Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/6a6535-6f42-4f2d-9eb9-7d4c8f37f5fd/1/FGpyfTErK2HJp49bL-i817bEGAE.roa
File:                     FGpyfTErK2HJp49bL-i817bEGAE.roa (raw, json)
Hash identifier:          aOT9xh+8isp8JtWSP9I15nZULLk0eYcdimABc0Kz/tA=
Subject key identifier:   14:6A:72:7D:31:2B:2B:61:C9:A7:8F:5B:2F:E8:BC:D7:B6:C4:18:01
Certificate issuer:       /CN=c1db67b85104e4db598fea15678699c92473bda0
Certificate serial:       0192572CD5D785890BE3948F5F2C31410AA4
Authority key identifier: C1:DB:67:B8:51:04:E4:DB:59:8F:EA:15:67:86:99:C9:24:73:BD:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wdtnuFEE5NtZj-oVZ4aZySRzvaA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/6a6535-6f42-4f2d-9eb9-7d4c8f37f5fd/1/FGpyfTErK2HJp49bL-i817bEGAE.roa
Signing time:             Fri 04 Oct 2024 10:56:49 +0000
ROA not before:           Fri 04 Oct 2024 10:56:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216475
IP address blocks:        2a0c:dd80:2000::/48 maxlen: 48
                          2a0c:dd80:3000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/6a6535-6f42-4f2d-9eb9-7d4c8f37f5fd/1/wdtnuFEE5NtZj-oVZ4aZySRzvaA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/6a6535-6f42-4f2d-9eb9-7d4c8f37f5fd/1/wdtnuFEE5NtZj-oVZ4aZySRzvaA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wdtnuFEE5NtZj-oVZ4aZySRzvaA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:57:2c:d5:d7:85:89:0b:e3:94:8f:5f:2c:31:41:0a:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1db67b85104e4db598fea15678699c92473bda0
        Validity
            Not Before: Oct  4 10:56:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=146a727d312b2b61c9a78f5b2fe8bcd7b6c41801
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:2d:72:40:c0:37:3a:18:6a:5f:cc:53:7e:4d:
                    04:aa:4c:de:76:b8:14:39:15:e9:12:36:fd:70:82:
                    d2:bf:19:13:a8:a3:46:a8:96:74:20:69:ae:b3:90:
                    6b:b6:05:b1:a5:bc:1f:a5:70:07:37:98:7f:f9:1f:
                    24:26:2c:7a:fe:99:74:b8:7c:d8:0b:c3:97:9b:ce:
                    3d:12:60:8e:7d:81:3e:12:ed:53:b3:7b:77:d3:fc:
                    1f:cf:5d:c6:e1:4f:51:12:8a:d0:90:4f:e7:d7:60:
                    fe:58:c2:5b:e0:a0:12:fd:82:84:f4:93:21:54:58:
                    fe:6f:c6:d6:78:cb:ae:67:1f:d4:52:46:66:bd:4e:
                    b6:cc:87:fc:3f:ed:44:4c:d5:16:b9:24:4f:75:12:
                    4c:4e:89:3f:42:e4:c1:61:a7:1f:94:b2:6e:b5:1c:
                    b8:77:43:04:54:1c:6b:2b:8b:8d:05:2c:0f:c8:a3:
                    c4:fe:46:b3:f8:f9:65:31:6c:1e:25:6c:b2:bf:09:
                    19:b1:79:f8:14:e3:f1:3f:79:d7:93:6e:51:60:22:
                    41:54:81:1a:12:4b:db:51:2b:78:64:29:ac:96:14:
                    27:66:c6:5c:53:c6:96:9c:1b:40:19:c8:bd:8f:7f:
                    50:a8:51:62:d6:2c:94:52:a5:b9:3f:3a:75:5a:d4:
                    72:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:6A:72:7D:31:2B:2B:61:C9:A7:8F:5B:2F:E8:BC:D7:B6:C4:18:01
            X509v3 Authority Key Identifier:
                keyid:C1:DB:67:B8:51:04:E4:DB:59:8F:EA:15:67:86:99:C9:24:73:BD:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wdtnuFEE5NtZj-oVZ4aZySRzvaA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6a6535-6f42-4f2d-9eb9-7d4c8f37f5fd/1/FGpyfTErK2HJp49bL-i817bEGAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6a6535-6f42-4f2d-9eb9-7d4c8f37f5fd/1/wdtnuFEE5NtZj-oVZ4aZySRzvaA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:dd80:2000::/48
                  2a0c:dd80:3000::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:a2:b7:4e:7d:2a:73:0c:e8:0c:93:35:99:72:f4:ad:39:ac:
         d4:b2:95:db:e1:8e:d7:46:3b:fb:7e:f7:89:e9:ac:19:f7:51:
         b7:6a:34:7a:e2:50:2d:82:00:05:f5:06:02:a3:e6:57:1d:33:
         ee:a6:02:52:93:77:12:93:87:6d:79:3c:92:68:24:0b:7c:f2:
         d4:fb:de:df:b8:6a:6d:98:a5:1e:bb:5e:07:af:f4:82:01:1d:
         0a:ce:d8:98:d3:ce:0a:1b:a4:3f:a7:61:6f:cd:de:04:b6:63:
         68:df:0e:ed:69:a4:f6:ee:98:b8:f7:8f:e3:3e:1e:7b:b9:81:
         e9:ab:02:e8:e5:95:ee:c9:a4:44:6e:72:c1:ab:7a:5f:78:69:
         57:a4:81:f0:17:be:ee:c9:ea:db:e2:61:19:e6:18:75:6a:61:
         4a:c0:86:a0:73:a0:e1:8e:f3:ab:02:51:15:e9:99:1d:46:58:
         7f:5e:98:16:34:3d:00:26:e6:af:6d:e6:08:e1:13:08:e3:97:
         9e:07:21:48:f6:97:14:cc:bc:af:89:5c:e0:2d:e1:a1:05:f3:
         46:49:15:84:a7:9e:65:54:ff:32:9e:dc:b7:ad:6f:9d:c8:23:
         6a:4d:64:9d:4d:13:11:39:ce:be:e4:42:f9:a9:f5:64:94:49:
         ce:f6:b1:ff
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZJXLNXXhYkL45SPXywxQQqkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxZGI2N2I4NTEwNGU0ZGI1OThmZWExNTY3ODY5OWM5MjQ3
M2JkYTAwHhcNMjQxMDA0MTA1NjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDZhNzI3ZDMxMmIyYjYxYzlhNzhmNWIyZmU4YmNkN2I2YzQxODAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqi1yQMA3OhhqX8xTfk0EqkzedrgU
ORXpEjb9cILSvxkTqKNGqJZ0IGmus5BrtgWxpbwfpXAHN5h/+R8kJix6/pl0uHzY
C8OXm849EmCOfYE+Eu1Ts3t30/wfz13G4U9REorQkE/n12D+WMJb4KAS/YKE9JMh
VFj+b8bWeMuuZx/UUkZmvU62zIf8P+1ETNUWuSRPdRJMTok/QuTBYacflLJutRy4
d0MEVBxrK4uNBSwPyKPE/kaz+PllMWweJWyyvwkZsXn4FOPxP3nXk25RYCJBVIEa
EkvbUSt4ZCmslhQnZsZcU8aWnBtAGci9j39QqFFi1iyUUqW5Pzp1WtRyoQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBRqcn0xKythyaePWy/ovNe2xBgBMB8GA1UdIwQY
MBaAFMHbZ7hRBOTbWY/qFWeGmckkc72gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2R0bnVGRUU1TnRaai1vVlo0YVp5U1J6dmFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82YTY1MzUtNmY0Mi00ZjJkLTllYjkt
N2Q0YzhmMzdmNWZkLzEvRkdweWZURXJLMkhKcDQ5YkwtaTgxN2JFR0FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82YTY1MzUtNmY0Mi00ZjJkLTllYjktN2Q0YzhmMzdmNWZk
LzEvd2R0bnVGRUU1TnRaai1vVlo0YVp5U1J6dmFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgzdgCAA
AwcAKgzdgDAAMA0GCSqGSIb3DQEBCwUAA4IBAQBaordOfSpzDOgMkzWZcvStOazU
spXb4Y7XRjv7fveJ6awZ91G3ajR64lAtggAF9QYCo+ZXHTPupgJSk3cSk4dteTyS
aCQLfPLU+97fuGptmKUeu14Hr/SCAR0KztiY084KG6Q/p2Fvzd4EtmNo3w7taaT2
7pi494/jPh57uYHpqwLo5ZXuyaREbnLBq3pfeGlXpIHwF77uyerb4mEZ5hh1amFK
wIagc6DhjvOrAlEV6ZkdRlh/XpgWND0AJuavbeYI4RMI45eeByFI9pcUzLyviVzg
LeGhBfNGSRWEp55lVP8ynty3rW+dyCNqTWSdTRMROc6+5EL5qfVklEnO9rH/
-----END CERTIFICATE-----