Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/ih3tlDmlbrDwbuabWdJCxXWHffo.roa
File:                     ih3tlDmlbrDwbuabWdJCxXWHffo.roa (raw, json)
Hash identifier:          80OP5bzoyzQkUOxJ3u7VzQr4QzoK9uZZaNU7fzcue8E=
Subject key identifier:   8A:1D:ED:94:39:A5:6E:B0:F0:6E:E6:9B:59:D2:42:C5:75:87:7D:FA
Certificate issuer:       /CN=43c16595966afb0bacf1d7937f245d6a052221a3
Certificate serial:       0194228E170F52C43F4E1C9E3C6751148693
Authority key identifier: 43:C1:65:95:96:6A:FB:0B:AC:F1:D7:93:7F:24:5D:6A:05:22:21:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q8FllZZq-wus8deTfyRdagUiIaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/ih3tlDmlbrDwbuabWdJCxXWHffo.roa
Signing time:             Wed 01 Jan 2025 15:48:44 +0000
ROA not before:           Wed 01 Jan 2025 15:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212044
IP address blocks:        2a06:bbc2:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/Q8FllZZq-wus8deTfyRdagUiIaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/Q8FllZZq-wus8deTfyRdagUiIaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q8FllZZq-wus8deTfyRdagUiIaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 21:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:17:0f:52:c4:3f:4e:1c:9e:3c:67:51:14:86:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43c16595966afb0bacf1d7937f245d6a052221a3
        Validity
            Not Before: Jan  1 15:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a1ded9439a56eb0f06ee69b59d242c575877dfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:b0:c9:d6:e2:97:28:b5:24:dc:af:4f:fe:ad:
                    41:4a:e8:19:46:d5:09:1e:bc:c6:ea:a9:d2:d1:19:
                    c6:90:2f:8d:3d:fb:0c:96:c9:d7:0e:c5:74:ac:10:
                    8f:0f:1c:fe:44:73:cb:0a:ab:56:ae:51:a4:80:bc:
                    db:36:6b:83:ab:7d:d3:44:c1:6f:71:d4:e3:b4:f9:
                    14:65:33:28:d1:f8:56:88:fa:ff:bd:1b:2c:96:77:
                    a2:3f:79:33:8a:26:1e:49:4e:0f:e0:47:84:48:6a:
                    64:c7:de:39:8d:95:77:2f:25:67:b5:82:ca:e1:a0:
                    98:57:da:27:bc:5f:49:de:b8:53:eb:23:4a:3b:cc:
                    52:c1:7f:d9:a3:5d:20:19:bd:47:95:ca:fb:d3:7f:
                    7d:d4:3c:54:32:f6:a9:a0:bf:57:c5:bf:3d:81:f3:
                    44:5e:05:cb:d0:cb:c9:6a:ed:46:24:75:7a:3d:d4:
                    4b:70:28:04:89:6b:e6:f4:f1:b5:6e:90:38:58:d8:
                    d9:26:d8:e5:e9:c9:f0:6c:1b:eb:b8:38:e9:e8:ba:
                    94:6d:7b:c8:fd:e4:ba:60:11:97:c8:0e:1b:a1:ba:
                    11:51:b7:78:3c:7e:7a:b4:8a:ec:7b:df:e3:5e:5e:
                    09:d2:a3:ca:0d:38:3e:56:c5:40:38:9d:b5:c4:4c:
                    3a:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:1D:ED:94:39:A5:6E:B0:F0:6E:E6:9B:59:D2:42:C5:75:87:7D:FA
            X509v3 Authority Key Identifier:
                keyid:43:C1:65:95:96:6A:FB:0B:AC:F1:D7:93:7F:24:5D:6A:05:22:21:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q8FllZZq-wus8deTfyRdagUiIaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/ih3tlDmlbrDwbuabWdJCxXWHffo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/Q8FllZZq-wus8deTfyRdagUiIaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:bbc2:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:95:e1:3c:55:ff:5c:c9:0b:0a:97:f5:54:0c:b3:fa:c9:e3:
         c0:25:93:2d:8e:7c:b2:4f:18:ea:0c:3c:39:15:c8:aa:ef:f6:
         d3:a4:fc:a5:7e:9b:4c:a3:57:e2:51:1b:7a:b3:49:bc:54:00:
         16:d9:1e:f9:0c:9c:6f:80:a0:cc:51:84:ad:97:0e:03:89:5b:
         74:42:e3:c5:48:20:23:92:f7:9d:64:3c:4f:71:9b:7c:42:6b:
         94:10:ce:8a:48:66:a7:a9:d9:01:5b:8f:82:91:fa:64:62:37:
         5c:6d:f9:57:8a:2a:db:50:e5:78:50:84:55:00:06:51:e2:73:
         f8:4d:30:5c:43:fc:75:1a:06:79:ed:fa:bf:a4:8c:ce:58:f5:
         17:59:73:eb:ba:02:38:df:d3:f1:50:68:a1:66:dd:6b:5d:ad:
         16:24:91:f6:ea:8c:9c:2d:48:f9:41:e1:c0:e4:16:a5:db:32:
         85:8e:30:69:44:52:86:2f:b6:74:bb:7e:2f:ab:99:19:62:af:
         2b:a5:c2:5f:36:3b:51:f8:4b:89:84:bf:4d:44:3c:b4:93:5e:
         63:7a:2a:f4:89:f2:57:c0:42:4e:4c:15:1a:0b:1a:1c:4c:25:
         16:ce:ed:04:e6:23:15:01:08:da:24:46:7f:56:e9:3b:f2:e1:
         8a:89:15:d3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQijhcPUsQ/ThyePGdRFIaTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzYzE2NTk1OTY2YWZiMGJhY2YxZDc5MzdmMjQ1ZDZhMDUy
MjIxYTMwHhcNMjUwMTAxMTU0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTFkZWQ5NDM5YTU2ZWIwZjA2ZWU2OWI1OWQyNDJjNTc1ODc3ZGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLDJ1uKXKLUk3K9P/q1BSugZRtUJ
HrzG6qnS0RnGkC+NPfsMlsnXDsV0rBCPDxz+RHPLCqtWrlGkgLzbNmuDq33TRMFv
cdTjtPkUZTMo0fhWiPr/vRsslneiP3kziiYeSU4P4EeESGpkx945jZV3LyVntYLK
4aCYV9onvF9J3rhT6yNKO8xSwX/Zo10gGb1Hlcr703991DxUMvapoL9Xxb89gfNE
XgXL0MvJau1GJHV6PdRLcCgEiWvm9PG1bpA4WNjZJtjl6cnwbBvruDjp6LqUbXvI
/eS6YBGXyA4boboRUbd4PH56tIrse9/jXl4J0qPKDTg+VsVAOJ21xEw6YwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIod7ZQ5pW6w8G7mm1nSQsV1h336MB8GA1UdIwQY
MBaAFEPBZZWWavsLrPHXk38kXWoFIiGjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUThGbGxaWnEtd3VzOGRlVGZ5UmRhZ1VpSWFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9kOTI5MTktOTYyYi00NDhkLTk4ZGIt
NTk5MGVhNThlMDMwLzEvaWgzdGxEbWxickR3YnVhYldkSkN4WFdIZmZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9kOTI5MTktOTYyYi00NDhkLTk4ZGItNTk5MGVhNThlMDMw
LzEvUThGbGxaWnEtd3VzOGRlVGZ5UmRhZ1VpSWFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKga7wgAB
MA0GCSqGSIb3DQEBCwUAA4IBAQA5leE8Vf9cyQsKl/VUDLP6yePAJZMtjnyyTxjq
DDw5Fciq7/bTpPylfptMo1fiURt6s0m8VAAW2R75DJxvgKDMUYStlw4DiVt0QuPF
SCAjkvedZDxPcZt8QmuUEM6KSGanqdkBW4+CkfpkYjdcbflXiirbUOV4UIRVAAZR
4nP4TTBcQ/x1GgZ57fq/pIzOWPUXWXPrugI439PxUGihZt1rXa0WJJH26oycLUj5
QeHA5Bal2zKFjjBpRFKGL7Z0u34vq5kZYq8rpcJfNjtR+EuJhL9NRDy0k15jeir0
ifJXwEJOTBUaCxocTCUWzu0E5iMVAQjaJEZ/Vuk78uGKiRXT
-----END CERTIFICATE-----