Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/1acc61-b95a-406e-80fc-88521ad99c7e/1/1x79pZoohAevF-wAltNrdmaEw7A.roa
File:                     1x79pZoohAevF-wAltNrdmaEw7A.roa (raw, json)
Hash identifier:          X95oyzYUBEcZ4ziZ4mVGblrLPHO/qZ2hl0H2DCGm0kU=
Subject key identifier:   D7:1E:FD:A5:9A:28:84:07:AF:17:EC:00:96:D3:6B:76:66:84:C3:B0
Certificate issuer:       /CN=41dd1ce4eeb92ff53b633892fd457b011e1171f1
Certificate serial:       019425215DC8B56E70F5CF0E40F4DAFB3A48
Authority key identifier: 41:DD:1C:E4:EE:B9:2F:F5:3B:63:38:92:FD:45:7B:01:1E:11:71:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qd0c5O65L_U7YziS_UV7AR4RcfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/1acc61-b95a-406e-80fc-88521ad99c7e/1/1x79pZoohAevF-wAltNrdmaEw7A.roa
Signing time:             Thu 02 Jan 2025 03:48:51 +0000
ROA not before:           Thu 02 Jan 2025 03:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60068
IP address blocks:        2a14:30c1::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/1acc61-b95a-406e-80fc-88521ad99c7e/1/Qd0c5O65L_U7YziS_UV7AR4RcfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/1acc61-b95a-406e-80fc-88521ad99c7e/1/Qd0c5O65L_U7YziS_UV7AR4RcfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qd0c5O65L_U7YziS_UV7AR4RcfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 21:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:5d:c8:b5:6e:70:f5:cf:0e:40:f4:da:fb:3a:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41dd1ce4eeb92ff53b633892fd457b011e1171f1
        Validity
            Not Before: Jan  2 03:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d71efda59a288407af17ec0096d36b766684c3b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:b5:97:54:73:2c:99:bc:d9:96:6b:ee:2d:61:
                    0e:36:3f:9c:f0:af:0a:d5:52:51:06:56:35:8e:77:
                    cd:6e:92:00:86:00:ca:68:99:75:9b:9f:02:82:4b:
                    1a:7f:fa:94:09:26:68:27:9a:6f:d0:4a:9b:6e:c0:
                    2e:28:77:97:1f:97:6d:36:eb:ec:38:c8:6e:0d:90:
                    1f:87:37:9a:d1:a5:c2:54:41:83:13:22:f4:f5:a9:
                    50:7c:ae:f2:b1:4f:8b:ed:73:0b:e4:22:16:79:09:
                    06:04:e6:ee:a9:30:29:3a:15:14:cb:e1:b6:cd:2d:
                    49:b1:51:53:03:d7:3a:4d:ce:bd:e3:d7:5f:de:eb:
                    ad:a8:55:fb:ea:84:6f:f5:f2:3e:56:36:e9:65:ff:
                    37:5f:c3:86:6d:9f:29:d4:01:62:a1:d9:7d:bd:36:
                    bd:b6:93:86:05:0e:a6:a6:fc:cb:65:ee:6c:c4:22:
                    20:a8:7c:91:86:af:eb:04:2c:a4:ea:ab:5a:73:91:
                    94:4d:02:15:46:36:29:4a:a1:ff:9b:65:bc:f2:0e:
                    53:58:4a:8e:8d:97:5c:0c:9f:81:29:d4:69:8b:39:
                    47:24:c4:63:5d:fc:cb:b4:19:09:9d:4e:06:29:3c:
                    d5:3d:fa:89:a0:78:a4:c2:50:8e:61:7c:de:d6:82:
                    6d:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:1E:FD:A5:9A:28:84:07:AF:17:EC:00:96:D3:6B:76:66:84:C3:B0
            X509v3 Authority Key Identifier:
