Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/14ddd1-deac-41ff-ba6b-162ed624e282/1/1-FLJLyiUm8oDxeZ8l12MNlfNojg.roa
File:                     1-FLJLyiUm8oDxeZ8l12MNlfNojg.roa (raw, json)
Hash identifier:          +2PsEFyx2YnquOEHBJzNj7nUXJqc9OUMNARHxeljqiY=
Subject key identifier:   F8:52:C9:2F:28:94:9B:CA:03:C5:E6:7C:97:5D:8C:36:57:CD:A2:38
Certificate issuer:       /CN=665e4d7ea8a3470c9703ee7551481c36f774febb
Certificate serial:       018CC26D72766ADD9DDD5249C850CC36B328
Authority key identifier: 66:5E:4D:7E:A8:A3:47:0C:97:03:EE:75:51:48:1C:36:F7:74:FE:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zl5NfqijRwyXA-51UUgcNvd0_rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/14ddd1-deac-41ff-ba6b-162ed624e282/1/1-FLJLyiUm8oDxeZ8l12MNlfNojg.roa
Signing time:             Mon 01 Jan 2024 00:30:01 +0000
ROA not before:           Mon 01 Jan 2024 00:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198469
IP address blocks:        2a0e:6a81:d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/14ddd1-deac-41ff-ba6b-162ed624e282/1/Zl5NfqijRwyXA-51UUgcNvd0_rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/14ddd1-deac-41ff-ba6b-162ed624e282/1/Zl5NfqijRwyXA-51UUgcNvd0_rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zl5NfqijRwyXA-51UUgcNvd0_rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:72:76:6a:dd:9d:dd:52:49:c8:50:cc:36:b3:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=665e4d7ea8a3470c9703ee7551481c36f774febb
        Validity
            Not Before: Jan  1 00:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f852c92f28949bca03c5e67c975d8c3657cda238
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:02:52:2e:b4:eb:d6:0a:06:45:2e:82:11:91:
                    05:b8:68:dc:7b:90:e1:89:3d:c5:68:49:6c:7d:ed:
                    ed:58:97:b4:f7:7d:3b:18:90:ed:f8:d9:0a:d8:87:
                    1d:09:b7:e0:9e:57:96:eb:22:bf:c1:f3:cc:1a:5a:
                    cb:5f:73:82:c9:74:20:e7:d2:3c:28:5c:37:1e:3c:
                    62:f7:51:e0:22:7d:09:c7:bb:95:1d:72:51:9a:d5:
                    f1:df:a3:3e:67:94:3c:4f:19:0f:04:ab:af:98:73:
                    92:9e:59:a4:90:d3:5f:69:2b:d2:22:cd:2e:84:0d:
                    2c:8f:0b:71:89:1b:fd:b2:64:ae:c9:35:49:6a:2a:
                    77:41:9c:75:e1:ce:58:f8:b9:86:80:5b:f1:20:e8:
                    fd:65:ca:f9:61:17:0b:19:2f:16:4e:11:5c:ed:de:
                    ab:01:f8:8a:ff:9c:05:c6:cf:a7:24:1d:f7:fc:5f:
                    06:2e:38:a3:7e:73:c1:71:58:f7:2a:78:8d:ab:02:
                    8a:33:06:c6:56:77:5e:db:3c:46:95:0f:e2:2c:c5:
                    12:63:d0:65:00:db:f3:dc:51:3a:1d:2d:bc:a5:dd:
                    73:47:52:58:86:97:f8:5b:89:1a:60:7d:a9:bb:eb:
                    63:63:e6:2f:88:44:d1:b6:e6:8b:b4:de:16:20:53:
                    9e:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:52:C9:2F:28:94:9B:CA:03:C5:E6:7C:97:5D:8C:36:57:CD:A2:38
            X509v3 Authority Key Identifier:
