Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/aIC6ROQmIBkJtMQV3BLilIyM4Jc.roa
File:                     aIC6ROQmIBkJtMQV3BLilIyM4Jc.roa (raw, json)
Hash identifier:          +ZDiWP7vx5S7AAhHLcn6ylil5bTpyx1nO3rHC5JU56A=
Subject key identifier:   68:80:BA:44:E4:26:20:19:09:B4:C4:15:DC:12:E2:94:8C:8C:E0:97
Certificate issuer:       /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial:       019422FC440F1DB005351E3D64DB989E6F5C
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/aIC6ROQmIBkJtMQV3BLilIyM4Jc.roa
Signing time:             Wed 01 Jan 2025 17:49:05 +0000
ROA not before:           Wed 01 Jan 2025 17:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53356
IP address blocks:        2a09:fb86::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 08:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:44:0f:1d:b0:05:35:1e:3d:64:db:98:9e:6f:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
        Validity
            Not Before: Jan  1 17:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6880ba44e426201909b4c415dc12e2948c8ce097
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:bb:3e:3a:27:21:25:14:ea:a9:f5:de:f7:b4:
                    77:32:c9:ec:61:58:01:08:a2:8d:25:d7:33:4f:15:
                    37:d0:8d:eb:82:41:88:90:b8:c4:dc:5b:8a:16:2f:
                    4f:a0:04:7d:47:c5:f8:48:c2:fc:c3:20:ad:aa:4c:
                    ff:34:ea:22:21:a5:73:a1:37:f9:e0:2a:69:bd:1c:
                    79:36:08:07:ab:74:27:a6:e3:6c:ad:80:e1:0d:28:
                    7f:ad:e0:ea:05:74:9c:1e:57:b9:a1:89:15:1a:29:
                    58:64:51:75:67:06:dc:4d:d4:bb:ca:a7:44:71:74:
                    2d:0c:81:f3:e8:1e:a7:d2:08:37:f0:df:41:7a:33:
                    9a:24:2c:c9:34:a1:53:2a:64:ab:47:b6:9c:1a:ac:
                    5a:a1:61:26:30:82:59:82:28:6e:26:7f:5b:f4:26:
                    16:59:bd:84:24:43:df:75:9f:81:21:dc:4f:58:15:
                    1a:ef:93:61:1e:c8:36:fe:7e:ab:b2:8f:42:73:6f:
                    88:71:b4:d7:26:2d:6d:b4:77:f7:cc:63:28:c7:fd:
                    dd:d0:32:28:b0:72:f1:2c:2c:68:12:16:90:08:2e:
                    eb:87:92:11:21:71:e3:39:e9:87:e9:94:63:94:ec:
                    cc:40:50:87:5a:4f:19:cd:47:17:57:48:c4:61:b9:
                    05:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:80:BA:44:E4:26:20:19:09:B4:C4:15:DC:12:E2:94:8C:8C:E0:97
            X509v3 Authority Key Identifier:
                keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/aIC6ROQmIBkJtMQV3BLilIyM4Jc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:fb86::/32

    Signature Algorithm: sha256WithRSAEncryption
         3b:48:d5:d4:e0:0e:c8:ce:a7:9d:75:9a:45:68:15:fa:a2:9d:
         f5:4e:b4:4e:89:bd:8d:c0:d8:92:27:38:2b:86:31:5b:26:3b:
         00:45:b2:f0:ec:1a:76:e5:1b:e0:7a:3c:bb:86:2b:a7:f0:29:
         49:a5:6e:03:ee:7d:25:e9:71:35:70:81:4d:8d:fd:4e:7c:58:
         5f:2d:9a:ba:33:3f:83:3f:81:e7:b6:0b:90:e8:65:a3:89:ee:
         93:e3:27:23:ef:5d:c5:4e:6d:a6:3d:60:1f:88:8c:71:cf:13:
         39:1d:16:a4:1b:aa:97:d6:19:63:d9:c3:28:2c:48:b6:9f:2f:
         12:30:66:55:b0:9a:65:8f:85:75:36:25:11:04:cb:3c:6f:93:
         9a:e9:34:fb:07:08:28:2d:b2:d6:cf:aa:c6:72:fa:e1:4f:45:
         26:bd:39:e2:6e:05:ba:94:13:a6:7d:bf:21:c2:d9:9c:b3:8e:
         e8:a5:4f:73:eb:14:59:4d:80:d8:b1:cb:b8:a9:f1:d2:bd:bf:
         8b:fc:bb:9a:1b:be:af:8b:94:03:20:5c:45:0a:c0:93:67:35:
         9a:44:35:06:97:0b:f8:3f:17:a7:42:17:ef:41:b3:35:f9:74:
         31:a3:fd:64:16:33:c3:81:08:e4:27:09:0f:b9:b9:25:f4:1e:
         0c:e3:c1:d9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQi/EQPHbAFNR49ZNuYnm9cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjUwMTAxMTc0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODgwYmE0NGU0MjYyMDE5MDliNGM0MTVkYzEyZTI5NDhjOGNlMDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbs+OichJRTqqfXe97R3MsnsYVgB
CKKNJdczTxU30I3rgkGIkLjE3FuKFi9PoAR9R8X4SML8wyCtqkz/NOoiIaVzoTf5
4CppvRx5NggHq3QnpuNsrYDhDSh/reDqBXScHle5oYkVGilYZFF1ZwbcTdS7yqdE
cXQtDIHz6B6n0gg38N9BejOaJCzJNKFTKmSrR7acGqxaoWEmMIJZgihuJn9b9CYW
Wb2EJEPfdZ+BIdxPWBUa75NhHsg2/n6rso9Cc2+IcbTXJi1ttHf3zGMox/3d0DIo
sHLxLCxoEhaQCC7rh5IRIXHjOemH6ZRjlOzMQFCHWk8ZzUcXV0jEYbkFmQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGiAukTkJiAZCbTEFdwS4pSMjOCXMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvYUlDNlJPUW1JQmtKdE1RVjNCTGlsSXlNNEpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgn7hjAN
BgkqhkiG9w0BAQsFAAOCAQEAO0jV1OAOyM6nnXWaRWgV+qKd9U60Tom9jcDYkic4
K4YxWyY7AEWy8OwaduUb4Ho8u4Yrp/ApSaVuA+59JelxNXCBTY39TnxYXy2aujM/
gz+B57YLkOhlo4nuk+MnI+9dxU5tpj1gH4iMcc8TOR0WpBuql9YZY9nDKCxItp8v
EjBmVbCaZY+FdTYlEQTLPG+Tmuk0+wcIKC2y1s+qxnL64U9FJr054m4FupQTpn2/
IcLZnLOO6KVPc+sUWU2A2LHLuKnx0r2/i/y7mhu+r4uUAyBcRQrAk2c1mkQ1BpcL
+D8Xp0IX70GzNfl0MaP9ZBYzw4EI5CcJD7m5JfQeDOPB2Q==
-----END CERTIFICATE-----