Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/1F-PLkJeZsd5BhbWomZg7cLPFrk.roa
File:                     1F-PLkJeZsd5BhbWomZg7cLPFrk.roa (raw, json)
Hash identifier:          yrygGJcoXqVH2Jg8Juj5GnPuSpfNJREHSoSijlooIac=
Subject key identifier:   D4:5F:8F:2E:42:5E:66:C7:79:06:16:D6:A2:66:60:ED:C2:CF:16:B9
Certificate issuer:       /CN=dbe6ab8e0c46e841b44d2b9c6b03bb65f5621db1
Certificate serial:       01946A39F992AA2B451334791A9BD849D746
Authority key identifier: DB:E6:AB:8E:0C:46:E8:41:B4:4D:2B:9C:6B:03:BB:65:F5:62:1D:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/1F-PLkJeZsd5BhbWomZg7cLPFrk.roa
Signing time:             Wed 15 Jan 2025 13:49:31 +0000
ROA not before:           Wed 15 Jan 2025 13:49:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213613
IP address blocks:        2a0f:ca82:b00b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 21:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:6a:39:f9:92:aa:2b:45:13:34:79:1a:9b:d8:49:d7:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbe6ab8e0c46e841b44d2b9c6b03bb65f5621db1
        Validity
            Not Before: Jan 15 13:49:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d45f8f2e425e66c7790616d6a26660edc2cf16b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c8:24:2d:a1:42:0d:71:4b:06:88:95:c9:6f:
                    9b:92:99:54:a7:b5:0f:f4:3e:de:e5:33:60:b1:af:
                    36:08:1f:a6:b3:13:2b:10:12:7c:df:66:3e:65:b4:
                    56:1a:b6:bd:fb:62:52:f8:4c:97:ca:38:e7:37:a5:
                    67:03:df:fb:86:c6:c2:f1:99:b5:84:55:9b:6f:3e:
                    79:53:01:7d:65:37:eb:99:73:a2:a2:fa:e8:70:7c:
                    17:ef:46:ef:92:c0:bb:b5:ed:af:8c:de:5a:a3:87:
                    50:ed:94:dd:a8:7a:b1:99:02:61:04:72:2e:ff:9f:
                    aa:16:8f:a1:f1:72:42:e8:57:cc:41:d4:bd:eb:00:
                    e4:a8:db:10:c2:30:89:9a:2d:83:8c:f3:b3:f7:f4:
                    b0:e9:da:cf:6a:2a:6d:77:20:6f:af:a3:2f:96:b1:
                    a4:ad:be:32:6a:0e:18:8a:7f:86:27:05:95:d0:b6:
                    4a:6a:22:c2:08:81:e4:0b:6c:aa:dd:82:0c:8b:ff:
                    48:b9:bd:50:c0:5a:59:02:90:aa:26:1f:0f:c3:d7:
                    10:be:f8:5b:97:04:88:51:70:2d:f9:d4:43:0e:46:
                    47:2a:96:cb:0b:2f:0a:b3:09:55:77:1d:5b:42:02:
                    96:00:be:ab:e1:82:13:e6:f5:05:e6:81:92:51:51:
                    64:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:5F:8F:2E:42:5E:66:C7:79:06:16:D6:A2:66:60:ED:C2:CF:16:B9
            X509v3 Authority Key Identifier:
                keyid:DB:E6:AB:8E:0C:46:E8:41:B4:4D:2B:9C:6B:03:BB:65:F5:62:1D:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/1F-PLkJeZsd5BhbWomZg7cLPFrk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:ca82:b00b::/48

