Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/A1fIrFGhlMbj9f33wDPuGLhFHFs.roa
File:                     A1fIrFGhlMbj9f33wDPuGLhFHFs.roa (raw, json)
Hash identifier:          MeV5POAOc87NCzLPKxna4dr7mBmVnFs302YhzzT2y4Y=
Subject key identifier:   03:57:C8:AC:51:A1:94:C6:E3:F5:FD:F7:C0:33:EE:18:B8:45:1C:5B
Certificate issuer:       /CN=dbe6ab8e0c46e841b44d2b9c6b03bb65f5621db1
Certificate serial:       018CC94DA5CF0A8C860DB7E7D4C72A184EEA
Authority key identifier: DB:E6:AB:8E:0C:46:E8:41:B4:4D:2B:9C:6B:03:BB:65:F5:62:1D:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/A1fIrFGhlMbj9f33wDPuGLhFHFs.roa
Signing time:             Tue 02 Jan 2024 08:32:38 +0000
ROA not before:           Tue 02 Jan 2024 08:32:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212085
IP address blocks:        2a0f:ca81:1330::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 07:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:a5:cf:0a:8c:86:0d:b7:e7:d4:c7:2a:18:4e:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbe6ab8e0c46e841b44d2b9c6b03bb65f5621db1
        Validity
            Not Before: Jan  2 08:32:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0357c8ac51a194c6e3f5fdf7c033ee18b8451c5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:d7:20:dc:fc:70:d1:9a:b2:5f:88:08:db:4c:
                    ad:6a:d4:b9:0e:98:a1:c8:d2:3f:e4:c5:0c:7a:42:
                    ca:0b:0c:20:8c:d3:73:3e:cd:88:f5:f9:8c:50:bb:
                    78:e7:c9:3b:37:26:e5:4d:c5:4d:6e:cd:4d:41:78:
                    c7:f4:32:c6:2a:ef:cd:b8:1e:78:86:d1:28:52:23:
                    2b:42:5d:f0:93:8e:8a:bf:a4:82:b3:18:e3:aa:5c:
                    bc:b9:e4:64:c4:c2:3a:4f:58:b5:ba:ba:c4:d1:15:
                    65:88:1a:d6:7b:c5:0e:6d:7a:23:9f:b2:d7:60:94:
                    5f:06:2d:38:46:97:e0:0b:9e:d6:e5:03:38:ca:d7:
                    28:94:4c:d7:3f:39:3a:db:e2:3d:9b:53:3a:64:48:
                    de:ff:87:d5:2a:86:38:20:30:38:00:5b:65:04:ac:
                    c6:00:54:ea:8f:6b:9c:95:7f:e0:60:a7:99:59:e9:
                    c0:55:59:19:41:96:c2:44:6a:e8:36:41:b3:a6:71:
                    eb:bd:1c:8b:15:2d:d4:17:b2:b7:5e:14:6a:46:63:
                    6b:80:91:46:67:01:e9:ba:75:f7:6c:28:bb:4e:b1:
                    65:89:7c:98:e0:44:55:df:8a:34:08:3a:dd:d0:3c:
                    30:3c:00:1c:cc:d9:e0:05:7c:82:93:11:96:ff:cd:
                    96:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:57:C8:AC:51:A1:94:C6:E3:F5:FD:F7:C0:33:EE:18:B8:45:1C:5B
            X509v3 Authority Key Identifier:
                keyid:DB:E6:AB:8E:0C:46:E8:41:B4:4D:2B:9C:6B:03:BB:65:F5:62:1D:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/A1fIrFGhlMbj9f33wDPuGLhFHFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:ca81:1330::/44

