Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/1-gUTUj2JpuChCvozdxCQFTR22DM.roa
File:                     1-gUTUj2JpuChCvozdxCQFTR22DM.roa (raw, json)
Hash identifier:          f/2CCyCRw0ujuPO8AP04nbSH6GVLpL5l8bdrrfS8KoQ=
Subject key identifier:   FA:05:13:52:3D:89:A6:E0:A1:0A:FA:33:77:10:90:15:34:76:D8:33
Certificate issuer:       /CN=111d6814375271d1a3cbd12155db11d2bd41a8d3
Certificate serial:       01942445A976286E9CF542A28F5C3F3C8892
Authority key identifier: 11:1D:68:14:37:52:71:D1:A3:CB:D1:21:55:DB:11:D2:BD:41:A8:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ER1oFDdScdGjy9EhVdsR0r1BqNM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/1-gUTUj2JpuChCvozdxCQFTR22DM.roa
Signing time:             Wed 01 Jan 2025 23:48:52 +0000
ROA not before:           Wed 01 Jan 2025 23:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210075
IP address blocks:        2a06:1e00:27::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/ER1oFDdScdGjy9EhVdsR0r1BqNM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/ER1oFDdScdGjy9EhVdsR0r1BqNM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ER1oFDdScdGjy9EhVdsR0r1BqNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:a9:76:28:6e:9c:f5:42:a2:8f:5c:3f:3c:88:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=111d6814375271d1a3cbd12155db11d2bd41a8d3
        Validity
            Not Before: Jan  1 23:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa0513523d89a6e0a10afa33771090153476d833
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:cb:a8:5b:99:92:f2:4b:72:14:d1:ef:dd:94:
                    ff:5d:44:05:d8:9c:d2:c6:37:db:b5:d5:c6:ad:eb:
                    31:4f:a8:fc:1a:c3:08:60:21:b1:be:fb:ba:bc:0a:
                    95:b5:03:9f:f6:4c:9f:72:70:3c:6c:4f:c4:b3:b2:
                    50:c1:5b:9a:43:d6:be:a3:ac:01:15:bd:77:aa:69:
                    b0:39:f4:a3:0e:ab:51:66:91:77:d4:d3:a2:27:f5:
                    20:f2:7c:6d:e5:71:71:89:3f:e1:67:c9:3f:34:65:
                    96:b0:da:a5:a6:84:ce:ee:16:0f:5c:1d:d8:19:97:
                    a1:ff:39:ce:08:6b:d7:4d:39:6f:a7:a1:56:07:1a:
                    c0:60:e1:52:4b:8d:57:20:af:f4:8c:3d:af:c1:8a:
                    e9:cd:41:36:99:29:6c:49:62:83:dd:b3:e5:42:68:
                    39:90:54:e6:b2:3f:58:3d:94:57:32:87:3c:97:be:
                    5a:3d:3c:e8:50:3c:67:9b:8f:07:77:9b:ce:62:f4:
                    a4:98:b8:4e:d5:5a:30:da:4d:86:c0:df:86:4c:50:
                    e1:92:57:d1:4f:99:77:ca:04:06:7d:93:6e:96:39:
                    c5:d8:18:69:44:7d:40:1b:7f:dc:75:61:4c:11:69:
                    fb:80:4c:0a:48:83:b1:74:70:7d:f4:4b:8a:7e:00:
                    81:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:05:13:52:3D:89:A6:E0:A1:0A:FA:33:77:10:90:15:34:76:D8:33
            X509v3 Authority Key Identifier:
                keyid:11:1D:68:14:37:52:71:D1:A3:CB:D1:21:55:DB:11:D2:BD:41:A8:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ER1oFDdScdGjy9EhVdsR0r1BqNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/1-gUTUj2JpuChCvozdxCQFTR22DM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/ER1oFDdScdGjy9EhVdsR0r1BqNM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:1e00:27::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:6e:5b:5a:95:4e:ad:4b:f8:e7:1a:6c:af:03:ba:cf:bb:de:
         c7:3e:31:b8:65:ac:7a:d8:ff:20:54:e3:18:72:9e:91:90:74:
         63:56:85:89:f0:18:fb:49:26:c1:28:9c:7b:c5:cf:7e:f9:06:
         5c:15:c8:9c:90:38:10:0f:24:52:d2:13:5a:3f:b7:5e:4d:8b:
         e6:69:c6:fc:ae:38:96:3a:27:27:95:d9:8d:91:db:39:02:74:
         e8:9a:4c:55:85:76:88:b8:17:0a:20:68:57:89:56:b3:47:94:
         fc:39:a4:34:90:d1:64:95:a2:1b:83:e0:93:1d:ad:49:6a:0d:
         03:7e:a4:05:cd:73:4b:b9:27:c5:6f:e3:d2:07:1b:a9:f8:50:
         b3:8b:3a:4c:aa:5a:6d:41:b6:f8:17:b3:c5:98:6f:0c:a4:5a:
         78:26:85:b1:d0:8d:95:15:19:0a:3d:e7:60:7b:38:c2:de:7d:
         da:33:18:56:f4:54:85:8b:a8:2d:c5:a9:ad:df:67:b9:58:a5:
         e9:b9:e8:aa:9c:91:e9:73:fb:73:3c:1c:a8:dd:b6:4f:aa:e5:
         bc:9a:95:53:cc:37:4b:3b:ca:01:6e:9f:15:10:30:92:0b:43:
         e9:30:2d:e0:3b:24:96:56:cd:4e:e0:60:fe:89:ae:0b:99:6c:
         1d:63:04:81
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAZQkRal2KG6c9UKij1w/PIiSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMWQ2ODE0Mzc1MjcxZDFhM2NiZDEyMTU1ZGIxMWQyYmQ0
MWE4ZDMwHhcNMjUwMTAxMjM0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTA1MTM1MjNkODlhNmUwYTEwYWZhMzM3NzEwOTAxNTM0NzZkODMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAicuoW5mS8ktyFNHv3ZT/XUQF2JzS
xjfbtdXGresxT6j8GsMIYCGxvvu6vAqVtQOf9kyfcnA8bE/Es7JQwVuaQ9a+o6wB
Fb13qmmwOfSjDqtRZpF31NOiJ/Ug8nxt5XFxiT/hZ8k/NGWWsNqlpoTO7hYPXB3Y
GZeh/znOCGvXTTlvp6FWBxrAYOFSS41XIK/0jD2vwYrpzUE2mSlsSWKD3bPlQmg5
kFTmsj9YPZRXMoc8l75aPTzoUDxnm48Hd5vOYvSkmLhO1Vow2k2GwN+GTFDhklfR
T5l3ygQGfZNuljnF2BhpRH1AG3/cdWFMEWn7gEwKSIOxdHB99EuKfgCB0QIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPoFE1I9iabgoQr6M3cQkBU0dtgzMB8GA1UdIwQY
MBaAFBEdaBQ3UnHRo8vRIVXbEdK9QajTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVIxb0ZEZFNjZEdqeTlFaFZkc1IwcjFCcU5NLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9hOGIxNGItZmIyNS00N2Y4LThiMGQt
MjcxZDI1ZTIwNTc0LzEvMS1nVVRVajJKcHVDaEN2b3pkeENRRlRSMjJETS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjEvYThiMTRiLWZiMjUtNDdmOC04YjBkLTI3MWQyNWUyMDU3
NC8xL0VSMW9GRGRTY2RHank5RWhWZHNSMHIxQnFOTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoGHgAA
JzANBgkqhkiG9w0BAQsFAAOCAQEAG25bWpVOrUv45xpsrwO6z7vexz4xuGWsetj/
IFTjGHKekZB0Y1aFifAY+0kmwSice8XPfvkGXBXInJA4EA8kUtITWj+3Xk2L5mnG
/K44ljonJ5XZjZHbOQJ06JpMVYV2iLgXCiBoV4lWs0eU/DmkNJDRZJWiG4Pgkx2t
SWoNA36kBc1zS7knxW/j0gcbqfhQs4s6TKpabUG2+BezxZhvDKRaeCaFsdCNlRUZ
Cj3nYHs4wt592jMYVvRUhYuoLcWprd9nuVil6bnoqpyR6XP7czwcqN22T6rlvJqV
U8w3SzvKAW6fFRAwkgtD6TAt4DskllbNTuBg/omuC5lsHWMEgQ==
-----END CERTIFICATE-----