    Signature Algorithm: sha256WithRSAEncryption
         9c:bc:11:17:f3:47:7f:76:59:f4:9c:ad:f9:60:e8:08:fb:79:
         82:98:67:0e:de:eb:b3:91:a0:84:c3:74:26:21:ac:ae:cf:f0:
         13:ba:c1:7f:92:7a:1a:12:e8:9a:ee:e2:0f:75:8f:3d:86:16:
         2e:5e:cd:31:9f:ca:21:f3:a8:bb:dc:4c:e1:a5:e4:f0:56:b0:
         35:47:b0:18:6c:f6:ff:87:95:4a:a0:f7:31:94:5c:7f:37:d3:
         a9:c1:d5:a6:d3:11:8d:17:df:9d:25:c6:63:fd:a5:5f:ef:b8:
         4c:37:bc:45:82:e4:2f:94:7a:1f:94:1d:b4:8b:b9:b7:c6:94:
         d4:a5:ea:b6:4c:3f:0f:fd:94:77:ac:1b:61:02:21:92:3c:e9:
         10:55:1c:30:8e:33:fb:6c:c3:55:c1:a6:6e:31:2b:88:fc:58:
         b1:a6:38:5d:84:bb:aa:cc:8c:ce:d1:ea:7f:8f:ac:32:9b:14:
         7d:60:d7:c6:25:4f:6b:57:ae:fb:53:f3:d0:15:7f:37:f9:47:
         d5:eb:dd:c0:5e:c7:76:86:69:e3:28:77:14:cf:68:d7:6e:10:
         6f:5e:0f:42:db:a2:8a:36:0d:14:c6:43:5b:e3:fd:2c:56:ef:
         d3:60:4d:1c:8b:71:0e:b5:d8:af:c3:5b:1f:65:8c:52:9c:ba:
         f2:de:b7:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZRqOfmSqitFEzR5GpvYSddGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZTZhYjhlMGM0NmU4NDFiNDRkMmI5YzZiMDNiYjY1ZjU2
MjFkYjEwHhcNMjUwMTE1MTM0OTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDVmOGYyZTQyNWU2NmM3NzkwNjE2ZDZhMjY2NjBlZGMyY2YxNmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsgkLaFCDXFLBoiVyW+bkplUp7UP
9D7e5TNgsa82CB+msxMrEBJ832Y+ZbRWGra9+2JS+EyXyjjnN6VnA9/7hsbC8Zm1
hFWbbz55UwF9ZTfrmXOiovrocHwX70bvksC7te2vjN5ao4dQ7ZTdqHqxmQJhBHIu
/5+qFo+h8XJC6FfMQdS96wDkqNsQwjCJmi2DjPOz9/Sw6drPaiptdyBvr6MvlrGk
rb4yag4Yin+GJwWV0LZKaiLCCIHkC2yq3YIMi/9Iub1QwFpZApCqJh8Pw9cQvvhb
lwSIUXAt+dRDDkZHKpbLCy8KswlVdx1bQgKWAL6r4YIT5vUF5oGSUVFk3QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNRfjy5CXmbHeQYW1qJmYO3Czxa5MB8GA1UdIwQY
MBaAFNvmq44MRuhBtE0rnGsDu2X1Yh2xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMi1hcmpneEc2RUcwVFN1Y2F3TzdaZlZpSGJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS85NjQzNmMtZjZmYS00MGJhLWEyN2Mt
ZmIxMDMwNjUxMDY3LzEvMUYtUExrSmVac2Q1QmhiV29tWmc3Y0xQRnJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS85NjQzNmMtZjZmYS00MGJhLWEyN2MtZmIxMDMwNjUxMDY3
LzEvMi1hcmpneEc2RUcwVFN1Y2F3TzdaZlZpSGJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg/KgrAL
MA0GCSqGSIb3DQEBCwUAA4IBAQCcvBEX80d/dln0nK35YOgI+3mCmGcO3uuzkaCE
w3QmIayuz/ATusF/knoaEuia7uIPdY89hhYuXs0xn8oh86i73EzhpeTwVrA1R7AY
bPb/h5VKoPcxlFx/N9OpwdWm0xGNF9+dJcZj/aVf77hMN7xFguQvlHoflB20i7m3
xpTUpeq2TD8P/ZR3rBthAiGSPOkQVRwwjjP7bMNVwaZuMSuI/FixpjhdhLuqzIzO
0ep/j6wymxR9YNfGJU9rV677U/PQFX83+UfV693AXsd2hmnjKHcUz2jXbhBvXg9C
26KKNg0UxkNb4/0sVu/TYE0ci3EOtdivw1sfZYxSnLry3rez
-----END CERTIFICATE-----