Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/245e1a-0612-4596-a95a-9df72530b669/1/ldaG2ZtwFXa0D8MT2zJfF9j3gsg.roa
File:                     ldaG2ZtwFXa0D8MT2zJfF9j3gsg.roa (raw, json)
Hash identifier:          Iho31engw2p2ICkoCri0OTvpMAFdFfQ9ZJ+brUIBG2M=
Subject key identifier:   95:D6:86:D9:9B:70:15:76:B4:0F:C3:13:DB:32:5F:17:D8:F7:82:C8
Certificate issuer:       /CN=6dd2ced352f01f7eb5dc7619ed714c6b6a5c791e
Certificate serial:       0194742542680F65E113C755BC0504094112
Authority key identifier: 6D:D2:CE:D3:52:F0:1F:7E:B5:DC:76:19:ED:71:4C:6B:6A:5C:79:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bdLO01LwH3613HYZ7XFMa2pceR4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/245e1a-0612-4596-a95a-9df72530b669/1/ldaG2ZtwFXa0D8MT2zJfF9j3gsg.roa
Signing time:             Fri 17 Jan 2025 12:03:06 +0000
ROA not before:           Fri 17 Jan 2025 12:03:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215561
IP address blocks:        2001:678:1f0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/245e1a-0612-4596-a95a-9df72530b669/1/bdLO01LwH3613HYZ7XFMa2pceR4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/245e1a-0612-4596-a95a-9df72530b669/1/bdLO01LwH3613HYZ7XFMa2pceR4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bdLO01LwH3613HYZ7XFMa2pceR4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:74:25:42:68:0f:65:e1:13:c7:55:bc:05:04:09:41:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6dd2ced352f01f7eb5dc7619ed714c6b6a5c791e
        Validity
            Not Before: Jan 17 12:03:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=95d686d99b701576b40fc313db325f17d8f782c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:db:b1:26:81:8c:0f:f9:e3:20:25:73:e3:48:
                    c3:c9:8d:7e:85:17:c9:35:5b:4e:62:c1:83:c6:cf:
                    c9:bd:9b:db:9a:18:4e:d5:3f:6c:a6:25:96:e1:22:
                    73:da:e9:30:f4:77:fd:3a:eb:d4:c2:2a:78:f3:36:
                    2b:8a:ed:08:23:e8:40:fe:33:8f:9a:e9:9c:8a:21:
                    58:57:98:84:85:33:fa:c3:96:e8:f4:60:6f:90:fc:
                    b4:11:19:ac:a5:ee:5b:31:cd:a9:00:1a:c3:e8:35:
                    e9:01:98:00:e8:5b:4e:18:d0:0c:dd:e7:c8:28:ff:
                    a3:60:33:dc:62:44:c3:23:b5:b1:90:44:50:0f:b2:
                    78:a0:a5:93:fc:02:1b:f9:f5:9e:5e:7f:e3:74:80:
                    ed:01:e0:f9:57:e2:aa:86:54:2f:9a:56:2b:02:c2:
                    7c:9b:37:53:de:98:5a:b2:3c:2e:1c:9e:4b:c0:04:
                    5e:c2:9d:44:1c:2d:5f:2b:52:77:65:5a:27:a5:af:
                    ba:9d:96:2a:1b:5d:14:40:e4:36:3f:4d:d5:22:e9:
                    0e:b8:a6:b7:44:a6:2e:94:15:d4:09:a8:2c:3c:36:
                    41:57:93:2b:71:4a:dc:85:1f:c8:b0:24:a4:82:00:
                    9f:cb:5d:7e:f7:c4:6d:47:02:65:10:14:63:d1:e6:
                    e6:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:D6:86:D9:9B:70:15:76:B4:0F:C3:13:DB:32:5F:17:D8:F7:82:C8
            X509v3 Authority Key Identifier:
