Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/efff71-7d11-4a1a-8ad3-a67d8c7ed7ca/1/dqHEZ0oARNoaVvG3IlOzVbCxw8E.roa
File:                     dqHEZ0oARNoaVvG3IlOzVbCxw8E.roa (raw, json)
Hash identifier:          Lu4R8BGvmtKvcPKaLg2jGVkmpU76/ij/EjZ+FuotBOA=
Subject key identifier:   76:A1:C4:67:4A:00:44:DA:1A:56:F1:B7:22:53:B3:55:B0:B1:C3:C1
Certificate issuer:       /CN=eeb59b791c7a11d232a95c7ef169285caea695bc
Certificate serial:       019420684B027A4D10273DCDDA489562F637
Authority key identifier: EE:B5:9B:79:1C:7A:11:D2:32:A9:5C:7E:F1:69:28:5C:AE:A6:95:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rWbeRx6EdIyqVx-8WkoXK6mlbw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/efff71-7d11-4a1a-8ad3-a67d8c7ed7ca/1/dqHEZ0oARNoaVvG3IlOzVbCxw8E.roa
Signing time:             Wed 01 Jan 2025 05:48:13 +0000
ROA not before:           Wed 01 Jan 2025 05:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24641
IP address blocks:        2a02:6c20:819::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/efff71-7d11-4a1a-8ad3-a67d8c7ed7ca/1/7rWbeRx6EdIyqVx-8WkoXK6mlbw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/efff71-7d11-4a1a-8ad3-a67d8c7ed7ca/1/7rWbeRx6EdIyqVx-8WkoXK6mlbw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rWbeRx6EdIyqVx-8WkoXK6mlbw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:4b:02:7a:4d:10:27:3d:cd:da:48:95:62:f6:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eeb59b791c7a11d232a95c7ef169285caea695bc
        Validity
            Not Before: Jan  1 05:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=76a1c4674a0044da1a56f1b72253b355b0b1c3c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:98:a5:61:0e:7e:7c:51:3e:59:4d:cc:35:14:
                    af:c7:71:ea:3a:76:b4:4a:c6:9f:01:a7:77:40:59:
                    c9:f7:8a:7e:ae:22:0d:f9:2a:d2:cf:c8:05:e0:1c:
                    bb:6b:cb:f2:56:3b:fd:23:8b:ef:4c:97:fb:17:d1:
                    32:44:35:c5:83:b5:be:84:9a:df:6c:27:6e:35:d9:
                    66:30:c5:18:3d:a8:28:2c:fb:46:ff:9f:07:e7:92:
                    80:d3:30:30:8d:5d:d5:88:44:d1:1c:61:3f:78:ff:
                    fd:bb:01:81:45:53:94:7f:6b:ca:5a:46:5f:57:77:
                    52:9e:45:d5:2f:e8:7a:b6:8e:04:f7:f8:54:e4:df:
                    54:c6:c0:f5:51:ef:7c:51:e4:3c:87:75:67:06:b5:
                    b2:b6:4f:8f:5c:5b:91:0e:f5:61:b6:09:f2:b1:01:
                    15:e0:39:5a:05:79:e6:38:1c:8d:d9:1c:59:a3:d7:
                    a9:8d:8e:ab:53:8d:f3:95:dd:e5:f8:67:63:3e:7f:
                    a4:f7:60:40:cd:5d:89:e9:1e:44:c2:be:5c:a7:61:
                    f2:03:45:f5:95:86:f7:d1:4b:90:ac:bf:63:33:f2:
                    16:71:11:f7:58:38:6f:16:27:5c:08:cd:a8:85:6a:
                    e3:48:ac:81:c7:d5:c2:2a:c0:03:a9:14:de:6a:30:
                    e2:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:A1:C4:67:4A:00:44:DA:1A:56:F1:B7:22:53:B3:55:B0:B1:C3:C1
            X509v3 Authority Key Identifier:
                keyid:EE:B5:9B:79:1C:7A:11:D2:32:A9:5C:7E:F1:69:28:5C:AE:A6:95:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rWbeRx6EdIyqVx-8WkoXK6mlbw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/efff71-7d11-4a1a-8ad3-a67d8c7ed7ca/1/dqHEZ0oARNoaVvG3IlOzVbCxw8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/efff71-7d11-4a1a-8ad3-a67d8c7ed7ca/1/7rWbeRx6EdIyqVx-8WkoXK6mlbw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:6c20:819::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:04:f8:f7:24:ae:58:f1:24:5a:64:0b:6d:23:0d:9c:95:ad:
         40:fd:c2:79:5b:7c:40:eb:ff:21:ed:8e:8b:53:5f:ad:82:cb:
         ae:b6:94:a2:3d:86:78:c1:11:45:68:df:c8:5f:5f:a9:eb:6f:
         ea:98:31:32:6c:47:68:55:ad:c1:21:05:4a:cd:41:f3:39:01:
         65:f8:ef:93:18:52:d8:32:f5:0b:56:dc:70:2f:61:d6:a0:f1:
         82:62:7d:c8:7f:a7:32:72:3a:5b:33:47:e6:08:59:22:1c:7b:
         b5:6e:33:01:c2:68:1e:ce:3d:0c:17:34:1f:23:82:b9:16:3d:
         8e:93:8c:8c:d3:f8:3a:19:35:ab:63:f4:46:fd:cd:91:7e:6a:
         ee:39:d6:eb:7b:38:76:92:f2:a4:83:30:04:17:a8:fe:42:89:
         31:46:04:a0:7a:5c:c2:f3:3f:f4:85:00:73:43:7b:58:df:de:
         9f:72:b5:42:bc:3b:cb:6f:51:56:72:99:39:d9:21:03:c3:ff:
         42:67:f6:c1:a8:8d:82:68:19:d0:fc:2b:4d:eb:08:91:70:56:
         90:fc:4f:23:fb:2b:8e:69:41:94:4f:cb:ee:ca:48:8a:0e:a4:
         51:67:09:2f:f6:5b:97:ad:e7:20:c2:5b:74:79:62:07:44:73:
         64:2f:7c:7d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQgaEsCek0QJz3N2kiVYvY3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYjU5Yjc5MWM3YTExZDIzMmE5NWM3ZWYxNjkyODVjYWVh
Njk1YmMwHhcNMjUwMTAxMDU0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmExYzQ2NzRhMDA0NGRhMWE1NmYxYjcyMjUzYjM1NWIwYjFjM2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZilYQ5+fFE+WU3MNRSvx3HqOna0
SsafAad3QFnJ94p+riIN+SrSz8gF4By7a8vyVjv9I4vvTJf7F9EyRDXFg7W+hJrf
bCduNdlmMMUYPagoLPtG/58H55KA0zAwjV3ViETRHGE/eP/9uwGBRVOUf2vKWkZf
V3dSnkXVL+h6to4E9/hU5N9UxsD1Ue98UeQ8h3VnBrWytk+PXFuRDvVhtgnysQEV
4DlaBXnmOByN2RxZo9epjY6rU43zld3l+GdjPn+k92BAzV2J6R5Ewr5cp2HyA0X1
lYb30UuQrL9jM/IWcRH3WDhvFidcCM2ohWrjSKyBx9XCKsADqRTeajDi9wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHahxGdKAETaGlbxtyJTs1WwscPBMB8GA1UdIwQY
MBaAFO61m3kcehHSMqlcfvFpKFyuppW8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3JXYmVSeDZFZEl5cVZ4LThXa29YSzZtbGJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9lZmZmNzEtN2QxMS00YTFhLThhZDMt
YTY3ZDhjN2VkN2NhLzEvZHFIRVowb0FSTm9hVnZHM0lsT3pWYkN4dzhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9lZmZmNzEtN2QxMS00YTFhLThhZDMtYTY3ZDhjN2VkN2Nh
LzEvN3JXYmVSeDZFZEl5cVZ4LThXa29YSzZtbGJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgJsIAgZ
MA0GCSqGSIb3DQEBCwUAA4IBAQADBPj3JK5Y8SRaZAttIw2cla1A/cJ5W3xA6/8h
7Y6LU1+tgsuutpSiPYZ4wRFFaN/IX1+p62/qmDEybEdoVa3BIQVKzUHzOQFl+O+T
GFLYMvULVtxwL2HWoPGCYn3If6cycjpbM0fmCFkiHHu1bjMBwmgezj0MFzQfI4K5
Fj2Ok4yM0/g6GTWrY/RG/c2RfmruOdbrezh2kvKkgzAEF6j+QokxRgSgelzC8z/0
hQBzQ3tY396fcrVCvDvLb1FWcpk52SEDw/9CZ/bBqI2CaBnQ/CtN6wiRcFaQ/E8j
+yuOaUGUT8vuykiKDqRRZwkv9luXrecgwlt0eWIHRHNkL3x9
-----END CERTIFICATE-----