Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/th1p5jE1fl21GfKXyCflURpVpo0.roa
File:                     th1p5jE1fl21GfKXyCflURpVpo0.roa (raw, json)
Hash identifier:          w4pXoPCT9slYbdDvFiyPewBrsldI3f9m6umM8Wv0SkE=
Subject key identifier:   B6:1D:69:E6:31:35:7E:5D:B5:19:F2:97:C8:27:E5:51:1A:55:A6:8D
Certificate issuer:       /CN=d60f45f7cc4b691fd4a31c1f1c0b4f605d77a6ef
Certificate serial:       01941F8C733B4B5E5A27B7AD3908FB922A18
Authority key identifier: D6:0F:45:F7:CC:4B:69:1F:D4:A3:1C:1F:1C:0B:4F:60:5D:77:A6:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/th1p5jE1fl21GfKXyCflURpVpo0.roa
Signing time:             Wed 01 Jan 2025 01:48:05 +0000
ROA not before:           Wed 01 Jan 2025 01:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214086
IP address blocks:        2a0e:e704:47::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/1g9F98xLaR_UoxwfHAtPYF13pu8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/1g9F98xLaR_UoxwfHAtPYF13pu8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:73:3b:4b:5e:5a:27:b7:ad:39:08:fb:92:2a:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60f45f7cc4b691fd4a31c1f1c0b4f605d77a6ef
        Validity
            Not Before: Jan  1 01:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b61d69e631357e5db519f297c827e5511a55a68d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:57:92:85:3a:8a:0f:70:f3:03:ad:d4:cf:6a:
                    b3:9e:e5:a1:5d:ac:a4:67:f0:a7:cd:23:b2:cd:34:
                    11:1a:45:f5:fa:91:e4:79:da:5b:5a:2e:77:a0:89:
                    a2:ac:74:06:d5:b9:8b:9d:6a:c9:95:ec:ad:a5:f7:
                    f7:12:75:8f:1b:be:91:bd:95:41:be:0f:df:ce:5d:
                    c3:75:9e:21:fb:6c:c9:fa:2f:08:b5:62:95:50:32:
                    e9:dc:d6:a6:55:0f:7d:56:63:f9:97:96:40:cb:0c:
                    64:e1:d3:a7:b0:fa:dc:9d:5c:5f:82:0a:50:23:3a:
                    89:d0:ff:17:d9:8e:0b:b0:e3:73:8b:95:2b:fd:e7:
                    9c:3f:6d:0b:1b:c3:36:62:c4:f4:a6:27:93:a0:4c:
                    b8:27:ac:8c:fa:d0:1d:8c:97:0d:0a:a8:21:dd:30:
                    43:27:62:2c:98:77:3e:64:05:1b:b1:b2:05:3d:8a:
                    72:73:88:d5:ad:a7:88:cd:d4:2c:35:08:2e:64:39:
                    51:d7:0f:e4:5b:d1:7c:ce:d6:f9:9a:9e:a2:2e:de:
                    6e:5f:8a:2a:8a:b6:4e:4f:ad:ea:1b:f0:7d:cc:c6:
                    cf:2e:df:64:13:df:c3:68:08:24:5a:8f:f6:d9:bd:
                    b1:db:45:5b:28:52:3f:10:a7:4f:6f:de:b6:78:df:
                    40:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:1D:69:E6:31:35:7E:5D:B5:19:F2:97:C8:27:E5:51:1A:55:A6:8D
            X509v3 Authority Key Identifier:
