Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/6b6d1f-5421-48b9-b7eb-da1fe9ebee8e/1/PCeyRcCnkd2jcpnfX_81z2NuiQU.roa
File:                     PCeyRcCnkd2jcpnfX_81z2NuiQU.roa (raw, json)
Hash identifier:          qmuti4n5B4J7jLSHkHP5UysCAPRSd8cLYAhdX4sBlkA=
Subject key identifier:   3C:27:B2:45:C0:A7:91:DD:A3:72:99:DF:5F:FF:35:CF:63:6E:89:05
Certificate issuer:       /CN=9b8151ae164a5b782b103de7f7c8a8948932aebf
Certificate serial:       019425FCC84DF70B215CBBBF756B5ECAB86A
Authority key identifier: 9B:81:51:AE:16:4A:5B:78:2B:10:3D:E7:F7:C8:A8:94:89:32:AE:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m4FRrhZKW3grED3n98iolIkyrr8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/6b6d1f-5421-48b9-b7eb-da1fe9ebee8e/1/PCeyRcCnkd2jcpnfX_81z2NuiQU.roa
Signing time:             Thu 02 Jan 2025 07:48:30 +0000
ROA not before:           Thu 02 Jan 2025 07:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57707
IP address blocks:        2a03:a900:ffff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/6b6d1f-5421-48b9-b7eb-da1fe9ebee8e/1/m4FRrhZKW3grED3n98iolIkyrr8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/6b6d1f-5421-48b9-b7eb-da1fe9ebee8e/1/m4FRrhZKW3grED3n98iolIkyrr8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m4FRrhZKW3grED3n98iolIkyrr8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 22:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:c8:4d:f7:0b:21:5c:bb:bf:75:6b:5e:ca:b8:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b8151ae164a5b782b103de7f7c8a8948932aebf
        Validity
            Not Before: Jan  2 07:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c27b245c0a791dda37299df5fff35cf636e8905
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:df:73:60:8a:23:cb:5d:3b:1a:b3:39:1c:19:
                    46:f3:2f:44:16:78:eb:b2:1b:69:2f:1f:94:83:01:
                    81:4f:be:27:34:55:b4:d5:9e:b2:ce:de:0f:49:6a:
                    5f:80:60:f0:9c:45:d1:84:e3:d0:9a:8b:34:2e:1a:
                    44:95:75:8f:13:cc:52:75:8e:7c:b0:3e:af:f8:9b:
                    97:9f:c1:83:7c:dd:f6:f8:2c:3f:bf:e5:ff:8c:75:
                    a3:4f:c0:68:3b:55:de:68:78:ff:8a:5e:dc:f2:15:
                    87:a7:1d:61:dd:f2:47:f0:5e:bd:24:3b:30:ef:8a:
                    6d:97:b4:1a:0c:a7:bc:ed:08:95:21:8a:62:ba:72:
                    dd:47:27:76:34:28:7c:a2:f8:9e:d2:1b:0f:b2:8f:
                    7d:77:c4:c9:99:dd:c7:1d:5c:6c:be:8f:7a:94:eb:
                    6d:6b:88:a5:6d:11:4b:2b:e3:f5:f3:09:01:70:c2:
                    cb:20:3a:6b:20:80:91:c5:3b:7b:f8:a8:8c:f3:73:
                    79:a1:5d:97:13:fc:a6:85:d1:49:89:5f:48:a4:01:
                    3f:02:d5:22:40:4b:ee:0b:a6:5e:42:cb:ab:8d:30:
                    46:d3:00:5a:a3:5a:da:1a:03:7e:d4:0a:43:40:5f:
                    21:97:48:6b:97:fb:0e:ed:a9:c6:2b:c1:38:6b:39:
                    e6:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:27:B2:45:C0:A7:91:DD:A3:72:99:DF:5F:FF:35:CF:63:6E:89:05
            X509v3 Authority Key Identifier:
                keyid:9B:81:51:AE:16:4A:5B:78:2B:10:3D:E7:F7:C8:A8:94:89:32:AE:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m4FRrhZKW3grED3n98iolIkyrr8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/6b6d1f-5421-48b9-b7eb-da1fe9ebee8e/1/PCeyRcCnkd2jcpnfX_81z2NuiQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/6b6d1f-5421-48b9-b7eb-da1fe9ebee8e/1/m4FRrhZKW3grED3n98iolIkyrr8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:a900:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         61:84:ff:59:d7:0d:8a:d8:5b:7c:20:d9:88:9d:be:b8:3d:fb:
         30:8c:83:45:4f:a5:9d:66:c9:c7:55:23:b8:67:bb:96:09:b8:
         85:77:af:96:c8:49:16:05:33:98:7e:fb:6b:44:f9:f3:3d:52:
         68:48:b8:ea:fc:36:3f:9a:d2:4e:84:e1:e5:76:6e:70:fd:a3:
         b8:8a:2a:2f:0d:72:5d:0e:6f:5a:f7:23:46:15:ba:e5:64:18:
         00:a9:8f:13:70:2a:5f:e7:8d:11:f9:e6:7e:ec:2b:5b:ff:dc:
         7f:fb:9d:28:53:bc:35:51:44:3b:37:55:96:78:bf:76:91:61:
         17:f8:a8:51:d8:3d:e6:54:a2:91:5a:1c:0a:6d:71:f8:f2:4d:
         7e:a9:00:d0:04:60:8d:cf:0a:ac:21:01:f6:e2:d5:da:5c:f1:
         32:45:01:c6:68:de:07:a1:6a:c8:2e:41:17:15:17:c5:63:4a:
         c3:b4:78:08:a6:ff:b7:7e:f3:f9:87:4a:25:ac:47:69:8d:13:
         c6:26:85:ed:7e:93:20:9e:de:d9:60:7c:6b:3f:f8:f9:ca:69:
         3a:cd:99:f1:2c:5d:9d:48:3c:cd:73:a4:c0:a6:d2:09:f3:ea:
         72:8e:bd:6d:6c:01:e5:b0:ee:19:bd:75:06:86:0e:5d:cc:63:
         3c:38:88:f7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQl/MhN9wshXLu/dWteyrhqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliODE1MWFlMTY0YTViNzgyYjEwM2RlN2Y3YzhhODk0ODkz
MmFlYmYwHhcNMjUwMTAyMDc0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzI3YjI0NWMwYTc5MWRkYTM3Mjk5ZGY1ZmZmMzVjZjYzNmU4OTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAud9zYIojy107GrM5HBlG8y9EFnjr
shtpLx+UgwGBT74nNFW01Z6yzt4PSWpfgGDwnEXRhOPQmos0LhpElXWPE8xSdY58
sD6v+JuXn8GDfN32+Cw/v+X/jHWjT8BoO1XeaHj/il7c8hWHpx1h3fJH8F69JDsw
74ptl7QaDKe87QiVIYpiunLdRyd2NCh8ovie0hsPso99d8TJmd3HHVxsvo96lOtt
a4ilbRFLK+P18wkBcMLLIDprIICRxTt7+KiM83N5oV2XE/ymhdFJiV9IpAE/AtUi
QEvuC6ZeQsurjTBG0wBao1raGgN+1ApDQF8hl0hrl/sO7anGK8E4aznmGQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDwnskXAp5Hdo3KZ31//Nc9jbokFMB8GA1UdIwQY
MBaAFJuBUa4WSlt4KxA95/fIqJSJMq6/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTRGUnJoWktXM2dyRUQzbjk4aW9sSWt5cnI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC82YjZkMWYtNTQyMS00OGI5LWI3ZWIt
ZGExZmU5ZWJlZThlLzEvUENleVJjQ25rZDJqY3BuZlhfODF6Mk51aVFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC82YjZkMWYtNTQyMS00OGI5LWI3ZWItZGExZmU5ZWJlZThl
LzEvbTRGUnJoWktXM2dyRUQzbjk4aW9sSWt5cnI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgOpAP//
MA0GCSqGSIb3DQEBCwUAA4IBAQBhhP9Z1w2K2Ft8INmInb64PfswjINFT6WdZsnH
VSO4Z7uWCbiFd6+WyEkWBTOYfvtrRPnzPVJoSLjq/DY/mtJOhOHldm5w/aO4iiov
DXJdDm9a9yNGFbrlZBgAqY8TcCpf540R+eZ+7Ctb/9x/+50oU7w1UUQ7N1WWeL92
kWEX+KhR2D3mVKKRWhwKbXH48k1+qQDQBGCNzwqsIQH24tXaXPEyRQHGaN4HoWrI
LkEXFRfFY0rDtHgIpv+3fvP5h0olrEdpjRPGJoXtfpMgnt7ZYHxrP/j5ymk6zZnx
LF2dSDzNc6TAptIJ8+pyjr1tbAHlsO4ZvXUGhg5dzGM8OIj3
-----END CERTIFICATE-----