Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/aoJwj7Qz2gzRB_XDuBO6wX0Pq-o.roa
File:                     aoJwj7Qz2gzRB_XDuBO6wX0Pq-o.roa (raw, json)
Hash identifier:          5jUoTXpmo/yD1o3tfuN3Rs2LCM2hxJVWRtEkS9CuJHM=
Subject key identifier:   6A:82:70:8F:B4:33:DA:0C:D1:07:F5:C3:B8:13:BA:C1:7D:0F:AB:EA
Certificate issuer:       /CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Certificate serial:       0195C244E5697451AA9CA8E69A968D781665
Authority key identifier: E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/aoJwj7Qz2gzRB_XDuBO6wX0Pq-o.roa
Signing time:             Sun 23 Mar 2025 09:10:49 +0000
ROA not before:           Sun 23 Mar 2025 09:10:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215267
IP address blocks:        2a06:e900::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:c2:44:e5:69:74:51:aa:9c:a8:e6:9a:96:8d:78:16:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
        Validity
            Not Before: Mar 23 09:10:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a82708fb433da0cd107f5c3b813bac17d0fabea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:fc:47:50:f9:24:18:60:0c:9f:86:a6:4c:d8:
                    a4:8b:b6:d2:66:f3:8e:1f:f1:3b:b6:b6:27:27:08:
                    e5:2c:52:5d:c4:a8:37:fb:9d:fb:61:c3:d1:29:94:
                    39:ac:4d:44:c4:55:af:e4:ac:bc:66:d2:4a:36:7f:
                    66:c9:a8:6b:fc:e6:f1:76:24:5e:e7:66:98:3e:0d:
                    c6:30:c0:ef:bd:0b:3f:40:f3:6c:70:93:7c:64:22:
                    5e:b7:23:32:93:5d:41:63:ce:3e:66:f2:87:1d:df:
                    37:63:95:88:78:f2:e1:56:f3:6c:86:74:f5:f1:d8:
                    87:09:d5:5f:d4:5e:f1:52:38:31:1f:bb:08:b6:1b:
                    6e:a2:81:e4:8d:b4:6a:c6:68:d8:31:dc:6c:d5:1e:
                    ff:16:e8:46:ff:8a:01:69:cf:a2:15:56:9e:7c:72:
                    d5:39:fa:89:7e:e8:36:08:ce:f3:a9:30:fe:42:43:
                    ed:e2:49:cd:50:5e:84:63:25:23:e1:1d:e6:ea:6f:
                    54:7e:14:b1:54:0b:e0:10:76:f8:58:de:cd:61:5f:
                    c9:d5:8a:79:8a:e1:4d:75:9c:64:f9:b5:3d:6e:28:
                    9e:1d:fd:a7:7f:a6:82:62:10:11:45:94:50:d6:ba:
                    80:d1:13:2f:59:21:61:e9:2e:98:6e:86:03:48:2b:
                    44:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:82:70:8F:B4:33:DA:0C:D1:07:F5:C3:B8:13:BA:C1:7D:0F:AB:EA
            X509v3 Authority Key Identifier:
                keyid:E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/aoJwj7Qz2gzRB_XDuBO6wX0Pq-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e900::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:f3:2e:6a:02:20:e9:2c:d9:25:96:82:48:b2:49:53:8f:13:
         db:74:76:63:6f:96:70:61:97:36:a7:48:f1:4d:1f:26:a8:16:
         65:de:2f:0c:c3:34:16:dc:c0:91:5a:2d:62:73:5e:af:1f:36:
         1f:d7:77:08:53:90:29:d6:71:71:7d:5a:28:c7:47:88:c3:73:
         49:d8:31:9a:66:5f:cd:ba:32:1b:c1:58:f5:a3:06:c0:82:a8:
         5b:d3:4c:ab:11:33:b9:e7:4f:fb:41:7a:34:ad:ec:bf:f5:9e:
         a9:91:1b:3d:74:6a:c8:7c:56:ff:fb:ff:bc:84:fb:bf:4f:aa:
         41:78:df:ed:ff:4b:b7:20:05:3b:34:ab:50:8d:8b:d8:9a:38:
         9c:f6:90:b4:54:55:b9:a2:df:ed:b0:49:73:c9:52:85:4f:00:
         75:d8:a7:a5:0b:35:52:f2:40:48:b8:21:49:7f:ce:2a:83:bd:
         46:ca:a0:61:4e:e3:f9:a2:67:4d:26:37:ae:fb:1c:83:cb:9a:
         5a:9d:a8:49:43:55:31:3b:1a:8d:68:cf:ab:d2:1b:09:08:c6:
         c4:2a:a5:86:02:4e:e1:50:d4:6b:59:32:0f:80:c1:78:44:9e:
         04:7a:1d:89:ce:2d:be:c5:f4:0f:0d:bc:aa:d8:17:d6:56:0b:
         47:5f:91:db
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZXCROVpdFGqnKjmmpaNeBZlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTU5Y2U4ODlhZTQyNDExMjFmZTBhMTY1M2U0Yjk1NWYz
ZWRmNGIwHhcNMjUwMzIzMDkxMDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTgyNzA4ZmI0MzNkYTBjZDEwN2Y1YzNiODEzYmFjMTdkMGZhYmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvxHUPkkGGAMn4amTNiki7bSZvOO
H/E7trYnJwjlLFJdxKg3+537YcPRKZQ5rE1ExFWv5Ky8ZtJKNn9myahr/ObxdiRe
52aYPg3GMMDvvQs/QPNscJN8ZCJetyMyk11BY84+ZvKHHd83Y5WIePLhVvNshnT1
8diHCdVf1F7xUjgxH7sIthtuooHkjbRqxmjYMdxs1R7/FuhG/4oBac+iFVaefHLV
OfqJfug2CM7zqTD+QkPt4knNUF6EYyUj4R3m6m9UfhSxVAvgEHb4WN7NYV/J1Yp5
iuFNdZxk+bU9biieHf2nf6aCYhARRZRQ1rqA0RMvWSFh6S6YboYDSCtEhwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGqCcI+0M9oM0Qf1w7gTusF9D6vqMB8GA1UdIwQY
MBaAFOBVnOiJrkJBEh/goWU+S5VfPt9LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYt
OTQ0OTk1N2ZkNWE1LzEvYW9Kd2o3UXoyZ3pSQl9YRHVCTzZ3WDBQcS1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYtOTQ0OTk1N2ZkNWE1
LzEvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgbpADAN
BgkqhkiG9w0BAQsFAAOCAQEATPMuagIg6SzZJZaCSLJJU48T23R2Y2+WcGGXNqdI
8U0fJqgWZd4vDMM0FtzAkVotYnNerx82H9d3CFOQKdZxcX1aKMdHiMNzSdgxmmZf
zboyG8FY9aMGwIKoW9NMqxEzuedP+0F6NK3sv/WeqZEbPXRqyHxW//v/vIT7v0+q
QXjf7f9LtyAFOzSrUI2L2Jo4nPaQtFRVuaLf7bBJc8lShU8AddinpQs1UvJASLgh
SX/OKoO9RsqgYU7j+aJnTSY3rvscg8uaWp2oSUNVMTsajWjPq9IbCQjGxCqlhgJO
4VDUa1kyD4DBeESeBHodic4tvsX0Dw28qtgX1lYLR1+R2w==
-----END CERTIFICATE-----