                keyid:66:5E:4D:7E:A8:A3:47:0C:97:03:EE:75:51:48:1C:36:F7:74:FE:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zl5NfqijRwyXA-51UUgcNvd0_rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/14ddd1-deac-41ff-ba6b-162ed624e282/1/1-FLJLyiUm8oDxeZ8l12MNlfNojg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/14ddd1-deac-41ff-ba6b-162ed624e282/1/Zl5NfqijRwyXA-51UUgcNvd0_rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:6a81:d::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:79:eb:1d:bd:69:eb:79:5c:bd:97:82:a6:94:40:6e:d8:ea:
         a3:45:a9:b1:c8:70:5e:eb:fe:aa:3a:7f:95:f1:1c:2d:d5:9b:
         d2:99:a6:77:5b:d5:f4:a0:6b:de:e1:31:d5:a9:03:65:9f:18:
         df:6e:03:d7:a3:2a:6e:48:1b:09:6c:16:a9:12:d8:b9:98:df:
         56:73:35:b8:a0:ad:84:58:38:2e:d5:a9:1d:f7:dc:d7:3e:6d:
         e4:85:73:9c:1b:b6:1b:fc:83:92:79:b4:3b:c2:02:97:a8:36:
         32:48:76:88:29:6e:dc:f0:e8:ab:3f:9a:c6:77:24:f0:3d:81:
         8a:03:82:4c:34:a4:25:ce:4c:15:53:b9:df:69:e6:99:ee:6a:
         60:67:24:0d:0c:dd:d8:32:58:c2:d9:c0:43:ed:cc:a1:38:5e:
         14:cd:8f:4c:10:b1:49:19:18:83:3c:bb:5a:a0:89:e4:1c:98:
         82:3b:ed:ca:b3:9e:b3:6d:c0:c6:c6:ff:20:f7:bb:36:1c:2b:
         90:0e:0b:d9:90:6b:73:e6:de:6c:a9:2b:19:0b:cb:36:0f:72:
         32:88:a7:f0:32:c5:8b:a0:d2:66:ab:b7:c7:45:66:9a:77:75:
         7e:af:f1:e7:9b:16:f3:2e:c0:d7:7a:a5:a8:74:9d:89:49:ae:
         89:e7:8f:92
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzCbXJ2at2d3VJJyFDMNrMoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NWU0ZDdlYThhMzQ3MGM5NzAzZWU3NTUxNDgxYzM2Zjc3
NGZlYmIwHhcNMjQwMTAxMDAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODUyYzkyZjI4OTQ5YmNhMDNjNWU2N2M5NzVkOGMzNjU3Y2RhMjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQJSLrTr1goGRS6CEZEFuGjce5Dh
iT3FaElsfe3tWJe09307GJDt+NkK2IcdCbfgnleW6yK/wfPMGlrLX3OCyXQg59I8
KFw3Hjxi91HgIn0Jx7uVHXJRmtXx36M+Z5Q8TxkPBKuvmHOSnlmkkNNfaSvSIs0u
hA0sjwtxiRv9smSuyTVJaip3QZx14c5Y+LmGgFvxIOj9Zcr5YRcLGS8WThFc7d6r
AfiK/5wFxs+nJB33/F8GLjijfnPBcVj3KniNqwKKMwbGVnde2zxGlQ/iLMUSY9Bl
ANvz3FE6HS28pd1zR1JYhpf4W4kaYH2pu+tjY+YviETRtuaLtN4WIFOe/QIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPhSyS8olJvKA8XmfJddjDZXzaI4MB8GA1UdIwQY
MBaAFGZeTX6oo0cMlwPudVFIHDb3dP67MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmw1TmZxaWpSd3lYQS01MVVVZ2NOdmQwX3JzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8xNGRkZDEtZGVhYy00MWZmLWJhNmIt
MTYyZWQ2MjRlMjgyLzEvMS1GTEpMeWlVbThvRHhlWjhsMTJNTmxmTm9qZy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDQvMTRkZGQxLWRlYWMtNDFmZi1iYTZiLTE2MmVkNjI0ZTI4
Mi8xL1psNU5mcWlqUnd5WEEtNTFVVWdjTnZkMF9ycy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoOaoEA
DTANBgkqhkiG9w0BAQsFAAOCAQEATXnrHb1p63lcvZeCppRAbtjqo0WpschwXuv+
qjp/lfEcLdWb0pmmd1vV9KBr3uEx1akDZZ8Y324D16MqbkgbCWwWqRLYuZjfVnM1
uKCthFg4LtWpHffc1z5t5IVznBu2G/yDknm0O8ICl6g2Mkh2iClu3PDoqz+axnck
8D2BigOCTDSkJc5MFVO532nmme5qYGckDQzd2DJYwtnAQ+3MoTheFM2PTBCxSRkY
gzy7WqCJ5ByYgjvtyrOes23Axsb/IPe7NhwrkA4L2ZBrc+bebKkrGQvLNg9yMoin
8DLFi6DSZqu3x0Vmmnd1fq/x55sW8y7A13qlqHSdiUmuieePkg==
-----END CERTIFICATE-----