Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/IHG_JfseFk6ouOXxwoxnwmRi5Fs.roa
File:                     IHG_JfseFk6ouOXxwoxnwmRi5Fs.roa (raw, json)
Hash identifier:          /e922m+dZdP+lI3mcnmLh9IILnO7tmjuyQG47QZPE3E=
Subject key identifier:   20:71:BF:25:FB:1E:16:4E:A8:B8:E5:F1:C2:8C:67:C2:64:62:E4:5B
Certificate issuer:       /CN=ea846006cf8b9e388f31451358092502cecc1136
Certificate serial:       01972D91BC922FA31710EB4D193E4283686B
Authority key identifier: EA:84:60:06:CF:8B:9E:38:8F:31:45:13:58:09:25:02:CE:CC:11:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6oRgBs-LnjiPMUUTWAklAs7METY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/IHG_JfseFk6ouOXxwoxnwmRi5Fs.roa
Signing time:             Sun 01 Jun 2025 22:16:54 +0000
ROA not before:           Sun 01 Jun 2025 22:16:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207252
IP address blocks:        2a06:8ac0::/46 maxlen: 46
                          2a06:8ac0:4::/46 maxlen: 46
                          2a06:8ac0:8::/45 maxlen: 45
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/6oRgBs-LnjiPMUUTWAklAs7METY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/6oRgBs-LnjiPMUUTWAklAs7METY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6oRgBs-LnjiPMUUTWAklAs7METY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:2d:91:bc:92:2f:a3:17:10:eb:4d:19:3e:42:83:68:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea846006cf8b9e388f31451358092502cecc1136
        Validity
            Not Before: Jun  1 22:16:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2071bf25fb1e164ea8b8e5f1c28c67c26462e45b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f1:2e:e3:5d:ce:bb:11:65:f8:93:fd:a8:06:
                    69:4e:bc:5d:e5:c6:51:39:39:db:23:44:16:c3:76:
                    68:5e:67:35:84:d8:c0:b6:9e:a7:96:86:66:92:8a:
                    85:e5:14:bc:10:bf:61:a8:c7:ec:3b:9d:6d:8f:e2:
                    d5:c9:37:58:66:b1:23:b8:87:a8:71:b1:c9:3b:53:
                    24:29:eb:d9:ce:8b:7d:38:49:06:c7:bb:6f:d3:1f:
                    15:00:37:cc:0f:4a:53:e6:ef:98:47:8e:57:22:ce:
                    fd:d5:26:e1:9d:8b:c5:5f:7e:c1:5f:cf:7a:a0:07:
                    58:2f:64:bc:e4:75:9c:c8:d0:41:02:f2:f6:cf:f4:
                    26:13:f2:40:89:2d:fe:3f:5b:50:ba:a8:1d:2e:26:
                    6a:27:5b:a3:02:e3:fa:d7:83:43:01:ae:dc:a3:46:
                    a0:4f:83:1a:77:30:24:19:71:55:00:62:c2:39:47:
                    cc:80:b2:61:19:31:5a:3c:5c:0a:ed:c5:28:10:8f:
                    e9:3f:57:f9:7d:67:6e:fa:27:1b:1f:f0:31:a3:5b:
                    82:56:df:dc:17:99:cb:8f:7f:5b:f0:35:28:bd:ec:
                    30:38:e4:25:0c:60:58:c9:1e:4e:d6:7f:8e:86:01:
                    30:1a:ae:04:a7:17:dd:3d:ba:24:94:69:0b:9c:b0:
                    71:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:71:BF:25:FB:1E:16:4E:A8:B8:E5:F1:C2:8C:67:C2:64:62:E4:5B
            X509v3 Authority Key Identifier:
                keyid:EA:84:60:06:CF:8B:9E:38:8F:31:45:13:58:09:25:02:CE:CC:11:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6oRgBs-LnjiPMUUTWAklAs7METY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/IHG_JfseFk6ouOXxwoxnwmRi5Fs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/6oRgBs-LnjiPMUUTWAklAs7METY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:8ac0::/44

    Signature Algorithm: sha256WithRSAEncryption
         7f:da:01:39:0a:44:ab:7b:24:b1:6d:38:71:57:dd:3e:40:82:
         f6:91:99:e8:fe:5c:4c:50:6d:7a:63:5b:d0:99:d8:be:38:15:
         3f:74:82:14:d2:24:5d:c6:c6:26:6d:95:9b:c5:16:88:83:16:
         23:51:cb:7c:e8:e6:7c:2b:54:8b:d2:a8:4b:cc:e6:aa:74:c8:
         c5:35:c0:cb:9e:1a:94:b2:a3:ab:af:08:c5:1f:c4:82:c1:58:
         ab:c0:bc:85:70:65:36:36:6d:e7:e7:01:9e:b2:40:17:69:48:
         f7:85:38:b6:a0:9c:f0:80:5c:8e:3e:06:3c:3f:b6:1b:09:1a:
         e8:dd:1e:85:a4:8d:e5:0b:f8:3d:8b:b5:f3:7f:0a:ec:91:07:
         62:0a:24:d8:9d:8c:67:12:12:f9:9a:f5:fa:da:46:e5:d0:c9:
         97:1e:f1:68:c4:ab:71:df:d4:ea:db:be:e8:0e:68:62:f9:f1:
         15:92:d4:09:19:fb:7c:c7:ca:3d:a9:21:5e:15:24:64:33:03:
         6a:df:7d:4d:c1:04:80:3d:bc:5d:58:54:2d:92:62:89:48:7a:
         95:9d:1c:5d:7b:83:59:1d:72:fc:a4:06:ce:17:b2:ae:66:e1:
         68:55:71:55:4e:a9:de:1b:f0:7b:6b:10:e1:11:68:61:4b:13:
         37:d3:4a:94
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZctkbySL6MXEOtNGT5Cg2hrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhODQ2MDA2Y2Y4YjllMzg4ZjMxNDUxMzU4MDkyNTAyY2Vj
YzExMzYwHhcNMjUwNjAxMjIxNjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDcxYmYyNWZiMWUxNjRlYThiOGU1ZjFjMjhjNjdjMjY0NjJlNDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfEu413OuxFl+JP9qAZpTrxd5cZR
OTnbI0QWw3ZoXmc1hNjAtp6nloZmkoqF5RS8EL9hqMfsO51tj+LVyTdYZrEjuIeo
cbHJO1MkKevZzot9OEkGx7tv0x8VADfMD0pT5u+YR45XIs791SbhnYvFX37BX896
oAdYL2S85HWcyNBBAvL2z/QmE/JAiS3+P1tQuqgdLiZqJ1ujAuP614NDAa7co0ag
T4MadzAkGXFVAGLCOUfMgLJhGTFaPFwK7cUoEI/pP1f5fWdu+icbH/Axo1uCVt/c
F5nLj39b8DUovewwOOQlDGBYyR5O1n+OhgEwGq4EpxfdPboklGkLnLBxwQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCBxvyX7HhZOqLjl8cKMZ8JkYuRbMB8GA1UdIwQY
MBaAFOqEYAbPi544jzFFE1gJJQLOzBE2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNm9SZ0JzLUxuamlQTVVVVFdBa2xBczdNRVRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8yMWNkNzctMWVjYS00NmI5LTlhYmEt
Zjc0Y2NjYzRlMGExLzEvSUhHX0pmc2VGazZvdU9YeHdveG53bVJpNUZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8yMWNkNzctMWVjYS00NmI5LTlhYmEtZjc0Y2NjYzRlMGEx
LzEvNm9SZ0JzLUxuamlQTVVVVFdBa2xBczdNRVRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgaKwAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQB/2gE5CkSreySxbThxV90+QIL2kZno/lxMUG16
Y1vQmdi+OBU/dIIU0iRdxsYmbZWbxRaIgxYjUct86OZ8K1SL0qhLzOaqdMjFNcDL
nhqUsqOrrwjFH8SCwVirwLyFcGU2Nm3n5wGeskAXaUj3hTi2oJzwgFyOPgY8P7Yb
CRro3R6FpI3lC/g9i7XzfwrskQdiCiTYnYxnEhL5mvX62kbl0MmXHvFoxKtx39Tq
277oDmhi+fEVktQJGft8x8o9qSFeFSRkMwNq331NwQSAPbxdWFQtkmKJSHqVnRxd
e4NZHXL8pAbOF7KuZuFoVXFVTqneG/B7axDhEWhhSxM300qU
-----END CERTIFICATE-----