                keyid:D6:0F:45:F7:CC:4B:69:1F:D4:A3:1C:1F:1C:0B:4F:60:5D:77:A6:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1g9F98xLaR_UoxwfHAtPYF13pu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/th1p5jE1fl21GfKXyCflURpVpo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/ad3044-cdce-46cf-92c9-a954d053994a/1/1g9F98xLaR_UoxwfHAtPYF13pu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:e704:47::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:63:e2:f2:57:11:46:40:8d:ee:61:c1:81:ab:dc:2e:34:51:
         d3:a6:d2:e2:34:d2:94:53:1b:a8:07:e3:17:14:31:66:3d:ed:
         38:26:c9:a5:7a:1e:ef:e7:e3:dd:4f:ad:c1:50:33:19:2d:c0:
         c5:8f:c7:b7:e2:69:ab:15:e3:16:7e:02:7b:ef:28:bc:e0:96:
         7d:7c:ba:2c:8e:d9:0b:3f:a1:a2:e3:68:bb:99:9e:35:2b:71:
         2d:17:01:92:72:c4:80:0a:86:08:5b:06:f6:45:45:19:4a:2f:
         2e:07:15:f0:18:4c:db:78:d0:09:08:e6:4c:7d:ef:c7:5c:00:
         44:64:fb:93:30:09:cb:43:d8:5f:96:c2:d3:47:82:6d:bc:ec:
         f3:cb:86:6b:0f:cf:bd:9a:87:0a:0b:be:ad:40:75:55:25:14:
         53:b9:0a:3a:e0:6b:46:e9:a2:b1:13:3e:cc:40:b4:5b:29:0a:
         12:af:b9:b5:e2:4e:b7:fd:bd:01:8f:54:86:05:90:27:b9:94:
         53:4d:dc:0b:50:29:0c:10:6a:62:a3:ad:39:7e:21:64:49:e3:
         96:b7:a8:13:85:f8:cf:59:23:f1:e6:92:97:fc:c6:10:ec:bb:
         11:8c:a9:b5:24:24:6c:db:d6:5c:5c:72:e9:7e:fd:9e:07:2c:
         53:9c:a4:c4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjHM7S15aJ7etOQj7kioYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MGY0NWY3Y2M0YjY5MWZkNGEzMWMxZjFjMGI0ZjYwNWQ3
N2E2ZWYwHhcNMjUwMTAxMDE0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjFkNjllNjMxMzU3ZTVkYjUxOWYyOTdjODI3ZTU1MTFhNTVhNjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmleShTqKD3DzA63Uz2qznuWhXayk
Z/CnzSOyzTQRGkX1+pHkedpbWi53oImirHQG1bmLnWrJleytpff3EnWPG76RvZVB
vg/fzl3DdZ4h+2zJ+i8ItWKVUDLp3NamVQ99VmP5l5ZAywxk4dOnsPrcnVxfggpQ
IzqJ0P8X2Y4LsONzi5Ur/eecP20LG8M2YsT0pieToEy4J6yM+tAdjJcNCqgh3TBD
J2IsmHc+ZAUbsbIFPYpyc4jVraeIzdQsNQguZDlR1w/kW9F8ztb5mp6iLt5uX4oq
irZOT63qG/B9zMbPLt9kE9/DaAgkWo/22b2x20VbKFI/EKdPb962eN9AWwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLYdaeYxNX5dtRnyl8gn5VEaVaaNMB8GA1UdIwQY
MBaAFNYPRffMS2kf1KMcHxwLT2Bdd6bvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWc5Rjk4eExhUl9Vb3h3ZkhBdFBZRjEzcHU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9hZDMwNDQtY2RjZS00NmNmLTkyYzkt
YTk1NGQwNTM5OTRhLzEvdGgxcDVqRTFmbDIxR2ZLWHlDZmxVUnBWcG8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9hZDMwNDQtY2RjZS00NmNmLTkyYzktYTk1NGQwNTM5OTRh
LzEvMWc5Rjk4eExhUl9Vb3h3ZkhBdFBZRjEzcHU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg7nBABH
MA0GCSqGSIb3DQEBCwUAA4IBAQBXY+LyVxFGQI3uYcGBq9wuNFHTptLiNNKUUxuo
B+MXFDFmPe04Jsmleh7v5+PdT63BUDMZLcDFj8e34mmrFeMWfgJ77yi84JZ9fLos
jtkLP6Gi42i7mZ41K3EtFwGScsSACoYIWwb2RUUZSi8uBxXwGEzbeNAJCOZMfe/H
XABEZPuTMAnLQ9hflsLTR4JtvOzzy4ZrD8+9mocKC76tQHVVJRRTuQo64GtG6aKx
Ez7MQLRbKQoSr7m14k63/b0Bj1SGBZAnuZRTTdwLUCkMEGpio605fiFkSeOWt6gT
hfjPWSPx5pKX/MYQ7LsRjKm1JCRs29ZcXHLpfv2eByxTnKTE
-----END CERTIFICATE-----