Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/zf6pdNUpGphO6Df4cNnwGf8vsno.roa
File:                     zf6pdNUpGphO6Df4cNnwGf8vsno.roa (raw, json)
Hash identifier:          ECJKSpVkmXvbPK0APqCdCGrsrVqyutvoFLDEiGmDUxg=
Subject key identifier:   CD:FE:A9:74:D5:29:1A:98:4E:E8:37:F8:70:D9:F0:19:FF:2F:B2:7A
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       019427B67F61F3CB041681F05747126699B3
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/zf6pdNUpGphO6Df4cNnwGf8vsno.roa
Signing time:             Thu 02 Jan 2025 15:50:59 +0000
ROA not before:           Thu 02 Jan 2025 15:50:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26008
IP address blocks:        81.200.66.0/24 maxlen: 24
                          81.200.67.0/24 maxlen: 24
                          81.200.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 13:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:7f:61:f3:cb:04:16:81:f0:57:47:12:66:99:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Jan  2 15:50:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cdfea974d5291a984ee837f870d9f019ff2fb27a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:63:3e:20:01:33:5e:54:a7:67:65:51:9a:5c:
                    17:91:9a:68:e9:75:d4:4b:9c:33:fa:7d:1b:f9:bc:
                    8a:6d:12:36:fd:80:f3:29:fd:bf:da:5f:6e:ee:96:
                    cc:34:69:73:f6:39:91:c3:a2:8a:6d:62:05:ce:25:
                    f5:8a:db:55:58:4f:ea:65:93:29:a6:1c:50:62:59:
                    a8:ef:7c:1d:03:f3:41:25:f7:80:8a:62:60:d3:dd:
                    ce:47:d3:38:a2:98:b7:aa:23:ff:63:6b:92:08:42:
                    ac:f9:c1:76:9a:34:c2:76:17:e6:0e:6f:d6:20:3e:
                    da:37:4a:97:fd:15:1d:81:87:43:52:a9:a0:a2:85:
                    28:6c:a4:f9:9e:ca:dd:06:09:6a:d5:53:87:e2:e2:
                    e7:a3:dd:c3:9c:55:0f:c8:3e:10:66:e9:51:5c:8f:
                    cd:89:8c:66:6b:db:ed:3e:bf:ae:aa:34:98:10:63:
                    0a:14:40:83:52:39:93:36:3c:d7:87:bc:07:48:42:
                    39:ad:73:d0:02:d3:8a:69:be:65:4e:15:8e:b4:bf:
                    36:9a:1d:b9:de:3a:07:b1:87:38:7d:a6:42:a3:c5:
                    dc:4b:e0:f8:e5:e8:e5:80:95:33:66:47:83:88:f4:
                    25:12:c2:3d:95:71:d8:22:f7:2e:f2:ef:89:f3:b8:
                    34:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:FE:A9:74:D5:29:1A:98:4E:E8:37:F8:70:D9:F0:19:FF:2F:B2:7A
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/zf6pdNUpGphO6Df4cNnwGf8vsno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.200.66.0/23
                  81.200.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:a5:58:82:40:0e:c5:4b:aa:9a:f4:1f:ac:6d:f6:f2:2f:40:
         a6:9f:9b:4c:40:f1:e8:af:91:b9:ba:09:8b:41:7b:8e:93:17:
         69:c7:fe:f8:72:4c:84:1c:cd:d7:f3:66:56:2e:58:b9:7e:16:
         a4:00:ca:e3:24:d7:13:60:d3:35:09:e3:49:c7:9b:bc:b1:5a:
         fd:df:4f:4d:6d:a2:5f:72:9d:e6:f3:85:ad:8d:25:2f:63:66:
         9d:7c:02:e5:6d:07:ce:c9:2c:21:48:17:10:85:02:e0:28:12:
         ae:1b:f2:f5:ee:ba:48:8a:83:f0:47:18:47:dc:30:c9:4e:65:
         55:22:a3:9d:d7:e2:14:01:57:04:42:ef:2c:3b:62:21:9d:ff:
         6d:67:f3:80:57:4d:98:70:2c:a3:c2:eb:96:d7:f2:e1:b3:07:
         34:ea:19:8f:0b:9b:ba:26:b1:d5:32:1c:d8:dd:3c:1e:16:91:
         56:eb:2c:fd:45:c7:93:9e:f4:f7:fd:d4:77:53:59:9e:75:d5:
         0d:fe:13:78:15:9b:8f:4b:0c:6b:73:86:f9:76:07:1f:05:c7:
         59:7b:68:0c:df:86:23:38:93:3d:99:81:2a:2e:8a:c5:40:e9:
         29:98:a3:57:aa:5e:f3:8c:8d:ed:13:c7:2e:63:e2:ab:e6:5f:
         d8:68:1e:2a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntn9h88sEFoHwV0cSZpmzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjUwMTAyMTU1MDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGZlYTk3NGQ1MjkxYTk4NGVlODM3Zjg3MGQ5ZjAxOWZmMmZiMjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2M+IAEzXlSnZ2VRmlwXkZpo6XXU
S5wz+n0b+byKbRI2/YDzKf2/2l9u7pbMNGlz9jmRw6KKbWIFziX1ittVWE/qZZMp
phxQYlmo73wdA/NBJfeAimJg093OR9M4opi3qiP/Y2uSCEKs+cF2mjTCdhfmDm/W
ID7aN0qX/RUdgYdDUqmgooUobKT5nsrdBglq1VOH4uLno93DnFUPyD4QZulRXI/N
iYxma9vtPr+uqjSYEGMKFECDUjmTNjzXh7wHSEI5rXPQAtOKab5lThWOtL82mh25
3joHsYc4faZCo8XcS+D45ejlgJUzZkeDiPQlEsI9lXHYIvcu8u+J87g0DQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM3+qXTVKRqYTug3+HDZ8Bn/L7J6MB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvemY2cGROVXBHcGhPNkRmNGNObndHZjh2c25vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBUchCAwQA
UchFMA0GCSqGSIb3DQEBCwUAA4IBAQAHpViCQA7FS6qa9B+sbfbyL0Cmn5tMQPHo
r5G5ugmLQXuOkxdpx/74ckyEHM3X82ZWLli5fhakAMrjJNcTYNM1CeNJx5u8sVr9
309NbaJfcp3m84WtjSUvY2adfALlbQfOySwhSBcQhQLgKBKuG/L17rpIioPwRxhH
3DDJTmVVIqOd1+IUAVcEQu8sO2Ihnf9tZ/OAV02YcCyjwuuW1/Lhswc06hmPC5u6
JrHVMhzY3TweFpFW6yz9RceTnvT3/dR3U1meddUN/hN4FZuPSwxrc4b5dgcfBcdZ
e2gM34YjOJM9mYEqLorFQOkpmKNXql7zjI3tE8cuY+Kr5l/YaB4q
-----END CERTIFICATE-----