Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/1u5ksCdqTOqkYNw-ehshASHn4j0.roa
File:                     1u5ksCdqTOqkYNw-ehshASHn4j0.roa (raw, json)
Hash identifier:          LdEtJ4t/05jdyyXEWWYukCH8Uv/fk8odnJ8Q/aqBpdk=
Subject key identifier:   D6:EE:64:B0:27:6A:4C:EA:A4:60:DC:3E:7A:1B:21:01:21:E7:E2:3D
Certificate issuer:       /CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
Certificate serial:       0197DDE59EC9085255F2D47BF019A8F8A8ED
Authority key identifier: F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/1u5ksCdqTOqkYNw-ehshASHn4j0.roa
Signing time:             Sun 06 Jul 2025 04:01:42 +0000
ROA not before:           Sun 06 Jul 2025 04:01:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        2a01:fb00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:dd:e5:9e:c9:08:52:55:f2:d4:7b:f0:19:a8:f8:a8:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f324581e4368825d5e13f4f2a0d6ff8e484c95e6
        Validity
            Not Before: Jul  6 04:01:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d6ee64b0276a4ceaa460dc3e7a1b210121e7e23d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:dd:a9:a4:0a:cc:92:2f:60:fe:af:ca:03:50:
                    ca:45:04:e8:89:30:84:f7:dc:cc:24:bd:fe:ab:37:
                    d1:cb:1d:b4:0b:18:00:7b:cb:e9:c8:56:c9:f0:4b:
                    5b:e5:c5:cd:29:9a:19:69:8c:b8:65:e1:2f:89:5a:
                    ae:f2:42:4c:f5:3b:26:34:1a:85:2d:66:49:ea:16:
                    43:e2:4d:d7:72:e9:5a:cd:53:94:fb:28:21:f4:65:
                    7b:d7:8b:4e:13:59:8a:c6:b9:75:e6:e8:81:db:7c:
                    4c:22:5e:c4:d7:30:8f:a2:91:76:d8:ee:12:2e:74:
                    04:c8:80:eb:c4:31:ef:3a:e4:2b:cd:1e:3f:22:78:
                    43:7d:df:b3:94:8f:1b:1f:da:81:39:6d:68:66:80:
                    78:87:30:52:5d:c4:2d:bf:36:5e:8a:3b:1d:99:0b:
                    72:ab:96:24:16:99:50:0a:5f:00:64:90:2f:ce:d8:
                    e4:ef:13:41:ec:0c:74:d2:15:e9:d8:86:05:97:b3:
                    ea:5f:8c:02:cc:96:00:21:10:f3:4e:05:a7:0e:8d:
                    36:0e:8c:4f:4b:51:43:39:65:bf:bd:52:d9:c1:ab:
                    72:21:7b:9d:78:50:97:36:1b:d7:d6:0f:c2:03:81:
                    e3:c5:f7:61:12:a8:dc:5d:ff:67:f7:13:be:45:04:
                    7b:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:EE:64:B0:27:6A:4C:EA:A4:60:DC:3E:7A:1B:21:01:21:E7:E2:3D
            X509v3 Authority Key Identifier:
                keyid:F3:24:58:1E:43:68:82:5D:5E:13:F4:F2:A0:D6:FF:8E:48:4C:95:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8yRYHkNogl1eE_TyoNb_jkhMleY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/1u5ksCdqTOqkYNw-ehshASHn4j0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/6b91ab-99db-4648-b153-6e2d97ca15ff/1/8yRYHkNogl1eE_TyoNb_jkhMleY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:fb00::/32