                keyid:6D:D2:CE:D3:52:F0:1F:7E:B5:DC:76:19:ED:71:4C:6B:6A:5C:79:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bdLO01LwH3613HYZ7XFMa2pceR4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/245e1a-0612-4596-a95a-9df72530b669/1/ldaG2ZtwFXa0D8MT2zJfF9j3gsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/245e1a-0612-4596-a95a-9df72530b669/1/bdLO01LwH3613HYZ7XFMa2pceR4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1f0::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:62:08:b2:91:b5:7d:10:f4:94:df:a6:0f:6e:9e:77:09:16:
         c8:eb:ed:95:08:5e:7a:04:4b:ff:df:f6:51:1b:aa:75:13:00:
         22:bd:22:9c:dd:21:5d:98:ce:70:c7:93:7b:47:81:1b:11:e1:
         80:51:d7:3e:71:56:d6:bd:3a:ff:19:b9:69:05:35:23:c7:c0:
         fc:b3:92:fb:b2:02:22:98:83:b0:86:0a:15:26:ee:e6:66:b0:
         d6:98:b2:15:f2:7f:06:9f:4d:d8:8e:ea:58:f7:58:52:1f:c7:
         3c:88:56:cc:4b:12:ea:13:3e:55:2f:97:df:b2:19:b8:24:d5:
         38:60:98:e9:68:59:d9:93:22:9c:93:62:5a:3e:e7:cd:bf:b6:
         97:26:ed:79:f1:ad:57:55:b0:19:10:ee:2b:72:ab:36:19:e5:
         e7:4b:73:d3:8a:cf:51:d8:70:65:b3:4b:fb:1c:6e:f2:52:28:
         64:92:db:00:59:2c:74:dd:81:34:ac:1d:75:c1:d5:fd:48:6f:
         f0:6a:b6:a9:84:57:86:5e:6b:ac:61:a3:18:48:c2:d6:0c:0e:
         af:d3:a7:86:22:15:0e:2a:4b:5f:05:e3:6f:d5:50:22:d5:05:
         2a:95:c4:c6:36:5d:b1:d1:53:03:fc:80:5c:3f:d0:89:9c:5d:
         7f:85:fa:b9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZR0JUJoD2XhE8dVvAUECUESMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZDJjZWQzNTJmMDFmN2ViNWRjNzYxOWVkNzE0YzZiNmE1
Yzc5MWUwHhcNMjUwMTE3MTIwMzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWQ2ODZkOTliNzAxNTc2YjQwZmMzMTNkYjMyNWYxN2Q4Zjc4MmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtuxJoGMD/njICVz40jDyY1+hRfJ
NVtOYsGDxs/JvZvbmhhO1T9spiWW4SJz2ukw9Hf9OuvUwip48zYriu0II+hA/jOP
mumciiFYV5iEhTP6w5bo9GBvkPy0ERmspe5bMc2pABrD6DXpAZgA6FtOGNAM3efI
KP+jYDPcYkTDI7WxkERQD7J4oKWT/AIb+fWeXn/jdIDtAeD5V+KqhlQvmlYrAsJ8
mzdT3phasjwuHJ5LwARewp1EHC1fK1J3ZVonpa+6nZYqG10UQOQ2P03VIukOuKa3
RKYulBXUCagsPDZBV5MrcUrchR/IsCSkggCfy11+98RtRwJlEBRj0ebmTQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJXWhtmbcBV2tA/DE9syXxfY94LIMB8GA1UdIwQY
MBaAFG3SztNS8B9+tdx2Ge1xTGtqXHkeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRMTzAxTHdIMzYxM0hZWjdYRk1hMnBjZVI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi8yNDVlMWEtMDYxMi00NTk2LWE5NWEt
OWRmNzI1MzBiNjY5LzEvbGRhRzJadHdGWGEwRDhNVDJ6SmZGOWozZ3NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi8yNDVlMWEtMDYxMi00NTk2LWE5NWEtOWRmNzI1MzBiNjY5
LzEvYmRMTzAxTHdIMzYxM0hZWjdYRk1hMnBjZVI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAHw
MA0GCSqGSIb3DQEBCwUAA4IBAQA4YgiykbV9EPSU36YPbp53CRbI6+2VCF56BEv/
3/ZRG6p1EwAivSKc3SFdmM5wx5N7R4EbEeGAUdc+cVbWvTr/GblpBTUjx8D8s5L7
sgIimIOwhgoVJu7mZrDWmLIV8n8Gn03YjupY91hSH8c8iFbMSxLqEz5VL5ffshm4
JNU4YJjpaFnZkyKck2JaPufNv7aXJu158a1XVbAZEO4rcqs2GeXnS3PTis9R2HBl
s0v7HG7yUihkktsAWSx03YE0rB11wdX9SG/waraphFeGXmusYaMYSMLWDA6v06eG
IhUOKktfBeNv1VAi1QUqlcTGNl2x0VMD/IBcP9CJnF1/hfq5
-----END CERTIFICATE-----