                keyid:41:DD:1C:E4:EE:B9:2F:F5:3B:63:38:92:FD:45:7B:01:1E:11:71:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qd0c5O65L_U7YziS_UV7AR4RcfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/1acc61-b95a-406e-80fc-88521ad99c7e/1/1x79pZoohAevF-wAltNrdmaEw7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/1acc61-b95a-406e-80fc-88521ad99c7e/1/Qd0c5O65L_U7YziS_UV7AR4RcfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:30c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         6c:85:4e:25:6c:b1:cf:94:b5:29:cb:d0:9e:1c:10:8e:d6:16:
         99:80:69:a9:06:67:e1:74:b7:6d:45:e0:9a:bb:34:3f:19:cd:
         21:58:0c:f7:c0:eb:ab:81:ba:0a:64:ec:e8:1a:e6:e1:88:4d:
         2a:e7:8c:c8:ac:df:b9:45:a6:64:2e:6c:ce:ac:17:bc:b3:87:
         59:b7:38:89:31:07:45:f6:93:80:be:7e:98:c8:3d:89:a3:9d:
         73:cd:0c:50:7f:15:61:e2:d7:51:06:0f:7e:6c:cb:84:e7:30:
         64:2f:ea:22:f5:76:cf:e5:70:90:fe:a3:d6:a4:88:20:5b:30:
         8e:15:8d:41:32:6e:b9:d6:da:89:f9:96:3a:05:b3:ad:0e:f6:
         ed:5c:15:0e:bf:0e:b4:57:26:ce:5e:36:31:85:1e:0d:d8:06:
         45:be:38:37:45:ba:28:f2:1a:18:5f:41:7e:6a:b0:13:19:d2:
         1b:59:1a:71:4d:98:e2:28:5c:57:a8:6a:c3:b2:48:c8:85:2d:
         3f:37:28:ac:75:bb:69:14:4c:e4:36:0b:5f:87:bc:be:e3:42:
         1b:f8:b7:f0:ba:66:2d:a1:5b:f7:66:84:c6:ad:ed:d0:5e:86:
         6c:41:7d:51:b8:33:63:7d:b8:6c:cd:f9:e7:9e:fb:10:9f:42:
         27:6b:04:9f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQlIV3ItW5w9c8OQPTa+zpIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZGQxY2U0ZWViOTJmZjUzYjYzMzg5MmZkNDU3YjAxMWUx
MTcxZjEwHhcNMjUwMTAyMDM0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzFlZmRhNTlhMjg4NDA3YWYxN2VjMDA5NmQzNmI3NjY2ODRjM2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7WXVHMsmbzZlmvuLWEONj+c8K8K
1VJRBlY1jnfNbpIAhgDKaJl1m58Cgksaf/qUCSZoJ5pv0EqbbsAuKHeXH5dtNuvs
OMhuDZAfhzea0aXCVEGDEyL09alQfK7ysU+L7XML5CIWeQkGBObuqTApOhUUy+G2
zS1JsVFTA9c6Tc6949df3uutqFX76oRv9fI+VjbpZf83X8OGbZ8p1AFiodl9vTa9
tpOGBQ6mpvzLZe5sxCIgqHyRhq/rBCyk6qtac5GUTQIVRjYpSqH/m2W88g5TWEqO
jZdcDJ+BKdRpizlHJMRjXfzLtBkJnU4GKTzVPfqJoHikwlCOYXze1oJtVwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNce/aWaKIQHrxfsAJbTa3ZmhMOwMB8GA1UdIwQY
MBaAFEHdHOTuuS/1O2M4kv1FewEeEXHxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWQwYzVPNjVMX1U3WXppU19VVjdBUjRSY2ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi8xYWNjNjEtYjk1YS00MDZlLTgwZmMt
ODg1MjFhZDk5YzdlLzEvMXg3OXBab29oQWV2Ri13QWx0TnJkbWFFdzdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi8xYWNjNjEtYjk1YS00MDZlLTgwZmMtODg1MjFhZDk5Yzdl
LzEvUWQwYzVPNjVMX1U3WXppU19VVjdBUjRSY2ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhQwwTAN
BgkqhkiG9w0BAQsFAAOCAQEAbIVOJWyxz5S1KcvQnhwQjtYWmYBpqQZn4XS3bUXg
mrs0PxnNIVgM98Drq4G6CmTs6Brm4YhNKueMyKzfuUWmZC5szqwXvLOHWbc4iTEH
RfaTgL5+mMg9iaOdc80MUH8VYeLXUQYPfmzLhOcwZC/qIvV2z+VwkP6j1qSIIFsw
jhWNQTJuudbaifmWOgWzrQ727VwVDr8OtFcmzl42MYUeDdgGRb44N0W6KPIaGF9B
fmqwExnSG1kacU2Y4ihcV6hqw7JIyIUtPzcorHW7aRRM5DYLX4e8vuNCG/i38Lpm
LaFb92aExq3t0F6GbEF9UbgzY324bM355577EJ9CJ2sEnw==
-----END CERTIFICATE-----