    Signature Algorithm: sha256WithRSAEncryption
         2d:46:43:e1:ef:9e:0f:4a:9a:19:ab:b0:35:0e:b2:17:2a:ba:
         0f:e7:31:38:dc:ec:5d:92:b8:ec:eb:c6:f6:30:8a:c2:b9:16:
         33:38:16:b9:d7:fa:9b:d6:47:d8:6a:37:b9:92:ba:9d:da:e1:
         4c:38:c6:d5:a2:83:d2:17:c7:6a:5e:74:b1:d5:1b:3f:51:32:
         fd:fc:11:9f:a4:07:88:3f:0a:0b:b6:ad:cc:aa:e2:04:09:b5:
         31:dd:46:04:2c:11:c7:48:b3:9c:07:03:8e:5f:5b:2b:b2:8d:
         86:95:53:17:c2:fa:d1:ed:88:8c:0e:50:08:67:d0:cf:76:a9:
         62:3d:67:3a:10:1e:45:a6:43:04:52:d4:97:4a:74:4c:da:2d:
         51:c9:15:4d:88:f5:c1:83:b2:96:06:a2:79:b9:2e:09:2d:10:
         0f:b0:d3:66:f3:8c:f4:4f:0c:bd:98:a6:52:68:85:ca:d7:c2:
         4e:8e:2b:83:74:6f:20:76:f8:0b:17:00:fa:21:23:d7:19:02:
         18:df:e1:23:a4:45:b6:96:a5:49:f2:9b:62:53:73:7c:b8:2f:
         70:0f:99:67:dc:de:6f:72:cd:56:1a:1d:27:be:84:f4:62:5e:
         55:19:f7:fd:82:ee:8e:c5:7d:7e:87:51:4e:35:a2:4b:cb:1d:
         87:33:e1:82
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZfd5Z7JCFJV8tR78Bmo+KjtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMjQ1ODFlNDM2ODgyNWQ1ZTEzZjRmMmEwZDZmZjhlNDg0
Yzk1ZTYwHhcNMjUwNzA2MDQwMTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmVlNjRiMDI3NmE0Y2VhYTQ2MGRjM2U3YTFiMjEwMTIxZTdlMjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyd2ppArMki9g/q/KA1DKRQToiTCE
99zMJL3+qzfRyx20CxgAe8vpyFbJ8Etb5cXNKZoZaYy4ZeEviVqu8kJM9TsmNBqF
LWZJ6hZD4k3XculazVOU+ygh9GV714tOE1mKxrl15uiB23xMIl7E1zCPopF22O4S
LnQEyIDrxDHvOuQrzR4/InhDfd+zlI8bH9qBOW1oZoB4hzBSXcQtvzZeijsdmQty
q5YkFplQCl8AZJAvztjk7xNB7Ax00hXp2IYFl7PqX4wCzJYAIRDzTgWnDo02DoxP
S1FDOWW/vVLZwatyIXudeFCXNhvX1g/CA4HjxfdhEqjcXf9n9xO+RQR7BQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNbuZLAnakzqpGDcPnobIQEh5+I9MB8GA1UdIwQY
MBaAFPMkWB5DaIJdXhP08qDW/45ITJXmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMt
NmUyZDk3Y2ExNWZmLzEvMXU1a3NDZHFUT3FrWU53LWVoc2hBU0huNGowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS82YjkxYWItOTlkYi00NjQ4LWIxNTMtNmUyZDk3Y2ExNWZm
LzEvOHlSWUhrTm9nbDFlRV9UeW9OYl9qa2hNbGVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgH7ADAN
BgkqhkiG9w0BAQsFAAOCAQEALUZD4e+eD0qaGauwNQ6yFyq6D+cxONzsXZK47OvG
9jCKwrkWMzgWudf6m9ZH2Go3uZK6ndrhTDjG1aKD0hfHal50sdUbP1Ey/fwRn6QH
iD8KC7atzKriBAm1Md1GBCwRx0iznAcDjl9bK7KNhpVTF8L60e2IjA5QCGfQz3ap
Yj1nOhAeRaZDBFLUl0p0TNotUckVTYj1wYOylgaiebkuCS0QD7DTZvOM9E8MvZim
UmiFytfCTo4rg3RvIHb4CxcA+iEj1xkCGN/hI6RFtpalSfKbYlNzfLgvcA+ZZ9ze
b3LNVhodJ76E9GJeVRn3/YLujsV9fodRTjWiS8sdhzPhgg==
-----END CERTIFICATE-----