    Signature Algorithm: sha256WithRSAEncryption
         89:df:79:61:48:8b:42:67:86:f5:c3:2e:67:b7:1f:52:21:aa:
         d5:62:a4:26:58:10:68:38:80:2b:82:b2:ba:d1:3e:ed:f7:93:
         95:f5:a6:34:92:7a:4d:71:66:93:6e:54:cc:09:a8:6d:50:42:
         bb:d5:76:3b:59:63:88:4b:08:99:d8:19:de:1f:30:dd:28:07:
         da:37:89:7d:91:fb:52:31:42:9a:f7:b3:53:f2:28:a3:96:d4:
         74:34:29:4e:01:67:89:c5:99:0f:ce:22:4f:41:86:ec:cf:28:
         0c:72:92:a6:c7:bd:57:78:f1:40:85:0e:e5:21:43:2b:18:1f:
         48:f9:a9:ae:d4:b0:34:46:5b:6c:21:5f:e1:97:95:6b:f5:f1:
         c4:f5:c7:46:eb:31:9b:f8:55:bd:67:f0:30:fe:b4:f3:a6:8a:
         f1:c8:00:ce:cd:67:e8:72:25:05:c9:d7:2a:d1:16:c1:06:07:
         7f:9b:a6:1e:9e:60:68:c7:42:50:c4:55:71:81:66:01:0a:39:
         f2:7d:60:c8:c3:59:09:35:e7:be:31:15:20:01:e6:d6:ca:f8:
         62:dc:17:50:09:32:5e:84:85:66:2c:83:7b:c7:8d:63:01:d3:
         b6:8e:1b:8e:84:64:91:95:c2:a3:65:27:ff:f6:24:65:f1:1f:
         68:b9:8e:a2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTaXPCoyGDbfn1McqGE7qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZTZhYjhlMGM0NmU4NDFiNDRkMmI5YzZiMDNiYjY1ZjU2
MjFkYjEwHhcNMjQwMTAyMDgzMjM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzU3YzhhYzUxYTE5NGM2ZTNmNWZkZjdjMDMzZWUxOGI4NDUxYzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodcg3Pxw0ZqyX4gI20ytatS5Dpih
yNI/5MUMekLKCwwgjNNzPs2I9fmMULt458k7NyblTcVNbs1NQXjH9DLGKu/NuB54
htEoUiMrQl3wk46Kv6SCsxjjqly8ueRkxMI6T1i1urrE0RVliBrWe8UObXojn7LX
YJRfBi04RpfgC57W5QM4ytcolEzXPzk62+I9m1M6ZEje/4fVKoY4IDA4AFtlBKzG
AFTqj2uclX/gYKeZWenAVVkZQZbCRGroNkGzpnHrvRyLFS3UF7K3XhRqRmNrgJFG
ZwHpunX3bCi7TrFliXyY4ERV34o0CDrd0DwwPAAczNngBXyCkxGW/82WWQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFANXyKxRoZTG4/X998Az7hi4RRxbMB8GA1UdIwQY
MBaAFNvmq44MRuhBtE0rnGsDu2X1Yh2xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMi1hcmpneEc2RUcwVFN1Y2F3TzdaZlZpSGJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS85NjQzNmMtZjZmYS00MGJhLWEyN2Mt
ZmIxMDMwNjUxMDY3LzEvQTFmSXJGR2hsTWJqOWYzM3dEUHVHTGhGSEZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS85NjQzNmMtZjZmYS00MGJhLWEyN2MtZmIxMDMwNjUxMDY3
LzEvMi1hcmpneEc2RUcwVFN1Y2F3TzdaZlZpSGJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg/KgRMw
MA0GCSqGSIb3DQEBCwUAA4IBAQCJ33lhSItCZ4b1wy5ntx9SIarVYqQmWBBoOIAr
grK60T7t95OV9aY0knpNcWaTblTMCahtUEK71XY7WWOISwiZ2BneHzDdKAfaN4l9
kftSMUKa97NT8iijltR0NClOAWeJxZkPziJPQYbszygMcpKmx71XePFAhQ7lIUMr
GB9I+amu1LA0RltsIV/hl5Vr9fHE9cdG6zGb+FW9Z/Aw/rTzporxyADOzWfociUF
ydcq0RbBBgd/m6YenmBox0JQxFVxgWYBCjnyfWDIw1kJNee+MRUgAebWyvhi3BdQ
CTJehIVmLIN7x41jAdO2jhuOhGSRlcKjZSf/9iRl8R9ouY6i
-----END CERTIFICATE-----