIuL66x365gCFG+n5R+VgWhb8
4VtS79gQsA9BUduIjrMVr0F86PpLsAppEtq8z3EncdlcZjzHuTyiiqPApYBWIqGL
oEnscQcDqhBF7sgA/evKg6LrTHxXccrZ5LZFm8Ww8k1PPZjrkaIViwSi/Bt4oDgs
iewULUqkX4luPhBlWTn5P2xcbKSYqQKM2d6/AIDTaAT1tTk5kw==
-----END CERTIFICATE-----